If you’ve been in the space of either blockchain or finance over the past 6-9 months, the surging interest in Decentralized Finance or DeFi has certainly not gone unnoticed. Referred to as nothing less than the revolution of our legacy financial system, this year alone we’ve seen predictions range from DeFi replacing our entire monetary system to being a bubble ready to burst.

Regardless of your stance on DeFi, its level of disruption and innovation are indisputable in our today’s world. The potential it carries as an alternative to our traditional, centralized system is enormous: since the beginning of this year, the USD value of crypto collateral locked in DeFi has increased more than 1200% – reaching to $11.21 billion at the time of writing this. 

Like with anything new filled with opportunities, comes also a new set of risks and complexities. 

And DeFi is no different. In this article, I’ll be talking about both the opportunities and risks of DeFi; mainly from a regulatory point of view. And importantly, what we have come up with to mitigate these risks. 

Psst – if you already know how DeFi works inside-out like your pockets and just want to know the new offer, scroll down to “Mitigating De-Fi Risk”


DeFi vs. CeFi

In order to discuss how DeFi offers an alternative for our current system, we need to first understand the key differences between decentralized and centralized finance.

Decentralized Finance (DeFi) = A set of financial services that are built on public blockchains. These are all based on open protocols and decentralized applications (dApps); enabling everything on the platform to be automated and executed without a central authority or intermediary. 

Centralized Finance (CeFi) = Our current financial system, also referred to as traditional or legacy financial system.

Centralized Finance (CeFi)  Decentralized Finance (DeFi)
Intermediaries  Requires trusted third parties (e.g. banks) to act as middlemen Smart contracts serve the purpose of intermediaries: assets are escrowed in them allowing only the user to control movements
Borders and permission Regulated. Requires KYC/AML analysis to function Permissionless and borderless. Anyone with an internet connection can access
Transparency of system Centralized, not transparent Decentralized, open source. Anyone can audit the code to test security vulnerabilities
Autonomy and self-sustainability Centralized (typically per jurisdiction), relies on trusted third party governing Self-sustaining. Full capacity for providing services autonomously 

The $100 trillion dollar opportunity 

Finance plays an essential role in our global economy but it is not an open, inclusive system. Think of small and medium-sized companies (SMEs) for instance. Grouped together, they are an engine of job creation and innovation in all major economies, representing about 90% of all businesses and over 50% of employment worldwide. But as individual operators, they have very limited access to external finance. SMEs also end up paying higher costs for transactions and premiums against risk in our traditional financial system. 

And then there are the unbanked.

With one out of 5 people in the world falling under this category with no accessibility to a reliable banking or financial institution, this is nothing less than a $380 billion dollar opportunity walking around and looking for alternatives today. And this is just traditional banking alone.

If both the unbanked and underbanked were given the same access to credit and investments we have in the developed nations, we could be looking at an “easy $100 trillion space” within the next 50 years, as Diego Zuluaga estimates from the Cato Institute’s Center for Monetary & Financial Alternatives.


The promise of Decentralized Finance

So this is where DeFi comes in. DeFi offers an alternative financial system to our traditional model by removing the need for intermediaries we rely on today in a centralized system. These could be banks and other financial institutions. Because everything is digital, permissionless, decentralized and automated, DeFi can provide lower costs, higher degrees of security and privacy. It also promotes a decision-making democracy. The ability of taking out loans, depositing funds into different savings accounts and trading complex financial products open the doors for a borderless system run by code. 

Needless to say, this speaks volumes for those isolated from our traditional financial system; not only the unbanked but virtually anyone who feels limited by it. Therefore, DeFi is often considered more inclusive than a centralized system. 

In addition to this, one of the most interesting characteristics of DeFi lies in its ability to build protocols on top of one another to enhance functionality. Imagine each financial protocol in the form of LEGOs. The ability to stack them together creates an interoperable ecosystem that plugs in and out according to needs. This has the potential of creating entirely new financial markets, products, hybrids and services; with the level of automation, speed and scalability unimaginable for our legacy system. 


DeFi solves our legacy problems – but brings new complexities

Decentralization of our legacy financial system may help solve the age-old issues; such as the cost of intermediaries, inefficiencies, limited accessibility, transparency, immutability and democracy. But as it often happens, fixing existing problems gives birth to a whole range of new ones: protocol performance, network fees, volatility, overcollateralization and scams.

What we consider as some of the most characteristic strengths of DeFi today are, unfortunately, also some of its key vulnerabilities.

No central authority 

Because DeFi runs on an open blockchain, it is permissionless and borderless by default. Interoperability of dApps and tokens enable one team to come up with a product that can be directly integrated into another product without asking for permission. 

To put simple, having no central authority here means zero layers of bureaucracy, which makes it much easier to both create and participate. Virtually anyone with an internet connection can build a lending program, for instance, and plug it into the ecosystem. With decent economic incentives in place (which doesn’t take much in this day and age of traditional banks offering an average 0.05% interest (US) for savings accounts), you could build a fairly complex financial product varying from pool-based strategies (e.g. Aave) to locking up a certain amount of funds (e.g. MakerDAO) pegged to fiat currency. 

