Discussion paper Decentralised Finance – an evolution of the financial services sector?

12.12.2023Position paper
Tobias Tenner
Simon Zieglgruber


Management Summary
1. DeFi – a financial revolution?
2. DeFi – examples of use cases
3. “Institutional DeFi” – how banks might get involved in the DeFi market
4. Opportunities and risks of the DeFi market for users and banks
5. Status quo: DeFi from today’s regulatory perspective
6. Proposals for a new, effective, DeFi regulatory framework
7. Outlook: What are the resulting realistic scenarios for the future?

Management Summary

Decentralised Finance, abbreviated to DeFi, is the collective term for financial services that are automatically offered via decentralised protocols on public blockchains.[1] The main feature of DeFi is that transactions are conducted via a protocol consisting of smart contracts, which automatically link the two parties with one another. There is no other centralised authority. The DeFi platforms are usually characterised by low barriers to entry, a lack of geographical restrictions and a high degree of autonomy from the traditional financial system, known as centralised finance (CeFi). 

The range of possible services and transactions is diverse: from interest and yield strategies to lending of crypto-assets and derivative products. However, the DeFi market is currently highly volatile and complex. Investors and clients themselves are responsible for ensuring that offers are above board and, in the worst case, run the risk of losing some or all of their invested capital. Compared to the traditional financial system, DeFi still has somewhat of an experimental character.

There is no doubt that DeFi will be able to usefully complement existing financial services offers, as long as the DeFi market further develops and matures. Banks will also play a key role here: As highly regulated, trusted intermediaries and infrastructure providers in the financial market, they can offer capital efficiently and help DeFi providers meet regulatory requirements. In order for DeFi to serve the real economy to a greater degree and be safer for consumers, there must be more trust, transparency and reliability in the DeFi market.

Banks have already been engaged and supported projects in the DeFi environment with their expertise, but so far these have been isolated instances. One of the main reasons for the low level of engagement so far has been the lack of clarity on the regulatory treatment of DeFi protocols. This makes it difficult for regulated institutions to work with DeFi providers or enter the market. In principle, supervisory legislation is designed to be technology-neutral, so the decentralised nature of financial applications should not really play a role. However, at the heart of these regulatory uncertainties is the question of which party requires a licence to provide regulated financial services and how regulatory measures can be enforced, as these applications have highly decentralised organisations behind. 

According to DeFi principles, there are no central providers, instead, digital protocols are kept between all participants in coordination procedures. There are a number of solutions to the problem of the lack of a regulatory addressee on the market, e.g. automatic reading and monitoring of DLT registers by the supervisory authority and regulatory requirements being met voluntarily through the certification of protocols. The supervisory authorities are called upon to identify best-practice approaches through cooperation at a global level that can subject DeFi protocols to holistic regulation in the interests of protecting investors. 

With this paper, the Association of German Banks aims to hone a common understanding of DeFi, explain basic functionalities and highlight regulatory hurdles and initial potential solutions. We are convinced that DeFi will continue to expand and grow in market acceptance, and that banks will keep playing a strong role in a market featuring DeFi.

1. DeFi – a financial revolution?

Since some market participants have been calling for nothing less than the transformation of the traditional financial world using blockchain technologies, DeFi has gained increasing attention. The expectation of DeFi is that it will decentralise the today centralised financial services and give users more control over their financial affairs by disintermediating financial transactions, in other words: eliminating the middlemen. For this reason, institutions such as the Bank for International Settlements (BIS), the Financial Stability Board (FSB) and the EU Commission have been sensitised to this issue. They have all since published their own studies on DeFi.[2]

DeFi began with the rise of crypto-assets and the emergence of smart contracts. The idea was quickly born to combine the two in order to carry out automated financial transactions between individual participants via smart contracts on a blockchain. In this way, DeFi would also give people who were previously excluded from the financial system access to financial services, especially in countries with limited access to banking services. In addition, it is expected that DeFi will create financial innovations, for example liquid markets in the traditional tangible asset sector (e.g. real estate, art) or for non-traditional assets (e.g. intangible assets such as digital rights).

Blockchain technology is a distributed database stored on many computers in which transaction data is collected as blocks and linked together in a chain. Each block contains a unique fingerprint (hash value) that summarises the transaction data and contains the fingerprint of the preceding block. This linking of blocks and the unique fingerprint make subsequent changes to the chain practically impossible, as this would change all subsequent blocks. This immutability makes the blockchain particularly secure and transparent. Transactions in the blockchain are validated and confirmed by authorisation processes – i.e. without central authorities such as a bank or notary – in which the participants in the blockchain networks work together to ensure that only valid transactions are added, and an agreement is reached on the current status of the database.

DeFi consists of three main levels that can be characterised as follows:

1) The infrastructure level represented by the various blockchains (e.g. Ethereum, Tron, Polygon) on which the decentralised applications run.

2) The application level on which decentralised applications such as DeFi protocols (e.g. decentralised exchanges or staking protocols) and tokens (e.g. stable coins, crypto securities, utility tokens, NFTs, etc.) are located.

3) The user level that interacts with the underlying network (consisting of the infrastructure and application levels) to provide end users with interoperable, functional services, including decentralised exchanges, liquidity provision and applications for liquid investments. 

