Decentralized Finance (abbreviated to DeFi) has recently become an essential part of applications related to cryptocurrencies. As a reminder, DeFi allows the transmission of a value between individuals without any 3rd party(or almost). By intermediary, we mean banks but also exchange platforms. This transmission goes much further than the simple transmission of values.
Indeed, person A can lend his cryptocurrencies to person B, with person A earning interest. Also, thanks to the absence of intermediary, the protocols being mathematical, it is not possible that a loan is refused to you. Everybody can also create his own financial services by lending his cryptocurrency.
DeFi is made possible by the Ethereum blockchain and its token, ETH (as well as many other cryptocurrencies) through the execution of smart contracts. It is, therefore, a great step forward in making crypto attractive to the general public. Nevertheless, not everything is always rosy. Indeed, some of the ins and outs of DeFi are not the most honest projects, and many scams have been identified. When B does not reimburse A, what happens? Are there any sanctions? What happens when a protocol is missing and is hacked? Above all, can a decentralized organization, therefore, without legal status, head office, and management be held accountable in court? This article attempts to provide some elements of an answer.
As a preamble, let us mark the difference between a DeFi protocol without legal structure and foundation (Uniswap), with foundation (Marker DAO) and what is called a CeFi (Centralized Finance) and which has a real legal structure (Celsius, BlockFi, Nexo…). The main difference between DeFi and CeFi is that the investor remains the owner of his cryptocurrencies in the first case but not in the second when they are “entrusted”.
It is also important to note that this bill is a legal draft because the situation remains unclear or even non-existent. If the greatest care has been taken in its drafting, the conclusion can only be a personal legal interpretation of the author that he believes to be correct but could ultimately be wrong. Also, the legislation may evolve, and the article may be rendered null and void. In this case, the article will be modified accordingly.
Organization of a DeFi application: from a perfect to imperfect decentralization
This article’s objective is not to write a complete description of the DeFi but to focus on its legal status. However, it will not be surprising to learn that there is nothing clearly defined.
If a DeFi protocol is entirely decentralized, then there is no controlling entity. Each participant is his own boss, chooses to lend his crypto-currencies and the interest rate charged. It is the perfect DeFi, without an intermediary. On the contrary, the degree of decentralization may not be so absolute, and the participants carry out their exchanges on a platform. These two degrees of decentralization have different legal consequences.
It should be noted that the degree of decentralization is mentioned here and not the pure legal organization. Indeed, the legal status of the DeFi is not defined, and, to our knowledge, no State has taken a position. It is necessary to make the difference between the DeFi (no legal status) in itself and a platform that allows its exploitation. The latter can be a lambda company… or not. Indeed, the protocol can be created by an anonymous person, interacting automatically with smart contracts. We are thus facing a quasi-legal vacuum, which is not without consequences to determine the responsibility in case of damage caused by the use of the DeFi.
The attempt of a decentralized organization: the precedent 'The DAO'
Decentralization of activity without an office or a board of directors is not new in the blockchain world. It is even a common thread since the creation of the Bitcoin protocol in 2009, the ultimate goal being to do without intermediaries. After the creation of the Ethereum blockchain, a fully dematerialized company was created. Its name was The Decentralized Autonomous Organization, shortened to The DAO.
For those who have followed the “blockchain” from the beginning, its failure is one of the darkest events in its short history. In June 2016, after two months of participative financing, The DAO was created without legal status, the board of directors, shareholders, or any other physical and classic form. The objective of The DAO is gigantic: that of allowing total autonomy of the activity, without human intervention, and carried out through the execution of smart contracts. Among the proposed activities is the transfer of ethers, a premise of The DAO.
If The DAO was decentralized and dematerialized, who ultimately had control over the organization? It was the 4,000 members of its community, in proportion to their investment. Thus, the greater the number of ethers allocated, the more tokens the investor had, and the greater his decision-making and financial power. These 4,000 members were then assimilated to the shareholders of a conventional company.
As magical as it may seem to some, The DAO project had significant shortcomings. The main one was the impossibility of recovering allocated funds if the service was not properly executed. As you may have guessed, this was due to the lack of a legal structure recognized by national law. In fact, this willingness to get out of the system makes it possible to create one’s own rules and, therefore, not cover possible bad executions, even intentional ones.
As early as July 2016, barely one month after creating The DAO, a hack has seen 50 million dollars evaporate. Some will say that it was a foregone conclusion because of the lack of consideration of risk. The project was abandoned a few weeks later.
The responsibility of a decentralized organization such as the DeFi in question
Without making an exaggerated comparison between DeFi and The DAO, the latter’s failure has taught us that the main difficulty lies in the absence of a recognized legal structure to deal with possible liabilities in case of damages. For The DAO, no one had a clear answer as to whether the responsibility lay with the community members according to their number of tokens, with the creators, with each user for his or her own transaction. In 2017, the SEC considered that the tokens allocated to the DAO contributors could be assimilated into governance tokens.