This same characteristic, however, means there are no governing bodies overseeing the intentions of DeFi platforms or their developers. Because the space is entirely permissionless and unregulated, each user audits their own choices based on their own experience and knowledge to best avoid scams and fraudsters. 


Privacy, accessibility and democracy of participation

Without a centralized governing body, there are no requirements for participation either: anyone can join, vote and hence shape the future of platform development. Because DeFi protocols run open source, your next-door neighbor Joe can come up with a financial product and develop a new way of adding value. This ability leverages network effect as it accelerates innovation, rapid testing and incentives the public to participate in shaping future direction.

However, it is important to remember that these DeFi products your average Joe is creating can also be some of the more regulated financial products in our traditional system. A system where KYC/AML requirements guard the doors of finance through identity proofs to credit checks. Which, by the way, are the baseline criteria for opening a simple bank account. Not to mention any levels of lending, borrowing, trading or airdropping in the market, which happen in DeFi without anyone batting an eye. 

DeFi has zero KYC/AML requirements (as of today, keep in mind this is likely to change). Hence, this means full privacy, anonymity, inclusion and freedom of participation to many otherwise limited to our financial system. And while this is understandably one of the most attractive characteristics of DeFi, this open-door policy also means illicit money can circulate within the system with no Anti-Money Laundering measures. Just like there are no regulators to ‘protect’ average users from errors, frauds and scams in the space. 


Full control as a user 

No central authority and no intermediaries means you, as a user, are in full control over your assets. Traditionally, buying a simple product might easily take 3-5 different middlemen (and their service charges) before your money reaches the merchant, whereas DeFi enables this transaction directly through validator nodes (e.g. on Ethereum). 

This also removes your dependency on agency office hours or physical locations, your ability to trust them and so on. But make no mistake, this also shifts the responsibility from intermediaries to you as the user, which is a double-edged sword: manual mistakes, user errors, scams, losing your wallet, getting your hardware robbed… this all falls for on your shoulders as you shift your trust from traditional intermediaries onto yourself, and smart contracts. 


Security and smart contract risk 

This entire space is new which means the risks involved are also new. While blockchain-based solutions are often referred to as a more secure alternative to our current system, a better (and perhaps more realistic) description could be: decentralization minimizes the risk of old pain points but shifts the risk onto something new. Classic, huh?

Basically, if traditional CeFi asks its users to trust its custody and centralized servers, DeFi is asking its users to trust the code. 

In theory, blockchain-based solutions are unhackable. In reality, it isn’t that simple as all systems have vulnerabilities. While decentralization may indeed remove single-point vulnerabilities of centralized servers, we do have the friendly reminders from the infamous 51% attack and not that long ago, another bZx hack, from one misplaced line of code. 

Smart contract risk is arguably one of the most significant risks (and asks) of the entire space as user assets are fully dependent on smart contracts not having vulnerabilities. In the case there are, there is a risk these vulnerabilities multiply when protocols interact with each other. This can lead to a general system vulnerability. 


Regulatory risk of DeFi

We can’t emphasize this enough. While the baseline philosophy of the entire decentralized space is based on – well, decentralization, the jurisdictions we live in are still centralized. And as long as that is the reality, DeFi needs to keep its eyes wide open. 

Today, the entire DeFi community operates in a grey area. A regulation-free sandbox of its own, if you will. And although this enables the space to innovate freely, co-develop interoperable models and disruptive solutions sorely needed in our legacy system, we are talking about serious financial products here that would fall under a range of asset classes in the real world. And as a result, significant regulation. 

Example: governance tokens, which are becoming increasingly more popular in the space giving its users a direct stake in managing DeFi platforms, are mainly security tokens i.e. securities → i.e. regulated by governments and financial institutions. 

Because DeFi protocols are permissionless by design, anyone in any country is able to access them with zero regulatory compliance. As a result, it can easily become a haven for money laundering. Similarly, because anyone can build products with a variety of intentions, it opens up the space for scams and a range of other activities. Both are sufficient enough reasons for governing bodies to step in, in case the lack of KYC/AML isn’t enough. 

A report recently published by BCG Platinion and Crypto.com predicts based on current regulatory trends that DeFi would likely fall under the scope of regulators as the space grows in scale. “As such, DeFi may become partially permissioned, using decentralized identity and address checking services to block certain users from its use. Another possibility is that regulators will deem the compliance requirements imposed on centralized exchanges to be sufficient”, the report says. 

Mitigating De-Fi Risk 

“People are now creating all kinds of things: borrowing, staking, liquidity pools, insurance. To make sure that DeFi platforms are attracting more customers, they are creating all kinds of incentives, airdropping them etc. This is all good but here’s the thing: majority of these tokens will, most likely, at some point be declared as security tokens. As many teams have been through the ICO waves and seen how the SEC acted, they probably know there is a good chance that similar actions will come to DeFi as well. So how do you operate in this space in a compliant way?” 

