December 24, 2024

Jennifer J. Schulp and Jack Solowey

Cryptocurrency skeptics often repeat the mantra that crypto is only useful for crime. While that claim is demonstrably false, there are legitimate questions about how crypto meshes with the (deeply flawed) framework for fighting illicit finance. And things can get particularly tricky when asking how that regime squares with the broader decentralized finance (DeFi) ecosystem that crypto enables.

DeFi is an umbrella term for financial software that operates without traditional financial intermediaries. Think lending without a bank or trading without a brokerage. DeFi enables peer-to-peer transactions but without the need for individuals to be acquainted.

In addition to forgoing the middleman, DeFi has the potential to be revolutionary because it is permissionless and composable, meaning that DeFi applications can be creatively adapted and recombined. While DeFi comes with its own risks, such as cybersecurity threats, it also mitigates the traditional risks associated with intermediaries, like trusting them not to mishandle assets or misuse sensitive personal information in their possession.

The very same characteristic—disintermediation—that unlocks DeFi’s revolutionary potential, though, confounds the existing illicit finance regime that relies on intermediaries. Policymakers in Congress and agencies have proposed responses to this challenge. Must-pass appropriations bills and the National Defense Authorization Act provide vehicles for such proposals to advance, potentially with little legislative scrutiny.

But, in order to fight bad actors without undermining Americans’ financial privacy and freedom to innovate, policymakers must ask five questions before advancing any new rules.

Does the solution differentiate between centralized actors and decentralized systems? There’s an understandable tendency to want to apply existing regulations to new situations, but regulations designed for centralized intermediaries aren’t a good fit for decentralized systems. As the Treasury Department has recognized, applying the existing illicit finance framework to DeFi is far from cut-and-dried. Yet solutions that implicitly or explicitly require recentralization for compliance would essentially outlaw DeFi. That outcome would ossify intermediary risks, effectively prohibit experimentation with certain software, and reduce competition in financial services. Any proposal should therefore distinguish between projects that rely on middlemen and those that specifically remove the need for them.

Does the solution require actors to report information that they do not have? The existing illicit finance framework requires financial institutions to collect information about customers and transactions. Applying those same burdens in the DeFi context can be untenable. Asking a software developer or validator on a blockchain network, for instance, to collect and report customer information is like asking a bank’s IT contractors to identify bank customers; they’re simply not in a good position to do so. Reporting requirements that don’t reflect this reality are another example of de facto bans on DeFi, deterring entrepreneurs and innovators from developing or maintaining DeFi’s underlying infrastructure for fear of running afoul of the law. 

Does the solution preserve cash-like treatment for cash-like transactions done digitally? Cash, when exchanged between individuals, is generally not subject to the illicit finance framework. Digital transactions that are fundamentally the same (i.e., genuinely peer-to-peer) should not be subject to greater surveillance than cash. This principle is particularly relevant when thinking about the effects of regulatory proposals on noncustodial crypto wallets. These tools enable an individual, not a third party, to control the keys unlocking her crypto holdings, more closely resembling physical wallets holding cash than bank accounts. Asking this question is also critical to gauging a proposal’s impact on crypto users’ ability to protect their financial privacy when using digital tools.

Is the solution flexible? Prescriptive regulation can freeze technology in place by leaving developers without an understanding of how to apply old regulations in new situations. Counterproductively, such inflexible regimes hinder innovative solutions that can help combat illicit finance risk. These can include tools that allow individuals to confirm that their funds do not come from known illicit sources without making their full transaction history public, as well as methods that screen for a transaction’s illicit finance risk by looking at the origins of the assets.

Is the solution evidence-based? Knee-jerk responses to perceived illicit uses of crypto that fail to understand the relative scope, depth, or scale of the problem are unlikely to achieve their goals. While the urge to act in the face of negative headlines is understandable, solutions must be based on facts and evidence. That applies equally when researching the extent of the problem, as well as the efficacy of the proposed solution. And where the facts or evidence are unclear, it may make more sense to devote resources to better understanding them than to rushing out costly window dressing.

Some proposed solutions score pretty poorly under this analysis, and others may do better. Proposals that seek to undo DeFi’s core innovation—intermediary-free finance—should be nonstarters.

At a minimum, those evaluating policy choices should ask these five questions to truly understand both problem and solution. While doing the yeoman’s work is, perhaps, less likely to get policymakers headlines of their own, it’s more responsible than recycling old and ill-fitting policy Band-Aids. Any law imposing new obligations on DeFi should at least understand what—and why—it is regulating.