What is DeFi?
Decentralised finance, or DeFi as it is commonly known, is a financial system that makes use of blockchain technology and cryptocurrencies. It allows individuals, businesses and other entities to carry out transactions, lend and borrow money, and offer/use other types of financial services, outside of the traditional banking system.
What are the benefits of DeFi?
The key benefit behind a decentralised financial system is that it removes third parties – i.e. banks – from the equation. This allows for efficiencies such as reduced transaction times and reduced costs due to an absence of fees and better interest rates.
Why does this matter for banks?
Banks are facing significant operational and compliance risks in integrating or adapting to this new financial paradigm. According to Forbes, today’s global cryptocurrency market capitalisation stands at US$3.3tn. Though the crypto markets and DeFi as a whole account for only a fraction of global financial activity compared with traditional banking, the concept of a decentralised financial system that operates outside the realm of banking should still be considered an important – and growing – risk factor for banks.
FTX: a turning point
The collapse of one of the largest cryptocurrency exchanges, FTX, in November 2022, had a ripple effect across the financial system. The direct impact on traditional banks was relatively contained due to their limited exposure to cryptocurrencies. But the industry was not completely unaffected by the event. Banks that had exposure to crypto-related businesses, including companies that held assets with FTX, saw financial losses when the exchange collapsed as clients defaulted or withdrew funds. Signature Bank (which collapsed in March 2023) and Silvergate Capital, (which voluntarily liquidated, also in March 2023) served a large number of crypto clients and were both heavily impacted.
The FTX collapse led regulators to take a greater interest in banks’ involvement with crypto activities. Regulators worldwide pushed for stricter rules on banks dealing with cryptocurrency firms, emphasising the need for enhanced risk assessments, due diligence and segregation of client assets. Many banks began reevaluating their crypto strategies to minimise reputational risks and regulatory challenges.
Banks exploring blockchain technologies faced setbacks as the collapse shook investor and public trust in crypto-linked innovations. Traditional banks became more hesitant to form partnerships with crypto exchanges and platforms, fearing similar collapses. The implosion of FTX also added to existing turbulence in the financial markets, tightening credit conditions. The collapse highlighted systemic risks within the crypto industry and how they could impact other sectors and banks indirectly linked to crypto.
Operational risks arising from crypto and DeFi
Regulatory uncertainty
Financial regulators are dedicating much time and resources towards tightening oversight of banks’ links with crypto. “Crypto is a top priority for global financial regulators at the moment,” says CEO of RiskBusiness, Mike Finlay. “The demise of FTX provided regulators with new impetus to try and get to grips with supervising crypto and accelerated global initiatives focused on crypto regulatory frameworks. Banks, as critical components of the traditional financial system, face specific regulatory expectations regarding their involvement with crypto to ensure financial stability, consumer protection and compliance with anti-money laundering standards.”
Banks are often required to hold additional capital reserves against crypto-related activities to mitigate the volatility and speculative nature of crypto assets. In January 2023, the Basel Committee on Banking Supervision introduced standards for banks’ exposure to crypto assets, which are part of its broader capital adequacy guidelines under the Basel III framework. These standards, finalised and amended in July 2024 (and to be implemented by January 2026) include:
- Risk weightings: For unbacked crypto assets like Bitcoin and Ethereum, banks must apply a 1,250% risk weight. This high-risk weight effectively requires banks to hold capital equal to the full value of their exposure, ensuring they have sufficient buffers to cover potential losses.
- Exposure caps: Banks’ total exposure to Group 2 crypto assets (which includes unbacked cryptocurrencies and non-compliant stablecoins) is capped at 2% of their Tier 1 capital. While the 2% cap is a hard limit, a target of no more than 1% is recommended.
Differing regulatory approaches
Uncertainty around crypto regulation will continue to be an issue for banks as global rules evolve. Key issues include unclear definitions of crypto assets, differing oversight by agencies such as the CFTC (Commodity Futures Trading Commission) and the SEC (Securities and Exchange Commission) in the US and rapidly changing rules globally.
In the US in particular, there is ongoing debate and legal confusion about how cryptocurrencies should be classified – whether as currencies, commodities, securities, or another type of asset. This ambiguity arises from the varied characteristics of different cryptocurrencies and the lack of a universally agreed-upon regulatory framework. This makes it difficult for banks to predict compliance requirements or assess risks consistently.
