The Autorité des marchés financiers (AMF), the securities commission of France, published a summary of responses received to a June 2023 discussion paper on decentralized finance (DeFi), with the majority of respondents favoring the idea of decentralization existing on a spectrum and showing support for developing a regulatory framework for DeFi, including increased identity disclosures.
The AMF received 34 responses from various players in the DeFi ecosystem (project initiators, foundations, and blockchain organizations), as well as centralized players from the digital asset sector and from traditional finance, such as service providers, consultancy, and audit firms.
The discussion paper asked respondents to consider the following issues: a definition of and a regulatory approach to DeFi; the nature (permissioned or permissionless) of blockchain protocols; issues linked to smart contracts; and governance-related matters.
“Overall, the responses raised the importance of developing a clear legal framework for DeFi and in this regard elaborated further upon several key concepts, such as the notion of ‘decentralization’ and references to ‘permissioned or permissionless blockchains,'” said the AMF.
The paper began by outlining the fundamental issue of what actually qualifies as ‘decentralized’ before getting into the equally thorny issue of regulation.
Decentralization on a spectrum
The AMF noted that respondents seemed to agree on a couple of key points related to the definition of DeFi: first, that defining the concept would be essential in order to set the boundaries of a regulatory framework, and second, that levels of decentralization can vary from one project to another and should thus be considered along a sliding scale, or ‘spectrum,’ of decentralization.
This certainly seems a logical place to start: eliminating the idea that all DeFi is created equal and equally decentralized or the black-and-white interpretation that an entity is either decentralized or isn’t.
In fact, some have argued that the entire notion of “decentralization” is a myth, and there are, in fact, only different levels of centralization—a semantic point that a few respondents to the AMF discussion paper clearly also made. In pointing out the consensus that decentralization is a spectrum, the regulator noted that the same is true “conversely, of centralization.”
In addition, the AMF reported that some responses highlighted “the potential for a given project to evolve over time, where it may initially appear to be relatively centralised, but could evolve towards greater levels of decentralisation, particularly as it is further adopted by users, when its volume of activity increases, or as its governance becomes more open.”
This might well be the case for some DeFi projects, but again, there are degrees, and the notion of progressing to decentralization has been overplayed by some entities, such as the Ethereum blockchain and its founders.
In order to work towards a more objective measurement of where a firm/project lies on this centralization/decentralization spectrum, some respondents referred to the level of automation of projects, i.e., the more these are subject to automated processes, the more decentralized they might be.
However, the AMF suggested that “the notion of automation would likely not be sufficient in itself to judge of the level of decentralisation, as other factors such as the layout, and distribution architecture of the network on which the project operates could also be taken into account.”
In general, the idea emerged of producing some kind of ‘test of decentralization,’ which would take into account both technical aspects (such as level of automation, use of open-source code, permissioned or permissionless blockchain) and governance aspects (such as absence of control of administrator keys over a protocol or smart contract, absence of a central decision-making entity).
“Nonetheless, it appears difficult to reach a complete consensus among the responses obtained, with some respondents considering that some of the criteria mentioned should not necessarily be retained, while others consider them as central to the definition of DeFi,” said the AMF.
Despite the difficulties in reaching a complete consensus, there was agreement that defining DeFi is an important task worth attempting. With this in mind, the AMF extracted certain criteria from the responses that could, at a minimum, be used to assess an entity’s level of decentralization:
- From a technical standpoint, the level of automation and autonomy of the protocol, the absence of administrator rights or keys (or rights or privileges of a similar nature), and an assessment of the level of transparency of the code used.
- From an operational point of view, the analysis could focus on the characteristics of the activity, identifying whether it is provided in an ‘open’ manner (e.g., via a permissionless blockchain protocol that is accessible to the public) and that no custodial activity is provided via the protocol.
- From a governance point of view, criteria could be retained in order to identify situations of ‘de facto’ or ‘de jure’ control over the protocol by developers or users, considering for instance the levels of distribution in governance tokens held, as well as the effective level of participation of holders in the decision-making process.
In terms of the latter point, the AMF clarified that “it would seem clear however that, in order for an activity to be identified as decentralised, a protocol cannot in any case have a central authority (i.e. a legal entity, individual, or a group of individuals) responsible for the governance of the activity.”
After outlining responses related to what decentralization actually is, the regulator put forward the key findings related to how DeFi should be regulated.
Reflections on regulation
According to the AMF, respondents were in favor of developing a regulatory framework for DeFi, most stressing the importance of clearly defining this to provide players with as much certainty as possible.