On the application and user level, there are various degrees of decentralisation in decentralised finance. As a result, DeFi protocols can be centralised or decentralised in different ways. For example, some protocols may have a centralised management structure but decentralised trading, while others may have decentralised management but centralised trading at the same time. DeFi protocols can also be centralised or decentralised in terms of their infrastructure level (e.g. Ethereum vs Binance Smart Chain), their consensus mechanism (e.g. proof-of-work vs proof-of-stake) and their token distribution (e.g. fair launch vs pre-mine). 

The so called Decentralised Autonomous Organisations, or DAOs for short, play a key role in highly decentralised DeFi protocols, since DeFi protocols are often created, further developed and operated by DAOs. This is how BaFin describes a DAO: “a decentralised autonomous organisation (DAO) is a collectively owned, blockchain-governed organisation working towards a shared mission without centralised leadership that aims to offer a safe way to collaborate with strangers”.[3]  DAOs are not actually part of the financial service, but part of the governance of a DeFi protocol. They represent a new form of collaborative structure that is based on decentralised principles and challenges the traditional forms of management and of governance. The DAO is managed by a computer program, which runs on a blockchain. The governance structure is coded as a smart contract, which is transparent, open source and can therefore be verified by anyone. Members participate in the management and decision-making of the organisation through a token-based incentive system. The voting mechanism in a DAO is regulated by governance tokens, which represent voting rights. This makes it possible for parties to define rules and actions, to pursue a common goal and to organise themselves.

2. DeFi – examples of use cases

Depending on the definition used, there are currently around 30 different categories[4] of DeFi applications. While some use cases are very similar to their counterparts in the traditional financial world (e.g. secured loans), there are also new models that have no direct counterpart in conventional financial services.  We will look more closely at those that are currently the biggest and have the greatest market penetration. There are a number of DeFi KPIs (Key Performance Indicators) that have established themselves for market penetration. The most important KPIs are the Total Value Locked (TVL)[5] and the number of Unique Active Wallets (UAW).[6]

In terms of these KPIs, the three largest categories by far in the DeFi environment are Liquid Staking, Decentralised Exchanges (DEXes) and Lending (decentralised lending). 

Liquid Staking

A large number of blockchain protocols feature collaborative consensus-building in the network. The transactions and new blocks are verified by validators to make sure they are correct. The validators receive a reward for doing this checking; they are given crypto-assets as rewards. This creation of crypto-assets is known as staking. In traditional staking, the native cryptocurrency of the respective proof-of-stake (PoS) blockchain is stored in a smart contract as a crypto-asset in order for the validators to validate the transactions in the network. This opportunity for reward is completely new and was created through the need for new blocks and transactions to be checked by participants. The staked crypto-assets act as collateral in case participants intend to compromise the network or do not meet technical requirements on a permanent basis. In one of these cases, shares of the collateralised cryptocurrency would no longer be available to the market. As a result, there is a risk to the user if the operator of the respective network node does not fulfil certain Service Level Agreements (SLAs) or behaves fraudulently. In such cases, “slashing”[7]  may occur where the user loses part or all of their collateralised crypto-assets.

Furthermore, Liquid staking is a special kind of staking. Here, users have the opportunity to participate with a low volume of capital since liquid staking providers pool capital from the various users. At the same time, users get a token as proof of the capital they’ve invested. In turn, this capital can be used as collateral in other protocols, thereby generating further liquidity. There is no exact counterpart to liquid staking in the classic financial world, although the concept of securities lending comes close.

Decentralised exchanges /DEXes

Decentralised exchanges, abbreviated to DEXes, gives users the chance to exchange two different assets by using a smart contract. In contrast to the traditional financial world, there is no central counterparty that manages prices and the order book. These functions are carried out by the smart contract and the users themselves, who provide the liquidity. Profits earned do not go to the developers of the smart contract but are prorated to the liquidity providers. 


The idea of lending protocols is similar to collateralised lending in the traditional financial world (e.g. real estate, cars). As a result, users can provide unneeded capital and, in return for doing so, earn interest on it. In the DeFi sector, the intermediary role of the bank is taken on by the smart contract, which brings both parties together. In contrast to banks, smart contracts do not know their users and are not able to assess the creditworthiness of the individual parties. This circumstance is the key difference to bank loans and results in only “over-collateralised” loans being granted; the amount of collateral is always more than the amount of the loan owed. This mechanism means that the creditworthiness of the user is immaterial since the risk of default on the loan is effectively zero. The creditors’ positions are liquidated as soon as the value of the collateral reaches a certain minimum value. The amount of the sold collateral is then used to settle the debt, any remaining amounts are then credited to the debtor. The residual risk for the user is that the assets deposited as collateral are liquidated too quickly if crypto-asset prices fall sharply. This could lead to a (partial) loss of loaned capital. The economic incentive for the user to lend capital despite the required over-collateralisation may lie in the desired access to liquidity without having to sell their crypto-assets, for tax reasons or for speculative reasons if the user believes that the expected increase in the value of the borrowed crypto-assets will exceed the interest. 

3. „Institutional DeFi“ – how banks might get involved in the DeFi market

Financial institutions involved in the DeFi sector are faced with the challenge of having to redefine their role in a world of decentralised financial transactions. Due to the novelty of the topic, however, and the dangers of disintermediation, only a few institutions have ventured into the world of DeFi so far. This is primarily due to the lack of regulatory clarity and security. In addition, getting involved with DeFi would require having employees with expertise in the field of digital assets. But there are already some examples of successful transactions by European banks in the field of DeFi and they show that successful business cases are still possible, even at this experimental stage. At the same time, getting involved with the topic early on gives banks a competitive advantage.

