The diverse uses of DeFi applications, such as decentralised exchanges (DEXs), decentralised forms of lending, stablecoins generated and derivatives issued and traded in a decentralised system, and initial forms of decentralised insurance and asset management, are similar to those of the conventional financial system. In addition, DeFi ancillary services have an important role to play, such as DLT oracles, crypto custodians and aggregators that concurrently address several DeFi protocols.

DAOs and on-chain governance

DeFi applications are based on predefined protocols and therefore cannot react to changing circumstances on their own. For later adjustments, protocol developers therefore regularly establish decentralised control processes (on-chain governance), which generally offer the holders of governance tokens a means of intervention. This is intended to make users participants in the platform and its success by technical means and to generate network effects (in this context, there is also talk of Web3). The degree of decentralisation of DeFi applications is not designed to be binary, but to be fluid in its structure and contingent upon a variety of factors. Insofar as the decisions of the holders of governance tokens are executed via automated smart contracts that can no longer be modified by individual actors (for example, by holders of control keys that allow access to the smart contract), this is considered a decentralised autonomous organisation (DAO). As this is a new segment, there is still a lack of established standards to regulate e.g. the scope of voting or minority rights and the responsibility and management authority of the holders of control keys. Thus, on-chain governance, so far, often lacks transparency or is even used improperly to “protect” users from the supervisory authorities, or to deceive investors.

Potential and risks

Despite the significant increase in investment and trading volume in recent years, DeFi applications are still in their early stages. So far, they are not very user-friendly: consumers still need significant knowledge of crypto assets to be able to use DeFi offerings. The potential use cases are also still limited, especially due to the requirement of (over)collateralisation through crypto assets. General risks associated with DeFi include cyber risks from smart contract hacking, misaligned economic incentives that result in the relevant protocols not working as expected (e.g. the liquidation of collateral fails to work, called an “exploit”), data protection shortcomings, issues in connection with the German Money Laundering Act (Geldwäschegesetz – GwG) when contracts are concluded with unknown or pseudonymous contracting parties.
In addition, there are counterparty and safe custody risks, as not all DeFi protocols are fully decentralised and also rely to a significant extent on stablecoins issued in a centralised manner.

However, the development of DeFi applications and the extent of the associated risks could be influenced by the increasing “tokenisation” of valuables, real estate and other real assets, because these could then be used as “blockchain-native” collateral. At the same time, the potential competition with traditional players is likely to lead to DeFi acting as an innovation driver in general, i.e. also beyond the DeFi ecosystems. For example, settlement cycles of transactions could be shortened and corresponding risks mitigated. The interoperable, modular and “open source” nature of DeFi protocols could result in entirely new innovative financial services. Increased competition could also improve the allocation of capital and risk and achieve a decentralisation of such exposures, which to date have been carried by just one or only a few key players.

Institutional participation

So far, the few links between conventional financial market players and DeFi applications are still in the trial stage. The involvement of regulated financial market participants in DeFi applications is currently problematic for a number of reasons. These include the risk management of DeFi projects, which needs to be improved, and the missing possibility of direct interaction by way of the traditional financial system. Looking ahead, however, an increase in institutional participation as intermediaries and players in the DeFi ecosystem can be expected. This development is benefiting from the increasing professionalisation of the market and the establishment of service providers that facilitate institutional participation in DeFi projects. In the financial services sector, DeFi applications could be used to open up new business areas or develop hybrid business models by combining decentralised and centralised elements. For example, companies already involved in the crypto custody business could establish themselves as new gatekeepers and provide platforms for their customers that enable them to participate in DeFi offerings.

Fake DeFi

While some centralised business models use the DeFi context for marketing purposes, they generally have nothing to do with DeFi in doing so, as they do not use on-chain governance or smart contracts/DApps and thus lack the transparency and automation of DeFi protocols (fake DeFi).

Regulatory initiatives

As part of the digital finance package, the European Commission has put forward a pilot regime for market infrastructures based on distributed ledger technology (DLT) (DLT pilot regime), which has already entered into force and will apply across the European Union (EU) from 23 March 2023 onwards. The pilot regime is intended to allow regulatory authorities and market participants in a kind of Europe-wide “regulatory sandbox” to gather experience in the trading and settlement of crypto assets via special DLT market infrastructures, such as DLT MTFs (multilateral trading facilities) or DLT SSS (securities settlement systems). The results could then be incorporated into the design of the future regulatory framework. The DLT regime is intended to create the possibility for natural persons to trade directly on a DLT MTF. Temporary exemptions from existing regulations, in particular the EU Central Securities Depository Regulation (CSDR), the second European Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR) are intended to be possible. However, these dispensing options Dispensmöglichkeiten notwithstanding, there will be no waiver of the requirement of a centrally responsible authority and the supervisory authorisation requirements. If one understands DeFi from the point of view of the automation of trading and settlement on a blockchain basis – and less in terms of the decentralised governance structures of some DeFi applications – the DLT pilot regime could in future provide a special supervisory framework for multilateral trading platforms based on the blockchain and smart contract technology, as already used by decentralised exchanges or DEXs. However, the DLT pilot regime will not provide a complete regulatory framework for DeFi; further adjustments are to be expected and are already provided for in the report on the regulatory treatment of DeFi in the Council mandate on the Regulation on Markets in Crypto-Assets (MiCA).

Are DeFi offerings subject to authorisation or prospectus requirements?

The complex and innovative DeFi business models always require detailed examination with regard to the relevant supervisory authorisation criteria. These are set out in section 1 (1) sentence 2, (1a) sentence 2 of the German Banking Act (Kreditwesengesetz – KWG) and section 1 (1), (2) sentence 2 of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz – ZAG), (banking business, financial and payment services, e-money business). Since supervisory law is fundamentally designed to be technology-neutral, the use of smart contracts and/or on-chain governance structures does not initially change the classification of the service in the existing supervisory framework. The decisive factor for the assessment is the classification of the underlying tokens; when tokens are offered, any prospectus requirements must also be observed (see Guidance Notice on crypto tokens and Guideline concerning the statutory definition of crypto custody business).

In case of doubt, the operator of the DeFi platform should have BaFin assess the specific case at hand. Feel free to use our contact form for this purpose.

BaFin can generally only provide a conclusive supervisory assessment where information is provided regarding the contractual agreements which are intended to form the basis of the respective business.