[co-author: Bryan Mulcahey of FS Vector]
Recent news coverage has highlighted two potentially watershed moments in the FinTech revolution: the rise of Decentralized Finance (“DeFi”) that challenges both traditional FinTechs and legacy financial institutions alike, and the emergence of Non-fungible Tokens (“NFTs”) that offer ownership (whether whole or fractional) of tangible or unique assets. DeFi is potentially transformative for operation of the financial services industry, and NFTs offer the chance to buy and sell unique goods ranging from the obvious (like real estate) to the esoteric (like public figures’ Tweets). While regulation of these technologies and their associated instruments may not yet be explicitly provided for, it is wise for entities active with them to consider compliance steps that may be taken now to prevent existential threats from developing later.
DeFi is an umbrella term referring to the use of blockchain technology to offer financial services without involving intermediaries like banks, brokers, or exchanges. Rather, DeFi transactions utilize “smart contracts” – pieces of code that self-execute specified transactions upon verified performance of a triggering event – that eliminate the need for a central authority or other external enforcement mechanisms. DeFi rests on the notion that by operating free from corporate and government control, users can enjoy the speed, security, transparency and accuracy that more centralized financial platforms often lack. As an inherently financial technology, DeFi also relies on related technologies to permit exchange of value between users of DeFi applications (“DApps”). These exchanges are principally conducted using the variety of cryptocurrencies known as stablecoins, which rely either on fiat currency backing or computer algorithms to maintain an effective 1:1 peg to the U.S. Dollar. However, while the bilateral nature of DeFi transactions offers immense promise and attractive simplicity, the functions performed by the technology will undoubtedly come under regulatory scrutiny, and it may need to overcome hurdles to mass adoption in the form of perceptions – correct or not – that it can heighten risks for consumers.
While the DeFi movement may gradually envelop more of the financial space, NFTs are – at present – a more niche financial product (albeit one with the potential for exponential growth). Recent NFT sales have involved products as unique (and nonfungible) as the aforementioned Tweets, digital artwork, or NBA “Topshot” virtual trading cards (more contemporary iterations of the Cryptokitties animal trading cards that were some of the earliest NFTs). As with DeFi, regulators have yet to stake out the NFT territory. This regulatory silence may, in part, have a similar explanation in both fields: no regulatory agency has clear authority over the entire industry and diffusion of responsibility has led to regulatory inaction thus far. Because a variety of DApps or NFTs may implicate the authority of a variety of regulatory agencies (e.g., SEC, CFTC, FinCEN, OCC, CFPB, state insurance regulators, etc.), including multiple such regulators for any single DApp, no agency has been a clear first mover in either field.
As we will explore in more fulsome forthcoming pieces focused specifically on DeFi and NFTs, respectively, several regulators are likely to emerge as major influences as the industries draw increasing amounts of investment capital and generate ever larger revenues. Regardless of the relevant financial regulatory regime for a particular DApp or NFT, anti-money laundering (“AML”) and counter-terrorism financing (“CFT”) obligations pervade both spaces and set a minimum compliance burden that’s likely incumbent on all entities. Recent draft standards released by the intergovernmental Financial Action Task Force (“FATF”) included revised definitions that appear to incorporate both DeFi and NFT developers, funders, and operators among those with AML and CFT obligations (belying some DeFi entities’ contentions that decentralization means such obligations are inapplicable). Entities in both fields would be wise to begin their compliance journeys now by implementing basic programs for compliance with the AML and CFT measures overseen by FinCEN, the US Financial Information Unit to whom other US agencies report suspected violations, as well as the sanctions programs overseen by the Department of Treasury’s Office of Foreign Assets Control (“OFAC”). FinCEN is the US agency that will amend its regulations to reflect the FATF standards’ final version once it is released (following a comment period and revisions.)1
FinCEN’s authority includes settling matters with violators, or referring them to the Department of Justice for prosecution. OFAC can similarly settle enforcement matters with violators, though the Department of Justice may pursue particularly egregious violations as criminal matters. Needless to say, no startup wants to risk losing its entire fundraise - or worse - by drawing such scrutiny. If FinCEN or OFAC does approach, the ability to show that an entity has thoughtfully considered its AML / CFT / sanctions obligations and taken steps to comply with them can go a long way toward building credibility and dispelling mistaken notions of illicit activity.
1. These entities should also consider whether registration is required as a Money Services Business (federal) or licensing as a money transmitter (state), including the potential benefits that either could offer them