Tornado Cash shows that DeFi can’t escape regulation

Regulation

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions against Tornado Cash this month, marking its first action against a decentralized finance (mixer in what may prove to be a watershed moment for DeFi regulation.

A lack of response and regulatory preparation from the industry is perhaps unsurprising of a mindset honed outside the rule of law. Yet, the potential of DeFi is threatened if its leaders do not face the reality that regulation in this space will only increase. Taking steps to work with regulators is now the only way forward.

On Aug. 8, OFAC targeted Tornado Cash for processing transactions totaling more than $1.5 billion on behalf of illicit actors, including North Korean cybercriminals. The consequences of the action are severe: US individuals and companies, including crypto exchanges and financial institutions, are now prohibited from transacting with Tornado Cash addresses.

This will hinder criminals’ ability to launder funds through the service, which has become a prolific part of the cybercrime ecosystem. However, OFAC’s action against Tornado Cash sends a clear message to everyone in the space: DeFi is now firmly in regulators’ crosshairs and won’t escape regulation.

Related: Tornado Cash community fund multisignature wallet disbands amid sanctions

History tells us it is inevitable now that regulatory scrutiny will only accelerate. Prevailing “DeFi think” is a tendency to ignore or brush this fact under the carpet, but a rethink is needed. Regulators’ motives are not malevolent. They are simply toeing the very fine line of suppressing crime without neutering the positive potential of DeFi.

To evidence this, a Financial Action Task Force report published earlier this year noted that cross-chain bridges are facilitating the growth of DeFi, but are also enabling criminals to swap funds more swiftly, generating money laundering risks. The negative focus is on the crime — not the technology or its potential.

DeFi developers and those participating in the ecosystem will seriously need to consider working with regulators on compliance issues if they want their projects to succeed.

Concerningly, the reaction of many DeFi developers and others in the ecosystem has been to shrug and argue that DeFi is, by nature, unregulatable. Because regulation involves imposing rules on centralized intermediaries, the argument runs, regulating DeFi is not possible. Consequently, many DeFi projects have not attempted to comply because they believe they are safely beyond regulators’ reach.

For some, the hope of a convincing facade of regulatory compliance has been comforting enough. But Tornado Cash renders this unrealistic. The mixer repeatedly claimed to be complying with OFAC sanctions; however, the U.S. Treasury indicated in its statement on Tornado Cash that it “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.” Window dressing will no longer suffice. Thorough compliance protocols are now a requirement.

Fortunately, some within the industry are alive to this reality, and there are a handful of DeFi projects that have begun to implement compliance controls in anticipation of regulation. However, this kind of preparation is far from widespread which is a worry for anyone hoping to see a competitive DeFi ecosystem in the future.

The specter of institutionalization perhaps presents an explanation for the lack of alignment between regulators and the industry. DeFi’s beginnings are defiant and off-grid, whereas regulators’ recent attention to the space suggests that they and their bedfellows in big finance and investment industries spy an opportunity.

Such is their interest: The integration of DeFi into the mainstream is now inevitable. Heavily regulated institutions see compliance as a precondition for participating in the DeFi space and will avoid fully embracing the space until they’re confident it is compatible with regulation.

Investors are also sensitive to frameworks that mitigate reputational damage and protect them against risks. No investor will want to sink their money into a DeFi project that winds up blocklisted for facilitating activity with the likes of North Korea. Within this paradigm, DeFi initiatives that are unresponsive to these regulatory concerns have a fast deteriorating shelf-life.

The Tornado Cash saga has shown that the costs of failing to factor regulation into DeFi development are now too great to ignore. Compliance activities inevitably come with costs too, but as the institutionalization of DeFi looks increasingly inevitable, it is those who actively look to embrace regulatory compliance as they build out the DeFi ecosystem that will tread the path to growth as others fall to the wayside.

David Carlisle is vice president of policy and regulatory affairs at Elliptic. Before joining Elliptic, David worked for the U.S. Department of the Treasury, including in the Office of Foreign Assets Control (OFAC), where he was involved in the design and implementation of U.S. financial and economic sanctions programs involving countries such as Myanmar and Iran. In subsequent roles, he worked in the Treasury’s Office of Terrorist Financing and Financial Crimes (TFFC) and advised senior Treasury officials on a wide range of topics related to sanctions, money laundering and terrorist financing. He also acted as a liaison for the Treasury in engaging governments in the Asia-Pacific region on financial crime issues.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The opinions expressed are the author’s alone and do not necessarily reflect the views of Cointelegraph.