© All rights reserved to Barnea Jaffa Lande Law offices

Together is powerful

Can DeFi Use Exempt a Project from Compliance?

Last August, the US Treasury Department sanctioned Torando Cash, a decentralized crypto mixing service. A month later, another US regulator, the CFTC, imposed a $250,000 fine on Ooki DAO, citing various regulatory violations, even though OoKi is also a decentralized project. In doing so, the regulator signals that every venture, decentralized in one way or another, is subject to compliance with the requirements to prevent money laundering. Furthermore, the regulator requires it to act to enforce sanctions and requirements to prohibit money laundering.


Using Financial Decentralization


Decentralized finance (DeFi) is a general term for financial services with no central company or entity managing them. Projects using DeFi technology, such as lending, market-making, or operating a decentralized cryptocurrency exchange, use blockchain technology on a decentralized network for their operation. It is also common to call this framework distributed ledger technology (DLT). DeFi aims to provide financial services without the use of intermediaries. Thus, it allows anyone to use financial services anywhere, regardless of the target audience or their base operating location.


For a long time, DeFi projects, which vary in degrees of decentralization and supposedly lack a central entity to serve as an address for the regulatory authorities, created the fictitious impression that activities via DeFi are under no enforceable rules. The absence of regulation has turned DeFi into fertile ground for a variety of illegal activities.


Tornado Cash Storm


Until now, many DeFi projects have operated in an uncertain regulatory realm. This is a result of claims such projects are decentralized and have no “central address” responsible for the use being made of the platform. However, the regulatory fog has been dissipating recently. In August 2022, the financial intelligence and enforcement agency of the United States Treasury Department, the Office of Foreign Assets Control (OFAC), imposed sanctions on the virtual currency mixer Tornado Cash. The company was allegedly a mechanism to launder virtual currencies valued in excess of USD 7 billion since its creation.


As is customary in the DeFi community, the project’s website (before being taken down) claimed to be fully decentralized. It also claimed that it merely operated a privacy protection tool for the benefit of its users. Shortly thereafter, the authorities arrested developer of Tornado Cash on suspicion of aiding and abetting money laundering. The OFAC decided Tornado Cash repeatedly and regularly failed to impose effective controls to stop laundering funds for malicious cyber actors. OFAC also claimed Tornado Cash operated without basic measures to address these risks. Another US regulatory authority, the Commodities Futures Trading Commission (CFTC), imposed a USD 250,000 fine on another project, Ooki DAO, for violations of laws and CFTC regulations. The CFTC did not even flinch at the fact that Ooki was a “decentralized” project controlled by a decentralized autonomous organization (DAO).


Dispersing the Regulatory Fog


The US Treasury Department’s intervention may herald a new era in the DeFi world. These enforcement measures signal that every protocol, whether centralized or decentralized, must comply with anti-money laundering regulations and must also take action to enforce sanctions and anti-money laundering requirements. Following the OFAC ruling, members of the MakerDAO community began preparing a “contingency plan” in case the platform’s wallets will be affected by the sanctions. Aave, a prominent DeFi project, took similar action, without forgetting to mention that “it is and remains decentralized and governed by the DAO.”


One of the reasons for law enforcement agencies’ change in trend is that, in practice, such platforms rarely actually operate on the basis of real decentralization. This only occurs when a community operates without a “control core” that promotes the project. Decentralized platforms are often a cover for the commercial activities of a particular entity or combine elements of decentralization with a “guidance mechanism” that continues to promote the platform. When activities are indeed fully decentralized, regulatory authorities will have difficulty enforcing the emerging regulation. OFAC, for example, will have a hard time stopping Satoshi Nakamoto, even if Iranian terrorist organizations make massive use of Bitcoin. Accordingly, we believe the claim that a project is decentralized and has no central governing entity per se will not provide protection against violations of AML/CTF orders and noncompliance with sanctions programs.


Compliance with Regulatory Requirements


Considering the recent developments, entrepreneurs and developers in the DeFi community should examine their exposure to global sanctions programs and AML/CTF orders. They should intensify their efforts to comply with the regulatory requirements already during the earliest stages of project construction.




Barnea Jaffa Lande‘s Capital Markets and Regulation Department is happy to advise on compliance with AML/CTF orders and sanctions programs.


Adv. Prof. Amichai Cohen is a counsel for International Law.


Adv. Andrey Yanay is a Capital Markets department partner.

Tags: Compliance | DeFi