SEC's Crenshaw: Transparency, Pseudonymity Top DeFi IssuesCommissioner Praises Innovation and Says DeFi Developers Should Register With the SEC
Commissioner Caroline Crenshaw of the U.S. Securities and Exchange Commission urges decentralized finance, or DeFi, developers to approach the financial regulator in an effort to bring projects in line with existing securities laws. Although touting DeFi apps, or DApps, as a disruptive and likely beneficial financial innovation, Crenshaw says DeFi lacks transparency and is hindered by on-chain pseudonymity, which is a state of disguised identity.
Blockchain-based DeFi projects do not rely on central financial intermediaries to provide traditional financial services. Instead, smart contracts on blockchains allow users to lend or borrow funds, trade cryptocurrencies, earn interest and more. DeFi projects typically rely on open-source software, and at the time of publication, there was some $114.3 billion in total value locked in these DApps, according to tracker site DeFi Pulse.
In a new article entitled "DeFi Risks, Regulations, and Opportunities," in the inaugural issue of "The International Journal of Blockchain Law," Crenshaw, who was confirmed as a Democratic SEC commissioner in August 2020, says DeFi projects must be more transparent in market dealings - in an effort to thwart manipulation. She also says they must adhere to customary identification measures - including "know your customer - and counter the financing of terrorism controls.
In the article, Crenshaw acknowledges that there "are projects that show a potential for scalable increased efficiencies in transaction speed, cost and customization" and are "evolving incredibly fast with new and interesting potential." But, she notes, "DeFi is fundamentally about investing." As such, many areas fall under the jurisdiction of U.S. regulators, she says.
"When the potential financial rewards are great enough, some individuals will victimize others, and the likelihood of this occurring tends to increase as the likelihood of getting caught and severity of potential sanctions decrease," she notes. "And, absent mandatory disclosure requirements, information asymmetries will likely advantage rich investors and insiders at the expense of the smallest investors."
Likening some DeFi activity to a Ponzi scheme, John Bambenek, principal threat hunter at the security firm Netenrich, tells ISMG, "You can't boast of being regulation-resistant while not expecting that criminals and bad actors might take advantage of the environment.
"If the focus is going to be on manipulation, pump-and-dump tomfoolery, or just the general high level of scams in cryptocurrency, [this stance] is good news for regular traders who simply can't compete against sophisticated actors trying to separate victims from their money."
SEC Seeks DeFi Participants
"Our securities laws … provide a critical market good … and our markets function better as a result," Crenshaw adds. "But in the brave new DeFi world, to date there has not been broad adoption of regulatory frameworks that deliver important protections in other markets."
She says that, in the U.S., multiple federal authorities have jurisdiction over aspects of DeFi. They include the Department of Justice; the Financial Crimes Enforcement Network, or FinCEN; the Internal Revenue Service; the Commodity Futures Trading Commission; and the SEC, along with state authorities.
Activities and assets involving securities, Crenshaw confirms, fall within the SEC's jurisdiction - although no DeFi participants have registered yet with the financial agency, she notes.
"We continue to encourage participants in DeFi to engage with the staff," Crenshaw writes. "If DeFi development teams are not sure whether their project is within the SEC's jurisdiction, they should reach out to our Strategic Hub for Innovation and Financial Technology, or 'FinHub,' or our other offices and divisions.
"I expect we will continue to bring enforcement actions. But my preferred path is not through enforcement. … The more projects that voluntarily comply with regulations, the less frequently the SEC will have to pursue investigations and litigation."
The SEC commissioner says she is concerned that DeFi's lack of transparency contributes to a two-tier market in which professional investors reap outsized returns, leaving retail investors to shoulder the risks.
She says, "Only a relatively small group of people can actually read and understand that code [DeFi code is often public], and even highly qualified experts miss flaws or hazards. Currently, the quality of that code can vary drastically and has a significant impact on investment outcomes and security.
"It is not reasonable to build a financial system that demands investors also be sophisticated interpreters of complex code."
Crenshaw says DeFi's pseudonymous nature is its second "foundational challenge."
"Pseudonymity makes it much easier to conceal manipulative activity and almost impossible for an investor to distinguish an individual engaging in manipulative trading from normal organic trading activity," she adds.
Crenshaw says investors have "long been comfortable with a compromise in which they give up some limited degree of privacy by sharing their identity with the entity through which they trade securities. In return, they benefit from regulated markets that are more fair, orderly, and efficient, with less manipulation and fraud."
Additional Cyber Concerns
These concerns rival sentiment from some in the cybersecurity community who have been critical of certain security measures - or lack thereof - baked into DApps. Specific software vulnerabilities have led to high-profile hacks - with some threat actors making off with tens of millions, or even hundreds of millions of dollars in the case of PolyNetwork, though the funds were ultimately returned (see: Poly Network Says $600 Million in Cryptocurrency Stolen).
Just last week, DeFi lender bZx suffered a hack worth reportedly $55 million, according to blockchain security firm SlowMist.
The lender later said via tweet that a private key controlling its deployment on Polygon and Binance Smart Chain had been compromised, but its smart contracts were intact. It added via tweet that the incident had been a phishing attack on one of its developers and that its investigation was ongoing.
Do Regulators Need to Step Up?
Sen. Elizabeth Warren, D-Mass., has been an outspoken critic of DeFi, saying in a Senate hearing in September: "Regulators need to step up to address crypto’s regulatory gaps and ensure that we’re actually building the inclusive financial system that we need. And Chair [Gary] Gensler, I expect you and the SEC to take a leading role in getting this done."
Conversely, SEC Commissioner Hester Peirce, aka "Crypto Mom," a Republican appointed to the role in 2017, has pushed for a crypto "safe harbor" rule that would provide developers a three-year grace period to build a decentralized network that the SEC cannot take legal action against.
Despite the regulatory tug of war, DeFi continues to expand. In a recent editorial for Coin Telegraph, Artem Tolkachev, an intellectual property and IT lawyer and the founder of Deloitte CIS Blockchain Lab, wrote, "DeFi has grown stronger in this new cycle with more programmers from the traditional startups and big tech joining the blockchain and DeFi scene. … Growing 100x in the next 5 years is not a dream, it is inevitable."