A recent study authored by Rebecca Rettig, Katja Gilman from Polygon Labs, and Michael Mosier from Arktouros proposes a strategy to classify decentralized DeFi protocols as “critical infrastructure.” This classification would subject them to oversight by the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP), potentially enhancing their safe operation.
DeFi Regulation Challenges
DeFi regulation has been a contentious issue globally, with regulatory bodies grappling to establish appropriate oversight. The study’s authors suggest a unique approach to address these challenges.
Critical Infrastructure Oversight
The proposal recommends classifying genuinely decentralized DeFi protocols as “critical infrastructure” under OCCIP’s supervision. While OCCIP is not a traditional financial regulator, it plays a vital role in enhancing the security and resilience of critical infrastructure within the financial services sector. It collaborates with various stakeholders to exchange information about cybersecurity risks and vulnerabilities.
Protecting DeFi Systems
The study asserts that implementing safety measures to combat illegal financial activities in DeFi systems is possible. Instead of forcibly introducing intermediaries into truly decentralized DeFi systems, a better analogy would be not requiring phone companies to have switchboard operators again to confirm users’ identities.
Genuine DeFi should be regarded as “critical infrastructure” and overseen by OCCIP, akin to how authorities address illegal finance risks in other financial technology systems.
No Automatic Labeling as “Financial Institutions”
Importantly, classifying genuine DeFi systems as “critical infrastructure” under OCCIP does not automatically categorize them as “financial institutions” subject to regulation under the Bank Secrecy Act (BSA). OCCIP is not bound by BSA regulations and can collaborate beyond financial institutions.
Alignment with Industry and Regulatory Efforts
This classification aligns with efforts proposed by both industry and regulators to establish regulatory measures for neutral software. These measures encompass implementing cybersecurity standards, establishing information sharing and analysis centers (ISACs), automating risk indicators, and utilizing other tools to mitigate risks.
Collaboration between the DeFi industry and regulators facilitated by OCCIP could enhance the effectiveness of ongoing initiatives. While some efforts are already underway in the DeFi sector, such as cybersecurity frameworks and ISACs, regulatory involvement could further strengthen risk mitigation measures.
Addressing Regulatory Uncertainty
DeFi has faced regulatory uncertainty, causing shifts in its activity. Regulatory clarity is essential to its growth. Earlier this year, the Commodity Futures Trading Commission (CFTC) highlighted issues with DeFi, including accountability and various risks for investors and consumers. The CFTC suggested policymakers better understand DeFi and assess its compliance with existing regulations.
In summary, classifying genuine DeFi protocols as “critical infrastructure” under OCCIP’s oversight is proposed to enhance their safety and address regulatory challenges, promoting a more secure and regulated DeFi ecosystem.