World Regulators Are Looking at DeFi

The U.S. Treasury Department and French central bank published reports looking at DeFi risks and providing recommendations for mitigating them.

AccessTimeIconApr 11, 2023 at 11:02 p.m. UTC
Updated Apr 12, 2023 at 2:42 p.m. UTC

Decentralized finance (DeFi) is entering regulators’ crosshairs, but they don’t seem to be intent on taking it out – yet anyway. Instead a pair of reports from U.S. and French authorities seem more focused on understanding what sort of risks DeFi might pose to both users and the broader financial world, and whether there are ways to mitigate these risks while still allowing their operation.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

DeFi by any other name

The narrative

Decentralized finance (DeFi) is suddenly a major topic of concern among financial regulators, with both the U.S. and France publishing reports analyzing the potential risks these projects might pose to their respective governments and providing recommendations for how regulators and developers can mitigate these concerns.

Why it matters

DeFi has been a growing part of the crypto sector for a while now, but recent exchange collapses, bank failures and lender bankruptcies are shining a wider spotlight on decentralized (or purportedly decentralized) projects. Regulators are now looking at how they may oversee these entities and services.

Breaking it down

The U.S. Treasury Department and French central bank both published reports assessing how well DeFi entities meet anti-money laundering regulations and how these entities and tools may be used in illicit finance.

The U.S. risk assessment pointed to some of the major hacks and issues in DeFi over the past few months, such as North Korea’s use of DeFi to launder funds and other related concerns about how DeFi projects may not meet know-your-customer/anti-money laundering (KYC/AML) rules or just be really easy to steal from.

To be clear, these reports weren’t exactly positive for crypto. The U.S. report, for example, noted that many DeFi projects are open source in the hopes that the broader community may spot vulnerabilities, but this same open sourcing may allow attackers to find an exploit.

“This vulnerability can be compounded if the smart contracts are not written carefully or if they lack a mechanism for quick deactivation or alterations if a critical exploit is identified,” the U.S. report said. “As such, it is critical that the DeFi service identify and address vulnerabilities and potential exploits in open-source code.”

But the report seems fairly neutral toward DeFi itself – the recommendations ranged from “strengthening existing supervisory and enforcement actions” to meet legal requirements to better engaging with private-sector projects.

The French report similarly suggested that the government could create a set of “minimum standards” that would define how it assessed risks and decentralization, or otherwise try and move financial transactions to specifically private blockchains. The report even suggested going so far as to create a certification for developers to meet.

The U.S. Treasury Department also posed a number of questions for public feedback, including how it should determine if any given DeFi project is actually a financial institution subject to Bank Secrecy Act regulations.

The U.S. report even hinted at the suggestion of providing further guidance for projects which could provide clarity.

“The assessment finds that non-compliance by covered DeFi services with AML/CFT obligations may be partially attributable to a lack of understanding of how AML/CFT regulations apply to DeFi services,” the report said, referring to combating the financing of terrorism (CFT). “Are there additional recommendations for ways to clarify and remind DeFi services that fall under the BSA definition of a financial institution of their existing AML/CFT regulatory obligations?”

The reports, while often quite critical of DeFi, both seem to operate from the base understanding that these projects will continue operating, and aren’t calling for banning this segment of the crypto sector.

Stories you may have missed

Consensus 2023

It’s that time of year again folks. CoinDesk’s Consensus 2023 will be held April 26-28 in Austin, Texas. I’ll be moderating four sessions: one-on-one discussions with Coinbase’s Paul Grewal, NYDFS’ Adrienne Harris and the CFTC’s Christy Goldsmith Romero, and a panel with House Financial Services Committee Chair Rep. Patrick McHenry and Senator Cynthia Lummis. As always, I’m interested in what you are interested in: If you have any questions for one of these speakers, shoot me an email, subject line “Consensus 2023 question,” and I may ask the best ones on stage.

This week

SoC 4/11


  • 15:30 UTC (11:30 a.m. ET) The International Monetary Fund and World Bank are holding their annual spring meeting this week. There will be two panels on crypto issues starting at 11:30.
  • 17:30 UTC (1:30 p.m. ET) FTX will hold another bankruptcy hearing where, among other issues, the question of whether or not founder Sam Bankman-Fried can access funds for his own legal fees.


  • 17:00 UTC (1:00 p.m. ET) Genesis creditors will meet. (Genesis is a CoinDesk sister company.)


  • (Gizmodo) This is pretty cool – Google is looking to get rid of third-party cookies. This piece goes through what that may mean.
  • (The New York Times) The Times published a long-anticipated article on the impact crypto mining is having around the country, alleging the industry led to higher energy costs for local residents and other concerns. One mining firm, Riot, published a brief response later on Monday.
  • (U.S. District Court for the Eastern District of New York) It was only a matter of time before Signature Bank was sued. Here’s what I imagine may be the first of several putative class actions alleging Signature and its management misled stockholders.
  • (Iowa Law Review, forthcoming) University of Alabama School of Law Professor Julie Hill, an expert and researcher on banking issues, is publishing a paper which says “the Fed has overstepped” in denying payment services applications from companies like Custodia.
  • (Foreign Affairs) American University College of Law Professor Hilary Allen, who is also a member of the CFTC’s Technology Advisory Committee, called for U.S. regulators to ban – or at the least, try and curtail – crypto activities.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.