The UK’s Financial Conduct Authority has tried to help address this problem by publishing a regulatory roadmap for crypto assets. The roadmap outlines planned policy publications and consultations for which the regulator is seeking feedback and also outlines the content each of the publications is expected to cover. Similarly, US regulators in recent years have released joint statements about their intended plans for oversight of crypto. In December 2021, the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released the results of a joint “policy sprint” which sought to foster a more collaborative approach to tackling crypto regulation and the potential risks and opportunities for banks, their customers and the overall financial system. While these efforts are still underway, the US regulatory landscape remains somewhat fragmented, with key regulatory bodies, including the SEC and CFTC, still debating their roles in overseeing cryptocurrencies.
When Donald Trump takes office as US president in January 2025, it is widely expected that a more crypto-friendly approach to regulation will be adopted, allowing banks more freedom to expand further into digital assets. Though this may be welcome news for some, it appears the banking industry is approaching with caution. “The regulatory framework has to evolve…and everyone’s speculating as to how that regulatory framework will evolve, but it’s still unclear,” said Goldman Sachs Chief Executive David Solomon at the Reuters NEXT conference held in New York in December 2024. If the rules do change under Trump, Solomon says the bank would “evaluate” its dealings with key cryptocurrencies such as Bitcoin and Ethereum. “But for the moment…our ability to act in these markets is extremely limited,” he said.
The IMF (international Monetary Fund)has weighed in on the topic of regulatory uncertainty around crypto. “The regulatory fabric is being woven and a pattern is expected to emerge. But the worry is that the longer this takes, the more national authorities will get locked into differing regulatory frameworks,” wrote Aditya Narain and Marina Moretti from the IMF’s Capital Markets Department. “Many functions in the financial system, such as providing leverage and liquidity, lending and storing value, are now emulated in the crypto world. Mainstream players are competing for funding and clamouring for a piece of the action. This is all leading to greater calls for the ‘same activity, same risk, same rule’ principle to be applied, with the necessary changes, to the crypto world – piling pressure on regulators to act. It is posing another conundrum for public policy, too. How closely can the two systems be integrated before there is a call for the same central bank facilities and safety nets in the crypto world?”
Tokenised assets
Tokenised assets allow traditional financial institutions to offer some of the same benefits associated with DeFi, such as the ownership and transfer of assets without the need for intermediaries. A tokenised asset is essentially a digital representation of a real-world asset on a blockchain. Tokenised assets can be fractionalised or broken down, meaning banks can offer parts of high-value assets such as real estate, fine art, or commodities to a broader range of investors. HSBC was the first bank to offer tokenised gold to institutional investors in 2023 and to retail investors in Hong Kong in 2024.
Technology risks
Many banks have developed their own internal blockchains for processes such as trade finance operations, cross-border transactions and tokenisation of assets. Interoperability issues are one of the main technical risks impacting banks providing services that rely upon blockchain technology. Difficulty connecting with different blockchain systems can disrupt services or limit their ability to handle various cryptocurrencies.
Several banks took part in a June 2024 research paper that looked into addressing these interoperability challenges. Published by Axelar, Institutional Interoperability: How Financial Institutions Navigate a Multichain World, the paper consulted Citi, Deutsche Bank, Mastercard, Northern Trust and Centrifuge for insight into their projects in asset tokenisation and how they have implemented multiple blockchains. “All institutions participating in the paper emphasised the need for interlinked network models that embrace multiple blockchains, as well as traditional systems,” said Axelar. “Improved global access is a key benefit of tokenised assets – but how can regulated financial institutions create systems that operate across borders, in compliance with the various regulations in place in each jurisdiction?” it asked. The paper concluded that a multi-layered approach to cross-network risk management was the best approach, “with policies in place that mitigate damage when faults occur. A multi-layered risk management approach should include the capability to customise application-level security policies,” it said.
What are the risks involved with tokenisation of assets?
Regulation surrounding tokenised assets – as with crypto – is still evolving. This creates a legal grey area where banks must decide whether the benefits of investing in this technology outweigh the potential legal risks. “Without clear rules in place, businesses and investors are left exposed to potential legal disputes and future government crackdowns,” says Alexander Boehm in a blog for Finextra. “What’s legal today might not be tomorrow, and this uncertainty is a ticking time bomb for those diving headfirst into tokenisation.”
It’s also worth noting that not everybody sees the benefits of tokenisation and that just because you can do something, it doesn’t mean you should. “Tokenisation promises liquidity, but not all assets will enjoy a thriving marketplace,” says Boehm. “Some tokenised assets may struggle to find buyers, leaving investors stuck with tokens they can’t easily sell. Market volatility, speculation and poor demand can cause wild price swings and investors could see their tokens lose value overnight. What was once a liquid asset could quickly become a liquidity trap.”
