The Asia-Pacific region has many jurisdictions with sophisticated regulatory frameworks covering a wide range of financial services. Traditional financial intermediaries — such as banks, insurers, brokers, asset managers, money lenders and other financial institutions — are regulated under these existing regimes, which are often a complex web of legislation, regulations, guidance notes, codes, circulars, audit feedback and licensing conditions. There are various requirements imposed on financial intermediaries, ranging from capital and conduct obligations to anti-money laundering/counter-terrorist financing (AML/CFT) and know-your-customer (KYC) requirements. Among other things, these are designed to ensure financial stability, accountability and customer protection.  

With the explosive growth of digital assets, regulators have become increasingly interested in virtual asset service providers (VASP) — the intermediaries that provide cryptocurrency and other digital asset trading, exchange and custodial services. APAC jurisdictions have started to act on the intergovernmental Financial Action Task Force’s call to place AML/CFT and KYC obligations on VASPs. Some have also taken the opportunity to impose customer protection, capital and conduct requirements on VASPs as well.

4 1
1 4
3 1

One of the largest subsets within the digital asset universe is decentralized finance (DeFi), which are networks that use consensus-based systems to avoid reliance on financial intermediaries. While DeFi is (or will be) subject to the same general regulations applicable to digital assets in general, their specific functions have yet to attract the same level of regulatory scrutiny. However, with the market and usage expected to grow exponentially in the coming years, it is only a matter of time before the spotlight turns to the underlying uses of these networks.

Key features of DeFi

In DeFi, smart contracts are used to automate the execution of financial agreements between parties. By leveraging blockchain technology, in most cases, there is no true central intermediary or party operating the application, and the smart contracts will automatically execute on the blockchain without further reference or instructions from any third party. 

That being said, there will often be a “sponsor” or “promoter” who develops the original code and sets up the DeFi protocol on a particular cryptographic platform (for example, Ethereum, Cardano or Solana). Such protocols may be “self governing” (for example, decentralized autonomous organizations, or DAOs) or alternatively, system participants can be given certain governance rights to direct the development of the protocol. 

DeFi encompasses a wide range of financial services which, in some ways mirror financial services offered by existing licensed financial intermediaries. Yet, in other ways, DeFi eschews the traditional frameworks on which regulatory regimes are built.

Regulators and market participants around the world are still coming to terms and grappling with how to deal with DeFi. Fundamental questions that need to be asked include the following:

  • Does DeFi fall within existing regulatory regimes and are such services in fact subject to any licensing or other regulatory obligations?
  • If licensing and other regulatory obligations are triggered, who has triggered such obligations and who should be subject to regulation?
  • Even if no licensing or regulatory obligations are triggered, should DeFi nevertheless be regulated?

DeFi in the context of existing regulatory regimes

Regulatory frameworks for financial services were not developed with DeFi in mind.

While some regulatory frameworks are now being amended to apply to digital assets, the focus so far has been on defining the digital asset as a tradable investment product and verifying those who deal in them — but not what the network does or how it operates. 

Even if a regulator were to decide that a particular DeFi project is within their remit, as mentioned above, there are fundamental questions that do not have straightforward answers. 

For example: Who can or should be licensed/regulated? 

In the context of traditional finance, there is usually an entity and/or individuals providing the service. That intermediary is legally capable of assuming and complying with legal and regulatory requirements. Licensing regimes are built around licensing such entities and/or individuals. 

But in the case of a truly decentralized protocol operating solely on smart contracts, there may not be an identifiable “person” who is clearly providing the financial services. Also, the legal relationship between the parties is not always clear. Have individuals entered into direct contractual relationships with each other, and should they be regarded as providing services? If so, how does the regulatory framework have jurisdiction over anonymous investors acting through a DeFi platform, and how will regulators enforce any restrictions?

If there is a sponsor or promoter for the DeFi platform, they might seem like the more natural party to try to regulate since there is a semblance of coordination. Then again, because DeFi platforms often give governance rights to the investors, post-launch, the sponsor or promoter might not have significant influence over the platform after the initial phase.

To an extent, legal regimes are also subject to “territorial scope,” meaning there may be limitations to a regulator’s jurisdictional reach. In order to trigger licensing obligations in a jurisdiction, it will usually be because a person carries on regulated services within that jurisdiction or because a person actively targets potential customers in a jurisdiction. In the case of DeFi, smart contracts/protocols could operate without reference to specific jurisdictions and its participants may be based in multiple jurisdictions. 

This is just one aspect that must be considered and there has not been any broad consensus as to how we tackle any of these questions. 

Let’s wait and see — but not too long

Of course, an even more fundamental question that needs to be asked is whether regulators are prepared to regulate DeFi in the first place. Past experience with digital assets suggests that regulators are often hesitant to license innovation in financial markets until they can properly understand and come to grips with the activity. At the same time — apart from in some very specific jurisdictions — no regulator wants to completely ban something that may end up being the most revolutionary movement since the internet. 

Until regulators can understand the risks and benefits of DeFi, they will likely be hesitant to push for changes to the regulatory framework that would give them the power — and the obligation — to regulate this space. 

This is not to say all regulators in APAC will necessarily be cautious. While the risks are higher, there is clearly an untapped and enormous market that DeFi could cover. For jurisdictions looking to burnish their credentials as a regional and international hub for digital assets, there will be first-mover benefits for establishing a robust and coherent approach to regulation that attracts innovation and investment.