This section provides a general explanation of innovative technological trends (DAO, DeFI, NFT, tokens, etc.) that may be related to the provision of financial services or similar activities.
This information does not constitute legal advice or an explanation. We recommend that related parties assess and legally qualify their activities in advance, if necessary, with the help of a professional legal adviser. Consumers of innovative solutions are advised to assess the risks they may be exposed to when using their financial means.
We also recommend that you consult the draft EU Regulation on Markets in Crypto-assets (MiCA) and related proposals.
Decentralized finance, or DeFi is a financial system that seeks to copy certain functions of the traditional financial system in an open, decentralized, and autonomous way on the basis of blockchain technology. Similar to other applications based on distributed ledger technology (DLT), DeFi seeks greater efficiency from a cost perspective than the traditional financial system, due to automation through blockchain and smart contracts, and the absence of intermediaries (e.g. central bank, commercial banks, insurers, foreign exchange).
On the other hand, the history of DeFi applications is still very short, making it unclear whether the theoretical benefits of the systems will translate into the practical use of the services, or in what way the DeFi systems translate other important values in the financial sector, such as market depth, openness, and stability, not to mention the potential setbacks of full decentralisation in the absence of financial supervision in the public interest. Different areas of application for DeFi are, for example, decentralised exchange platforms (DEX), decentralised lending protocols, decentralised insurance platforms, decentralised investment funds, and other financial services that can be offered without centralised management.
In the DeFi system, the role of traditional intermediaries (banks, fund managers, insurers, etc.) is automated. Therefore, the DeFi protocols have to be based on smart contracts, which form a code in which the rules are written according to which transactions take place on the respective platform. For example, in the event of DEXs, these contracts establish the automated market maker (AMM), the formula by which asset prices are set according to the liquidity provided, and the transaction fees that liquidity providers to the protocol receive.
Many of the DeFi protocols also provide for the operation of ‘oracles’, or automated external market data collection programs, which are essentially the link between these protocols and data from the outside world. In most cases, such ‘oracles’ are centrally managed third-party services. In addition to the activities of the ‘oracles’, the loan facility protocols set interest rates according to the demand for certain loans and the supply of certain currencies, as well as the minimum value of the collateral in relation to the value of the loan. Despite the automation of processes, behind the DeFi applications there is also a decentralised organisation that manages the DeFi, where governance decisions are made by voting on the basis of governance tokens, i.e. the voting rights of the general meeting.
While the DeFi applications, still in their early stages of development, offer opportunities for innovation and will undoubtedly drive innovation in the traditional financial system as we know it, they also carry a number of risks, including to investor protection, the prevention of money laundering and terrorist financing, and, if more widely adopted, to financial stability. At the same time, it should be noted that fully decentralised solutions are currently rather theoretical concepts, as in practice they still have identifiable elements of centralised management, such as improving the underlying code. The need for centralised management makes some centralisation inevitable, but ultimately leads to a concentration of power.
In the case of decentralised systems, it needs to be clarified how the safeguards addressed in the traditional financial sector, such as the suitability of connected persons in the financial sector, capital management, avoidance of conflicts of interest, security of systems, prohibition of manipulation, transparency of operations, separation of client assets, etc. are addressed.
Is decentralized finance regulated?
The DeFi applications are not yet specifically covered by the current legal framework, which is why there is no specific legal protection for consumers of the DeFi services. Nevertheless, the DeFi participants should carefully qualify their own activities beforehand, as it is not excluded that in certain circumstances they may fall within the scope of regulated activities in the financial sector. For example, the term decentralised is sometimes interpreted in different ways. If there is a purely decentralised system, on the one hand, legal requirements do not seem to apply, since the system is run by a code and there is no natural or legal person responsible for its management. However, on the other hand, there is also an organisation of holders of governance rights behind the DeFi systems described, which can make changes to the DeFi protocol. Each DeFi application also has a development team that has coded the basics of how it works into ‘smart contracts’. Nor can we rule out the possibility that financial service providers, in order to avoid regulation, try to disguise their true centralised management under the guise of decentralisation, and would in fact still need some authorisation given their business model.