Smart contract failures
Smart contracts are a key factor in the appeal of tokenisation and the DeFi environment as a whole, offering huge efficiencies. But they, too, come with risks. “Smart contracts are one of the great benefits offered by the blockchain,” says Mike Finlay, CEO of RiskBusiness. “They allow users to create a self-executing program that automatically enforces certain rules and terms when the right conditions are met. For example, it can automatically release payment once a service is completed. But as with any system that creates efficiencies, it also opens up an organisation to potential problems. Bugs or errors in these types of automated smart contracts could lead to financial losses, legal disputes, or reputational damage for the firm.”
The DAO hack
An example of where smart contracts can go awry is The DAO hack which took place in 2016. Though there are thousands of DAOs in existence today, the world’s first was launched in April 2016 on the Ethereum blockchain and is still known simply as “The DAO.”
A DAO, or decentralised autonomous organisation, is an organisation that is based on the blockchain and collectively owned by its members – much like a traditional cooperative, but with digital assets. “After Ethereum protocol engineer Christoph Jentzsch released open source code for a collectivised, ETH (Ether) based investment organisation, The DAO launched..with a token sale that distributed DAO tokens in exchange for ETH,” explains Cryptopedia. “These DAO tokens were designed to facilitate voting on the allocation of The DAO’s collectivised funds to entities, businesses and technologies seeking investment. After approving funding proposals, stakeholders were meant to be in position to profit from their investments by reaping dividends or benefiting from a token price increased by representation in ownership of successful companies.”
Everything seemed to be going well and The DAO raised US$150m from more than 11,000 investors after just three weeks of being active. But during this time, computer engineers began raising concerns about potential vulnerabilities in the code which could allow someone to drain funds directly from the organisation. Whilst programmers worked to fix the problem, hackers did exactly as was feared, and nearly US$60m worth of Ether was stolen from The DAO.
The funds were later recovered, but the event led to what is known as a “hard fork” in the Ethereum blockchain. A hard fork is where the community cannot agree on whether to continue with the blockchain in its current form, or to change its protocol to create a new blockchain, thus creating two versions – in this case Ethereum and Ethereum Classic.
While the case of The DAO hack is not directly linked to risks in banking, banks using their own blockchains, or investing in cryptocurrency, should consider the risks highlighted, says Finlay. “Although banks use permissioned architectures for their blockchains, i.e., a closed, or distributed ledger that restricts access to a predefined set of users, they are still vulnerable to hacking. A public blockchain such as Ethereum has thousands of participants making it more difficult for any single malicious entity or group to control or compromise the network – because data and decision-making are spread across many independent parties. Public blockchains also benefit from consensus security, meaning that for an attacker to alter or manipulate the blockchain they would need to control the majority of the network. The more participants, the costlier and more impractical such an attack becomes for hackers. Banks cannot offer the same benefits in that respect.”
AML and fraud risks
The appeal of cryptocurrencies and DeFi as a whole is that they are largely untraceable and outside the domain of financial regulators and other authorities. The problem with this is that it creates a perfect environment for criminals and fraudsters to flourish. Banks place restrictions on cryptocurrencies to try to counteract these risks. For example, many banks enforce a limit on how much money can be paid from a traditional bank account to a cryptocurrency exchange – i.e. – how much cryptocurrency can be purchased – in order to help reduce the bank’s exposure to volatile crypto markets. Some banks also prohibit the use of credit cards to purchase cryptocurrency.
Difficulty in tracing the origin of funds due to the pseudonymous nature of many cryptocurrencies makes it problematic for KYC and AML processes. Banks must carefully navigate specific regulations in this area when dealing with cryptocurrency, whether through investments or accepting payments from crypto exchanges. Potential issues include difficulties verifying customer identities, ensuring the legitimacy of funds from crypto wallets and the risk of dealing with unregulated or poorly regulated exchanges. Transactions involving privacy-enhancing tools or high-risk patterns, like large offshore transfers, amplify these challenges. Regulatory scrutiny adds to the pressure, as weak due diligence could lead to legal repercussions and reputational damage. To mitigate these risks, banks must adopt enhanced due diligence such as blockchain analytics for transaction monitoring and stay on top of evolving regulatory frameworks.
Crypto-friendly banks: the beginning of the end for traditional banking?
When cryptocurrencies first began to gain popularity, many banks chose to distance and differentiate themselves from the crypto markets, and most banks still place restrictions on crypto transfers even today. But as DeFi and cryptocurrencies gain traction, there must inevitably be some crossover with traditional mainstream banking. Growing numbers of customers are choosing to invest in cryptocurrency; according to the FCA’s latest research on consumer attitudes and behaviours towards crypto, 12% of UK adults now own cryptocurrency – and they are demanding access to crypto products via their bank, such as trading, custody and lending services.
