Skip to main content

Embedded Supervision: How to Build Regulation Into Decentralized Finance

Published onJun 13, 2022
Embedded Supervision: How to Build Regulation Into Decentralized Finance


The emergence of so-called “decentralized finance” (DeFi) and a shadow financial system of cryptocurrency exchanges and stablecoin issuers raises the challenge of how to apply technology-neutral regulation so that similar risks are subject to the same rules. This paper makes the case for embedded supervision, i.e., a regulatory framework that provides for compliance in decentralized markets to be automatically monitored by reading the market’s ledger. This reduces the need for firms to actively collect, verify and deliver data. The paper explores the conditions under which distributed ledger data may be used to monitor compliance. To this end, a decentralized market is modeled that replaces today’s intermediary-based verification of legal data with blockchain-enabled credibility based on economic consensus. The key results set out the conditions under which the market’s economic consensus would be strong enough to guarantee that transactions are economically final, so that supervisors can trust the distributed ledger’s data. The paper concludes with a discussion of the legislative and operational requirements that would promote low-cost supervision and a level playing field for small and large firms.

JEL classification: D40, D20, E42, E51, F31, G12, G18, G28, G32, G38, K22, K24, L10, L50, M40.

Keywords: Accounting, asset-backed tokens, auditing, banking, Basel III, blockchain, CBDC, compliance, crypto-assets, cryptocurrencies, DeFi, digital currencies, digitalization, distributed ledger technology, economic consensus, economic finality, finance, fintech, permissioned DLT, privacy, proof-of-stake, proof-of-work, proportionality, regtech, regulation, stablecoins, supervision, suptech, tokenization, decentralized finance.

1. Introduction

Authorities around the world are grappling with the rise and fall of cryptocurrencies, so-called “decentralized finance” (DeFi), and the general role of distributed ledger technology (DLT) in finance.1 Cryptocurrency valuations are on a perennial roller coaster ride (Graph 1, left panel), but underlying this, market share has continuously shifted from Bitcoin to Ethereum and other cryptocurrencies that enable increasingly complex automated financial products (Graph 1, middle panel). However, the “decentralized” label is elusive as trading is concentrated in centralized exchanges, while centralized stablecoins provide liquidity to this ecosystem (Graph 1, right panel).2

Graph 1: Value locked in DeFi, cryptocurrency valuations, market shares and trading volumes

In particular, the emergence of a lightly-regulated shadow crypto financial system [1] put to the fore the challenge of how to best apply technology-neutral regulation, so that similar risks are subject to the same regulation.3 This paper investigates how the “same risk, same rules” principle might be applied to the financial supervision of DLT-based markets. It argues that, while regulation should remain technology-neutral, supervision should evolve in parallel with technology.4

The basic premise of this paper is that although DeFi and DLT more broadly may not change the underlying risks, they may open up new ways of supervising these risks.5 So, instead of focusing on fitting DeFi and crypto-assets into existing regulations, such as securities laws formulated long before the advent of DLT, it is worth asking how new technologies could serve to better monitor risks in financial markets. Based on these characteristics, this paper puts forward the concept of “embedded supervision.” This comprises a regulatory framework that provides for compliance to be automatically monitored by reading the market’s ledger. As such, it reduces the need for firms to actively collect, verify, and deliver data.6

DLT enables DeFi: decentralized financial engineering based via self-executing contracts and deployed on top of distributed ledgers such as Ethereum, Solana, and recently also Bitcoin (after the “Taproot” upgrade in late 2021). If such innovations take root, they will drive the development of financial markets through new forms of transparency and data credibility.7 The fundamental novelty is that DLT builds such credibility with a decentralized data structure based on economic consensus. Effectively, this harnesses the incentives of individual market participants to replace data verification based on middlemen.

Compliance monitoring would then be automated by relying on the trust-creating mechanism of decentralized markets for supervisory purposes. For example, for the case of a bank that holds asset-backed tokens, compliance with the Basel III capital standards could be automatically verified. This would be done by computing the ownership of (borrowing and lending) balances and the associated risk weights in the relevant distributed ownership ledgers. In a similar vein, in a token ecosystem, the full asset backing of a stablecoin could be monitored automatically.8

Embedded supervision could ease the conflict between data availability, the cost of data collection and verification, and privacy. Compliance expenditure weighs heavily on financial institutions, and even more so on smaller firms. Supervisors thus face a trade-off between getting the data they need and keeping the costs of compliance within reasonable limits. Embedded supervision could further help maintain the confidentiality of firms and their customers, since cryptographic tools can be used to report an institution’s aggregated financial exposures to the supervisor without disclosing the underlying individual transactions.

At this point, it should be noted that the concept of embedded supervision goes much further than simply reading a distributed ledger. The key issue is that data are not necessarily valid just because they are stored in multiple places. In today’s compliance process, the trustworthiness of data is guaranteed by the legal system, the relevant authorities, and the threat of legal penalties. In DLT-based markets, by contrast, data credibility is assured by economic incentives. In this world, the supervisors must primarily examine the conditions under which the market’s economic consensus is strong enough to guarantee the quality of the data contained in the distributed ledger.

But what principles should govern a regulatory framework designed to use a market’s distributed ledger for financial supervision? This paper discusses four principles for the deployment of embedded supervision (Table 1).

Table 1: Principles of embedded supervision

Near-term applications of DLT allow for novel, intermediary-free ways to trade conventional assets (i.e., asset-backed tokens). They also allow for financial engineering, new forms of payment and settlement (i.e., central bank digital currencies and privately issued stablecoins) and the possibility of automated financial products via self-executing (“smart”) contracts.9

To overcome the limitations in scale inherent to decentralized exchange (see [2]), these applications could run on “permissioned” DLT, in which peer-to-peer exchange is facilitated by decentralized economic consensus. At the same time, such systems retain an overarching coordination mechanism—tied to the legal system—that determines who can participate in the market and that guarantees the quality of the underlying assets.

