MiCA 2.0: Regulatory Clarity for DeFi

You wanted “regulatory clarity”? Well here’s a great start.

Identity verification and compliance, especially for DeFi, are loud and clear in the latest study by the European Parliament: https://www.europarl.europa.eu/RegData/etudes/STUD/2023/740083/IPOL_STU(2023)740083_EN.pdf Whenever new policies such as these are released, most lawmakers and regulators know what needs to get done, and they do the best they can in every v1.0, leaving a few gaps to get addressed later. This allows for learning, discussion and negotiation. And now that MiCA and TFR (Transfer of Funds Regulation) v1.0 are the laws of the land in the EU, let’s take a closer look at what v2.0 will look like.

Starting with their conclusion, “Crypto poses significant challenges to EU financial regulation,”MiCA and TFR partly address these issues, as does the existing corpus of EU financial regulation…..Yet MiCA and TFR struggle with platforms that claim to be fully decentralized but in most cases are not, that we find often in crypto today. We have made bespoke proposals to address these matters by assigning, for licensing purposes, entity status to DAOs and restrict the backdoor to argue that a DAO would only serve its members. Principally, we recommend addressing….. a centralized authority of the ESAs (European Supervisory Authority) to inquire into the EU user base and make this information available to the NCAs (National Competent Authority), as well as RegTech, by virtue of a Euro Wallet.”

Further, there is a lot more covered, ranging from NFTs to reverse-solicitation, to accounting, to decentralization and groups claiming to be DAOs. The goal was to determine the gap in TFR and MiCA 1.0 and apply policy considerations specifically to TFR and DeFi. That said, TFR v1.0 of 2023 could easily be interpreted today as applicable to DeFi, so it’s a question of will regulators enforce with existing law, or will they wait until version 2.0 is enacted? Either way, DeFi will need to adhere to regulations, or face the wrath that comes with non-compliance. Again, Everest, in fully anticipating this, has created the best approach in the market; allowing DEXes to never receive personally identifiable information, fully outsourcing not only KYC, but also a license (needed per MiCA & TFR), and the full compliance suite of risk ratings, ongoing monitoring, reporting, policies, travel rule, etc. A more detailed description of the solution can be found here: https://everestdotorg.medium.com/defi-in-2023-beyond-25ea5e82ccd0

The TLDR is that DeFi will be compliant, and identity verification is at its core. And no amount of whining that “the smart contract that connects buyers, sellers and price oracle, and executes the transaction is doing it, not a person”, or legalese, or off-shoring via DAOs, governance tokens or massive decentralization are going to avoid that inevitable conclusion.

Now that you have legal clarity, what are you going to do?

SELECTED HIGHLIGHTS:

Here are some highlights in case you don’t want to read 136 pages of policy recommendations:

1. Remedying the gaps of TFR, “At the core of the problem lies the TFR’s limited scope, which does not include NFT marketplaces, decentralized platforms and services, as well as non-custodial wallets and platforms in non-cooperating third countries”. These limits open opportunities for unidentified transactions. Technically, an easy way to address the deficiency is to include all DeFi protocols, including protocols solely offering non-custodial services, into the travel rule under TFR and give up the limitation of scope depending on crypto-assets excluding NFTs and the CASP definition 379. In fact, we propose something similar, yet subject to exemptions, with a default rule that classifies all crypto-assets as securities (including the ones issued by decentralized platforms) unless exempted by NCAs (cf. infra,at 6.2.2.) and to assign entity status to DAOs for regulatory purposes (cf. infra, at 6.3.1.). Further, the Euro Wallet proposed (cf.infra, at 6.2.1c) will ring-fence the compliant sector.

a) The Default Rule: “Under such a rule (which is at its core purely procedural) crypto-assets are, by default, considered as transferable securities (i.e. financial instruments), unless exempted (or requalified) by NCAs. In turn, crypto intermediaries that seek regulatory lenience (for instance, that argue that MiFID and the Prospectus Regulation do not apply), would first need to contact an NCA and apply for an exemption.”

2. Decentralization, DeFi and DAOs…..” In short, we do not share the view that decentralization justifies exemptions from all financial laws. As we argued in 2018, the understanding that multiple nodes may cooperate virtually on their own with no humans involved is a rather simplistic description of reality.440 In actuality, humans prompt their servers to function as nodes, and humans write or upload the protocol, respectively, on their computers, which then later provide the (decentralized) operations. Similarly, many decentralized platforms provide customer services via Telegram and Discord: these serve humans, not computers. At the heart of fully decentralized platforms thus lies human cooperation, exercised through the steering of computers and servers. Human cooperation already results in the entity status of a “cooperation” under the private laws of some EU countries,441 and in most jurisdictions potentially results in joint. liability of all contributors of that cooperation.442 In particular, the mere cooperation of a team of developers or community members that either founded the project or volunteered to keep it afloat suffices in some jurisdictions for entity status. Given that the smart contracts that underlie the functioning of DeFi protocols are coded, put into operation and modified by humans, and humans decide to let them operate on their information technology, the argument that the mere use of smart contracts results in a product that is something different from the result of human cooperation, is inconclusive. If all parts of something involve human cooperation, then the sum of the parts cannot be something else.

a) We propose to acknowledge the legal qualification assigned to human cooperation in EU financial regulation. As part of EU financial regulation, we suggest the establishment of EU cross-sectoral legislation443 that (DAOs) are treated as entities for licensing purposes under EU financial regulation.

i) And if you’re a DAO that is doing something resembling financial services, then “lay out the details of its operations, risk management, compliance functions and so on, in a programme of operations (cf. Article 62(2) MiCA); cooperating developers and nodes could form an unregistered General Partnership, and developers and nodes could be held liable, in turn. See Gilbert, A., Governance Tokens Might Come With Legal Liability, US Judge Says — bZx DAO and Founders Were Sued After $55M Hack, 30 March 2023, available at: https://thedefiant.io/gov-tokens-legal-risk. 442 Zetzsche D. A., Buckley, R. P., Arner, D. W., 2018, The Distributed Liability of Distributed Ledgers: The Legal Risks of Blockchain, University of Illinois Law Review, pp. 1361–1407. 443 A cross-sectoral legislation is necessary given that decentralized services can be performed in all sectors of EU financial services. Remaining regulatory challenges in digital finance and crypto-assets after MiCA 117 PE 740.083 • provide a business continuity policy that allows for the proper winding-up of the DAO’s operations in the case of insolvency (cf. Article 34(9) MiCA); and • meet all other requirements set for CASPs under MICA and the respective other EU financial regulation.”

b) They even mapped DAOs’ requirements for compliance into accounting requirements, “Periodic disclosures and accounting: We believe this may be addressed in three ways: (a) subjecting offerors to rules as CASPs, (b) assigning entity status to DAOs, and © bespoke winding up, insolvency and restructuring legislation.”