The US Treasury Department recently published its DeFi Illicit Finance Risk Assessment, examining the risks linked to decentralized finance (DeFi) platforms. In response to the report, Coincenter, a leading cryptocurrency research and advocacy organization, raised concerns about the portrayal of all DeFi applications as non-compliant with anti-money laundering (AML) regulations. Coincenter asserts that the assessment does not adequately clarify which specific activities and DeFi actors should be subject to compliance obligations.
Mixed Messages in the Assessment
The Treasury Department’s assessment does indicate that obligations under the Bank Secrecy Act (BSA) are dependent on specific facts and circumstances, which Coincenter regards as a positive aspect. Additionally, the assessment clarifies that it does not change any laws or definitions and that the 2019 FinCEN guidance still applies.
However, Coincenter takes issue with the assessment’s confusing stance on self-hosted wallets and peer-to-peer transactions. The Treasury Department’s assertion that it is not concerned with peer-to-peer transactions that do not involve smart contracts implies concern for those transactions that do involve smart contracts. This, according to Coincenter, is indicative of a misunderstanding of DeFi’s nature and may stem from ignorance or a strategic constitutional law perspective.
Centralization vs. Decentralization Debate
Coincenter criticizes the assessment for focusing on the centralization vs. decentralization dichotomy rather than addressing the activities that trigger regulation. The organization advocates for an activities-based framing to determine whether a person or entity is a regulated financial service.
While the assessment does mention that the nature of activities is the key factor in determining registration and obligations, Coincenter argues that it spends too much time discussing irrelevant questions of centralization and decentralization.
Coincenter’s main concern with the assessment lies in its generalization that all DeFi services are failing to implement AML/CFT controls without specifying which DeFi actors are obligated to comply under the activities-based definitions. This implies that everyone is non-compliant, potentially even criminally so, regardless of whether they are obligated to comply.
