The European Securities and Markets Authority (ESMA) warned of "serious risks" of investors being harmed by decentralized finance (DeFi) in a Wednesday report despite the innovative technology being in its infancy.
ESMA, an EU agency that is due to set rules under the bloc’s landmark Markets in Crypto Assets Regulation (MiCA), promised to look further into the nascent market, which has posed a puzzle for policymakers who are used to pinning regulatory obligations on centralized entities like banks or securities exchanges.
“Although investors’ exposure to DeFi remains small overall, there are serious risks to investor protection, due to the highly speculative nature of many DeFi arrangements, important operational and security vulnerabilities, and the lack of a clearly identified responsible party,” said the report prepared by the Paris-based agency, promising annual reports on the sector.
While in principle, DeFi – which uses smart contracts to automatically execute loans or other financial services – poses less of a risk of counterparties defaulting, the report notes heightened volatility in crypto markets and anonymity that enables dubious behavior like wash trading, in which sale volumes are inflated to manipulate markets.
ESMA last week proposed a swathe of new rules for crypto asset service providers under MiCA, such as the environmental disclosures that will need to be included in issuers’ white papers. A further report on Wednesday highlighted the potentially innovative nature of the smart contracts used in DeFi, noting they can range from financially-motivated Ponzi schemes to operational memory management.
ESMA is not the only regulator wondering how to deal with DeFi projects, and the International Organization of Securities Commissions recently proposed to treat them on a par with conventional finance. In response to a consultation from the French financial regulator, AMF, the lobby group EU Crypto Initiative has recently argued that DeFi needs a tailored approach – with programmers not held legally liable merely because they realize their code could be misused.