Hence, the first principle of embedded supervision is that it must be part of an adequate entity-based regulatory framework, backed up by an effective legal system and supporting institutions. Foremost, this means that asset “tokenization”—the process by which claims on real assets are digitally represented—is validated by the legal system. Although cryptography and distributed ledgers can prove the transfer of asset-backed tokens from one entity to another, the connection between the underlying asset and the digital token must ultimately be guaranteed by the legal system, which alone can underpin the ownership of assets such as real estate or shares in a brick-and-mortar business.

Summing up, the first principle of embedded supervision calls for a proper understanding of what DLT-based trading can achieve, and what it cannot. Just as in today’s system, a decentralized financial system would need to be solidly rooted in both the legal system and supporting institutions such as land registries or rating agencies. What differs from today’s system is the operational setup of how these entities trade with each other, how such trading is recorded, and how misbehavior is deterred.10

The second and third principles—which constitute the paper’s core theoretical results—concern the economic incentives at work to guarantee the finality of transactions in decentralized markets. For a supervisor to monitor compliance involving any set of transactions and ownerships, these transactions must be irrevocable and final [3]. If there is no central counterparty capable of vouching with a legally binding signature, some different criterion for transaction finality must be established.

This paper focuses on the concept of economic finality proposed in [4], i.e. the notion that a transaction is final once it is no longer profitable to reverse it.11 To this end, I develop a distributed and permissioned market in which “blocks” of financial contracts are verified by third parties. These verifiers stand to lose a given amount of verification capital should a blockchain reversal ever occur that voids existing transactions. From this setup, I develop the concept of “certain economic finality,” meaning that a verifier’s total skin in the game is so high that no market participant would ever find it profitable to bribe a verifier into reversing a transaction. I then argue that, if transactions are economically final, the supervisor can take them at face value.

The third principle is that, when designing embedded supervision, supervisors need to take into account the impact of their own actions on the regulated market. Regulated firms incur a cost in complying with regulation that they would not incur voluntarily.12 By the same token, in the DLT world, this creates incentives for a regulated firm to cheat the supervisor by altering the transaction history in the blockchain. I thus also model the supervisor’s impact on the market and show that, if a supervisor wishes to monitor compliance in real time, one strategy is to mandate a commensurate increase in the total amount of skin in the game for the verifiers.

The fourth and last principle concerns the broader societal goals when designing embedded supervision. The regulator’s goal is neither a specific market structure nor a specific form of exchange. Rather, it is to create a stable financial system that offers high-quality services to consumers and business at the lowest possible cost. In this regard, a key puzzle is that, despite ample technological progress, financial services remain stubbornly expensive (see Graph 2). This might partly reflect the high barriers to entry created by the costs of complying with financial regulation.

Graph 2: Low-cost information technology has not yet brought down the price of financial services

Against this backdrop, I discuss how embedded supervision could be designed with a view to harnessing the “fintech opportunity” highlighted in [5], as well as promoting low-cost financial service provision and a level playing field for both incumbents and potential entrants. In this aspect, the operational dimension is important. Public authorities can digitally sign and time-stamp relevant information—for example, the central bank’s policy rate, data from national statistical offices or public land and firm registries—so that it can be fed directly into relevant market ledgers. Further, the fixed costs of compliance could be kept low by ensuring blockchain interoperability and developing an open-source suite of monitoring tools accessible to potential market entrants.

I conclude by discussing challenges for legislators and regulators. The main legislative challenge is to provide for the concept of decentralized economic finality in legislation governing financial market infrastructure, i.e. to allow for ownership to be transferred without the involvement of a central registry. Regulators and supervisors would further need to develop auxiliary frameworks that govern distributed markets and their infrastructure, for example, when assigning the responsibility for dealing with crime in decentralized markets.13 With this, the rise of DLT might lead to higher-quality compliance at a lower cost. This stands, of course, in stark contrast to the current situation where DLT investors lobby for light regulatory regimes while supervisory agencies struggle to apply AML/KYC standards to cryptocurrencies.

The structure of this paper is as follows. The next section outlines a potential future landscape for the financial industry in which regulated financial entities trade in decentralized marketplaces. It also discusses how these novel compliance processes could be organized. The next section develops a theoretical model of a decentralized market, and sets out the conditions under which embedded supervision could operate. The following section discusses what these considerations would entail on the part of regulators and supervisors and, in particular, how novel regulatory frameworks could harness a technological opportunity with a view to creating a stable and competitive financial sector.

2. Embedded Supervision of Decentralized Finance: A Primer

This section discusses the current compliance process and its costs, and how embedded supervision could improve the compliance process in DLT-based markets that allow for decentralized trading of asset-backed tokens, as well as decentralized financial engineering based on these tokens.

The Trade-Off Between Costs and Data Gaps in Today’s Compliance Process

Today’s compliance process involves compiling reports at multiple levels of data granularity. In both their retail and wholesale businesses, banks engage in millions of individual transactions. These data need to be collected, aggregated and delivered to a host of internal stakeholders (internal risk control, internal compliance, management, trading desks etc.) as well as to supervisors.

These data not only need to be delivered, but they need to be continuously deliverable. For example, to ensure that account holders have access to their insured deposits in the event of a bank failure, 12 CFR Part 370 of the FDIC’s Rules and Regulations requires larger insured depository institutions to identify all of their insured depositors (i.e. each individual account), so that their account information is always available in the event of a failure.14

Compliance is thus resource-intensive, confronting supervisors with a trade-off between getting the data they need and keeping the costs of compliance within reasonable limits. On the cost side, surveys indicate that compliance costs typically account for several percentage points of all operational costs at financial institutions (Graph 3, left-hand panel), although not all of this is due to the administrative cost of complying with financial supervision. Costs are substantial for supervisors too (Graph 3, right-hand panel).