This was the basis of the conversation between me and Stefano a while back. And this is a legitimate concern in the DeFi space as it operates in an area that would traditionally fall under heavy regulations to protect average users from scams and high-risk products. 

Where are we today

Some DeFi protocols believe they are sheltered from possible future regulations by moving towards full decentralization, from source to governance. So that it couldn’t be ‘shut down’ even if its original creators wanted to. The scale and range of decentralization ranges however and in reality, it can be more challenging than it sounds. Take Uniswap, for instance, that recently launched its UNI token aiming to distribute all the way to its end users and become a truly decentralized, community-led platform. However, Uniswap has raised substantial venture capital from centralized entities (led by Andreessen Horowitz), making complete loss of control highly difficult. Hence, they kept a skeleton key to the protocol: compromising slightly on their decentralization, at least in the near term. 

The threat regulatory risk poses on DeFi space is nothing less than existential. Therefore, this requires serious attention from both developers and users. They say risk is the price you pay for the opportunity. Well then, is there a way to mitigate those risks – without losing the opportunity?


In other words, how can one operate in DeFi in a compliant way? Is it even possible today? 

The short answer is yes. 

The only way possible today, that we know of, is creating a private foundation to own the assets (e.g. possible keys, tokens etc). The beneficiaries of the foundation in this case would be the token holders. But because it is a foundation, it isn’t able to carry any business activities. 

Here is how it would work to put in a simple form: 

  • You create a foundation and place your assets within the foundation.

    Foundation is an independent legal entity typically with a multitude of purposes (charity, asset distribution etc.) that has no right to ‘execute’ tasks other than holding the asset. Generally speaking, there are 2 types of foundations:
    public, able to source funding from the public; and private, typically only 1 source of funding e.g. Bill & Melinda Gates Foundation. In this article, when we say ‘foundation’, we mean a private foundation.

  • Because we are talking about a DeFi product, ownership of the asset means ownership of the smart contract key. In other words, the foundation is the owner of the key that has access to the asset. 
  • In order to execute tasks, if needed, the foundation can hire a company to do whatever it needs to do. (e.g. security checks, developing a new feature) 
  • The beneficiaries of the foundation in this case would be the token holders. This means holders can vote for the project’s future; the foundation would be in place to make sure the decisions are respected.

A legal entity mitigates regulatory risk

So, in addition to incorporating Smart Companies, we can now also set up private foundations. We have had countless conversations with lawyers and agents about this topic. And so far, this seems to be the only viable option available from a regulatory point of view in mitigating a DeFi project’s risk. 

This direction we’ve chosen also supports current legislative trends. The European Commission’s newly proposed crypto regulations have just been recently published, posing a specific risk for the DeFi space. Long story short, the regulations require all crypto-asset issuers to be incorporated as a legal entity in order to operate crypto services within the European Union. Under this new law, many DeFi projects would completely lose access to the European market and its citizens without incorporating themselves. 

The solution we are offering is setting up a legal entity in the form of a foundation. Because a foundation has no direct owners (e.g shareholders, partners etc.), its sole purpose is to benefit a group of individuals; in the DeFi context this would be its community. 

Let’s look at this through an example

Voting for a DAO’s future development: 

Background: anyone in DeFi can build their own financial product or service. This is done by creating a DAO which in this context = the smart contract. 

  • This DAO has issued a total 100 governance tokens. They have set up a private foundation that holds their assets i.e. the key to access the smart contract. 
  • Out of 100 tokens, 50 are distributed to their community. 49 are in the treasury, which is represented by 1 wallet. Therefore, 50 wallets + 1 treasury = 51 wallets in total that own tokens.
  • It’s time to vote for the future direction of the project. Everyone (50) votes, except the treasury. 
  • Based on the resolution, the project decides to move towards direction A. 
  • The foundation owns the key to the treasury. And due to its nature, the foundation must follow the interest of its majority holders; hence, direction A. The project developers have shifted ownership from themselves into the foundation; making things like scamming the users by running away with the keys, for instance, much more difficult. 
  • This mitigates the risk involved in the space; it wraps a decentralized product into a legal framework without scrutinizing the DeFi characteristics out of it. 

Basically, what’s happening here is we take a decentralized product (e.g a DAO) from a high-risk space and wrap a layer of centralized governing around it; an entity that now offers legal protection as well as trust amongst its community members. 


I’ll keep it simple. There’s no doubt that DeFi has the potential and capability of disrupting our traditional financial system. But the price of its opportunities today also require non-stop attention from anyone involved in the space. While DeFi’s liquidity, usability and scalability are widely recognized issues the community is busy trying to improve, its regulatory threats are what’s causing the existential risk to the entire ecosystem at the time of writing this. 

Hence, we are doing what we are doing. Providing you a compliant framework – so you can stop worrying and go back to solving those scalability issues of DeFi 😉


Have thoughts or feedback on this? Or perhaps something we haven’t thought about?

Drop us a line at future@korporatio.com or talk to us on discord!