Examples of transactions by banks in DeFi

Some time ago, one major European bank issued a euro-denominated bearer bond in the form of a token on a public blockchain via its digital subsidiary. This token was then used to execute a DeFi lending transaction. The tokenised security served as collateral for the loan. It is important to note that the role of the major bank in this context was not that of the lender but of the borrower. In simple terms, the major bank refinanced itself via its digital subsidiary, which then raised the capital from a DeFi platform. For this purpose, it initially approached a DAO.[8] Proposals can be submitted to the organisation, which the participants then vote on using their governance token. The bank submitted a proposal to the DAO for a loan collateralised through its security token. The pay out was made by the DAO in the form of stablecoins, which are tokens that are supposed to maintain their value against an existing currency (in this case, the US dollar). As part of the transaction, the bank offered to take out a loan for 30 million DAI[9] and collateralise it with 40 million debt bond tokens, i.e. considerably over-collateralised. This way the bank was able to use its low counterparty risk to obtain money at favourable terms, which represents an interesting model, particularly in periods of rising interest rates. In the transaction, the major bank’s digital subsidiary acted as the digital processor between its parent company and the DAO. The proposal was approved by more than 83% of the DAO’s governance token holders, the process and the granting of the loan were fully transparent and, as a result, the transaction was completed. 

The transaction outlined here shows one possibility as to how financial institutions could become involved in DeFi. We can safely assume that, in future, there will be even more possibilities to explore and that not all retail clients, and especially not all corporate clients, will want to enter the DeFi world directly due to the risk aspects. This is where we need ideas as to how we can give clients access to the DeFi world. In addition to just giving them technical access, it would also be possible to launch existing products from the financial sector, which in turn could be backed by DeFi products. So, for example, the first regulated crypto funds have already been launched that contain at least some tokens from DeFi protocols. This would give investors initial access to investments in the field of DeFi. 

One example which is even further removed from classic DeFi is the project “Guardian” from Singapore, which nevertheless has the support of the regulator.[10] The areas of focus of this project are interoperable networks, trust anchors in the DeFi ecosystem, asset tokenising and DeFi protocols at the institutional level. Here, the DeFi protocols, various infrastructures and liquidity pools are being developed and tested in a practical way, specifically targeting the traditional financial sector. The first available pilot schemes have provided a first impression as to how banks could actually use DeFi technology securely.  

4. Oppertunities and risk of the DeFi market for users and banks

As with most new technologies and market innovations, participants already in the DeFi market mainly propagate the great future opportunities of DeFi for users. However, there are also significant risks associated with the use of DeFi applications. Banks need to ask themselves, what opportunities might they have for committing to the DeFi market and what potential risks are they exposing themselves to in doing so. 

Opportunities for the userRisks for the user
  • Low entry barriers, access possible from almost any smartphone
  • High degree of anonymity compared to CeFi (traditional finance)
  • A bank account is not required to get access.


  • Users have full control over their assets
  • Transactions can be carried out at any time or place via smart contracts


  • Public chains allow verification of transactions and smart contract codes
  • 24/7 insight into cash flows
  • Proof of Reserves on-chain

Generates returns:

  • Attractive prospective returns through DeFi protocols (lending, provision of liquidity) compared to traditional financial products
  • Generates returns from the use of DLT technology (e.g. staking)
Risks from smart contracts:
  • Weaknesses in the program code of the protocols can lead to financial losses
  • Almost impossible to reverse transactions with DeFi protocols in the event of an attack by hackers

Providers are not regulated:

  • Unregulated market involves risks and uncertainties for users
  • Potential losses in value of invested capital in the event that protocols are compromised 
  • Liability issues are therefore also unclear in the event of losses due to hacks or weaknesses


  • DeFi tokens and assets may be subject to wild price fluctuations
  • Potential losses in value due to the liquidation of collateral in smart contracts

Unstable loss:

  • Provision of liquidity to DEXs can lead to unstable losses due to price changes in the deposited assets
  • Complex functionality of the protocols and of the smart contracts often makes actual losses difficult to predict

User errors:

  • Errors in safekeeping of private keys or interaction with smart contracts lead to loss of crypto-assets
  • A lack of knowledge and competence by users makes fraud easier 


Opportunities for the banksRisks for the banks

New innovative business models:

  • Partnerships or integrations with DeFi Platforms as innovative extension of business model
  • Own development of smart contracts for improved user experience

Efficiency gains:

  • Automation of processes through smart contracts
  • Improved control of liquidity

Minimising risk:

  • Eliminating counterparty risks through DvP (delivery versus payment) contracts


  • Simpler market entry via DeFi applications means greater access to new client groups (e.g. EU-wide offers) 
  • Automated DeFi applications allow lending services to be available 24/7 

Cannibalisation of intermediaries:

  • Decentralised approach could lead to cannibalisation of financial intermediaries 

Regulatory challenges:

  • Regulatory uncertainty around DeFi leads to compliance risks for banks 
  • Investments in the DeFi sector are at risk of not being made due to regulatory uncertainty
  • Risk of international fragmentation
  • Many regulatory questions concerning liability, money laundering and taxes remain 

Counterparty risk:

  • Cooperation with new DeFi platforms harbours risks of financial losses and reputational damage due to the current volatile market situation and low degree of transparency

Operative risks:

  • Adapting bank infrastructure and risk management to handle smart contracts
  • Security protocols and cybersecurity measures must be adapted to decentralised protocols and continue to keep pace with dynamic market developments 