Graph 3: The costs of compliance

Data gaps are the inevitable price paid by supervisors as they seek to keep the costs of compliance within limits. But the cost of such gaps can be devastating, as the collapse of Lehman Brothers in 2008 showed. At the time, the worlds’ major financial institutions were not able to compute their consolidated exposure to the many subsidiaries of Lehman, so that “what would have been systemic risk morphed into systemic uncertainty”[6].

While important gaps have been filled since the Great Financial Crisis (GFC),15 new ones are constantly emerging as the financial industry evolves.16

Embedding Supervision in DLT-Based Markets

How might the compliance process change in a DeFi econsystem? To be sure, DLT-based innovations have the potential to transform financial markets, in part as they offer radically new forms of transparency and contestability [7] [8]. The starting premise is that one needs to look beyond Bitcoin and other “permissionless” cryptocurrencies or cryptoassets17 and instead focus on a “permissioned” version of the technology, which facilitates normal market functioning by decentralized consensus, yet retains, as a backup, an overarching (i.e., legal) coordination mechanism.

Such permissioned technology primarily enables the decentralized trading of stablecoins and other asset-backed tokens, as well as decentralized financial engineering based on these tokens via self-executing (“smart”) contracts.

The near-term potential of such tokenization is highest in wholesale markets, i.e., trade between registered financial entities [9] [10]. One example is the loan securitization market, which has significant scale in the United States. In international markets too, banks’ wholesale financial exposures are larger than their underlying business with non-financial customers. The dominance of wholesale financing and trading is most evident when it comes to payments: across the world, over 90% of all payments are of a wholesale nature. DLT could find widespread applications in such markets.

Exchanges or OTC markets could also be automated, as DLT can match demand and supply and automate price discovery. Similar developments could be envisaged for options and futures clearing houses. A principal application for DLT is to automate the flow of funds and the updating of security registers, which could reduce administrative costs and, most importantly, settlement risk [11] [12].18

For their part, smart contracts (as outlined in [13]) could replace central securities depositories (CSDs). The latter are specialized financial organizations that hold securities so that ownership can be easily transferred through book entry. CSDs thus make electronic trading possible, by doing away with the transfer of physical certificates and by supporting trade automation. They also process dividend, interest and principal payments, as well as corporate actions including proxy voting. All these activities could, in principle, be automated via smart contracts.

Options and futures clearing houses could also be automated. These are financial organizations that clear payments and financial products (securities and derivatives), thus reducing the risk of non-payment or non-delivery of the financial products. In these instances, a DLT-based clearing system would have on its ledger both cash (for settlement) and the financial product, or operate via smart contracts that would connect a cash with a securities blockchain. As a smart contract can impose conditionality on both parties to a transaction (cash vs deliverables only), settlement risk would be eliminated.19

In the more distant future, exchanges or OTC markets for securities and derivatives might also become candidates for automation, and in particular less liquid OTC markets. In these markets, potential sellers are wary of disclosing their trading intentions in order to avoid driving prices against themselves. Instead of a standard open order book, they prefer to trade through a network of dealers/brokers, who in turn can rely on trusted contacts to execute trades with less effect on prices. A DLT-based version of such a market could automate the price discovery process via the demand and supply curves fed into the markets by the participants.

In all of these examples, it must be noted that the technology’s primary advantage is automation (i.e., of the transaction process), thus reducing costs and settlement failure risks. But automation could also be provided through a centralized organization, as currently. The advantage of DLT is that market participants could set up a market platform that would then function autonomously after the point of release.20

However, if such DLT-based markets were to develop, new ways of delivering data to financial supervisors and other stakeholders would open up. The key is that a DLT-based market already embodies all the relevant information, which supervisors could then readily access. Obviously, as financial firms will not want to reveal their trades, the ledgers would normally be encrypted. The compliance process would then consist essentially of determining which internal and external institutions could access which part of the underlying data and at what level of aggregation (see Graph 4).

Graph 4: Compliance process using embedded supervision

As noted above, embedded supervision could monitor compliance with the Basel III capital standards.21 The latter could be automatically verified by computing the borrowing and lending balances and the associated risk weights in the relevant distributed ownership ledgers. Such calculations can apply not only to stock positions, e.g., end-of-reporting period compliance, but also be used for real-time sensitivity analysis of a balance sheet’s exposure to market fluctuations, e.g., automated calculation of value-at-risk via simulation of ledger-based structured products and contractual obligations. In similar vein, the full asset backing of an “on-chain” collateralized stablecoin could also be automatically verified. For such a stablecoin, the value backing is provided by assets that are themselves traded on a distributed market. The coin itself is a smart contract that aims to create a stable value via financial engineering based on these underlying assets.22

Notably, this does not imply that data would need to be openly accessible,23 nor does it mean that any supervisor would have access at an all-item level. Supervisors would gain access only to the relevant data, depending on whether they need transaction-level information or a more aggregated view. In this way, embedded supervision could help to maintain the confidentiality of firms and their customers, since cryptographic tools could be used to limit access only to selected parts of the underlying data or relevant aggregates. For example, information on aggregated financial exposures could be disclosed, but without revealing the underlying microdata.24

Graph 5 summarizes the elements of a blockchain adapted for embedded supervision. In the envisioned markets, the legal system would validate “oracles”—external reference points, such as ratings, on which the payoffs of certain ledger-based financial products may depend. Rating agencies, as well as land and other registries, and other external data providers would feed external data into a ledger, while decentralized exchanges would facilitate the trading of tokenized assets and financial contracts.

Graph 5: Example of a DeFi market ledger providing for embedded supervision

It can also be surmised from Graph 5 that the first principle of embedded supervision calls for a proper understanding of what DLT-based trading can achieve, and what it cannot. As regulatory compliance only applies to regulated entities, embedded supervision can only be useful in the context of transactions involving regulated financial intermediators.