“A consensus seemed to emerge in responses on the subject of a regulatory approach that would have the same objectives as the regulation applicable to traditional financial markets, i.e. thereby proposing an approach under the ‘same activity, same risk, same regulatory outcome’ principle,” said the report.
Fortunately, this is essentially the approach to DeFi regulation also proposed by the Bank for International Settlements (BIS), the U.K. Bank of England (BOE), and the EU Markets in Crypto Assets (MiCA) regulation, to which France is subject (or will be when it fully comes into force by the end of the year).
For this reason, the AMF suggested that “the principle of ‘same activities, same risks, same regulatory outcomes’, widely supported in the responses received from respondents, should be applied unambiguously, while taking into account the emerging features brought about by these new activities.”
Some industry players did point out that this approach would be more appropriate where the activities and risks of DeFi are similar to those of centralized finance (CeFi), but as we’ve already seen, the line between DeFi and CeFi is hazy at best, and non-existent at worst, so perhaps this point is moot.
To address specific regulatory challenges posed by DeFi, respondents also suggested that imposing certain obligations would be appropriate, such as disclosing the risks incurred and a mechanism for certifying the code and auditing smart contracts. Respondents also suggested imposing standards on protocol governance, the transparency of the code, cybersecurity, and in relation to anti-money laundering and counter-terrorist financing (AML/CFT) measures.
Permission and governance
The discussion paper also touched on several other topics related to DeFi, including an analysis of permissioned and permissionless blockchain protocols.
Permissioned blockchains restrict access to certain users who need approval to participate, while permissionless blockchains allow anyone to join and participate without approval. The main difference is that permissioned blockchains control who can access and contribute, while permissionless blockchains are open to everyone.
“A number of respondents indicated that DeFi could only be considered in the context of permissionless blockchains,” said the AMF.
This seems a logical suggestion, as any permissioned blockchain raises the question of who the permissioned people are, who approves of joining, and if they qualify as a centralized group/entity.
Once the status of a DeFi project or entity is established, the next major issue becomes governance.
A key discussion point was the ‘pseudonymity‘ of the blockchain, which can contribute to a less transparent governance of DeFi protocols, of which the AMF noted that “responses affirmed the inherent nature of pseudonymity in public and permissionless blockchains (due to their freely accessible nature).”
It went on to report how “the majority of respondents indicated that the issue of participant identification would however be fundamental to the establishment of a regulatory framework, in particular to enable the application of AML/CFT and Know Your Client rules, which are fundamental aspects that serve to maintain the integrity of the financial system.”
The admission from DeFi “industry players”—a demographic not always known for its embracing of transparency and self-identification—that some form of mandated identification would be a necessary part of any appropriate regulation makes for pleasant reading for those in the industry that favors operating openly, in compliance and within the law.
To achieve this, the AMF’s discussion paper suggested introducing a centralized digital identity that would enable the direct identification of participants at the blockchain level.
This solution would add further transparency to the public blockchain, but raises the question of feasibility, specifically which authority (or authorities) would be responsible for implementing it, given that public blockchains can operate in a global and cross-border manner.
Debates and planned follow-up
The AMF concluded by noting its appreciation to those who participated and setting out its next steps.
“The AMF wishes to thank the respondents to its paper, and intends to continue the discussion with all stakeholders involved, with a view to supporting the emergence of a regulatory framework conducive to the balanced development of decentralised finance,” said the regulator.
“Through this form of dialogue with the ecosystem, the responses brought to the paper have helped to further develop and refine the understanding of decentralised finance, in the context of discussions around the emergence of a possible regulatory framework.”
The AMF said it would continue to support the development of a coordinated regulatory approach to DeFi, particularly given the cross-border nature of its activities, to enable “a level playing field between jurisdictions.”
In this regard, the French finance watchdog was keen to draw attention to European and international initiatives in this area.
“At the European level, following the entry into force of the MiCA regulation, the European Commission will produce a report on assessing the development of decentralised finance and of the appropriate regulatory treatment of decentralised crypto-asset systems, as well as an assessment of the necessity and feasibility of regulating decentralised finance,” said the AMF.
It also pointed to the work being done at the international level by the International Organization of Securities Commissions (IOSCO)—of which the AMF is an active member—the Financial Stability Board (FSB), the Bank for International Settlements (BIS), and the Organization for Economic Cooperation and Development (OECD), all of which have published reports providing considerations and recommendations on DeFi.
The AMF rounded off by reiterating that “as indicated in the discussion paper, the next few years will prove to be crucial for DeFi, with a dual challenge: building secure and transparent mechanisms that enable the ecosystem to thrive, while ensuring better protection for investors.”
Watch: Blockchain regulation with Marcin Zarakowski