5. Status quo: DeFi from todays regulatory perspective

Decentralised financial application are becoming more and more popular and increasingly have more touch points with the conventional financial system.[11] And the dynamic development of these DeFi business models has not escaped the attention of the financial regulators. The German Federal Financial Supervisory Authority (BaFin), for example, made its position clear early on with its call to create a regulatory framework that takes sufficient account of investor and consumer protection, on the one hand, but that also enables professional providers to implement their DeFi business models with legal certainty, on the other BaFin has also said that the result of regulatory considerations should not be that established standards are weakened in relation to comparable offerings in the traditional financial market or that DeFi offerings are placed in a better regulatory position.[12] In addition, the regulation of DeFi financial applications faces the fundamental problem that there is no uniform legal definition for the concept of decentralisation.[13] This is further compounded by the fact that DeFi financial services are often provided beyond the borders of the European Union (EU). Consequently, in addition to a standardised understanding of the term, clear rules of responsibility are required between the individual jurisdictions in order to ensure effective supervision of DeFi activities in an international context.[14] In addition, compliance with anti-money laundering rules also plays a vitally important role in this context. In particular, the current anonymity of DeFi activities represents a key problem in the context of anti-money laundering legislation. 

No doubt, the creation of a standardised and effective supervisory framework will present difficult challenges. However, it cannot be completely ruled out that the current supervisory regulations may already cover DeFi financial services, in individual cases. The very fact that a business model has a decentralised structure does not necessarily mean it is not regulated by supervisory legislation. Rather, the decisive factor for regulatory assessment is how the business model is specifically designed in individual cases. 

This chapter will, therefore, outline whether and to what extent decentralised financial applications are covered by the existing supervisory framework.[15] To achieve this, we have highlighted selected key issues that regularly play a role in regulatory assessment.

Is regulatory authorisation required for the provision of DeFi financial services?

Anyone wishing to provide certain banking transactions, financial services or payment services requires a licence from BaFin before starting their business activities.[16] The prerequisite for this is that the intended service falls under one of the regulated activities provided for in the prudential legislation. The guiding principle of “same business, same risks, same rules” should always apply when determining whether the intended service comes under the prudential regulation. Accordingly, no differentiation is made between established and new market participants, the prudential regulation applies equally to all actors undertaking the same activity. It is irrelevant which technology is used to provide the service, as the prudential requirements for the regulated activity apply irrespective of the technology used.[17] This means, for example, that a licence from BaFin may be required for the provision of credit transactions, regardless of whether the loan is processed automatically via a smart contract in the blockchain or in person by a human. Rather, the decisive factor is whether the business activities are structured similarly in their basic functionality and whether the two have comparable risks for the market and for vulnerable individual market participants. Based on this, the operation of a DEX, for example, could be deemed proprietary trading because the “exchange” of crypto-assets based on a smart contract using liquidity pools could be similar to the function of a ‘market maker’.[18] [19] In contrast, the classification of a decentral structured lending transaction (known as crypto-lending) as a banking transaction requiring a licence is likely to regularly fail due to the fact that the “lent” crypto-assets generally do not have the characteristics of money and therefore do not meet the requirement of being a loan of money within the meaning of the German Banking Act.[20] [21]

Who is this requirement for a licence aimed at?

The idea behind the original concept of decentralised financial applications is that they can be provided without the need for a central intermediary. Initially, this does not appear to comply with existing supervisory law, which pursues a centralised approach based on intermediaries. Accordingly, the licence for the provision of a regulated activity is generally to be granted or denied to the party that is outwardly recognisable as being responsible for the sale of the financial service. 

On closer inspection, however, the DeFi financial services offered on the market to date still have a very low degree of decentralisation. Instead, a hybrid structure of centralised and decentralised elements is behind a large number of business models that are advertised under the term “DeFi”.[22] Identifying the provider that requires a licence is, therefore, not as impossible a task as originally thought. It should not be too difficult to identify the parties involved if, for example, it publicly advertises its own DeFi financial services. Where no business appears to be involved, it is conceivable that those who have certain access rights to the protocol of the smart contract or those who receive the fees from transactions carried out could be deemed to require a licence. In contrast, developers who limit themselves exclusively to actually developing the protocol without having reserved any right to access it should not, in principle, be deemed to require a licence.[23]

In future, DAOs[24] are likely to play an increasingly important practical role for parties subject to regulatory requirements. Specifically, DAOs will serve as a decentralised control process in the protocol of a DeFi financial application to enable subsequent amendments to be made to this protocol (known as on-chain governance). As a rule, this is done using what are known as governance tokens,[25] which represents the (technical) options for changing the protocol. As a result, changes to the protocol are approved or rejected by the users who jointly hold the majority of governance tokens.[26] At first glance, there do seem to be good reasons for the holder or holders of the majority of governance tokens to qualify as being subject to regulatory requirements. Nevertheless, in practice, it is difficult to identify the holder because of the high degree of anonymity inherent in the process.[27]

Do DeFi business activities have sufficient domestic relevance? 

In order for a party to require a licence, the provision of the DeFi service must have sufficient domestic relevance. In determining whether there is sufficient domestic relevance, BaFin takes a sales-related approach. Accordingly, it is largely irrelevant whether the provider of a DeFi financial application is based in or normally resides in Germany. Rather, it depends on whether the DeFi financial applications offered are aimed at the German market (e.g. through active advertising on the internet).[28] There is no domestic relevance, for example, if a German user independently makes use of DeFi financial applications from other (EU) countries.