Embedded supervision would not relieve the boards and senior management of financial intermediaries of their responsibility to comply with regulation (see the United Kingdom’s senior manager regime as detailed in Financial Conduct Authority (2017) for an example of current legislation). One aspect is that technology is fallible and management needs to know how adequately their institution is fulfilling the prudential requirements in order to correct any issues. But more fundamentally, even if a given institution is transacting on a DLT-based financial market, it might also be active on other non-DLT based markets, and reporting whether this is the case must be a management obligation.

Moreover, while DLT can evidence the transfer of ownership of asset-backed tokens from one entity to another, the connection between the underlying asset and the digital token must be underpinned by the legal system. For example, if there is a token-based bond of a specific company that itself does not participate in the distributed market, a legal institution must enforce the payment of interest and principal. Legal backing is also needed for the validity of oracles. For example, for the trading of a smart contract that reproduces the payoffs of an inflation-linked bond, the payouts depend on the inflation measure that is fed into the ledger from an external source. A final key element must be a watertight and potentially globally coordinated KYC identity framework that keeps illicit activity out of this novel ecosystem.

3. Embedded Supervision in Markets That Achieve Economic Finality

Novel distributed markets can only be automatically supervised if transactions in these markets are final – the notion that the perceived balance of ownership that one communicates to the supervisor is immutable, or that “a transfer of funds [or] a transfer of securities that have become irrevocable and unconditional” [14]. Traditional institution-based exchange is protected by the legal system: it is final by law and cannot be revoked.

Embedded compliance would replace this legal and institutionally based trust with a scheme by which the distributed market applies an economic incentive to achieve agreement (i.e., a consensus) on updates of the ledger (i.e., on transactions). The supervisor would then accept this consensus as valid if it can be proven to be irreversible. But what are the conditions for such irreversibility?

The remainder of this section exemplifies the conditions under which a supervisor can trust the information contained in a DLT-based market that lacks such a legal criterion. To this end, I examine under what conditions a distributed market functions, and derive the conditions under which the supervisor can trust the ledger’s data. In doing so, I build on [4] and define a payment as final once it is certain that, from a given moment, it will never be profitable to undo the transaction via a double-spending attack.

Economic Finality in a Permissioned Market With Decentralized Verification

In what follows below, I model a distributed market in which transactions are verified by third parties standing to lose a given amount (verifiers’ “skin in the game,” “stake,” or “verification capital” in what follows below) should a blockchain reversal ever occur that voids existing transactions.

The model I describe is general. It could, from a technical perspective, be implemented in various ways. One is a permissioned DLT-based market with an overarching coordination mechanism that deters misbehavior by ensuring that verifiers lose a given amount of deposited capital or pay a fine should they ever verify conflicting blocks.25 Further in the future would be permissionless “proof-of-stake” consensus algorithms that tackle the so-called “nothing-at-stake” and “long-run attack” problems that plague current versions of this technology.26

The first theoretical result I derive is a sufficient condition for transactions in this market to be economically final. At each point in time, each block contains contracts that generate net transfers. This creates incentives for the party on the losing side of the contract to bribe verifiers into undoing the blockchain and voiding the contract. The total amount put up by the verifiers as skin in the game has to be high enough to deter this.

I show that economic finality in this market requires that the total amount of verification capital securing the block is higher than the maximum net transfers that could be generated by undoing the block in question. I derive this result by, first, showing that, while potential attackers could attempt to undo a chain of any length (i.e., undo only the last block, undo the last two blocks together, undo the last three blocks together, etc.), the most profitable attack strategy is to reverse only the last block. I then show that undoing the last block is never profitable if the maximum net transfers generated by the block in question are smaller than the total amount that is at stake for the verifiers, which is a sufficient condition such that there can be no coalition of losing parties who would find it profitable to bribe verifiers to undo the chain.

The second result concerns the supervisor’s impact on the market. Embedded supervision is no free lunch, as the supervisor’s actions might themselves strain market consensus. Axiomatically, regulatory compliance creates a financial burden for the regulated entities (for, if it did not, there would likely be no need to regulate the market). For example, if a market participant would like to finance the loss from a contract with debt, but minimum equity regulation were to bind, the cost of any loss created by the contract would be that of the marginal cost of equity, which many argue is higher than that of debt.

Thus, if market participants know that the market’s data are being used to determine whether they are compliant with regulation, this would create incentives to fool the supervisor and undo the blockchain.

I show that there are two potential responses. If a supervisor wishes to monitor compliance in real time, they must mandate a commensurate increase in the total verification capital. However, an alternative strategy is to incorporate embedded supervision in the market equilibrium without requiring any additional verification capital, which is possible if the supervisor applies compliance with some time lag. The underlying intuition is that, while a competitive verification market will generically set a verification capital such that blockchain reversals are made marginally unprofitable at the time of signing, less capital is needed once a transaction is “buried” in the blockchain, i.e., once subsequent blocks have been verified and added to the chain. The supervisor can utilize the resultant residual verification capital in the deeper layers of the blockchain and read the market data with some lag without straining market consensus.

To establish these results, it is necessary to introduce some notation.


Time t and block number b. In the environment described below, time is discrete and indexed by t, and one new block indexed by b is added to the blockchain in every time period.

Importantly, b is normalized so that it is equal to t. With this definition, block b is the one that was added to the chain at time t, and b-t corresponds to the time that has elapsed since block b was written into the blockchain.

Financial contracts and payoffs. In each block b, NbN_{b} market participants pay a fee π\pi (solved for below), which gives them the right to sign a financial contract into the block. These contracts are indexed by i. bib_{i} denotes the block in which contract i is signed into the blockchain. After financial contract i is signed into block bi\ b_{i}, it generates a series of net payoffs for the involved parties. These financial contracts can be thought of as any type of financial transaction with uncertain future net payoffs. One example for such contracts is an American put option on a stock at strike price X issued by A and held by B. The net payoff to A is equal to the price of the put option when the contract is initially signed, equal to min[0,(XPrice)]\min\left\lbrack 0, - (X - Price) \right\rbrack when the stock matures, and 0 at any other point in time.

