The limits of regulation in a decentralized world

Friends, I am switching this newsletter to Substack, and I thought I had this morning, but it seems like many of you didn't get it. So, I'm sending out today's issue again. Hopefully you're not getting it twice. Next week it should all be sorted out. There's nothing you need to do to maintain your subscription. Thanks for bearing with me.

Last week the IMF released its semiannual Global Financial Stability Report and it included a deep dive into DeFi. There’s probably little in the report you don’t already know, but it gives great insight into how global regulators are thinking about DeFi.

In contrast to the headline-grabbing FUD from grandstanding politicians, the report is sober and thoughtful. The benefits are acknowledged forthrightly. For example: “DeFi has the potential to exhibit cost-efficient financial intermediation by bypassing and shortcutting the intermediation chain.” And: “Consequently, DeFi offers broad access to players of any size and has no need for custodian service, potentially improving efficiency and financial inclusion.”

The risks are also fairly assessed:

Similar to traditional lending, DeFi is not free from market, liquidity, credit, operational, and cyber risks. DeFi lending can incur losses under unfavorable market conditions, and liquidity mismatches can be a cause for failure to meet redemption requests. Moreover, it appears to be more vulnerable to cyber and AML/CFT risks, due to loopholes in computer code and the anonymity of the platform.

What’s most interesting, though, is the commentary that shows how regulators are beginning to come to grips with the new reality that crypto creates. For example (emphasis added):

DeFi poses unique challenges to regulators. DeFi’s elevated market, liquidity, and cyber risks may need adjustment to the regulatory perimeter, but DeFi’s anonymity, lack of a centralized governance body, and legal uncertainties render the traditional approach to regulation ineffective.

To date financial regulators have taken for granted centralized intermediaries that are the leverage points for control. Crypto eliminates the need for intermediaries, and with it the “traditional” vector of control. Regulators therefore find themselves needing to control the behavior of “anonymous” individuals without the help of a compliant “centralized governance body.”

A couple of things can be said about this. First is that it’s precisely the elimination of intermediaries that accounts for the efficiencies that the report touts as benefits. This creates a bit of a paradox for regulators. Second, many of the risks that regulation exists to address are risks created by the historical necessity of intermediation. Custody risk is an obvious example, but so is the kind of information asymmetry that may no longer exist in a transparent, on-chain environment. So, the elimination of intermediation also eliminates some justification for regulation.

Another thing to say is that it was totally predictable that regulators would eventually come to these conclusions, and indeed it was predicted. In a paper Houman Shadab, Andrea O’Sullivan, and I wrote in 2013 (!) for the Columbia Science and Technology Law Review, we said,

This is a new world for policymakers. In the past, to achieve a public policy goal, they only needed to regulate a handful of intermediaries. The perceived benefits of the public policy goal very often outweighed the cost associated with regulating the few intermediaries. If there are no intermediaries, but only thousands or millions of users interacting peer-to-peer, then the costs of enforcement may well outweigh any perceived potential benefits of regulation. In this new world, regulators should take into consideration the increasingly high cost of information control into their cost-benefit calculus. Doing so may lead policymakers to conclude that efforts to control only make sense as a last resort.

If top-down regulation is increasingly not a cost-beneficial option for achieving public policy goals, policymakers will have to consider realistic alternatives, such as focusing on resiliency and adaptation. These are concepts borrowed from biology and ecology. Resilience is the capacity of an ecosystem to recover quickly from a shock, while adaptation is the change an organism or species undergoes to become better suited to a new environment.

While the IMF report shows that regulators are indeed coming to terms with the fact of a new reality, they don’t yet seem to be opting for the strategies of adaptation and resilience that we discussed in our paper. Instead, they’re still looking for ways to exert control. That is, while they’ve gotten past “denial” and “anger” stages of grief (at least in this report), they seem to be stuck in the “bargaining” stage.

What they propose is that regulation should focus on “centralized entities in the crypto asset ecosystem” like exchanges and stablecoins. More specifically, they suggest that regulators could “restrict the exposure of regulated firms to DeFi markets (especially markets not subject to proper regulation or self-regulation), which could slow the pace of growth while addressing the risks of interconnectedness with regulated markets.” Translation: place restrictions on centralized crypto actors that limit which kinds of (or which specific) smart contracts they are allowed to interact with.

We’ve seen an increasing number of regulators worldwide place restrictions on how centralized exchanges can interact with “self-hosted” wallets in the name of AML, and I suspect we’ll begin to see this being done in the name of financial regulation as well. This will like be self-defeating since it will encourage individuals to further avoid centralized intermediaries. While strategies of “resilience and adaptation” beckon, regulators will probably want to try every possible lever before they reach the “acceptance” stage (hopefully without spending too much time in “depression”).

With that in mind, I’m not sure how to assess this final recommendation from the report (emphasis mine):

As a second step, authorities can directly regulate key functions within DeFi. To manage the risks generated by protocol developers, measures could include public-private collaboration on code regulation through either ex ante guidelines on operational and risk parameters (including operational and cyber resilience) or ex post code reviews and audits that can identify areas vulnerable to risk and help deliver policy objectives. Ex ante measures can be combined with greater disclosure and user education to help identify platform-specific risks, closing the information gap between retail and institutional investors.

On the one hand, this is an explicit call to regulate code. On the other, it’s couched in terms of “public-private collaboration” to develop “guidelines” and conduct “user education” and other mushy language. Maybe the report’s authors are not too sure themselves how far they want to push.

In the short term I expect we’ll see attempts to restrict the publication of code (like the pending SEC rulemaking on the definition of “exchange”). Doing so would be unconstitutional in the U.S. and, while it may require fighting all the way to the Supreme Court, I’m confident such restrictions won’t stand legal scrutiny. Globally there’s less protection for code, but ultimately I think regulators will find that the costs of enforcing such controls will outweigh any benefits they seek to get. And in a footnote the authors of the report hint that outright bans don’t work:

Despite the implementation of restrictions, an estimated 1.7 million Egyptians hold crypto assets. Many crypto asset service providers operate offshore; users can take advantage of virtual private networks to obscure their location, demonstrating the difficulty in enforcing regulations.

With any luck, in the long term what we’ll get a settlement that’s be beneficial for everyone involved. I’m optimistic.

Nota Bene

In a new episode of Tangents, the podcast from Coin Center, Peter and I walk through our argument that the SEC’s proposed reinterpretation of “exchange” would violate the First Amendment because it is a prior restraint on speech, in particular on persons publishing decentralized exchange software. Video below and audio is here . Peter also discussed this topic with Laura Shin on the Unchained podcast, and you can see that here .

Since I know you can’t get enough podcasting, here’s more. In the new episode of Worker & Parasite, my book podcast with Stably, we discuss Beyond Good and Evil by Friedrich Nietzsche. Please keep in mind we have no idea what we’re talking about. And finally, check out Neeraj on the new episode of Vice’s Cryptoland series. Our boy is all grown up.

Switching to Substack

I’ve long resisted the allure of Substack for a bunch of reasons, but I’m giving it a shot. I’m retaining the ability to switch back to self-hosting if it doesn’t work out. Let me know what you think and if it changes anything for you. You can hit reply to get in touch as usual, but with Substack posts now have a comment section as well, so feel free to post there. And as always, it would really mean a lot to me if you shared this with friends you think might like this newsletter.

👉 Enjoyed this issue of my newsletter? Subscribe today. 👈