Can supervisory measures be enforced?

The answer to this question depends on whether the provider of a DeFi financial service can be deemed to require a licence or not. If a DeFi financial service is provided without the required licence or its operation violates other regulatory requirements, BaFin may resort to its conventional measures and sanctions against the provider concerned. However, if a provider cannot be identified due to the decentralised structure of the business model, the next fundamental question is whether and to what extent BaFin will be able to employ its regulatory instruments in future., It is likely to be extremely difficult to impose sanctions on a specific responsible party, since one of the characteristics of a DeFi is the use of open source protocol that allows the coding to be publicly viewed and theoretically modified by anyone in a pseudonymised manner. The supervisory authority also has no direct access to the code in order to (effectively) enforce its supervisory measures. 


The regulatory treatment of DeFi financial services faces a number of challenges. Firstly, current supervisory legislation often does not apply because the DeFi business model does not meet the stipulated requirements for a licence. As a result, these business activities are also not monitored by the supervisory authority. Secondly, the supervisory authority has difficulty identifying, in some cases, the responsible party that requires a licence and against whom it can take appropriate supervisory measures due to the decentralised structure of the business model. Irrespective of this, there must be some critical scrutiny of whether these measures can ever keep pace with the technical features of DeFi business activities in future. 

Against this background, it seems appropriate to rethink at least some parts of the existing supervisory framework and to develop alternative regulatory concepts that can be applied in practice. At least one thing ought to be clear: Institutions such as the BIS, the FSB, the EU and other legislators will subject DeFi financial services to regulation as soon as the first systemic risks for the market and its participants become apparent from these activities. This is what experiences gained from the Libra/Diem project have shown.

6. Proposals for a new, effective, DeFi regulatory framework

A number of innovative regulatory proposals designed to accommodate the specific, technical characteristics of DeFi financial applications have already been drafted. Based on the relevant risks and potential solutions, it is clear that there is a need for a fundamentally new pattern of approaches and/or regulatory hurdles to be applied in order to ensure that regulation and supervision can be carried out effectively within the DeFi ecosystem. 

For example, the Bank for International Settlements (BIS) has proposed that a supervisor could automatically read and monitor the register as a means of securing the authority of supervisory bodies for DLT networks.[29] This appears to be a sensible option for public blockchains. In contrast, the European Commission commissioned a study containing four concrete regulatory ideas for DeFi financial applications: Policing the policed (focus on legal entities already subject to regulation instead of DeFi protocols), voluntary compliance (voluntary compliance with regulations), public observatory (public monitoring of DeFi protocol activities) und oracles (third parties acting as intermediaries to make information from a variety of real-world sources available for smart contracts on the blockchain).[30] Some of these approaches appear to be more useful/practical than others. It is essential that the critical role of oracles be taken into account. Oracles are third-party data interfaces that provide data that does not exist on the blockchain, such as share prices for options, so that the information can be processed as part of a smart contract. Oracle service providers represent a concentrated single point of failure risk. This is because there are only a few larger providers on the market, which in turn draw data from a variety of sources for use in smart contracts.  

The approach focusing on businesses instead of protocols envisions that the relevant public addresses used by market participants be notified to the supervisory authorities, in order to use a widely known and already established transmission channel. However, as classic DeFi protocols are not run by companies, this requirement can therefore only apply to providers that provide access to DeFi offers. In the event that there is a company behind the protocol, it could also serve as an addressee. Using the European Commission’s study as a starting point, several authors worked together to present an idea that deals mainly with DeFi regulation for DAOs and oracles (including legal recognition of DAOs and a standardised API data framework for oracles).[31]

The Financial Stability Board (FSB) published a report this year analysing the risks of DeFi to the financial system, finding that although the processes used to provide DeFi services are novel in many cases, the functions DeFi performs and the risks it creates are not substantially different from those of the traditional financial markets.[32] However, the specific features of DeFi could result in some of its vulnerabilities posing greater risks than in traditional finance, such as those arising from operational fragilities, liquidity and maturity mismatches, leverage and interconnectedness. Regarding systemic concentration and the associated risks, the FSB states that DeFi could, as an additional market segment within the financial sector, lead to a reduction in risks by increasing the number and type of options available. However, this is offset by the intensity of mutual interlinkages between protocols, the concentration on just a few large investors and governance token holders behind the DeFi protocols and the continued existence of interconnectedness with traditional financial markets. The FSB therefore suggests, among other things, developing approaches for measuring the interlinkages of DeFi protocols with one another and the classical financial system, as well as monitoring transmission channels between DeFi and CeFi and the growth of DeFi on the markets.

The individual regulatory proposals require further examination to determine whether or not they will work in practice. It will be particularly important to determine whether and to what extent the proposed ‘new’ technical models for implementing supervisory measures adequately meet supervisory requirements in terms of consumer and investor protection. Not only that, as noted by the FSB, there is a need to examine additional affected areas of regulation, including those concerning money laundering, taxes and the question of liability. 

Following on from that, we must ask whether previous supervisory tools can still be considered up to date given the fundamental technical characteristics of DeFi financial instruments. In this light, it is also important to note that users who are not well-versed in IT often do not understand which precise functions are contained in the programme code, meaning they must rely on information from the developers or providers, who in turn are not subject to regulations. In the event of a claim, taking legal steps in retrospect would be difficult, as the protocols are essentially accepted with the code. A solution – and a confidence-building measure – are the existing best practices for secure programming of smart contracts and protocols. These already exist within the industry and are checked by auditors.

