Decentralized finance, commonly referred to as DeFi, is often celebrated as a transformative innovation in financial markets. By replacing banks, broker-dealers, exchanges, clearinghouses, and other traditional intermediaries with smart contracts and decentralized protocols, DeFi promises faster transactions, lower costs, broader market access, and a more open financial system.
Yet the same feature that makes DeFi attractive— disintermediation—also creates its central regulatory and governance challenge. Traditional financial intermediaries do more than facilitate transactions. Serving as compliance gatekeepers, they maintain records, verify customer identity, monitor transactions, provide disclosures, manage conflicts, and give regulators identifiable entities through which market integrity, investor protection, and financial stability can be enforced. When DeFi removes or fragments these intermediaries, it also removes or fragments the compliance and governance infrastructure that financial regulation has long depended upon.
In a new article, we argue that effective regulation must respond to this structural transformation through two complementary strategies: first, embedding compliance safeguards directly into platform design, and second, holding accountable the actors who build, operate, govern, and maintain those platforms.
The Governance Problem Hidden Inside “Decentralization”
One of the most striking features of DeFi is how thoroughly it reproduces familiar governance failures while claiming to transcend them.
Many DeFi platforms market themselves as community-governed through decentralized autonomous organizations, or DAOs, in which token holders vote on protocol changes, treasury decisions, and other matters of consequence. In practice, governance authority is typically concentrated in the hands of founders, early investors, and insiders who accumulate governance tokens and exercise outsized control over platforms that retail participants believe to be democratically governed. Importantly, full decentralization is often illusory. Indeed, many purported DeFi platforms retain meaningful elements of centralized control, and governance capture by insiders continues to occur.
The consequences can be severe. In 2023, insiders in the Rook DAO acquired sufficient governance authority to dissolve the organization, liquidate its $44 million treasury, and distribute $25 million to themselves—a coordinated extraction that would be immediately recognizable to corporate governance scholars as a classic insider self-dealing problem, enabled by opaque ownership structures and the absence of any fiduciary accountability. In another case, when the pseudonymous chief financial officer of Wonderland DAO was revealed to be a convicted felon, the platform’s founder unilaterally shut down the project despite a majority vote of token holders to continue—illustrating that governance rights in DeFi can be illusory even when formally conferred.
These are not merely operational failures. They reflect a structural governance vacuum: DeFi platforms routinely lack the ownership transparency, conflict-of-interest governance, and accountability mechanisms that corporate law and securities regulation have long required of firms that solicit capital from the public.
The Compliance Gap and Why Ex Post Enforcement Comes Too Late
Beyond governance, DeFi’s disintermediation creates acute compliance failures that are difficult to remedy after the fact. Consider the contrast between DeFi and a conventional digital trading platform. When regulators identified supervisory, recordkeeping, anti-money-laundering, and customer-protection failures at Robinhood, they were able to identify the responsible entity, investigate the misconduct, impose sanctions—nearly $75 million in combined penalties in early 2025—and require remediation. That outcome was possible precisely because the responsible entity’s intermediation, however costly, sustained the transparency, compliance culture, and enforceable accountability that disintermediated systems lack.
DeFi platforms often have no equivalent institutional hooks. Responsibility may be diffused across pseudonymous developers, DAO participants, governance-token holders, user-interface providers, and others exercising forms of practical control—none of which is formally obligated to maintain records, screen customers, or flag suspicious activity. The CFTC’s enforcement action against Ooki DAO illustrates the problem vividly: Unable to identify a responsible legal entity, regulators sued the DAO itself as an unincorporated association, obtained a default judgment because no one appeared to contest it, and have since been unable to collect—because there is no identifiable party responsible for satisfying the judgment. Winning in court proved largely meaningless.
This is why ex post enforcement alone is structurally inadequate for DeFi. Once a smart contract has automatically executed transactions across borders, funds may be dispersed, laundered, or irretrievable. Compliance must be built into the system before failure occurs.
What Effective Regulation Requires
We argue that regulators should develop reforms focused on two things.
First, DeFi platforms should be required to incorporate technological and governance tools that replicate critical compliance and risk-management functions. These include meaningful disclosures about smart-contract functionality, ownership, governance rights, upgrade authority, emergency powers, and material risks—disclosed in terms that users can actually understand, not merely encoded in computer logic that few can read. They also include audit requirements, transaction-monitoring tools, sanctions-screening mechanisms, circuit breakers, and pause functions capable of slowing or halting harmful activity in defined circumstances.
Second, regulation should focus on functional control rather than formal labels. Actors who build, operate, maintain, profit from, or materially govern DeFi platforms should not be able to evade accountability simply by invoking decentralization. This accountability principle matters especially because claims of decentralization are often strategic rather than genuine—a shield against responsibility rather than a real technological feature.
A workable framework should also be sensitive to scale. Small, experimental projects may not pose the same risks as large platforms with substantial transaction volume, significant retail participation, and deep cross-platform dependencies. Regulation should therefore be proportionate and risk-based, with more extensive obligations—including third-party audit and verification—reserved for platforms whose failures could generate cascading losses or broader market instability.
Finally, effective DeFi regulation requires multijurisdictional coordination. The technology is borderless, enforcement authority is not. Regulators will need to coordinate on substantive expectations, information sharing, enforcement cooperation, and mechanisms for identifying responsible actors across jurisdictions—drawing on existing institutions like IOSCO, FATF, and the FSB, which have already built the infrastructure for this kind of coordination in adjacent domains.
Conclusion
DeFi should not be evaluated solely by asking whether it eliminates intermediaries. It should be evaluated by also asking what happens to the functions that intermediaries performed. Financial regulation has always depended on mechanisms that produce information, constrain opportunism, allocate responsibility, and protect market stability. The governance and compliance failures already visible in DeFi—insider extraction, pseudonymous fraud, unenforceable judgments, and unchecked automation—are not incidental. They are the predictable consequence of dismantling institutional infrastructure without replacing the functions it served.
DeFi changes where those mechanisms reside. It does not eliminate the need for them.
Gina-Gail S. Fletcher is a professor of law, Veronica Root Martinez is the Simpson Thacher & Bartlett Distinguished Professor of Law, and Steven L. Schwarcz is the Stanley A. Star Distinguished Professor of Law & Business at Duke University School of Law. This post is based on their article, “Regulating DeFi Platforms,” forthcoming in the Minnesota Law Review and available here.