2 Lawyers on How the U.S. Can Finally Regulate DeFi - Ep. 604
Feb 6, 2024
auto_awesome
Rebecca Rettig, Chief Legal and Policy Officer at Polygon Labs, and Michael Mosier, co-founder of Arktouros PLLC, dive into the intricacies of regulating decentralized finance. They discuss their innovative paper addressing illicit finance challenges in DeFi, the outdated nature of the Bank Secrecy Act, and the importance of KYC and AML compliance. The duo also differentiates between 'onchain CeFi' and 'genuine DeFi', while proposing solutions like targeting high-risk wallets and utilizing critical communications transmitters for effective regulation.
Maintaining a neutral and permissionless base layer is crucial for effective financial integrity and combating illicit finance in DeFi.
Unique risks of illicit finance in DeFi include cyber risk, system management risk, and usage risk, requiring innovative approaches to address them.
Proposals for DeFi regulation include labeling genuine DeFi as critical infrastructure and establishing new laws for businesses transmitting communications about DeFi.
Deep dives
The Need for Neutrality and Permissionlessness in DeFi
The podcast episode discusses the importance of maintaining a neutral and permissionless base layer in DeFi. This is crucial for effective financial integrity and combating illicit finance. The episode highlights the role of RPC nodes as a service, which handle around 80% of DeFi transactions, as a potential gateway for preventing illicit activity without turning them into full-fledged financial institutions. The emphasis is on finding an effective regulatory regime that aligns with the decentralized nature of DeFi.
Identifying and Managing Illicit Finance Risks in DeFi
The episode explores the unique risks of illicit finance in the DeFi space, distinguishing them from traditional finance. It identifies three primary vectors of illicit finance risk: cyber risk, system management risk, and usage risk. These risks are different from those found in traditional finance due to the decentralized and autonomous nature of DeFi protocols. The discussion highlights the need for innovative approaches to address these risks and ensure financial integrity in the DeFi ecosystem.
Proposed Solutions for Regulating DeFi
The episode presents a proposal for regulating DeFi, focusing on the concepts of independent control, genuine DeFi, and critical infrastructure. Independent control refers to the absence of true control over user value within a protocol, signaling that it may not fall under traditional financial institution regulations. Genuine DeFi refers to fully autonomous systems that operate at the user's direction. The episode suggests labeling genuine DeFi as critical infrastructure and establishing new laws for businesses that transmit communications about DeFi to prevent them from being subject to the Bank Secrecy Act. These proposals aim to strike a balance between regulation and the unique characteristics of the DeFi space.
The Role of SISA and OSIP in Critical Infrastructure
The podcast episode discusses the role of the Cybersecurity and Infrastructure Security Agency (SISA) and the Office of Cyber Security and Critical Infrastructure Protection (OSIP) in overseeing critical infrastructure sectors. SISA oversees 16 sectors, including chemical, commercial facility, communications, dams, defense industrial base, emergency services, energy, and more. OSIP collaborates with SISA to share critical information in real time, specifically focusing on the financial services sector. The collaboration is voluntary and aims to prevent cyber attacks by facilitating rapid information exchange among financial institutions and infrastructure stakeholders.
The Importance of Information Sharing and Analysis Centers (ISACs)
The podcast also highlights the significance of Information Sharing and Analysis Centers (ISACs), particularly the Financial Services Information Sharing and Analysis Center (FSISAC). The FSISAC, consisting of over 4,600 members, fosters information sharing among financial institutions and infrastructure entities to ensure the functioning and security of critical infrastructure. The collaboration between FSISAC and OSIP allows for quick dissemination of critical alerts and threat information, enabling stakeholders to proactively address vulnerabilities. The ISACs play a vital role in maintaining the resilience and security of critical infrastructure sectors by facilitating real-time threat indication information sharing.
Trying to regulate DeFi is a huge challenge because in a truly decentralized system, there should be no centralized actors to make and enforce rules for. This could make combating illicit finance challenging since traditionally, regulation has been targeted at centralized intermediaries. Yet Rebecca Rettig, Chief Legal and Policy Officer at Polygon Labs; Michael Mosier, the co-founder of boutique law firm Arktouros; and Katja Gilman, senior lead for public policy at Polygon Labs, published a paper last week that proposes to do just that.
Rebecca and Michael join Unchained to discuss what prompted them to write the paper, what the difference is between "onchain CeFi" and "genuine DeFi," how targeting high-risk wallets can be one part of the solution, how critical communications transmitters (CCTs) are another piece of the puzzle,and what next steps they are pursuing.
Show highlights:
The motivations behind their paper and Michael and Rebecca’s legal backgrounds
Why Michael views the Bank Secrecy Act as outdated in the context of DeFi
How critical KYC and AML compliance is for the integrity of DeFi
What Rebecca identifies as the principal risks in the DeFi sector
Why their proposal targets the protocol layer for effective DeFi regulation
How "onchain CeFi" differs fundamentally from "genuine DeFi"
Whether a decentralized protocol can be effectively regulated when controlled by a DAO
How if DeFi were to be classified as critical infrastructure by the Cyber and Information Security Agency (CISA), it would impact the sector
Whether the critical components of blockchain networks, such as RPCs, can be regulated effectively
How categorizing wallets based on risk can be one part of the solution to fighting illicit finance
Why Rebecca considers Tornado Cash a prime example of “genuine DeFi”
What steps Rebecca and Michael plan to take next following the publication of their paper
