Cointime

Cointime

Download App
iOS & Android

EU Regulations: Challenges for DeFi Lending Protocols

From LlamaRisk

Abstract

DeFi lending operates outside the scope of current European legislative frameworks, including MiCA and traditional financial regulations, prompting discussions on the need for tailored regulatory approaches. A comprehensive analysis by the EU Commission due by 30 December 2024 should assess the regulatory treatment of decentralized finance and the lending and borrowing of crypto-assets. Despite claims of decentralization, the presence of individuals/entities with significant control within DeFi platforms challenges the objective application of the VASP/CASP definition. To preserve their regulatory exemptions, DeFi lending protocols are advised to implement strategies that ensure genuine decentralization, such as developing diverse user interfaces, establishing robust DAO structures, and maintaining a permissionless design to prevent undue influence by single entities, thereby reinforcing their decentralized ethos and operational integrity.

Intro

In this article, we delve into the intricate relationship between Crypto-Assets Regulation (MiCA) and DeFi Lending protocols, with a keen focus on understanding the regulatory framework's applicability. While our expertise is primarily based on LlamaLend, the publication can be seen as an extension to the primer on Curve Lending. Our objective is also to juxtapose the regulatory mandates traditionally applicable to conventional financial entities against the unique operational paradigms of decentralized lending protocols.

I. MiCA

In April 2023, the European Union took a monumental step forward in the regulation of digital finance with the ratification of the Markets in Crypto-assets Regulation (MiCA). MiCA aims to fortify consumer and investor protection, uphold market integrity, ensure the stability of the financial system, and foster continued innovation within the digital finance sector.

MiCAR delineates its jurisdiction with clarity, asserting its applicability to entities involved in the issuance, public offering, and trading of crypto-assets within the Union, as well as service providers engaged in crypto-asset-related activities. The regulation comprehensively lists the activities and services under its purview, including but not limited to the custody and administration of crypto-assets for clients, operation of crypto-asset trading platforms, exchange of crypto-assets for fiat currencies or other digital assets, execution of crypto-asset orders, and advice and management services pertaining to crypto-asset portfolios.

Conversely, MiCAR specifies certain exclusions within its scope, such as traditional financial instruments, deposits, certain funds not classified as e-money tokens, securitisation positions, insurance and reinsurance contracts, pension products recognized for retirement income purposes, officially sanctioned occupational pension schemes, employer-mandated individual pension products, the pan-European Personal Pension Product, and social security schemes.

At the heart of our examination is the core intent of MiCA, which is structured to regulate the issuance of tokens and the provision of crypto-asset services by centralized entities. This foundational premise suggests that, in theory, DeFi protocols might initially seem to operate beyond the regulatory perimeter established by MiCA. This assumption is supported by the explicit delineations found in Recital 22, which posits that "Where crypto-asset services are provided in a fully decentralised manner without any intermediary, they should not fall within the scope of this Regulation".

Furthermore, an important aspect to consider is MiCA's deliberate omission of regulations concerning the lending and borrowing of crypto assets, as highlighted in Recital 94:

This Regulation should not address the lending and borrowing of crypto-assets, including e-money tokens, and therefore should not prejudice applicable national law. The feasibility and necessity of regulating such activities should be further assessed.

Despite these apparent exemptions, the Regulation's silence on the governance structures underpinning DeFi protocols, particularly Decentralized Autonomous Organizations (DAOs), marks a notable gap in the legislative framework. DAOs, which are pivotal in steering the development, operational strategies, and governance of DeFi protocols, exist without being anchored in a traditional legal framework. This absence of a formal legal classification for DAOs necessitates a broader exploration for an apt interpretation of "decentralization".

In this context, the updated guidance from the Financial Action Task Force (FATF) emerges as a crucial reference point. FATF stands as an independent inter-governmental organization, dedicated to forging and advocating for policies aimed at safeguarding the global financial ecosystem from the threats of money laundering and terrorist financing. Their risk-based approach to virtual assets and virtual asset service providers emerges as a critical benchmark, influencing the evolution of tailored, country-specific regulatory frameworks.

