This analysis will outline from a high-level which commercial and regulatory matters a start-up should be cognizant of prior to offering investments into DeFi. Legal advice and compliance expertise should besought to comprehensively identify and fulfill your company’s compliance obligations. Doing so may present a unique opportunity to obtain support from regulators who wish to control and ensure DeFi is aligned with established financial regulations to prevent illicit transactions and tax avoidance.
II. The Parties
Determine your target client. Who will be investing funds? Depending on the jurisdiction there are retail, accredited (US), sophisticated (UK, EU), institutional and other investor regimes which apply and determine your registration or reporting obligations.
III. The Jurisdiction
Where will the fund or technology services be located. What jurisdiction will your business be registered in? Depending on the jurisdiction, different reporting and compliance laws will apply. Further, who will be the director and where will they reside--this has implications too.
Important – it is important to obtain legal and tax advice in the jurisdiction where the team and business are located/connected to ensure compliance in that jurisdiction.
IV. The Structure
Will investors pool their funds into a private entity you have established and will manage on their behalf, or will you simply be a technology provider facilitating their transfer and investment into DeFi protocols.
What legal structure will you use? A foundation, a partnership, a company limited by shares? Each has its own benefits and drawbacks depending on your business plan.
Depending on your business’s jurisdiction, structure and services, your business may need a Virtual Asset Service Provider License, or to be registration as a financial service provider/money transmitter.
Risk assessment – DeFi presents a new set of risks to investors and your company as the fund or intermediary tech provider. You should perform a comprehensive risk assessment even if your operations do not require a license or registration.
VI. The Investment
What are users investing in? Providing liquidity to DEXs? Lending pools? Investing in tokenized assets or commodities? Each type of investment can attract different regulations. For example in the USA, you, as an intermediary, could attract the Investment Companies Act 1933 for investments into tokenized assets (securities) or the need to register as a commodity pool operator or investments advisor under the CEA Act 1936 for investments into derivatives(CFD’s and possibly stablecoins).
Further, depending on your answer to III Jurisdiction and IVStructure above, this will also affect the regulations that may require registration of your business or mandatory licensing of its leadership.
Further still, your type of clients will also determine the level of disclosure your offering documents, risk warnings or terms and conditions as a technology provider will need to include.
VII. Onboarding Clients (Due diligence, KYC/AML)
This is your chance to become appreciated by regulators. By its decentralized and anonymous nature, regulators are uncomfortable with DeFi since they cannot monitor illicit transactions. However, your business provides regulators the opportunity to control access as a known gateway to DeFi.
We suggest that you allow access to DeFi in a permissioned way by applying all traditional finance KYC & AML rules to your business despite the decentralised and anonymous nature of DeFi. Regulators will likely not be receptive to companies who attempt to avoid such fundamental process and severe consequences could be encountered by companies who recklessly facilitated criminal or terrorist transactions.
At a base minimum, even if you propose to operate in a regulatory weak jurisdiction, your business should follow the KYC/AML recommendations of the Financial Action Task Force and their sanctions lists.
Your policies will need to be tailored to your fund’s /technology’s jurisdiction as well as the type of client. You should use technology solutions to streamline this process, automate your AML rules and provide secure protection of personal data.
Depending on your answers to II Parties above, you may be required to perform due diligence on each one of your clients to confirm they meet a minimum financial threshold or are of certain class of investor. Thisonus is on your business in many jurisdictions, and you must be satisfied with evidence that they meet the required qualifications.
Depending on your business model we suggest using https://sumsub.com/ for KYC/AML and https://www.elliptic.co/ for blockchain transaction monitoring and identifying counter party risk prior to transacting.
VIII. Accounting & Reporting Obligations
It is important to understand what tax, shareholder, and AML reporting obligations you will have. Again, this primarily dependent on your business’s jurisdiction, the structure of its offering or services, and where its clients and any of the team are located.
Depending on your structure you may also have fund-like reporting obligations for shareholders or DAO members, which is a subject for another day, but it will be fairly standard subject to some issues relating to impermanent loss or hacks. You will need software to connect to blockchains, manage your clients, and track the performance of their DeFi investments; we suggest using https://www.fireblocks.com/platforms/defi/ and a traditional fund management software to export reports.
IX. Terms & Conditions / Consumer Protection
You want your terms and conditions to be exacting and protect your business from all the standard investment and service provider risks, but also include coverage from smart contract failures and exploits, hacks, market manipulation and volatility, actions by 3rd parties and the DeFi matters not within your control. Again, the extent to which these protections can exist depends on the type of client and any consumer protection regulations in their jurisdictions.
X. An Example – Fireblocks & Aave
A great starting point for considering compliant DeFi and how this may suit your business model is the work Fireblocks and Aave Arc have done which is summarised here: https://www.fireblocks.com/blog/permissioned-defi-goes-live-with-aave-arc-fireblocks/
This is a permissioned DeFi structure with Fireblocks providing all KYC/AML and wallets as a mere technology provider and Aave is a well established DAO for pooling liquidity with no controlling party or leader.
Before launching your business there are several key decisions to make, legal advice to obtain and compliance related policies and procedures (and supporting technology) to establish. You will be quicker to launch and scale significantly faster with the support of regulators if you build your operations to adhere to traditional finance rules and reporting requirements while offering or facilitating accessible and liquid DeFi investments.
Feel free to reach out to let us know how we can help.