The DAO poses more or less the same difficulties. In the event of damage caused by its use, who can be held liable in court? To date, the answer has not been given. Nevertheless, it is possible to identify some elements of an answer.
An evolving responsibility according to the degree of decentralization
The more the DeFi is decentralized, the less it is easy to be held accountable before the courts. Indeed, if each national law has its own conception of legal action, all agree on the necessity to have a legal existence to engage the responsibility of an entity or for the latter to be able to exercise its rights. However, if the DeFi is purely decentralized, it does not have an officially recognized legal existence. What responsibility could then be engaged? Opinions of specialists and lawyers circulate here and there. For example, one could retain the issuer’s responsibility of the loan of the person who, if necessary, does not reimburse or, more generally, of the contributors according to the number of tokens owned. Also, the protocols themselves can have flaws, for example, with poorly coded smart contracts. According to the number of tokens they have, their evolution can be decided by users.
Through this last example, it is the SEC jurisprudence about The DAO that comes online. If the tokens are considered as governance tokens, the contributors can be assimilated to shareholders, which, in fact, allows them to have legal rights but also to engage their responsibility in case of bad execution or fraud. While this option is legally valid, it remains difficult in practice as contributors (coders or users) may be anonymous or very difficult to identify. It is, therefore, tough to engage any liability.
And if decentralization is not so perfect, that is to say, that the DeFi is carried out through a platform? In such a case, that changes (a little). The platform must have a legal structure to be able to operate. However, who says legal structure says the possibility to exercise legal rights in justice and thus to be potentially held responsible in the event of damage. Thus, to return to the example of The DAO, if a legal structure had been established in the United States, the U.S. courts could have ruled on the liability related to the $50 million fraud.
The conditions to engage the responsibility of a DeFi platform
When decentralization is imperfect, the existence of the platform makes it possible, at least theoretically, to avoid massive fraud without the possibility of asserting one’s rights. The first condition is to know the place where the structure is established. Indeed, it is this place that will determine what is called in law territorial jurisdiction. As an example, if platform A is established in Norway, through its domain name or its hosting site (location of servers) for example, it is the Norwegian justice which is seized. Here is the theory. For the practice, it is unfortunately not always so simple (who said that the law was simple?!).
On one hand, special jurisdiction can replace territorial jurisdiction. Thus, in some consumer laws, the consumer can seize the court near his residence, even if the defendant company (or its domain name and hosting site) is established in Panama. On the other hand, the material competence, i.e. the possibility for a court to be able to judge a case, differs from one country to another. Some states will opt for a commercial court or its equivalent, while others will opt for a civil or criminal court.
To come back to our DeFi, there is therefore no ready-made answer. It all depends on the national law of the country in which you reside. If the private individual can legally, thanks to the national law, choose the court of referral, there is every chance that the action can be brought in your country of residence, and this regardless of whether the platform is established or not in your country.
In addition to this objective condition, there is a subjective condition, that of the interest to act. In a dispute where the fault lies with a protocol, this is the person claiming to have suffered damage by an act committed on the platform. In other words, the person has lost money because of negligence or any other fault committed by the protocol.
The factual difficulty to engage the responsibility of a DeFi platform
We already know that the degree of decentralization is essential to be able, in theory, to engage the responsibility of a DeFi platform. But even if it is theoretically possible to take a DeFi platform to court, the practice is not so simple. Indeed, engaging the responsibility is one thing. Obtaining a conviction is another. One can thus engage the responsibility of a DeFi protocol without being able to prove one’s fault.
Let’s take an example to see more clearly. Simon “lent” 100 ETH to Louis on a DeFi platform. Better said, Simon, deposited 100 ETH without knowing that it was Louis who benefited from it. The problem, Louis did not put 100 ETH or equivalent as collateral. Who is responsible? It is a question of poor execution of the smart contract or hacking of the latter. Thus, the responsibility lies with the people who coded the contract, especially if there is no platform behind it.
Nevertheless, we are back to the start, and we are facing a real limit. How can the platform be held liable, if at all, if it is not responsible for negligence or non-performance? Everything could then be based on a smart contract’s poor execution, which still has no binding force if a classic contract does not accompany it! Without a platform, how can the coders be held responsible if they cannot be found?
At the time these lines are written, the DeFi is not legally recognized and its responsibility is impossible to engage. In the case of perfect decentralization, one can only make suppositions, such as engaging the responsibility of the contributors according to their respective contribution. The only exception is if the DeFi is not decentralized to the extreme and is organized around a platform that belongs to an entity with a legal status. The services related to cryptocurrency being legal in many countries, it is therefore in theory possible to take a DeFi platform to court.
But the hardest thing will be to be able to have the platform condemned. As a simple intermediary, it cannot foresee the bad execution of the loan contract by a person, unless it is obliged to cover it as an insurer would do in a mortgage loan. Also, if the loan contract is in fact the execution of a smart contract, the latter cannot be used in court if it is not accompanied by a classic contract. In other words, it is possible to engage the responsibility of a DeFi platform in court but the actual conviction will be very difficult to obtain.