The Association of German Banks calls for the following regulatory and supervisory measures

We are convinced that professionalisation of the DeFi sector is a desirable goal, as it could have positive effects for a variety of consumer groups as well as for the real economy, in addition to adding to the diversity of financial services on offer. Banks, as trustworthy institutions, could play a decisive role: Even in a DeFi world, banks could act as an important provider of stability and capital by means of efficient borrowing, lending and provision of liquidity in a variety of markets (to name just a few examples). However, this will only be possible provided that the prerequisites to allow banks to work with DeFi protocols at all are put into place. In particular, all Know Your Customer (KYC) requirements pursuant to money laundering and sanction laws must be met. Effective regulation adapted to these new dynamics is required to achieve this goal. One of the core challenges on this path is identifying and assessing relevant risks within DeFi and minimising them where necessary.

The core task for legislative and supervisory bodies is to take a risk-based approach and consider differentiated methods for continued development of existing laws and supervisory structures while simultaneously introducing several new elements. A monolithic block specifically designed for DeFi would not be particularly expedient, and a regulatory regime based solely on regulated intermediaries will fall short in practice. 
In a risk-based approach, it is advantageous to differentiate between the three main DeFi levels,[33] each of which can be directly linked to a potential regulatory approach:

On the infrastructure level, overload could occur, leading to restrictions in executing transactions on the blockchain. There is also the risk of misuse of protocols or 51% attacks, designed to allow the majority to take over validation capacities and resulting in the loss of independence and integrity of the blockchain. Potential regulatory solutions in this case could be an incentivisation of private blockchains (to the extent that this is possible/necessary and acceptable to the participants), as well as a uniformly defined catalogue of screening criteria for infrastructure, allowing market participants to make informed decisions. 
On the application level, intended or unintended errors may occur in the smart contract code, which may be connected to limited data reliability and an inability to make changes in the event of transaction errors. These risks could be mitigated via audits of smart contract codes combined with certification, either by independent market participants or authorities specifically charged with carrying out such tasks. In addition, influence could be asserted on interactions with smart contracts that are not certified.
The user level has a special significance, as users might be confronted with highly complex information and there is the potential risk of loss of capital at stake. In addition, systemic weaknesses, such as those relating to automated liquidation methods, can lead to an increase in price volatility. An additional central aspect, in particular for financial institutions already subject to regulation, is the anonymity and/or pseudonymity of the market participants. Currently, a higher level of centralisation can be observed on the user level, which also represents a potential starting point for mitigating risks. By implication, it would be possible to require identification (and simultaneous monitoring) of the parties that provide smart contracts, as long as said parties are commercial providers. It could therefore be a requirement that commercial providers meet existing KYC mechanisms (for market participants and information on the source of digital assets in use) in connection with additional due diligence and advisory requirements. Voluntary implementation of KYC regulations for DeFi protocols and platforms could in turn ensure that these could cooperate with regulated banks.

Although these approaches could indeed represent an effective regulatory foundation, some structural differences continue to exist between DeFi and CeFi (traditional financial system). In addition to the difficulty inherent in defining an unequivocal legal residence within the framework of decentralisation, this also means that the practical decommissioning of a smart contract, analogue to that of traditional financial products, is not an option. In addition, due to their open-source nature, smart contracts are easily copied and replicated in a new location. Finally, German, European and of course global regulations should be aligned as much as possible, in order to counteract the arbitrage potential and create a unified international market environment. 

7. Outlook: What are the resulting realistic scenarios for the future?

Will DeFi manage to break into the financial sector?

There is currently no way to say with certainty whether or not solutions offered outside of traditional, centralised financial intermediaries will remain marginal or become mainstream. At the moment, DeFi must still be classified as an experimental, niche phenomenon when compared to the traditional financial sector. However, it is unlikely that DeFi will disappear as it is a sector that has enjoyed a great deal of growth and attention over the last few years, presenting the potential for financial inclusion, increases in efficiency and new investment opportunities.  

We therefore believe that DeFi will continue to play a role in the financial sector, in particular within certain niches or specialised applications. That being said, it is not clear how regulations will develop and to what extent traditional financial institutions will integrate DeFi technology into their product range. 
Despite the significant disruptive potential of these new protocols, it is important to realise that this new sector can be understood as being complimentary to traditional banks. As such, it is not strictly necessary to ask which solution will prevail over the long-term. On the contrary, the best approach is to identify the advantages of decentralised and centralised solutions in order to achieve broader welfare gains. 
As demonstrated above, DeFi and CeFi are fundamentally different on a variety of levels. For example, banks can point to significant advantages with regard to compliance and regulation, and therefore improved access to both private and institutional customers – or, to put it another way, they can reference the scalability of their offer. In contrast, even during its development phase, the decentralised sector has exhibited unforeseen potential in terms of inclusion, speed, security and of course efficiency. 
It will therefore be interesting, over the medium-term, to identify so-called ‘sweet spots’, that is the overlapping aspects of these two facets of the financial industry. These include, in particular, applications such as (liquid) staking, decentralised exchanges or lending.[34] However, we can also expect to see the development of entirely new applications outside of currently established, traditional boundaries.