I assume that, before engaging in any transaction, market participants must hold on-ledger funds that are always sufficient to meet the contract’s net payoffs directly on-chain (thus doing away with settlement risk).

While they remain on the blockchain, contracts generate losses or gains. I denote the payoff generated by contract i at point in time t>bit > b_{i} by ci,tc_{i,t}.27 I am assuming that the total cumulative payoff (i.e., the net present value of all the payouts that the contract has generated in its lifetime or is expected to generate) at point in time t is distributed i.i.d. over time:

ci,t>bi{[,] if contract remains on the ledger0 if the contract has been netted  c_{i,t > b_{i}}\left\{ \begin{matrix} \in \lbrack - ,\rbrack\text{\ if\ contract\ remains\ on\ the\ ledger} \\ 0\ if\ the\ contract\ has\ been\ netted\ \\ \end{matrix} \right.\ (1)

Contract netting. I allow market participants to enter and leave the market. If they leave the market, participants can cash out of the market, i.e., they settle their contracts using off-ledger funds: the party with a negative balance transfers off-chain funds to the party with positive funds, and the two parties then void the contract on the blockchain.28 I am assuming that this happens at least every L blocks (i.e., all contracts are taken off the ledger after L blocks), and also that in each block there is a share 1β1 - \beta (0<1β<10 < 1 - \beta < 1) of contracts that are netted early (again, netting means to net on-chain positions via off-chain payments and then void the contract on the chain). All contracts are hence netted if tbit - b_{i} \geqL. Before that point in time, a share of β(t+1)bi\beta^{(t + 1) - b_{i}} is not yet netted.

Transaction verification. Blocks of new contracts are signed into the blockchain by verifiers, which are third parties who stand to lose should the block they have verified be reversed at some future time. Since contracts can generate net on-ledger payoffs, the losing party has an incentive to undo the blockchain and with it the transaction. There is thus a need for some actors to verify the contracts that are written into the blockchain. These verifiers could also perform other actions, such as KYC/AML or other legal background checks.

I assume that verification happens at the block level, and that this is done by verifiers indexed by vVv \in V. For each block b, the system randomly assigns a sufficient number of verifiers and a pre-determined order in which they can verify blocks. Each verifier has a verification capital of s,29 which can be interpreted as the actual capital at stake or as the expected cost of legal fines in the case of misbehavior. The latter amount is equal to the amount the verifier stands to lose should they verify a block that later turns out to be invalidated (i.e., is not included in the blockchain the market coordinates on).30

At a point in time/block b, the selected set of validators have two options: to verify block b with their verification capital, earning the fees, or not to verify the block and invest their verification capital elsewhere to earn a return of δ\delta.

The fee income is split among the validators, each receiving a fee income of f=Nbπvb\ f = \frac{N_{b}\pi}{v_{b}}. The latter fee income is paid with a delay of L, i.e., once all contracts have been netted. Once a validator has used its verification capital to verify a block, the verification capital is blocked for L blocks until it is released and can be used as verification capital again.

If, in the meantime, a blockchain emerges in which v has verified any different block, v’s verification capital is lost (and so is the fee ff). I further assume that market participants know the set of verifiers of each block before they sign a transaction into the blockchain, and that market participants follow two rules.

a) If two or more rival blockchains emerge, market participants sign their blocks only into blocks added to the blockchain with the highest cumulative amount of verification capital.

b) Market participants sign their contracts into a block only if the verification capital in the respective block is sufficient to ensure that the blockchain will never be reversed.

Given rule (b), no rival blockchains will ever come into existence, but equilibrium still requires a statement on the assumed off-equilibrium behavior of market participants.31

Validators are assumed to act selfishly, i.e., they can be bribed and will take part in a “blockchain history reversion” attack if they receive a bribe marginally larger than their verification capital s plus the income f they lose on the voided chain.32 Let b denote the most recent block and assume that an adversary wants to undo a contract that is contained in block b-x. The adversary needs to bribe an amount such that the resultant chain has more verification capital, i.e., an amount larger than k=bxk=b(s+f)vb\sum_{k = b - x}^{k = b}{(s + f)v_{b}}.

Rule (b) hence requires the incentives of a potential attack on this market to be analyzed. The gain from a potential attack to the attacker is the value of the contracts that are being undone. At any point in time, since any contract only generates a transfer between two parties, many agents will have contracts with a losing value. These losing parties might form a coalition and jointly pay to undo the blockchain. We thus need to define Cb,t{\overline{C}}_{b,t}, the maximum gain from voiding block b in the chain at time t:

Cb,tibΠi,tmax[ci,t]={β(t+1)bibmax[ci,t],  &tb<L0,  &tbL {\overline{C}}_{b,t} \equiv \sum_{i \in b}^{}{\Pi_{i,t}\max\left\lbrack \left| c_{i,t} \right| \right\rbrack} = \left\{ \begin{matrix} \beta^{(t + 1) - b}\sum_{i \in b}^{}{\max\left\lbrack \left| c_{i,t} \right| \right\rbrack},\ \ \& t - b < L \\ 0,\ \ \& t - b \geq L \\ \end{matrix} \right.\ (2)

Picking the maximum among the absolute values of payoff realizations(max[ci,t])(\max\left\lbrack \left| c_{i,t} \right| \right\rbrack) reflects the fact that either A or B could be the losing party of contract i, and the highest loss has to be considered.33

Πi,t\Pi_{i,t} is the indicator function, taking a value of 1 if the contract is still active, and 0 otherwise. For tb<Lt - b < L, the latter happens with probability β(t+1)b\beta^{(t + 1) - b}, ie one period after block b is added to the blockchain only β<1\beta < 1 of the contracts are still live.