Due to the legal uncertainties of decentralised finance, particular attention needs to be paid to the following risks:
The appearance of full decentralisation – even if some financial solution is marketed as decentralised, its real nature is determined by whether anyone has any meaningful control over it, thereby, also having a status of conflict of interest and the ability to manipulate. In general, the DeFi protocols are managed by DAOs, whose governance decisions are taken by votes of the holders of their governance tokens. Voting on the basis of government tokens in DAOs is not very different from voting at general meetings of shareholders in traditional companies. A large number of governance tokens can accumulate in the hands of individuals, such as the developers or contributors to the DeFi protocol, who may abuse their power for personal gain. There may also be schemes where a centralised company uses a decentralised organisation, in which a large shareholding is actually held, to present its financial services as falling under the definition of DeFi. Also, the so-called 51% attacks can occur at the level of the underlying blockchain of the DeFi protocol, with the majority of blockchain validators manipulating the blockchain.
Risks related to stablecoins – In most cases, according to an International Monetary Fund’s (IMF) report in April 2022, the DeFi platforms will borrow in stablecoins, or cryptocurrencies, backed by other assets, i.e. their value should be constant. While in theory they should be stable, they may not be of lasting value as many of them are not backed by currencies, but by low-liquid financial assets, other crypto assets or an algorithm that regulates their supply and demand. Therefore, there is no guarantee that the value of a loan given or taken out in a stable crypto asset will remain constant. An example is the sharp fall in the value of TerraUSD, the much debated stablecoin (with an algorithmic stabilisation mechanism).
Risks arising from market fluctuations – Since most of the loans on the DeFi platforms are taken out in stablecoins but collateralised by volatile cryptocurrencies, automatic liquidations of loans, i.e. automatic repayments of loans against collateral, can occur during large fluctuations in cryptocurrency prices due to collateral depreciation. This can lead to inconveniences for the borrower as well as financial losses for the DeFi protocol, which is unable to sell collateral quickly enough.
Liquidity risk – Similar to the traditional financial system, the DeFi platforms do not exclude bank runs. Although, unlike traditional banking, loan-to-deposit ratios in the DeFi applications must remain below 100%, it is possible that, for example, during a major market downturn, many depositors may decide to withdraw their assets from the platform, causing liquidity problems. This risk is amplified by the fact that the majority of deposits to the DeFi platforms are made by individual users.
Security risk of ‘bridges’ – As the different blockchains are not interoperable, the conversion of one cryptocurrency to another requires bridge platforms to engage in the process for the investor. However, these platforms are easier to attack than many other DeFi applications, as they are usually protocols controlled by individuals and are not regulated or properly secured. Due to their vulnerability, a number of large-scale asset thefts have occurred on these platforms.
Cyber risks – As with everything related to the virtual world, the DeFi area of activity is not immune to various cyber threats. For example, direct attacks against the DeFi applications with the aim of stealing assets are possible. There may also be errors in the ‘smart contracts’ of the protocols that cannot be detected by sufficiently knowledgeable users. These vulnerabilities may be unintentional, generally exploited by malicious external forces, but there is also the possibility that the creators of the application have left ‘backdoors’ in the code for their own personal gain. As the DeFi applications generally run on blockchains created by third parties, they are also exposed to threats related attacking and affecting the blockchain.
Possibly high transaction fees – Although one of the DeFi objectives involves low administrative costs, there are still high transaction fees (gas-fee) in different blockchains. As the DeFi system often requires several transactions to be carried out in order to perform one process (e.g. in order to obtain a loan, collateral must first be deposited), the rate payable on transactions may also exceed the required rate of return on transactions. Therefore, before using the DeFi application, it is important to find out what its fees are at the moment, in order not to lose out on potential revenue. In addition to high transaction fees in blockchains, ‘predatory lending’ may take place in the DeFi protocols, especially given the fact that the ‘roof margins’ on the cost of credit are unregulated there, unlike in the traditional financial system, or illegal activities are carried out under the DeFi umbrella, requiring a licence to provide a financial service.
Future of DeFi
Once the risks associated with the DeFi applications have been mitigated and regulatory compliance ensured, applications based on this technology could complement the conventional financial system in the future. Appropriate regulation and supervision of the DeFi solutions may also ultimately increase trust in these solutions and support their distribution.
In the area of the treatment of the DeFi applications, the main challenge is to find solutions to the questions of which functions of the DeFi applications are covered by the existing legal framework and which need new rules; how to create a balance between the effectiveness of new rules and innovation; which parties (e.g. developers, holders of governance tokens, users) may be subject to regulation and how to identify them; which jurisdiction to apply to applications without a legal address; and how to avoid regulatory arbitrage.