Therefore, it is a reasonable presumption that EU authorities might leverage the FATF's criteria as a consultative benchmark when scrutinizing the principles of decentralization. The FATF's guidance offers insights into when a DeFi application might traverse the boundary to be considered a Virtual Asset Service Provider (VASP), thereby falling under the purview of national and international regulatory landscapes, as per the guidance in p.67:

… creators, owners and operators or some other persons who maintain control or sufficient influence in the DeFi arrangements, even if those arrangements seem decentralized, may fall under the FATF definition of a VASP where they are providing or actively facilitating VASP services … there may be control or sufficient influence over assets or over aspects of the service’s protocol, and the existence of an ongoing business relationship between themselves and users, even if this is exercised through a smart contract or in some cases voting protocols

Nations might also consider additional factors, such as the potential for any entity to profit from the service provided, or possess the authority to modify or establish parameters that could reveal the identity of the owner or operator of a DeFi platform. The use of marketing terminology or self-proclamation as a DeFi platform does not serve as a definitive criterion, nor does the particular technology employed play a direct role in determining whether the owner or operator qualifies as a VASP.

Conversely, a DeFi protocol may achieve the hallmark of complete decentralization when it successfully eliminates any singular point of regulatory vulnerability. This entails the absence of any individual or entity wielding substantial control or influence over the protocol's assets or operational facets, or maintaining ongoing interactions with users, whether through off-chain or on-chain mechanisms.

Illustrating the practical application of these principles, we observe strategic actions by leading figures in the DeFi sector, which signify their adept navigation of regulatory challenges through the adoption of decentralization strategies.

  • In a pioneering initiative, DeFi Saver introduced the first-ever user interface (UI) for LlamaLend, facilitating early access to Curve’s novel protocol before the official launch of a Curve-endorsed UI.
  • Liquity's approach to decentralization is exemplified through its unique model of not maintaining its own frontend. Instead, it allows users to interact with the protocol via a selection of Frontend Operators, none of which are officially endorsed or vetted by Liquity, underscoring a commitment to decentralization.
  • Olympus community voted for the establishment of a decentralized ecosystem of Olympus front-ends, autonomously hosted and managed by external parties. This initiative reflects an acknowledgment of the need to mitigate centralized risk factors, with the Olympus website/frontend being identified as a residual centralization element requiring attention.

II. TradFi Regulations

In the next place, we observe the nuanced interplay between the DeFi domain and established financial regulations, such as the Markets in Financial Instruments Directive II (MiFID 2). It is evident that laws and regulations designed for traditional, centralized financial systems cannot be aligned with the innovative and decentralized nature of DeFi.

A central point of inquiry is whether the operational paradigms of DeFi lending protocols—characterized by the deposition of crypto assets for yield generation or the use of crypto assets as collateral for loans—mirror the functions of traditional credit institutions. This raises a pivotal question: How do the authorities apply existing requirements to these activities? The challenge here is underscored by the definitions and conditions set forth in the Capital Requirements Regulation (CRR), which defines a credit institution as "undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account". Such entities are enshrined within a rigorous regulatory framework that encompasses the Capital Requirements Directive (CRD) and the CRR, mandating stringent capital and liquidity requirements, alongside provisions for corporate governance to ensure board independence, diversity, and robust risk management strategies.

However, the decentralized mechanics of lending protocols starkly diverge from the characteristics of traditional financial institutions. By virtue of their architecture, DeFi protocols, constituted by smart contracts, lack the legal personhood and the capacity to perform regulated activities in the context of conventional financial regulations.

To substantiate this perspective, we closely examine the structural elements of Curve Lending. Despite its distinctive non-custodial architecture, the insights derived may not universally apply to all DeFi lending protocols. Notable features include:

  • Permissionless System: Users have the autonomy to create lending pools for any supported asset pair via the OneWayLendingFactory contract, without the need for third-party oversight or approval.
  • Non-Rehypothecation: The protocol design ensures that collateral deposited cannot be reutilized for lending or other purposes by the protocol or its users, safeguarding against leverage risks and ensuring the exclusive use of deposited assets.
  • Vaults: Each lending pool is encapsulated within a Vault contract, adhering to the ERC4626 tokenized vault standard, which oversees the issuance and redemption of pool shares. These vaults facilitate lending and borrowing transactions, managing asset transfers and internal balance adjustments accordingly. Importantly, LlamaLend contracts do not assume custody on behalf of third parties of any crypto assets or access to crypto assets in the form of private cryptographic keys.

Moreover, we posit that DeFi lending protocols inherently cannot fulfill the definition of credit institutions. The criteria outlined in the CRD, particularly in Annex I, do not adequately reflect contemporary market developments, leading to potential ambiguities in defining regulated activities. This discrepancy underscores the necessity for a harmonized regulatory approach, particularly in alignment with MiCA, to address the specifics of crypto lending and borrowing activities.

Finally, from the standpoint of the EU’s Crowdfunding Regulation, which provides a bespoke framework for peer-to-peer finance, DeFi lending remains outside its legislative purview. As per Article 2(1)(b) loan means:

an agreement whereby an investor makes available to a project owner an agreed amount of money for an agreed period of time and whereby the project owner assumes an unconditional obligation to repay that amount to the investor, together with the accrued interest, in accordance with the instalment payment schedule.