With the above-assumed support of potential payouts (see Equation 1), it holds that Cb,t=β(t+1)bNb{\overline{C}}_{b,t} = \beta^{(t + 1) - b}N_{b} as long as tb<Lt - b < L. Armed with the maximum value that can be gained by undoing block b at point in time t, it is possible to derive the amount of verification capital that is high enough to guarantee that it certainly will not be profitable to undo the blockchain.

One necessary (but alone not sufficient) condition needed for economic finality is that block b will not be reversed at period b+1:

βNbvb(s+f)\beta N_{b} \leq v_{b}(s + f)

Where vbv_{b} is the number of verifiers guaranteeing block b. The condition that it must be unprofitable to reverse the latest block is not sufficient, however, as it must also hold that it is not profitable at point b to undo both block b and the previous block b–1. Generally, the necessary and sufficient condition is that it will be unprofitable to undo any attack of length x:

Certain economic finality. Transactions on the market can be considered final if

E[maxx<Lk=oxCbk,tvbk(s+f)]0\mathbf{E}\left\lbrack \underset{\mathbf{x < L}}{\mathbf{\max}}\sum_{\mathbf{k = o}}^{\mathbf{x}}{{\overline{\mathbf{C}}}_{\mathbf{b - k,t}}\mathbf{-}\mathbf{v}_{\mathbf{b - k}}\left( \mathbf{s + f} \right)} \right\rbrack\mathbf{\leq}\mathbf{0}(3)

Equation 3 says that no strategy to undo only the last block, or the last two blocks, or the last three blocks, and so forth, can ever be profitable, even under the most adverse realization of payoffs.

However, it is noteworthy that an induction argument shows that β2Nb<vb1(s+f)\beta^{2}N_{b} < v_{b - 1}(s + f), and therefore, if one can assume that market participants one period previously have set the total verification capital high enough to ensure that under no circumstances will it be profitable to undo block b1b - 1, it also holds that with βNb<Sb\beta N_{b} < S_{b}, it will not be profitable to undo a chain of length 2, as

(vb1(s+f)β2Nb)+(vb(s+f)βNb)>(vb1(s+f)βNb)+(vb(s+f)βNb)>0\left( v_{b - 1}(s + f) - \beta^{2}N_{b} \right) + \left( v_{b}(s + f) - \beta N_{b} \right) > \left( v_{b - 1}(s + f) - \beta N_{b} \right) + \left( v_{b}(s + f) - \beta N_{b} \right) > 0

Further iteration of this argument shows that βNbvb(s+f)\beta N_{b} \leq v_{b}(s + f) is not only necessary for the equilibrium, but also sufficient.

The described market can hence be viewed as final if vbv_{b}, the number of verifiers of block b is equal or exceeds βNb(s+f)\frac{\mathbf{\beta}N_{b}}{(s + f)}.

Free entry of verifiers and market equilibrium. Entry into the pool of potential verifiers is open to anyone, but requires the verification capital ss to be locked in, which could otherwise be invested at rate δ\delta per unit of time/block.

In equilibrium, it holds that

vb=βNbs(1+δ)L\mathbf{v}_{\mathbf{b}}\mathbf{=}\frac{\mathbf{\beta}N_{b}}{\mathbf{s}\left( \mathbf{1 + \delta} \right)^{\mathbf{L}}}(4)
π=β(1(1+δ)L)\mathbf{\pi =}\mathbf{\beta}\left( \mathbf{1 -}\left( \mathbf{1 + \delta} \right)^{\mathbf{- L}} \right)(5)

PROOF: In equilibrium, transactions must be final and validators must break even. Given that the stake needs to be deposited for L periods, a potential verifier compares investing the amount ss for L periods to receive the compounded return s(1+δ)Ls(1 + \delta)^{L} with the alternative of receiving stake ss plus fee income \text{f\ } at the end of the period. The free entry condition of potential verifiers thus implies f+s=s(1+δ)Lf + s = s(1 + \delta)^{L}. Combining the latter free entry with the Finality Condition 3 yields vb=βNbs(1+δ)Lv_{b} = \frac{\beta N_{b}}{s(1 + \delta)^{L}} and in turn also solves for 5.

The equilibrium user fee π\pi is independent of s, the amount that is deposited by each verifier. Lower s means that a proportionally higher number of verifiers is needed to ensure finality, leaving the total amount of verification capital and thus implied opportunity costs unchanged.34 The equilibrium fee is also independent of NbN_{b}, the number of contracts that are written into the chain. An increase in the number of contracts requires a proportionally higher number of verifiers to ensure finality, leaving average cost per contract unchanged.

The equilibrium user fee π\pi is proportional to the upper bound on losses that needs to be deterred: higher potential losses require more verification capital, in turn leading to higher costs per contract. Fees also increase with the opportunity cost of verification capital δ\delta, the length L for which such capital has to be locked in, and decrease in (1β)(1 - \beta), the share of contracts that expire early.

Residual verification capital buried in the ledger. An important insight is that, because the condition that the most recent block is not undone is the most stringent of the set of no-attack conditions in Equation 3, an excess of verification capital starts to build up in the ledger. The reason is that the verification capital is only freed after L periods, although a fraction of 1 – β\beta of the contracts are settled in each period. Therefore, if the current block is b, the free verification capital of block b–2 is equal to Nbβc(1β).N_{b}\beta\overline{c}(1 - \beta). More generally, the residual verification capital in the chain from block b to b+t is equal to:

Residual verification capitalb,b+x=βNbck=0t(1βk)\text{Residual\ verification\ capital}_{b,b + x} = \beta N_{b}\overline{c}\sum_{k = 0}^{t}\left( 1 - \beta^{k} \right)(6)

Embedding Supervision in Decentralized Markets

Equation 3 sets out the conditions for the market to be economically final if working on its own. But this does not automatically mean that the supervisor can trust the market’s ledger: if market participants know that the supervisor will use information from the blockchain, this in itself might give market participants an incentive to report false information in order to fool the supervisor.

