In this series of blogposts, we explore some of the main types of decentralised finance applications and key areas of legal risk that may be of particular relevance for that type of application or product.
In this first blogpost, we consider the nature of decentralised finance itself.
What is DeFi?
Decentralised finance (or DeFi) is a broad term referring to decentralised applications (dApps), operated through smart contracts on a blockchain, that provide cryptoasset-related financial services, solutions or products. DeFi dApp use cases include lending and borrowing, insurance, trading in synthetic assets, prediction markets and beyond.
DeFi is considered to be one of the most exciting recent developments in the blockchain sector due to the potential to “democratise” financial products, create liquidity for cryptoassets and to expand further the potential use cases for blockchain technology.
The scope of DeFi applications (and associated use cases) is growing rapidly, as are the number of dApps being developed within each category.
As is often the case in the blockchain sector, there is currently a lack of standardisation as to the approach to, and operation of, DeFi dApps (including where different dApps are providing similar DeFi services and products), as project teams are constantly innovating new products and addressing issues highlighted by existing dApp projects.
However, at a high level, DeFi dApps generally have the following key features:
- Decentralised – as the name suggests, DeFi dApps are decentralised (i.e. they operate without the need for centralised control of individuals or an organisation) and operate through smart contracts (instances of code programmed to self-execute automatically). This means that, once the dApp is deployed to the blockchain, there is no further need for human intervention (except where the community using the dApp identifies a need for code upgrades or bug fixes).
- Permissionless – users interact with DeFi dApps directly through their own cryptocurrency wallet (i.e. a wallet for which the user controls the private key). Unless functionality has been implemented into the dApp to restrict user access based on certain pre-“DeFined” criteria, the dApp will be available for use by all participants on the blockchain – that is, on a “permissionless” basis.
- Open source / auditable code – smart contract code operating the dApp is typically “open source” and therefore available for all blockchain participants to review and audit. Transaction activity on the dApp is also publically available for everyone to view.
- Interoperable with other DeFi dApps / digital tokens – existing DeFi dApps or products can be combined or integrated to build new dApp solutions or provide additional functionality to existing dApps.
Key legal considerations
Given the borderless nature of blockchain technology, the jurisdictional scope of applicable laws in relation to dApps is potentially global. However, it may be possible to implement technical functionality within dApps to impose jurisdictional restrictions to block, for example, access by IP addresses from certain countries. The effectiveness of such measures (particularly in relation to regulatory / securities issues) is likely to depend on the specific local legislation in question.
In addition, due to the nascent and innovative nature of DeFi (and smart contracts and blockchains more broadly), applications and products will rarely fall neatly within existing legal and regulatory frameworks.
The following key legal risk areas are likely to be relevant for all DeFi projects:
- Legal classification and enforceability – understanding the legal nature of cryptoassets, legal enforceability of smart contracts and the parties to which legal liability will attach, in order to ensure adequate legal protection is sought and liabilities mitigated (see The Legal Nature of Cryptoassets and Smart Contracts for further information).
- Data privacy – identifying responsibility for data protection compliance in relation to the collection and storage of personal data and (to the extent possible in light of the challenges introduced due to the nature of blockchain technology) ensuring compliance with applicable data privacy laws (see Unlocking the blockchain – A global legal and regulatory guide: Identity use cases and privacy implications (Data protection considerations in use of DLT more generally) for further information).
- Intellectual property – ensuring that dApps being developed do not infringe intellectual property rights of others and potentially taking steps to entrench value in dApps developed through the protection of intellectual property rights in them (see Unlocking the blockchain – A global legal and regulatory guide: Using intellectual property rights to protect distributed ledger technology for further information).
- Dispute resolution – appreciating the complexities involved with the potential multi-jurisdictional issues associated with resolving disputes that may arise as between users and / or between users and the developers of a DeFi dApp (see Unlocking the blockchain – A global legal and regulatory guide: Blockchain disputes: risks and resolutions for further information).
- Consumer protection – consideration as to the implications of the potential application of consumer rights laws, the scope of which will vary depending on the jurisdiction of the relevant user of the dApp.
- Regulatory frameworks / securities laws – analysis as to the applicable regulatory frameworks and securities laws that may apply to any digital tokens issued as part the operation of a dApp, transactions taking place in relation to cryptoassets via a dApp and / or the nature of activities being undertaken through the dApp will need to be fully understood.
- AML – understanding the application of relevant anti-money laundering (AML) and know-your-customer (KYC) regimes, whether in order to meet requirements imposed as a matter of law or as a means to manage regulatory and commercial risk (see Unlocking the blockchain – A global legal and regulatory guide: Identity use cases and privacy implications for further information).
- Tax – consideration as to whether any tax is payable in respect of the issuance of any digitised tokens, such as VAT or any other indirect tax, and if there is, who is responsible for it. Users of DeFi dApps may also want to consider the personal tax implications of any gains made as a result of activities on DeFi dApps, for example, through yield farming.