Decentralized finance, or “DeFi,” is anything but clear. Its advantages are often also its disadvantages, which creates a space where two reasonable people can differ on whether DeFi’s features are a benefit or a curse. The decentralized aspect of DeFi – the characteristic that makes DeFi unlike any traditional form of finance – is a clear example of its double-edged characteristics. Decentralization means that anyone with an internet connection can access a DeFi network and utilize it to make a transfer, get a loan, or invest. No financial institution needs to be consulted to determine your level of certification or check your credit score. However, by eliminating the need to submit applications to these gatekeepers, decentralization also eliminates key protectors of consumers from the transaction process. Without these gatekeepers, fraudsters and scammers find more opportunities to defraud users. 

Another key aspect of DeFi products is their immutability. Immutability provides a form of transparency that allows the community to hold its members accountable. However, this also means users cannot have true privacy in their finances if their public key is known. This article discusses how, in a landscape of double-edged swords, the issues in regulating DeFi and how projects can best prepare themselves for potential future regulation.


Issues in Regulating DeFi

The reason DeFi faces so much regulatory confusion is that the concept can touch on any number of areas of law depending on the individual project. Some pervasive areas of law would likely impact all DeFi projects, including anti-money laundering (“AML”) and Know Your Customer (“KYC”) regulations and tax law. However, projects could also fall under the regulatory umbrella of banking laws, securities laws, consumer protection laws, international law, and more. Markets like the United States with strong securities laws and laws surrounding financial products have built out robust regulations for traditional finance products, but these safeguards are not well-equipped to tackle such an alien concept as DeFi.

Further, assuming a project determines what areas of law it is operating in, there are still questions about how regulatory agencies in that sphere are imposing regulation. When a project is truly decentralized, who can be held responsible? If a project fails, do investors or stakeholders have recourse against team members of the project? With such a broad spectrum of unresolved questions, it is difficult for projects to receive clear guidance.


Sound Business Practices

With so much regulatory uncertainty, the best strategy for any project is one that is old but still true: plan for the worst and hope for the best. Community members interested in developing DeFi projects must understand that regulatory agencies will eventually enact rules tailored to DeFi. The best way to prepare for that eventuality – and to comply with existing regulations – is for projects to have comprehensive plans in place before that time comes. Below are a few key considerations that project members should consider when, if not before, executing a project.

  • Establish and follow comprehensive KYC and AML protocols: 

KYC and AML protocols have become foundational policies for financial institutions in the digital age and it is unlikely that regulators will look to build a different policy for DeFi from the ground up. Instead, it is likely that similar regulations will be applied.

A key concern of regulatory agencies is protecting their citizens from fraud. In traditional finance, this typically requires institutional involvement, such as banks requiring basic KYC questions as part of their enrollment process. In the DeFi space, agencies will likely seek to impose these same or similar KYL and AML protocols on exchanges.

  • Designate a chief compliance member of the project: 

With the rapidly changing regulatory landscape, projects should designate someone to stay up to date on applicable regulations and speak with regulators as needed. A chief compliance officer’s primary task should be staying aware of regulations that impact or might impact the project and positioning the project to ensure it stays well equipped to comply with any such regulation.

  • Operate through a legally recognized entity: 

If a court enters a judgment against a project, it is best to have individual team members of the project protected. Most legal entities have liability shields, which prevent a litigant from collecting from individual team members if a court enters judgment against the project. Legal entities (e.g., limited companies and limited liability companies) provide this protection with only a few exceptions, such as fraud. By having this shield, early-stage leaders in the DeFi project can protect themselves if the project becomes the subject of litigation.

  • Consider the jurisdiction(s) that the project will operate in: 

A project would ideally operate with uniform laws and clear guidance so that it knows how it will be treated by law as it develops. That is hardly ever the case. Different governments will regulate DeFi differently. Thus, a project should consider the viewpoint of different jurisdictions that it could be subject to and how laws of different jurisdictions will complement or conflict with one another. For similar reasons, when establishing a legal entity (as mentioned above), project members should consider what jurisdiction is best suited for the entity. Key considerations might be not only how welcoming the jurisdiction is to crypto, but also how simple or complex it is to start a business, whether there are any regulatory or compliance hurdles, and how burdensome can the tax obligations be.

  • Keep the project’s finances and transactions organized and transparent: 

Keeping transactions and finances organized is good advice for projects as much as it is for individuals. While some exchanges are developing clear logs for users to review and analyze their transactions like a traditional bank statement would allow, this is not yet the case by many, if any, decentralized exchanges. For a project, where other community members are likely transacting with or on a project, the need for transparency increases. If the project must ever be audited, either internally or externally, it is easier to have a clear and organized ledger already established than it is to review countless transactions to retrace steps.

  • Remember that DeFi is decentralized: 

As team members watch their projects grow, it is natural to feel protective of the thing they have worked so hard to make a reality. Some members of projects may want to hold onto a large portion of the project’s governance token or otherwise continue to exercise control over the project after it has launched. While this sentiment is understandable when one becomes emotionally invested in the project, it also produces the potential for disastrous consequences. If a DeFi project is not truly “decentralized” because a single member or group can exercise control over the other users, then “traditional finance” notions of fiduciary duties and other corporate obligations may be implicated. Projects likely would want to avoid these obligations as they can create larger regulatory burdens at critical stages of the project’s growth.


An ounce of prevention is worth a pound of cure. In other words, it is easier to address something before it becomes an issue rather than fixing the issue after it has already presented itself. Diligence and careful planning will go a long way in ensuring the success of a project.

This document was created by
David McDonald