According to CryptoPotato, a recent paper by Rebecca Rettig, Katja Gilman from Polygon Labs, and Michael Mosier from Arktouros suggests classifying truly decentralized DeFi protocols as critical infrastructure, placing them under the oversight of the US Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP). The OCCIP is not a typical financial regulator but plays a crucial role in strengthening the security and resilience of critical infrastructure in the financial services sector, collaborating with financial institutions, industry associations, and government agencies to exchange information about cybersecurity risks and weaknesses.
The 45-page research proposes setting up safety measures to tackle the risks of illegal money activities in DeFi systems, without forcibly introducing middlemen into real DeFi systems. Instead, genuine DeFi should be seen as 'critical infrastructure' and overseen by OCCIP, similar to how authorities handle illegal finance risks in other tech systems in finance. Classifying genuine DeFi systems as 'critical infrastructure' under OCCIP does not automatically label them as 'financial institutions' regulated by the Bank Secrecy Act (BSA). The paper suggests implementing cybersecurity standards, setting up information sharing and analysis centers (ISACs), automating risk indicators, and using other tools to mitigate risks.
DeFi has been a major grey area for regulators, with North America's share of activity dropping recently due to regulatory uncertainty in the US. The Commodity Futures Trading Commission (CFTC) highlighted a problem with DeFi systems: the lack of clear accountability, which some industry structures intentionally overlook. The CFTC suggested that policymakers need to understand DeFi better by figuring out what's already known and what still needs exploring, using mapping exercises to see if the financial products and services offered by DeFi projects fall under existing US regulations.