One possibility for the development of DeFi within the traditional banking system is a potential partnership between DeFi platforms and banks.[35]  Banks can guarantee compliance with regulatory provisions and be assured that their customers trust them, both aspects that might be missing from the platforms, whereas DeFi platforms can offer innovative financial services that banks may only be able to provide after a delay. 

One very important factor for the future of DeFi and its integration into the traditional banking system, which cannot be underestimated, is the availability of digital payment methods such as blockchain-based central bank digital currencies (CBDC) or stablecoins. Digital payment solutions could be used to facilitate transactions between DeFi platforms and traditional banks, creating a bridge between the two systems.

Will centralised intermediaries such as banks and exchanges be abolished?

There is no indication that the traditional world of finance, including banks and exchanges, will be completely replaced by decentralised marketplaces in the future. While there is no question that DeFi holds a great deal of potential, at the moment it remains a relatively new niche technology that is still being developed and is very much at the experimental stage. Compared to the traditional CeFi sector, the DeFi market remains extremely small, at only thousandths of the total CeFi volume. Some core characteristics of DeFi protocols, in particular the fact that there is almost always over-collateralisation for all lending, have the ‘natural’ effect of placing an upper limit on volumes in the DeFi sector. 
Banks and exchanges play a decisive role within the global financial system, offering liquidity, transparency and dependable regulatory framework conditions to both investors and issuers, furthermore banks issue currency and assume an important role in the economy by providing maturity, lot-size and risk transformation services. Exchanges, as multilateral marketplaces with their central counterparties (CCPs), are in no way dysfunctional; on the contrary, they have proven themselves over decades to be stable partners on the global financial market. Financial institutions and exchanges have, over a long period of time, established relationships with their customers but also with governments and regulatory bodies, giving them a significant advantage in regard to liquidity, scalability and resources. Not only that, regulated centralised intermediaries have a significant role to play, acting as a buffer between individual market participants, not least during the transformation of maturities and risks. 

However, it is important to note that the regulatory landscape for DeFi is still in development, and it is unclear how regulatory authorities will influence the development of DeFi and its interconnection with the traditional financial world in the years to come. Traditional, highly regulated financial institutions can only make use of and promote DeFi once the regulatory framework is clearly defined. As soon as this takes place, traditional financial institutions will also adjust and develop to integrate DeFi technologies, which will further erode the borders between the world of centralised and decentralised finance. Creating an attractive regulatory framework for this process might be understood as a factor in the international competition between financial centres.
Overall, DeFi may influence some aspects of the traditional financial economy, but it is highly unlikely that banks and exchanges will be replaced at any time in the near future. Instead, we could see a greater merging of traditional and decentralised finance as both sectors continue to evolve.


Blockchain: A transparent, decentralised database in which data are connected in blocks in order to prevent retroactive changes. Transactions are reviewed and confirmed without the involvement of a centralised authority.

DAO (Decentralised Autonomous Organization): A DAO is a blockchain-based organisation. Participants in the DAO vote on all decisions made regarding the DAO as a means of achieving a joint goal. DAOs use smart contracts to facilitate joint resource management, financing of projects and automated transactions.

DeFi-Transaktion (Schematic sequence)

  1. The use must have a self-hosted wallet (e.g. MetaMask) and the corresponding cryto assets at their disposal.
  2. The user links their wallet to the application, this can be done for example via a third-party app, on the application’s website or by entering the address ID. In this way, the user also gives their consent as a prerequisite for the upcoming interaction.
  3. Depending on the type of transaction, the user then has to give the DeFi application’s smart contract permission to access their assets.
  4. Once permission has been given, the user can then execute the transaction. A request appears in the user’s wallet for them to confirm both permitting access to their assets and the transaction itself.
  5. The transaction is then transferred to and processed by the blockchain.

DEX (Decentralised Exchange): DEX stands for Decentralised Exchange and is a crypto asset exchange with no centralised intermediary. Trade is carried out directly between users via smart contracts on a blockchain.

DLT (Distributed Ledger Technology): A distributed database. All network participants administer and update the ledger jointly. Transactions are reviewed independently from each other by participants. The best-known type of DLT is the blockchain. 

Lending: Loans of crypto-assets against interest, secured by means of crypto-assets.

Liquid Staking: Liquid staking allows users to employ their crypto-assets as collateral and to receive other tokens as compensation in return. 

Liquidity Provider: A liquidity provider (LP) provides liquidity by adding crypto-assets or tokens to a pool. This increases market liquidity and makes it easier for users to exchange assets. 

On-Chain Governance: On-chain governance is a democratic decision-making process for managing a decentralised financial protocol directly on the blockchain. Users have the right to vote on changes to protocols and demand transparency and continued development.

Oracle: Interfaces to third-party data, allowing users to access data that does not exist on the blockchain, e.g. share prices for options. Oracles allow this data to be processed in a smart contract. 

Smart Contract: Smart contracts are self-executing programmes on a blockchain that automatically check whether specific conditions have been fulfilled and, in the event that they have been fulfilled, execute a predetermined routine. They offer security to the parties involved thanks to their transparency and autonomy. 

Staking: Staking is the process by which users save their crypto-assets in a proof-of-stake (PoS) network in order to create new blocks and receive rewards. 

Participant/user: Participants/users in the DeFi arena are people or entities using decentralised financial services. They can take part in a variety of activities, such as staking, lending or trade. 

Token: A token is a digital unit used in blockchain networks to represent assets and implement transactions. A token may be a crypto-asset or a digital representation of an asset, and serves different purposes within these systems, such as the transfer of assets or participation in smart contracts.