Some banks already offer some crypto products. Most fintechs – digital banks that are tech-savvy and (like DeFi) were established with the aim of disrupting traditional banking – are well placed to integrate crypto services into their offering. The relationship between traditional banking and crypto has been somewhat fraught over the years, with many banks freezing or closing client accounts because of crypto-heavy activity. This has led to an upsurge in the number of so-called crypto-friendly banks and fintechs. But what does this actually mean?
“As the name suggests, crypto-friendly banks are financial institutions that allow customers to freely withdraw and deposit funds from their accounts to cryptocurrency-related platforms,” explains Coinjar. Several crypto-native banks and crypto-friendly financial institutions operate globally, bridging the gap between traditional banking and cryptocurrency. Notable examples include:
- Amina Bank in Switzerland: It offers a range of crypto services such as trading, staking and custody for digital assets. It was one of the first regulated institutions to support crypto-focused private banking services and NFT custody solutions
- Sygnum Bank, another Swiss institution, is a fully licensed bank focusing on digital asset services, including tokenisation, custody and crypto trading
- Juno in the United States: An online banking app that combines USD banking with crypto trading, allowing users to hold, buy and sell cryptocurrencies alongside traditional banking services
- Swissquote in Switzerland: Known for its online trading origins, it offers a variety of crypto investment products and trading services
- LHV Bank in Estonia: A crypto-friendly bank that facilitates the buying, selling, and holding of cryptocurrencies
These banks demonstrate how financial institutions can integrate cryptocurrency services, providing a mix of traditional and digital asset products. They highlight the growing influence of crypto in global finance and the increasing demand for regulated institutions catering to the crypto economy.
The missing link
In order to adapt to the rise of blockchain technology and cryptocurrency and compete with crypto-friendly banks and fintechs, traditional banks must invest in the right expertise. Many financial institutions are exploring how blockchain can be used to improve banking services like payments, securities trading and cross-border transactions. As a result, they are increasingly recruiting blockchain developers, security professionals and compliance experts to integrate blockchain technology into their operations.
Banks are also building specialised teams to assess risks related to cryptocurrencies. This includes understanding AML and KYC challenges that are specific to crypto transactions, since banks need to ensure that crypto-related services comply with regulations, even if they aren’t directly offering crypto trading. These compliance teams are critical as governments worldwide implement more regulations for cryptocurrency interactions in traditional finance.
Some banks have begun developing their own cryptocurrency products and services, either in-house or in collaboration with crypto firms. For example, JPMorgan and Goldman Sachs have both made significant investments into blockchain and digital asset infrastructure, hiring specialists to support these initiatives.
The elephant in the room: scalability
One of the major issues preventing widespread adoption of blockchain technology – whether in the context of traditional banking or DeFi – is scalability. The energy required to power the blockchain raises serious sustainability concerns and cannot be overlooked when considering the risks associated with these types of technologies. Most blockchains struggle to handle the high transaction volumes and speeds required by large financial institutions. Public blockchains, like Bitcoin and Ethereum, often have limitations on the number of transactions they can process per second, leading to bottlenecks, delays and higher costs during peak usage. Even private or permissioned blockchains, like those used by banks, while faster, may face scalability issues as the network grows. These limitations do not align with banks’ need for reliable, high-speed processing for millions of transactions every day. Emerging solutions to this problem, such as Layer 2 technologies, sharding, or advanced consensus mechanisms – which can be used to replace slower and less-reliable human verifiers in the blockchain – are promising, but still evolving.
What does the future hold?
Financial innovations over the centuries have always raised questions and posed potential risks. The establishment of cash in place of traditional bartering and trading methods was no doubt met with great scepticism. And in more recent years, the dawn of cashless payments and online banking – even as recently as 20 years ago – felt like an innovation too far for many.
The rise of fintech organisations and the rapid decline in the number of bank branches has seen traditional banking embrace new technologies in order to meet the changing demands of consumers and businesses. In years to come, we may look back at centralised banking as we do the trading of goods such as cattle and grain in return for services centuries ago: as an impossibly archaic way of transacting. If DeFi lives up to its potential, it could remove the barriers to entry for millions and revolutionise financial services as we know it. The challenge now for banks is to demonstrate enough foresight and adaptability to ensure they can be part of this revolution and not become a relic of financial history.
View a full PDF version of this report here.
More on this topic from RiskBusiness:
