Whilst there is no generally accepted definition of “DeFi,” or what makes a product, service, arrangement or activity “decentralised”, IOSCO has referred to DeFi as a marketplace estimated in size at about $200 billion and mostly built on the Ethereum blockchain.
DeFi seeks to obviate traditional intermediaries between parties to transactions. Although it is argued that disintermediation allows for faster, cheaper and more efficient execution of transactions, it also eliminates market participants that have traditionally acted as gatekeepers, performing central roles of ensuring investor protection and market integrity.
Some of the risks highlighted include, but not limited to:
|
ASYMMETRY AND FRAUD RISKS
|
DeFi allows investment in a variety of products and services – including risky speculative trading, lending and borrowing activities on a cross-border basis and with 24/7 availability. Relatedly, DeFi can pose significant potential for investor harm. Retail investors in DeFi projects typically form part of an online community or otherwise are brought into DeFi through influencers, social media, and other forms of digital engagement and promotional activities, which can be a prominent avenue to gain more traction. Misinformation and inappropriate advertising using these promotional channels present well-understood risks to investors and lack of relevant disclosures. |
|
MARKET INTEGRITY RISKS |
Given the speculative services available through DeFi projects, the associated risks include those caused by trading and price misinformation or manipulation and conflicts of interest. |
|
FRONT-RUNNING (OR SIMILAR FRAUDS) |
On certain blockchains, miners are able to profit by using their ability to re-order or censor transactions that have been submitted to the blockchain. This has been referred to as MEV. This can occur when blockchain validators or anyone with first-hand information of transactions in the queue for validation uses this information and advanced technical skills to maximize their own profits, such as front-running. Generally, the Ethereum blockchain, upon which most DeFi apps are built, has been vulnerable to front-running as perpetrators have had sufficient time to re-order transactions in a favorable way. |
|
FLASH LOANS |
Flash loans are a type of uncollateralized lending that has been seen on DeFi protocols on the Ethereum network. Flash loans use smart contracts that do not permit the exchange of funds unless the borrower can repay the loan before the transaction ends, otherwise the smart contract cancels the transaction. Flash loan protocol, however, can facilitate the rapid exploitation of a vulnerability, such as a coding error in a smart contract. |
|
MARKET DEPENDENCIES |
For DeFi protocols to function properly, the participation of certain actors may be required, such as, validators on the underlying blockchain, arbitrage traders, liquidity providers, oracles, etc. Whilst there may be incentive structures to promote that participation, mainly through what is coined “tokenomics,” arbitrage opportunities, fees, and other profit-making mechanisms, these structures may fail, causing a protocol ultimately to fail. |
|
USE OF LEVERAGE |
DeFi products and systems offer the use of leverage, such as crypto assets borrowed from one lending protocol that can be used as collateral in another, thereby using the same underlying assets to build an increasing number of positions. This can lead to liquidation risks if they were to materialize. |
|
ILLICIT ACTIVITY RISKS |
Although some industry participants are beginning to explore the use of AML/CFT tools with their protocols, many products and services in DeFi have no requirements for AML/CFT measures, presenting potentially significant anti-money laundering and terrorist financing (AML/TF) risks. There are further vulnerabilities with anonymity-enhancing technologies, such as anonymity-enhanced cryptocurrencies (AECs), mixers, tumblers and other technologies, to obfuscate the details of financial transactions. This increases the vulnerability and exposure to ML and TF. |
|
OPERATIONAL AND TECHNOLOGY-BASED RISKS |
DeFi seeks to shift trust from traditional intermediaries to pure technology and, therefore, presents inherent technology-based risks. |
IOSCO acknowledges that DeFi is a continuously evolving area and welcomes input from the public, including the crypto asset market and DeFi participants, as well as any other interested party.
