The Gordian knot of DeFi and DAOs
The Gordian knot of decentralisation and the real world
The rapid emergence of Decentralised Finance (DeFi) and Decentralised Autonomous Organisations (DAO) has been fascinating in both the rapid innovations and their application in novel business models. The decentralised models of both DeFi and DAOs have challenged existing structures and the way we do things.
The common thread of DAOs and DeFi is that they have decentralisation at the core, and they have economic and/or social purposes. From a purist viewpoint, these are legitimate, self-organized operations that are valid alternatives to traditional financial and business structures. The counterview is that although the technology permits it, they are not exempt from the rules that govern organisations and financial products.
The conflict is where the new structures meet the real world, people who are resident in countries and interact with businesses who have obligations in the jurisdiction they operate in.
DAOs and Legitimacy
There is a vast range of DAOs that have been created and what they are set up to do. The basic mechanisms of a DAO are that there is a set of participants who have voting rights according to how they are set up, which may include governance tokens.
Many DAOs look like corporate or non-profit organisations, and there is often a desire for DAO members to limit liability but do not want to register the entity to retain decentralisation. Even if a DAO is not a registered entity where you have a collection of people operating an organisation, it is recognized as an unincorporated company, and the individuals are jointly responsible and liable. In the absence of a registered company, then the members are liable for the income and thus taxation individually through a pass-through mechanism. Unlike a company, they cannot retain profit or offset losses from previous years.
The corporate structure has evolved to encode rights and responsibility, the need for registration, filing key documents, having people responsible, and minimum share capital is required in exchange for rights such as limitation of liability and treatment of taxation that is not enjoyed by individuals.
If in the future, the DAO is accepted as a legitimate company formation without needing to register or have officials who are responsible for the organisation and the members enjoy limited liability, this would have massive implications for registered businesses and would undoubtedly see a mass of companies unregistering. Would that be a bad thing? It probably would as company law has evolved over centuries and has been battle-tested in a constant tussle between businesses and the law.
There is a place for a DAO, and it isn’t a substitute for corporate structures and is definitely not a new decentralised paradigm shift or whatever language advocates use.
Realistically, we probably only need a small number of DAOs that look more like constructs from political science than something out of corporate governance. But those are the really important ones. — Vitalik Buterin
DeFi and the real world
The rise and rise of DeFi have been amazing to watch, both the good bits and the bad. By good bits projects, such as DAI, which has stood every test, and the liquidity pools of Circle, to name a few, the bad bits, such as flash loans being used to set up complex transactions to acquire fist fulls of tokens at the expense of everyone else.
The automated market makers operate 24 hours a day, seven days a week, and are fully automated, as do the lending protocols, which also monitor margins and have automated liquidation if the collateral is insufficient.
In a self-contained world, these protocols in the DeFi space operate as fully decentralised, always on, and transact a lot of business every day. Unlike the Centralised Exchanges, the end users have custody of their tokens.
The regulators are busy trying to understand this emerging space and have not rushed out rules (DeFi is notably absent in MiCA), but this doesn’t mean that DeFi has the freedom forever.
The conflicts begin with the origin of funds and basic KYC (know your client) checks, as the DeFi protocols do not have checks, and it is unclear in a decentralised protocol who would be responsible? There have been attempts to claim in the absence of identifiable individuals then, the software engineers who wrote and deployed the projects become liable, which becomes problematic, especially if there are questions around whether tokens issued fall under securities law.
There are arguments that DeFi is a special case as the implementation of AML checks across the world has yielded very little, so why insist on a mechanism that doesn’t work? The arguments against obliging DeFi protocols to perform KYC are that DeFi is transparent and there is no place for a check for suitability, and it does not matter where the person lives.
There is a good case for AML checks on the fiat on/off ramp until payments by tokens are widely adopted, and then it will need reviewing. There is also a case for financial crime units to monitor blockchains for suspicious activities to follow the proceeds of crime rather than burdening the protocols, which checks and policies.
KYC in the crypto space is conflated with onboarding, and once passed, that is it; this is, however, only part of the KYC process. KYC in traditional markets also means checking the customer's risk appetite, investment outlooks and time frames, and their knowledge of financial instruments, and importantly mandates period checks to ensure the information is correct. A solution to this is verifiable credentials using zero-knowledge proofs meaning the DeFi protocol can verify that the address has the correct credentials. The verification process leaks no information about the identity but establishes, for example, that the holder can trade binary options. The investor profile is securely stored, and the data is protected using standards like eIDAS. It can be argued that there is centralisation in the data stores as they are by definition, off-chain, but they are independent and can be used across the DeFi protocols as long as the DeFi protocols implement it.
Another approach to meet regulations is to examine how access to the DeFi protocols is normally done through a web or mobile application and whether these gateways could be adapted to meet regulations and leave the smart contracts underpinning the protocols decentralised. Rather than a one-size-fits-all, there could be an app for each jurisdiction. We see this in Web2, where you have to select your country of origin and language before entering a website.
Why this needs fixing now
2022 has seen major earthquakes in the crypto landscape with the implosion of Luna/Terra, Celsius, Three Arrows Capital, and, more recently, FTX. The common theme is leverage, opacity, and centralisation. The regulatory scrutiny will rightly intensify as people are losing money and getting hurt.
The old dialog of “we are better than the banking monopoly” and “we are not big corporations; we are your side” has been totally discredited. These big organisations that collapsed were worse than the corporates they were demonizing. Segregated customer accounts, capital requirements, and reporting have all been put in place to counteract the very thing that happened in the crypto markets.
Blanket regulations to tackle centralised exchanges and entities, which are the eye of the storm, will have an impact on DAOs and DeFi. The window of opportunity is closing, as the regulators are trying to understand the space to ensure the regulations they will write are proportionate and do not stifle innovation. Rather than wait and have regulation imposed on DAOs and DeFi, how about getting our house in order and create practical frameworks that demonstrate investor protection and fair and orderly markets?
Tgrade has been built with frameworks to support sensible regulations and allow businesses and communities to flourish with rules set by the organisations.