Total Value Locked (TVL): TVL refers to the total amount of assets deposited in a DeFi protocol as collateral. The TVL amount reflects that trust and acceptance the protocol enjoys within the community.

Uniswap: Uniswap is a decentralised financial protocol and a decentralised exchange (DEX) based on the Ethereum blockchain. It allows for direct exchange of crypto-assets without a centralised intermediary.

Validators: Validators are participants in a blockchain network that review and confirm transactions. They receive incentives for their participation. 

Wallet: EA wallet (or digital wallet) is an application that can used to create, manage, save or use private and public cryptographic keys. 

Foot notes:

[1] Technical terms such as this one are explained in a glossary at the end of the document.

[2] For a list of these studies, see chapter 6.

[3] Source: https://www.bafin.de/EN/Aufsicht/FinTech/InnovativeFinanztechnologien/DLT_Blockchain/Glossar/glossar_node_en.html

[4] A list of all current DeFi categories can be found at https://defillama.com/ 

[5] TVL refers to the total value of all assets or crypto-assets deposited in a certain DeFi application.

[6] UAW indicates the total number of users. It describes the unique number of identifiable addresses of those participants that have interacted with a DeFi application in the last 30 days.

[7] Slashing refers to a penalty payment if the staking rules are violated.

[8] See chapter 1 for more information about DAOs.

[9] DAI is the cryptocurrency of MakerDAO, a well-known DAO in the DeFi environment.

[10] https://www.mas.gov.sg/schemes-and-initiatives/project-guardian

[11] Deutsche Bundesbank, “Crypto tokens and decentralised financial applications” (Monthly Report, July 2021) p.31.

[12] Birgit Rudolphe (BaFin), “A future without supervision? The challenges of decentralised finance for financial supervision” (Expert Article from 16 May 2022) – available at: https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Fachartikel/2022/Kurzkommentare_BaFinTech2022/fa_bj_2203_Kurzkommentar_Rodolphe_en.html?nn=19586540

[13] Deutsche Bundesbank, “Crypto tokens and decentralised financial applications” (Monthly Report, July 2021) p.42.

[14] Deutsche Bundesbank, “Crypto tokens and decentralised financial applications” (Monthly Report, July 2021) p.42.

[15] The current supervisory framework is comprised of the national legislation of the Banking Act (Kreditwesengesetz, KWG), the Securities Trading Act (Wertpapierinstitutsgesetz, WpIG) the Payment Services Supervision Act  (Zahlungsdiensteaufsichtsgesetz, ZAG) and EU Regulation 2023/1114 concerning markets for crypto-assets (MiCAR).

[16] For example, written permission in accordance with Section 32 of the German Banking Act.

[17] See also BaFin, FinTech Innovation Hub (article from 1 September 2022) – available at: https://www.bafin.de/EN/Aufsicht/FinTech/fintech_artikel_en.html

[18]  Refers to proprietary trading in accordance with Section 1(1a), sentence 2(4)(a) of the German Banking Act; relevant classification in MiCAR: operation of a trading platform in accordance with Article 3(1)(16), letter b, and where applicable the exchange of crypto-assets within the meaning of Article 3(1)(16), letters c and d.

[19] See also Maume/Siadat, NJW 2023, 1168 (1171).

[20] Refers to a loan of money within the meaning of Section 1(1), sentence 2(2) of the German Banking Act; blockchain-based lending is not to be included in the MiCAR from the outset (see Recital 94, Article 142 of MiCAR).

[21] For more information, see Möslein/Kaulartz/Rennig, RDi 2021, 517 (523f.).

[22] See also Deutsche Bundesbank, “Crypto tokens and decentralised financial applications” (Monthly Report, July 2021) p.31.

[23] Möslein/Kaulartz/Rennig, RDi 2021, 517 (524).

[24]See chapter 2 for more information about DAOs.

[25] For more details about the legal classification of a governance token, see Möslein/Kaulartz/Rennig, RDi 2021, 517 (526 f.).

[26] BaFin, “A DAO is a collectively [sic] owned, blockchain-governed organisation working towards a shared mission without centralised leadership that aims [sic] to offer a safe way to collaborate with strangers.” – available at: https://www.bafin.de/EN/Aufsicht/FinTech/Geschaeftsmodelle/DLT_Blockchain_Krypto/DAOS/DAOS_node_en.html

[27]  See Möslein/Kaulartz/Rennig, RDi 2021, 517 (523 f.).

[28] See also BaFin, Guidance Notice regarding the licensing for conducting cross-border banking business and/or providing cross-border financial services (5 April 2005, last amended on 11 March 2019) – available at: https://www.bafin.de/SharedDocs/Veroeffentlichungen/EN/Merkblatt/mb_050401_grenzueberschreitend_en.html

[29] Source: https://www.bis.org/publ/work811.pdf

[30] Source: https://finance.ec.europa.eu/system/files/2022-10/finance-events-221021-report_en.pdf

[31] Source: https://europeanblockchainassociation.org/wp-content/uploads/2023/01/DeFi-paper-vfinal.pdf

[32] Source: https://www.fsb.org/wp-content/uploads/P160223.pdf

[33] See chapter 1 for clarification.

[34] For a description of applications, see also Chapter 2.

[35] See also Chapter 3.


Contact Persons

Tobias TennerHead of Digitalisation, Associate Director
Simon ZieglgruberAssociate
Morgaine GerlachMedia Spokeswoman