Earlier today, the US Department of Treasury posted a report on DeFi entitled “2023 DeFi Illicit Finance Risk Assessment.” For the first time, Treasury addressed the concept of DeFi – a sector of digital assets that engenders challenges for regulators. Treasury noted that DeFi is frequently abused by bad actors recommending the need for incorporating anti-money laundering and countering the financing of terrorism (AML/CFT) processes.
The Crypto Council for Innovation has issued a statement on Treasury’s report describing it as a signal that the US Treasury is trying to encourage industry and developers to incorporate AML/CFT compliance into DeFi services.
Yaya J. Fanusie, Director of Anti-money Laundering and Cyber at the C0uncil said Treasury’s approach is similar to what Treasury/FinCEN did for Bitcoin before when it clarified that BTC had to adhere to the Bank Secrecy Act (BSA).
To quote Fanusie:
“The case studies highlighted by the report convey a key point: Illicit actors have in the past exploited vulnerabilities and regulatory gaps in the DeFi ecosystem. Treasury is arguing that the way to reduce those gaps and vulnerabilities is to bring DeFi services into compliance with the same rules that regulated financial institutions follow when doing the same activities.
There’s still a conundrum. Treasury says that even if a service is truly decentralized, activity still could require AML/CFT compliance. But it does not explain how to implement that compliance when there’s no concrete responsible party. And the report admits that not all types of DeFi services will fit under BSA obligations. What will likely have to happen is an unpacking of the different service types (that the report delineates on p.10) and identifying when AML/CFT compliance is required.
Overall, this is a positive step. If you look at how crypto exchanges actually flourished in the US after FinCEN’s 2013 guidance, this high-profile report could similarly encourage “compliant innovation” and make DeFi more accessible. But the compliance conundrum won’t be easily solved. There will need to be further international discussion on how jurisdictions should approach the issue. But US Treasury has made its position clear: It wants DeFi to comply with AML rules whether the service is decentralized or not.”
Question: While a service may be “decentralized,” it still needs a “central” authority to incorporate AML/CFT compliance, so doesn’t this challenge the entire DeFi premise?