DeFi and MiCA: How much decentralisation is enough?
June 25, 2024

The emergence of decentralised finance (DeFi)has disrupted traditional financial systems, offering innovative solutionsthrough blockchain technology. As DeFi protocols gain prominence, questionsarise about their regulatory status. In this blog, we explore whether DeFi falls within the scope of the Markets in Crypto Assets Regulation (hereinafter:“MiCA”) in the European Union (EU). MiCA aims to regulate crypto assets within the EU, ensuring investor protection and market integrity.  As outlined in Recital 22, MiCA applies tonatural legal persons, other undertakings, and their activities related to crypto assets, both directly and indirectly, “including when part of suchactivities or services is performed in a decentralised manner”. Nonetheless, the regulation excludes crypto-asset services that are provided in a fully decentralised manner.  

Decentralisation and Control

In order to assess applicability of MiCA for a protocol it is crucial to look into the notion of being fully decentralised.  DeFi operates on a spectrum of decentralisation. It’s not a binary state; it aims to range from fully centralised to fully decentralised. At the heart of the issue is the tendency of many DeFi protocols to have centralised front-ends and intermediaries.  Thus, the challenge is identifying who controls the underlying system; hence, one must always inspect, assess, and determine whether the protocol is “managed” by one or more  individuals or a broader community, and how the control over the system in question is segregated and diluted by the system’s architecture and/or tokenomics of the respective protocol.

To assess this, the governance structure of each protocol, such as the delegation of votes, the number of tokens needed to vote, and the power of validating nodes, should be considered. Nodes can differ in their degree of involvement within a protocol.While some may validate the entire block history, others may contribute only a fraction of their storage capacity. In essence, not all nodes are equal in their roles. The topic of different nodes deserves a thorough discussion in another blog; therefore, it will be set aside for this article.

Furthermore, custody arrangements impact MiCA’s applicability. Under Article 3 (1) (17) of the regulation, “providing custody and administration of crypto-assets on behalf of clients” means the safekeeping or controlling, on behalf of clients, of crypto-assets or of the means of access to such crypto-assets, where applicable, in the form of private cryptographic keys. Under this article, the mode of operation of the protocol is important in determining the level of custody and administration offered through the protocol. Are assets held in a custodial manner within the DeFi protocol or users’ wallets? Is there a backup gateway for the protocol owner(s) to actively administer or upon the request of the client? Or is administration taken care of in a maintenance-only manner? Each answer opens a new legal effect and solution for the developed software via distributed ledger technologies. Blockchain lawyers shall be immediately consulted to render valid legal and regulatory advisory, and more.

Protocols play a fundamental role in the blockchain ecosystem, serving as the underlying rules and procedures that govern how transactions and operations are conducted on decentralised platforms. These protocols ensure the functionality and security of decentralised exchanges(DEXs) by managing transactions, smart contracts, and liquidity pools. In the context of liquidity pools on DEXs, the question arises whether these platforms can fall under MiCA regulations due to the centralised elements they often possess.

Firstly, governance and control over many DEXs and their liquidity pools often rest with a small group of developers or a central organisation that retains the authority to modify smart contracts, such as adjusting parameters or updating the code. The presence of administrative keys or privileged access within smart contracts further allows specific individuals or entities to intervene. Moreover, the initial setup and funding of liquidity pools usually involve centralised processes like Protocol-Owned Liquidity (POL). This is where a central entity sets up the smart contracts, brings in initial liquidity, and rewards participants. Finally, since a centralised team typically handles the ongoing upkeep and security updates of smart contracts, some form of centralised oversight is justified and necessary to ensure the operational integrity of theDEX.

Collectively, these factors raise the question of whether DEXs, due to these centralised components, must comply with MiCA regulations. The immediate answer goes in two separate directions and strictly depends on where the protocol provides crypto-asset services to, mainly based on the residency of the end-user.However, MiCA is directly applicable to DEXs that cannot prove that they are fully decentralised, as explained above.

Multisignature(“multisig”) wallets add another layer of complexity and control within this context. Multisigs require multiple parties to approve a transaction before it can be executed, and is used when assets are held in custody by a company.However, their presence can also contribute to the perception of centralization. The creation and maintenance of multisig wallets are typically managed by a central entity or a small team, reinforcing the potential for central control over some aspects of DEX’s operation. Consequently, there will always be a possibility for (bad) DeFi protocols to have backdoors and gain controlling power over the liquidity pools. As a result, there is a chance thatEU national financial regulators will require DeFi front-ends to obtain a MiCA licence.

Moreover, Article 3(1) (18) of the MiCA defines the “operation of a trading platform for crypto-assets” as the management of one or more multilateral systems, which bring together or facilitate the bringing together of multiple third-party purchasing and selling interests in crypto-assets, resulting in a contract, either by exchanging crypto-assets for funds or by the exchange of crypto-assets for other crypto-assets”. A fundamental aspect of operating a trading platform involves managing one or more multilateral systems. This will serve as a key defence for individuals deploying decentralised exchange systems that facilitate multiple buying and selling interests, including automated market makers (AMMs). When a transaction for purchasing or selling a crypto-asset is completed, it results in a contract. The legislation does not specify who the parties to this contract must be and what matters is that a contract, whether express or implied, is formed. Therefore, the strongest argument against classification asa CASP offering this service is that merely deploying smart contracts without active management does not constitute operating a trading platform. On the other hand, actively managing the platform, even if it utilises smart contracts, is likely to meet the criteria for this service. Hence, protocols that have centralised control mechanisms, as discussed above, will not qualify as fully decentralised and must obtain a MiCA licence as a CASP.

Although this all depends on a case by case basis, the issue with the MiCA and assessing decentralisation levels also lies in the fact that most regulators lack the resources and technical understanding to address DeFi governance structures.That is because, unlike legislators, regulators are used to enforcing existing laws and struggle to keep pace with technological innovations. Consequently, clarity remains elusive for many upcoming DeFi projects. Case law and court rulings are set to influence the future of DeFi within the regulatory framework and its specific interpretation.

In conclusion, DeFi’s intersection with MiCA is complex and unclear under the current guidelines. Achieving “full decentralisation” and understanding custody and different governance models are critical in order to stay out of regulatory hurdles for the moment. While regulators grapple with resource constraints, the EU must strike a balance, embracing innovation for the purpose of economic growth and legal certainty in this emerging market ofDLTs while safeguarding investors and ensuring the creation of fair and orderly markets.

 

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form. Please try again