top of page
  • L Higgins and M Bacina

IOSCO publishes its final report on DeFi

The International Organization of Securities Commissions (IOSCO) has issued its final report with policy recommendations for Decentralised Finance (DeFi).

DeFi, characterised by its use of distributed ledger or blockchain technologies, aims to revolutionise finance by operating in a disintermediated and decentralised manner.

The IOSCO paper acknowledges the potential of DeFi to foster financial innovation, enhance efficiencies, and improve access to financial products. It also underscores the importance of responsible innovation that benefits investors and markets, aligning with the rapid evolution of DeFi technologies.

In this context, IOSCO has formulated the following nine primary policy recommendations which are briefly summarised below:

  1. Analyse DeFi Products, Services, Activities, and Arrangements to Assess Regulatory Responses. IOSCO recommends that regulators should scrutinise DeFi projects on a jurisdiction-by-jurisdiction basis, considering equivalence of the project to traditional finance, while acquiring the necessary technological expertise for comprehensive analysis of the project.

  2. Identify Responsible Persons. Regulators must identify the "Responsible Person/s" in DeFi projects, encompassing those with control or influence over the assets or project.

  3. Achieve Common Standards of Regulatory Outcomes. Regulators should employ their existing frameworks or new frameworks aligned with the IOSCO Standards to regulate and supervise DeFi consistently across jurisdictions.

  4. Require Identification and Addressing of Conflicts of Interest. Regulators should mandate Responsible Persons to identify and address conflicts of interest, assessing if measures like legal disaggregation are necessary for risk mitigation.

  5. Require Identification and Addressing of Material Risks, Including Operational and Technological Risks. Responsible Persons should be required to identify and address material risks of the DeFi project, including operational and technological risks.

  6. Require Clear, Accurate, and Comprehensive Disclosures. Responsible Persons should also be required to accurately disclose comprehensive and clear (i.e. not technical) information pertinent to the DeFi products and services.

  7. Enforce Applicable Laws. Regulators should wield comprehensive powers for authorisation, inspection, investigation, surveillance, and enforcement over DeFi and Responsible Persons.

  8. Promote Cross-Border Cooperation and Information Sharing. IOSCO acknowledges the cross-border nature of DeFi and blockchain, stating that regulators should possess the capability to cooperate and share information with counterparts in other jurisdictions.

  9. Understand and Assess Interconnections Among the DeFi Market, the Broader Crypto-Asset Market, and Traditional Financial Markets. Regulators must grasp the interconnections within DeFi arrangements and the broader blockchain industry.

While the release of forward-looking guidance for blockchain is well-received, a number of the recommendations put forth by IOSCO emphasise traditional risk frameworks, which are constructed around centralised intermediaries, raising concerns about their adaptability to decentralised technologies and permissionless system. The call for identification of "responsible persons" in particular may be regarded as tantamount to re-centralisation in the provision of financial services.

The report's principles-based and outcomes-focused approach aligns with IOSCO's globally accepted standards for securities markets regulation. However, the application of these principles to DeFi without significant modification may hinder rather than foster the growth of this transformative sector. Many industry participants took to X to express their concerns:

IOSCO's emphasis on consistency in the regulation and oversight of crypto-asset markets is understandable, given their cross-border nature and the potential for regulatory arbitrage. However, the call for "same activity, same risk, same regulatory outcome" may inadvertently overlook the distinctive features of DeFi, which inherently diverge from traditional financial activities. In that context, a "similar risk, similar activity, and same regulatory outcome" approach as adopted by Australia's Treasury in its recent consultation on regulating digital asset platforms may be more appropriate.

While IOSCO's efforts to establish regulatory frameworks for DeFi are commendable and a number of the recommendations are sensible ones, a more nuanced approach is essential. DeFi's potential represents a paradigm shift in finance, and applying traditional risk frameworks without tailoring them may be detrimental. Regulators must strike a delicate balance between ensuring market integrity and investor protection and allowing room for the continued innovation and growth of the decentralized financial ecosystem which remains at a nascent stage of development. As the regulatory landscape evolves, collaboration between regulators and the industry is crucial to create a regulatory framework that nurtures innovation while safeguarding ordinary market participants and consumers.

By Michael Bacina, Steven Pettigrove, Tim Masters and Luke Higgins


bottom of page