The US Department of the Treasury has released a report on the risks of Decentralized Finance (DeFi). The report provides an overview of DeFi, including its growth and development, key characteristics, and potential benefits and risks. The report highlights the potential for DeFi to provide greater financial access and inclusion, but also warns of significant risks, including those related to money laundering, terrorist financing, and fraud. The report notes that DeFi platforms lack regulatory oversight and that the risks and vulnerabilities associated with DeFi are evolving rapidly.

The report recommends that regulators and policymakers take a risk-based approach to DeFi, focusing on identifying and mitigating the most significant risks while allowing for innovation and growth in the sector. The report also recommends that DeFi platforms implement strong anti-money laundering and counter-terrorist financing controls, as well as robust consumer protection measures. The report concludes that while DeFi presents significant risks, it also has the potential to transform the financial system, and policymakers and regulators should work to strike a balance between supporting innovation and protecting consumers and the financial system.

Original: 

Today the U.S. Department of the Treasury published the 2023 DeFi Illicit Finance Risk Assessment, the first illicit finance risk assessment conducted on decentralized finance (DeFi) in the world. The assessment considers risks associated with what are commonly called DeFi services. While there is currently no generally accepted definition of DeFi, the term broadly refers to virtual asset protocols and services that purport to allow some form of automated peer-to-peer transactions, often through use of self-executing code known as “smart contracts” based on blockchain technology. This term is frequently used loosely by the private sector, often for services that are not functionally decentralized.

Actors like the Democratic People’s Republic of Korea (DPRK), cybercriminals, ransomware attackers, thieves, and scammers are using DeFi services to transfer and launder their illicit proceeds. They are able to exploit vulnerabilities, including the fact that many DeFi services that have anti-money laundering and countering the financing of terrorism (AML/CFT) obligations fail to implement them.

“Risk assessments play a foundational role in promoting understanding of the illicit finance risk environment and more effectively protecting the integrity of the U.S. financial system,” said, Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. “Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds. Capturing the potential benefits associated with DeFi services requires addressing these risks. The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”

The primary vulnerability that illicit actors exploit stems from non-compliance by DeFi services with AML/CFT and sanctions obligations. DeFi services engaged in covered activity under the Bank Secrecy Act have AML/CFT obligations regardless of whether the services claim that they currently are or plan to be decentralized. Other vulnerabilities include the potential for some DeFi services to be out of scope for existing AML/CFT obligations, weak or non-existent AML/CFT controls for DeFi services in other jurisdictions, and poor cybersecurity controls by DeFi services, which enable the theft of funds.

While risk assessments are primarily designed to identify the scope of an issue, the study also includes recommendations for U.S. government actions to mitigate the illicit finance risks associated with DeFi services. These include:

The DeFi risk assessment builds upon Treasury’s other recent national risk assessments and furthers the work outlined in Executive Order 14067 on “Ensuring Responsible Development of Digital Assets.” It also includes a request for input from the private sector to inform next steps; Treasury welcomes feedback about the assessment.

Click here to read “Illicit Finance Risk Assessment of Decentralized Finance”

https://home.treasury.gov/system/files/136/DeFi-Risk-Full-Review.pdf