To model the supervisor’s impact on the market, I assume that each contract, as long as it is live, generates an additional supervisory payoff ri,t>bir_{i,t > b_{i}}. The supervisory payoff can be thought of easily in the context of minimum equity regulation. If the contract is such that a negative payout for A is expected upon settlement, this reduces A’s equity, which might bring it below the supervisor’s mandatory target and necessitate a costly capital injection. If this is true, the regulatory cost is the marginal additional cost of equity over that of debt. For example, if the cost of debt is 2%, but the cost of equity is 6%, any loss  c\text{\ c} would cost 1.02cc if the firm can finance itself with debt, but 1.06cc if it is mandated to finance losses by raising additional equity. In this example, the net payoff would thus be ci,t=1.02cc_{i,t} = 1.02c, while the regulatory payoff would be the additional cost ri,t=0.04cr_{i,t} = 0.04c.

Going beyond the specific example, I assume that, much like the actual payoffs c, the regulatory payoffs r too are bounded by r. Arguing along the above lines shows that, for the market to keep functioning (i.e., without any blockchain history reversals to a very high degree of certainty), with the supervisor applying compliance in this way, additional verification capital would be required equal to βNb\beta N_{b}.

Defining the maximum regulatory gain from voiding block b in the chain at time t by Rb,t{\overline{R}}_{b,t}

Rb,tibΠi,tmax[ri,t]={β(t+1)bibmax[ri,t],  &tb<L0,  &tbL {\overline{R}}_{b,t} \equiv \sum_{i \in b}^{}{\Pi_{i,t}\max\left\lbrack \left| r_{i,t} \right| \right\rbrack} = \left\{ \begin{matrix} \beta^{(t + 1) - b}\sum_{i \in b}^{}{\max\left\lbrack \left| r_{i,t} \right| \right\rbrack},\ \ \& t - b < L \\ 0,\ \ \& t - b \geq L \\ \end{matrix} \right.\

Supervision-resistant economic finality. If the market is supervised via the distributed ledger’s information, transactions in the market can be considered final if

maxx<L[k=oxCbk,t+Rbk,tvbks]0\max_{x < L}\left\lbrack \sum_{k = o}^{x}{{\overline{C}}_{b - k,t} + R_{b - k,t} - v_{b - k}s} \right\rbrack \leq 0(7)


One solution for the supervisor is thus to mandate that the total verification capital satisfies vs=βNb(+)\ vs = \beta N_{b}( + ), but this necessitates a higher amount of verification capital, which is costly.

Equilibrium allowing for real-time embedded supervision: a market can be automatically supervised, with the regulator reading the ledger in real time, if the number of verifiers satisfies vb>βNb(+)s(1+δ)Lv_{b} > \frac{\beta N_{b}( + )}{s(1 + \delta)^{L}}. If the latter inequality binds, the fee π\pi for a transaction is equal to β(+)(1(1+δ)L)\beta( + )\left( 1 - (1 + \delta)^{- L} \right).

Another solution is possible, which is to lag the appliance of supervisory compliance. For example, assume that the supervisor sets equity requirements such that a firm’s equity has to meet the block requirements one block removed. Then, it holds that residual capital equals:

(Sb1β2Nb1(+))+(SbβNb)\left( S_{b - 1} - \beta^{2}N_{b - 1}( + ) \right) + \left( S_{b} - \beta N_{b} \right),

which can be positive if <(β11)< \left( \beta^{- 1} - 1 \right). More generally, consider a supervisor who allows regulatory requirements to be applied following an integer number of X blocks after the actual transaction block. The residual verification capital at lag x is equal to

k=oxβbkNbkSbk\sum_{k = o}^{x}{\beta^{b - k}N_{b - k} - S_{b - k}}

The supervisor can thus apply embedded supervision, without mandating a higher verification capital, by applying compliance with a lag x, satisfying:

k=oxβbkNbkSbk>βNb\sum_{k = o}^{x}{\beta^{b - k}N_{b - k} - S_{b - k} >}\beta N_{b}

Note that, in all existing regulation, data are delivered to the supervisor with a substantial lag. Here, the supervisor gets instant access to the data, but does not apply any supervisory measures until after a certain time lag has elapsed.

4. Operational Aspects of Embedded Supervision: Harnessing the Fintech Opportunity

The above section explores the conditions under which a supervisor might take the data of a distributed ledger at face value. However, it is mute on why supervisors and regulators should actually invest in an infrastructure allowing for embedded supervision. Their goal is neither a specific market structure nor a specific form of exchange, but to assure high-quality, low-cost, and inclusive financial services, as well as a stable financial system. With these goals in mind, there are operational aspects to consider, aimed at bringing down the fixed and the marginal cost of doing business.

Bringing down the fixed cost of doing business is an important step towards leveling the playing field for small and large firms.35 As a side effect of this focus on detailed regulation and supervision to tackle the risks of complex large financial intermediaries, supervisors may have created compliance costs that disproportionally affect smaller intermediaries (see Figure 1 and [16]), thus favoring concentration.36

Figure 1: Smaller financial institutions are disproportionately affected by compliance costs. (In percent.)

Source: Dahl, D, A Meyer and M Neely (2016): “Scale matters: community banks and compliance costs”, Federal Reserve Bank of St Louis, The Regional Economist, July,

A first goal of embedded supervision should be to lower the fixed cost of compliance, thus leveling the playing field for large and small institutions.37 One operational aspect is for regulators and supervisors to take an active role in the design of the market, in particular regarding standardization of the database structure by ensuring interoperability of various blockchains. Another one is developing a freely available open-source suite of monitoring tools to create clarity regarding how specific regulatory frameworks are applied in practice.