The definition does not encompass crypto-assets, nor the legislative act has been amended to refer to MiCA. DeFi lending arrangements cannot be regulated under a framework that covers only transactions in fiat currencies.

Key Takeaways

DeFi lending currently operates beyond the regulatory boundaries of both MiCA and traditional financial regulations in Europe. As the lending and borrowing protocols continue to evolve, there is a growing discourse on the necessity for bespoke regulatory frameworks. To address this emerging need, the European Commission is tasked with drafting a comprehensive report by 30 December 2024, containing:

(a) an assessment of the development of decentralised-finance in markets in crypto-assets and of the appropriate regulatory treatment of decentralised crypto-asset systems without an issuer or crypto-asset service provider, including an assessment of the necessity and feasibility of regulating decentralised finance; and (b) an assessment of the necessity and feasibility of regulating lending and borrowing of crypto-assets.

It is frequently observed that DeFi platforms label themselves as decentralized despite the existence of individuals wielding significant control or influence within the arrangement. Regulatory jurisdictions are anticipated to enforce the VASP/CASP definition objectively, without being swayed by such self-descriptions. Consequently, the architectural design of these protocols ought to be strategically developed to convincingly counter the aforementioned criteria. This necessitates a deliberate design approach to ensure genuine decentralization.

For DeFi lending protocols to maintain their regulatory exemption, predicated on the principle of full decentralization, several strategic implementations are advised. These measures are aimed at reinforcing the decentralized ethos while ensuring operational integrity and user engagement:

  • Diversification of Front-Ends: Protocols are encouraged to develop multiple user interfaces that facilitate interaction with the underlying smart contracts. Ideally, the main website can serve as a central information hub, providing access to landing pages, dashboards, technical documentation, and forums. This centralized hub can be complemented by various user interfaces, managed and hosted by third-party entities. These third parties could be incentivized through various mechanisms, ensuring a broad and decentralized access point for users.
  • Robust DAO Framework: Establishing a resilient DAO structure is critical. This involves distributing voting power among a wide array of members, thereby encouraging active participation in the governance process. Protocols should be vigilant of scenarios in which a single entity could exert undue influence over the protocol's operations. The implementation of veTokenomics serves as an exemplary model, striking a delicate balance between rewarding user engagement and fostering a genuinely decentralized governance model.
  • Permissionless Design: It is vital to cultivate a permissionless ecosystem that empowers users to freely interact with the protocol in a non-custodial manner while maintaining a responsible level of DAO-led oversight on risk. Ensuring that no single participant can dominate these crucial aspects of the protocol, and restricting protocol governance from any direct control over user deposits, is essential for preserving its decentralized nature.
Regulation
Comments

All Comments

Recommended for you

  • Tokenization platform AgriDex completes $5 million Pre-Seed round of financing

    AgriDex, a tokenization platform on the Solana blockchain, announced the completion of a $5 million Pre-Seed round of financing, led by Endeavor Ventures, with participation from African Crops Limited, Oldenburg Vineyards, and former Goldman Sachs and Citadel executive, Hank Oberoi. It is reported that AgriDex is expected to launch its platform and token, AGRI, in the third quarter of this year. According to its white paper, AgriDex has reserved 5% of the total token supply, or 50 million tokens out of 1 billion tokens, for airdrops.

  • VitalikButerin ·

    Multidimensional gas pricing

    In Ethereum, resources were up until recently limited, and priced, using a single resource called "gas". Gas is a measure of the amount of "computational effort" needed to process a given transaction or block. Gas merges together multiple types of "effort", most notably:

    Multidimensional gas pricing

  • UXUY Completes $7 Million Pre-A Round of Financing, with Investments from Binance Labs, Bitcoin Magazine, and Other Institutions

    UXUY, the next-generation decentralized multi-chain trading platform incubated by Binance Labs, announced the completion of a $7 million Pre-A round of financing. Since its establishment, its total financing amount has exceeded $10 million. UXUY is an important builder of the Bitcoin ecosystem, and more than 100,000 traders use Bitcoin Lightning Network services through UXUY. UXUY's current round of financing has received investment from well-known institutions in Asia, North America, and Europe, such as Binance Labs, UTXO Management (Bitcoin Magazine), JDI Ventures, Bixin Ventures, SWC Global, Matrix Partners, CMS Holdings, Dewhales Capital, Comma3 Ventures, Satoshi Labs, YBB Capital, GBV Capital, Web3Vision, Pentos Ventures, NGC Ventures, Alti5, Metalpha, and GSR. The funds raised by UXUY in this round will be used for the construction of the Bitcoin ecosystem infrastructure, and will be committed to promoting the efficient and low-cost trading of Lightning Network Taproot Assets, Ordinals BRC-20, Runes, and other assets. Jordan, co-founder of UXUY, said: "We are pleased to be strategic partners with all investors! This year, we have successfully built a bridge between the Bitcoin Lightning Network and the multi-chain ecosystem. UXUY will continue to promote the use cases and popularization of the Lightning Network in trading scenarios, and make more contributions to the Bitcoin ecosystem." According to RootData, a Web3 asset data platform, UXUY is a next-generation decentralized multi-chain trading platform based on MPC wallets. UXUY actively participates in the construction of the Bitcoin Layer2 ecosystem, fully integrates into the Bitcoin Lightning Network and Taproot ecosystem, provides Lightning Address DID services to users, and becomes an important bridge connecting the Bitcoin and Ethereum ecosystems. As a decentralized multi-chain trading platform, UXUY provides immediate cross-chain trading services for Coin, Token, and Inscription among public chains through the establishment of uPool.

  • Cointime精选 ·

    Why the Future of Ethereum is Smart (Accounts)

    In the dynamic landscape of Ethereum, the traditional concept of digital ownership through externally owned accounts (EOAs) is revealing its limitations. As Ethereum's ecosystem grows, incorporating more complex applications and expanding through layer-2 scaling solutions, it becomes evident that our foundational tools for ownership and interaction need an overhaul.

    Why the Future of Ethereum is Smart (Accounts)

  • Taiwan's administrative agency passed four new anti-fraud laws to bring cryptocurrency traders under control

    It was announced that Taiwan's administrative management agency has passed the "New Anti-Fraud Law" to regulate cryptocurrency traders. In the future, businesses or individuals providing virtual asset services or third-party payment services must complete anti-money laundering measures and register their services or log in. Failure to do so may result in a maximum of 2 years in prison or a fine of up to NT$5 million. Businesses or individuals outside of Taiwan providing virtual asset or third-party payment services must register their companies or branches according to company law and complete anti-money laundering measures and service registration or login. Otherwise, they are not allowed to provide virtual asset services or third-party payment services in Taiwan. Qiu Shuzhen, the deputy chairman of Taiwan's financial regulatory agency, stated that there are currently around 60 to 70 cryptocurrency traders in the market, of which 25 have passed the anti-money laundering review by the financial regulatory agency. In the future, all traders will be required to declare and undergo review, and a cryptocurrency traders' association will be established for legal, administrative, and association management. Accounting professionals will also be enlisted to assist with internal control.

  • Cointime精选 ·

    Speculatory Divergence

    There has been a growing divergence in performance between Bitcoin and Ethereum during the 2023-23 cycle thus far. This has manifested as weaker price performance for ETH, and can be explained by an overall weaker capital rotation trend, especially relative to past cycles and ATH breaks.

    Speculatory Divergence

  • EigenLayer TVL falls back to $14.794 billion

    According to DefiLlama data, the total value locked (TVL) in Ethereum's re-staking protocol EigenLayer has fallen below $15 billion, currently at $14.794 billion.

  • The EU is considering including cryptocurrencies in the 12 trillion euro investment market, and its impact may far exceed that of US ETFs

    The European Securities and Markets Authority (ESMA) is consulting with the investment product advisory industry and experts on whether cryptocurrency assets should be included. This move could open up a broader market for cryptocurrencies, far exceeding the market size of spot Bitcoin ETFs. The plan aims to expand the scope of UCITS (EU Transferable Securities Collective Investment Scheme), with the UCITS market reaching as high as €12 trillion. If successful, this would be a key step in mainstreaming cryptocurrency assets in Europe.

  • Coin Metrics ·

    The Usage & Evolution of Decentralized Exchanges (DEX’s)

    Checking in on pool liquidity, trading volumes and adoption across Ethereum DEX's

    The Usage & Evolution of Decentralized Exchanges (DEX’s)

  • SlowMist: The hacker who stole 1,155 WBTC may be from Hong Kong

    According to SlowMist analysis , the IP address associated with the theft of 1155 WBTC has been traced to Hong Kong (VPN use cannot be ruled out). Earlier reports indicated that a certain address was suspected to be a victim of phishing attacks and lost 1155 WBTC, worth 71 million USD. Subsequently, the fraudsters sold all 1155 WBTC and exchanged them for 22960 ETH, and used a large number of wallet addresses to send and launder the funds.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company