DeFi regulation has become a hot topic among regulatory bodies worldwide, but Polygon Labs’ legal team, in collaboration with Arktouros, is pushing for oversight by the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). The proposal suggests classifying truly decentralized DeFi protocols as critical infrastructure, bringing them under the supervision of OCCIP, which is responsible for fortifying the security and resilience of critical infrastructure in the financial services sector.
The paper argues that rather than imposing intermediaries on real DeFi systems, safety measures can be implemented to address the risks of illegal financial activities. It likens this approach to not requiring phone companies to have switchboard operators to verify the users of each phone. Instead, genuine DeFi systems should be treated as critical infrastructure and regulated by OCCIP, similar to how illegal finance risks in other tech systems in finance are handled.
Importantly, classifying genuine DeFi systems as critical infrastructure under OCCIP does not automatically categorize them as financial institutions regulated by the Bank Secrecy Act. OCCIP is not bound by BSA regulations and is not limited to working solely with financial institutions. This aligns with industry and regulatory efforts to establish regulatory measures for neutral software, including implementing cybersecurity standards, establishing information-sharing and analysis centers (ISACs), automating risk indicators, and utilizing other tools to mitigate risks.
Unclear regulations have posed barriers to the expansion of DeFi. Although North America has been a significant user of DeFi, regulatory uncertainty in the US has led to a decrease in its share of activity. The lack of clear accountability in DeFi systems has been a concern, as it enables intentional oversight by some industry structures. Regulators, such as the Commodity Futures Trading Commission (CFTC), have highlighted the risks for investors and consumers, including fraud, market manipulation, conflicts of interest, data breaches, and privacy violations, mainly stemming from a lack of understanding of DeFi. The CFTC suggests policymakers need a better understanding of DeFi by conducting mapping exercises to determine if DeFi projects’ financial products and services fall under existing US regulations.