Brief Remarks to IOSCO DeFi WG

Earlier this year I was invited to take part in a meeting of the DeFi Working Group of the International Organization of Securities Commissions' Fintech Task Force. IOSCO is the organization that links securities regulators worldwide. The goal of the meeting was to provide input for a follow-up to IOSCO's Decentralized Finance Report from March 2022. I was asked to keep this confidential until the report was published, which has now happened; Policy Recommendations for Decentralized Finance (DeFi): Consultation Report.

Below the fold is the text of my brief introductory remarks with links to the sources. I will discuss the report in a subsequent post once I have studied it.

3 pools control ETH

I'm David Rosenthal. I'm here because I've been working on and writing about decentralized systems for almost a quarter-century. My expertise is primarily in the underlying technology. I'll provide the organizers the text of my remarks with links to the evidence.

2 pools control BTC

It is morally indefensible to argue that cryptocurrencies in general, and DeFi in particular, require a new or "light touch" regulatory framework on the basis that the actual present financial ruin of thousands of families is the regrettable price that must be paid for potential future marginal improvements to the efficiency of the financial system.

It is doubly so in that 14 years since Satoshi Nakamoto's magnum opus has shown these benefits are completely illusory, for two fundamental reasons:

1. The permissionless blockchain infrastructure upon which these systems are based is necessarily slow, inefficient and expensive when compared to centralized systems performing the same functions. They are slow because they depend on gossip protocols for communication. They are inefficient because they require massive replication of resources. They are expensive because the only defense against Sybil attacks is to make mounting such an attack infeasibly expensive, and this requires that participation in the network be expensive.
2. Partly because participation must be expensive powerful economic forces, such as economies of scale and network effects, mean that however "decentralized" their architecture, the practical implementations of blockchains and the systems layered on them are inevitably centralized around a small number of large participants. We observe this at the blockchain level, at the "smart contract" level, among exchanges, in money laundering, in the Gini coefficients of cryptocurrencies, and in numerous other aspects. Thus even if the alleged benefits of decentralization using permissionless blockchains were real, they would not be obtained in practice.

The costs are large and you don't get what you think you are paying for, so why pay them? Because they are less than the costs imposed by regulation in the form of foreclosed opportunities for malfeasance. Were these systems regulated as traditional finance is, the costs and the lack of benefits would render them even more uncompetitive than they currently are.

Crypto "market cap"

I note that in fourteen years their peak achievement was $2.7T in "market cap" on the back of perhaps $200B of fiat currency, hardly a pimple on the traditional financial system, at the cost of massive externalities including crime and damage to the environment.

Why are they not regulated properly? Because the regulators have been gaslit and lobbied into acting as though they are "decentralized" when they aren't, and as though "decentralization" represents an innovative breakthrough with vast potential when it isn't.

DeFi "value" locked

With respect to DeFi specifically, these "smart contracts" are programs that run on the Ethereum computer. Nicholas Weaver estimates that this computer is 1/5000 as fast as a Raspberry Pi, and although the transaction cost is currently low a day's transaction fees could buy 100K Pis.

ETH transaction cost

Why wouldn't a much faster, much cheaper system running the same programs and producing identical results on a single Raspberry Pi out-compete Ethereum? Because it would be regulated, cutting off many extremely profitable scams.

It would seem to be an existential issue for regulators if they can be rendered ineffective simply by smearing operations out across a large number of supposedly but not actually independent computers. Regulators should carefully distinguish between permissioned systems that are overtly centralized, such as Tether, and permissionless systems that claim to be decentralized, such as Ethereum. They should focus on the actual centralization of the latter.

Emily Nicolle summarizes the report's recommednations in DeFi Probes Should Focus on the Developers in Charge, Standards Body Says:

In the crackdown on decentralized finance, regulators should assume power is anything but dispersed.

That’s the message from the world’s top securities standards body, which recommended regulators home in on the people and organizations that directly influence or control areas like design, maintenance and finance in DeFi, which underpins the cryptocurrency industry.
...
It noted that in the case of so-called decentralized autonomous organizations, which often manage DeFi projects, less than 1% of a project’s token holders typically control 90% of the organization’s total voting power.

It seems the working group was listening to me and other skeptics.