Today the International Organization of Security Commissions (IOSCO) published a 128-page report with recommendations for the regulation of Decentralized Finance (DeFi). It makes nine recommendations that include analyzing the DeFi protocol, identifying responsible persons and mapping functionality to existing regulated activities. IOSCO is looking for feedback by October 19.
A key feature of using blockchains is the so-called “maximal extractable value” (MEV). Miners or validators can change the ordering of transactions and choose which ones to exclude or include. This sort of conduct is usually illegal in conventional markets, but it is the norm in DeFi.
There are all sorts of ways of benefiting from this reordering, the most obvious being frontrunning. If I know you’re about to place a big buy order, I can place my own buy order before, taking advantage of the price movement triggered by your transaction.
MEV is part of the underlying blockchain activities, not the DeFi protocol. However, IOSCO suggests that “Regulators should seek to hold a provider of a DeFi product or service responsible for identifying and, to the extent practicable, managing and mitigating the impact of MEV strategies.” Perhaps the emphasis should be on “practicable”.
As an aside, the exploitation of MEV has increased in the last year or so because the likes of Flashbots aimed to make MEV more transparent, democratize its use and spread the rewards around. However, researchers have questioned whether it achieved its aims.
Identifying DeFi responsible person
“There is a common misconception that DeFi is truly decentralised and governed by autonomous code or smart contracts. In reality, regardless of the operating model of the DeFi arrangement, ‘responsible persons’ can be identified,” said Tuang Lee Lim, Chair of IOSCO’s Board-Level Fintech Task Force. “Our recommendations are therefore predicated on the need to identify these persons, whether legal or natural, who should bear responsibility for upholding investor protection and market integrity.”
In fact, the wording in the paper is even more forceful. “The code that implements a DeFi protocol is created, deployed, operated, and maintained by humans; it does not just spontaneously materialize and self-execute.”
Popular DeFi activities such as lending protocols and automated market makers (AMMs) both have liquidity pools. Hence the paper categorizes them as collective investment schemes, commonly known as funds.
Meanwhile, today’s IOSCO DeFi recommendations go hand in hand with the “Crypto and Digital Assets Recommendations” that IOSCO published in May.