Efficient guidance of market standards to ensure contestability may also require adequate definitions of what it means to truly “decentralize” decision-making, risk-taking and system governance (see [17] for a discussion and [18], [19] for critical reviews).38 Regulators and supervisors can steer some design elements of new decentralized markets, as they will set the market standards under which regulatory compliance can be automated.

A second operational goal is to reduce the marginal cost of doing business by facilitating access to trustworthy official information. One easily implementable aspect is for public authorities to directly offer digitally signed and time-stamped information that can be fed into relevant market ledgers. In many cases, financial contracts may reference data originating from the official sector, such as the central bank’s policy rate or data releases by the national statistical officers. Moreover, in many jurisdictions, firm and land registries are operated by the government. Enabling low-cost tokenization of the underlying firms and real estate will be facilitated if these registries make their information accessible in digitally signed, time-stamped, and publicly available form.

A last operational aspect concerns the handling of disputes. Regulatory frameworks or standards could determine arbitration processes if information referenced in smart contracts turns out to be fraudulent. This could happen where the smart contract has a security vulnerability (which is frequently the case [20]) or in other unforeseen events, such as if a smart contract is based on an interest rate benchmark that ceases to exist. Ultimately, the world is often too complex to be put into code, and the added value of decentralized automation has to be seen as simplifying the standard execution of a contract, while more complex cases might need to be handled via a legal procedure.

5. Conclusion

This paper has argued that supervisors might build on decentralized finance to use DLT to efficiently supervise financial markets. The basic premise is that regulating blockchain-based finance should not require a departure from long-established principles on the regulation of specific economic activities. Rather, regulators and supervisors might consider investigating how their use of technology could evolve alongside that of the financial industry.

Embedded supervision is distinct from other forms of “suptech” or “regtech,” which aim to use machine learning or artificial intelligence to more efficiently monitor the financial industry [21] [22] [23].

The key principle of embedded supervision is to rely on the trust-creating mechanism of decentralized markets for regulatory purposes too. DLT-based markets change the way assets are traded and how they are packaged into complex financial products. Since the information contained in the blockchain is verified by decentralized economic consensus, it could replace current processes for data delivery and verification. In today’s compliance process, the data’s trustworthiness is guaranteed by the legal system, the relevant authorities and the threat of legal penalties. In DLT-based markets, by contrast, data credibility is assured by economic incentives. In this world, the supervisor must examine the conditions under which the market’s economic consensus is strong enough to guarantee the quality of the data contained in the distributed ledger.

These considerations highlight the main legal challenge facing legislators, regulators and global standard-setting bodies. This challenge goes deeper than current discussions on under what circumstances cryptocurrencies should be considered as commodities, securities, or other asset classes.39 Rather, it is how to embed the concept of economic finality in today’s legal system, and the adjacent question of how to treat such assets on balance sheets.40 In most jurisdictions, the legal setup is such that a single, regulated clearing and settlement provider is required to verify that an irreversible transfer of ownership has occurred. DLT, however, achieves such a transfer via the economic incentives of verifiers rather than by the authority of a central institution. Only if the principles of finality underlying the regulation and supervision of financial markets infrastructures are modified to recognize decentralized exchange could DLT ever gain traction in regulated finance.41 Along with this, regulators and supervisors would also have to design rules regarding the assignment of responsibility in decentralized markets in the case of illegal activity.

To implement embedded supervision, regulators would also be required to acquire substantial technological know-how and the willingness to adjust their operational approach to the technology that is being developed by the financial sector.

Around the globe, many supervisors are open to this possibility and some have developed the requisite sandboxes. One example is “LBchain,” the Bank of Lithuania’s blockchain-based sandbox that seeks to embed a regulatory infrastructure in a DLT-based market. Another one is the Federal Reserve Bank of Boston’s supervisory node case study.42 The benefits might include lower costs for both market participants and supervisors, real-time monitoring, deeper insights into the use of internal models, and improved detection of potential window-dressing and other abuses. In this way, contrary to the current situation where cryptocurrencies threaten to undermine AML/KYC standards, efficient supervision could become a key use case for DLT. With this, the advantages of a contestable financial system that is open to novel innovators might be realized, also contributing to a diversified and resilient financial ecosystem [24].

Finally, central banks could also play a role. Once DeFi ecosystems are properly regulated and supervised, central banks could support them by developing wholesale central bank digital currencies with programmability similar to today's cryptocurrencies. These could overcome trust problems that plague privately issued stablecoins [25], acting as a trust anchor to support these markets and allowing them to grow.43


Email: [email protected]. The author thanks D. Archer, R. Banerjee, M. Bech, R. Böhme, D. Broeders, S. Claessens, J. Ehrentraud, M. Farag, J. Frost, L. Gambacorta, M. Jurgilas, T. Leach, H. Holden, K. Hughes, S. Kraenzlin, J. Patel, J. Prenio, J. Noss, T. Rice, T. Roukny, H. Song Shin, P. Wooldridge, and an anonymous referee for the BIS working paper series; members of the Basel Committee for Banking Supervision’s Task Force on Financial Technology, of the Financial Stability Board’s Financial Innovation Network, and of the Financial Stability Institute’s Suptech Network; as well as seminar participants at the Bank for International Settlements, the European Central Bank-University College London 2019 P2P Financial Systems conference, the Swiss Financial Markets Supervisory Authority, and the Swiss National Bank for comments. The author further thanks A. Villegas and G. Cornelli for outstanding research support. An earlier version of this paper was titled “Embedded supervision: how to build regulation into blockchain finance.” The views expressed in this paper are those of the author and not necessarily those of the Bank for International Settlements.

Appendix: Glossary and list of “DeFi” chains

Table A.1: Glossary


List of “DeFi” coins, i.e., those cryptocurrencies with a market capitalization-to-total value locked ratio of 50 or below on 03-15-2022

























































































































Data accessed on March 15, 2022.

Source: Defi Llama

No comments here
Why not start the discussion?