DAOs and Don'ts for DeFi - the need for regulatory guidance


Jonathan Galea

The holy grail in crypto can arguably be said to be decentralisation to a degree where no person can be shown to be exercising a significant element of influence or control over the underlying platform, protocol or project; or, to put it more aptly, to be unable to see the hand that throws the stone. Regardless of whether that stone hits a saint or a sinner, no person should theoretically be held responsible for it, or claim merit for it. The problem lies in the fact that, more often than not, a horde marches forward to claim the reward, but tries to hide behind its own hands when it’s a matter of staking liability.

The most common defence is for a community to claim it is a decentralised autonomous organisation (DAO), where all it has going for it to substantiate that claim is a Discord server created and controlled by one person or two. Decentralised and autonomous governance must be done and seen to be done, and it is much easier said than done. Since presumably you are a fan of similes if you have appreciated the first one further above, then we can liken decentralised and autonomous governance to a group of a hundred individuals scaling a mountain without a guide, enjoying total freedom in setting their pace and preferences, but also agreeing to make it to the top together. It is extremely difficult to reach the summit without any one individual undertaking an element of control, and pure reliance on each individual’s independent capabilities can easily result in a disaster.

The next best thing is to lay out objective and attainable criteria in becoming eligible to have a say in governance-related matters, and only those who meet them are authorised to voice their opinions, concerns, suggestions, and ideas. The eligibility criteria need to be objectively and low-level enough so as not to serve as an insurmountable barrier to entry, which would hurt a project’s prospects in being seen as led in a sufficiently decentralised manner. Enter the governance token model, first propounded by Compound and quickly becoming adopted by virtually every crypto project in the past three years. The barrier to entry is relatively low, with eligibility either being earned through purchasing power, or by having been one of the early contributors deserving of a token airdrop or allocation. However, simply introducing a governance token is nowhere near enough to warrant calling oneself a DAO, especially if the governance token serves more as a way to formally indicate one’s preference on a matter rather than to submit a binding vote that can be enforced. At the same time, giving full, binding and finalistic authoritative power to governance token holders risks placing them in an undesired limelight, ergo that of possible personal liability, which can even be of the joint & several type depending on the laws of the governing jurisdiction.

Another issue tied to the abovementioned eligibility criteria is that by tying a person’s voting power to one’s purchasing power or status within a project inevitably tends to bring with it a heavy dose of centralisation. Specifically on the latter point, project founders & core developers looking to distance themselves paradoxically end up becoming the bullseye by allocating themselves the lion’s share of governance tokens. Certainly, one may argue that they deserve fair and just compensation for their work, but awarding themselves governance tokens may not be the best way to do so, for various reasons other than placing liability onto themselves. Selling governance tokens in order to be rewarded inevitably imbues that tokens with financial value that can eclipse their governance value, making it that much more difficult to argue in a favourable manner under the third prong of the Howey Test. Moreover, it opens the floodgates for mercenary voters to come in, whose fickle nature throws into doubt the possibility of not only maintaining but building longer-term governance participation so as to retain the project’s level of decentralisation.

It is clear that Goldilocks’ ‘just-right’ DeFi soup is extremely hard to get right, and the crypto industry at times is not helping its own cause much. The terms ‘DeFi’ and ‘DAO’ have been used and abused, and it is no wonder that regulators, legislators, and courts alike have no clear idea as to what constitutes one, or the other, or none. To exacerbate the issue, confusion is further compounded by market & project participants that fail to understand the legal risk at hand in working in a gung-ho and ‘que sera, sera’ manner. As a last nail in the proverbial coffin, those who realise the risk at hand and seek advice are often guided by professionals who do not enjoy the required level of expertise to hold their hands in such a way as not to grasp it too tightly and break it, yet also not loosely hold it and risk it being swept away by the regulatory waves currently pounding over crypto.

It is easy enough to follow the standard template of a tripartite structure consisting of a token issuing entity, a non-profit organisation heading the general strategic direction of the project, and a private company that provides development services – but a template remains a template, and certainly not one which is adequate for each and every DeFi project especially given that previously-favoured jurisdictions such as the BVI have recently introduced VASP regulatory framework that may capture certain activities. Moreover, a tripartite structure carries with it certain significant costs, and it can even be superfluous to the needs of a project if a single entity providing SaaS suffices should the related protocol’s activities not carry any evident regulatory implications.

This is why it is imperative that capable and experienced regulatory & legal advisors are brought on board to assist, both right from the outset as well as on a continuous basis. BCAS has enjoyed the favour of some of the most notable DeFi projects & protocols in circulation, which have engaged it for a multitude of services ranging from jurisdictional analyses to token legal opinions, all the way to the pioneering decentralisation & legal risk audit service offering launched in 2021. Contrary to other outfits which predominantly focus on short-term legal points, we approach engagements using a tech-first approach, where our in-house technical team is well-equipped to understand the full implications of projects and consequently work with our legal team to provide solutions that not only protect the core team members & contributors of a project, but do so without forcing the project to take alternative routes that may not be in its best interests.

Apart from what we term as ‘standard’ services that are aimed at helping projects set themselves up properly, we also offer bespoke services such as governance proposal vetting, grant program management, committee participation and running ad-hoc research programs such as our latest MiCA Impact Assessment Report service offering. We continuously keep a finger on the market’s pulse, assessing both its wants and needs in order to not only ensure that our overall service offering remains adapted to the market, but to pre-empt any arising trends & situations. Indeed, now more so than ever, it is crucially important that founders and core contributors of a DeFi project, including developers, seek tailored advice suited to their situation so that they may work on what they do best while minimising the risk of regulatory repercussions.

Our modes of engagement are likewise flexible, ranging from fixed fee arrangements to retainers. Get in touch with our team to see how we can support you and collaborate on a long-term partnership.



Cryptocurrency Regulation