The DeFi Regulatory Gap and What Congress Is Doing About It
Decentralized finance has operated for years in a regulatory environment that is, by any honest assessment, unresolved. No overarching legislative or regulatory framework specifically governs defi. Existing laws — the Bank Secrecy Act, securities statutes, commodities regulations — were written before the technology existed and have been applied to it through guidance, enforcement actions, and legal interpretations that have shifted substantially depending on the administration in office.
The Financial Crimes Enforcement Network established in 2019 guidance that money transmitter regulations apply to decentralized applications when those apps perform money transmission, stating that the rules apply “regardless of label.” A small number of defi entities have registered with any federal regulator, and Treasury acknowledged in a 2023 report that there is likely limited compliance with BSA/AML requirements across the sector. The gap between stated regulatory obligation and actual compliance is not ambiguous — it is documented.
The enforcement response to that gap has been inconsistent. During the Biden administration, the SEC issued a Wells Notice to Uniswap Labs in April 2024, signaling intent to bring action for operating an unregistered exchange. The SEC closed that investigation without action in February 2025, after the Trump administration shifted agency priorities. In April 2025, the Deputy Attorney General directed prosecutors to stop pursuing cases that “superimpose regulatory frameworks on digital assets” absent clear evidence of willful noncompliance. What was framed under one administration as an enforcement priority was framed under the next as regulatory overreach.
The House passed the CLARITY Act in July 2025, a cryptocurrency market structure bill that represents the most significant legislative action on digital assets in recent years. The bill explicitly excludes defi from most of its provisions. Activities including compiling and validating transactions, providing computational work, and developing or distributing defi trading protocols are carved out. The bill requires the CFTC, SEC, and Treasury to jointly study defi and directs the Government Accountability Office to conduct a separate review — a structure that defers the regulatory question rather than answering it. Related Senate drafts similarly exempt software developers and liquidity pool operators from the bill’s requirements.
The CLARITY Act also addresses self-custody wallets and includes a provision derived from the Blockchain Regulatory Certainty Act stating that a “non-controlling blockchain developer or provider of a blockchain service” would not be treated as a money transmitter. That provision generated pushback from the Senate Judiciary Committee in January 2026, with the committee’s chairman and ranking member warning in a letter to the Senate Banking Committee that the language would “create a significant enforcement gap for decentralized digital asset platforms” and attract illicit actors.
The financial stability argument for bringing defi within a regulatory perimeter is straightforward: differential regulatory treatment between centralized and decentralized platforms performing similar functions creates regulatory arbitrage. If DEXes are exempt from registration requirements that apply to centralized exchanges, market participants have a structural incentive to migrate to the unregulated form. Total value locked in defi would grow, potentially accumulating systemic risk in a sector with no supervisory oversight. As defi becomes further integrated with the traditional financial system through stablecoins and tokenized assets, that risk could transmit outward.
The feasibility argument against aggressive regulation is also straightforward: defi is open source, permissionless, and global. Enforcement against existing participants does not prevent new entrants from publishing new smart contracts and continuing operations. The same architecture that makes defi resilient against single points of failure makes it resilient against regulatory action targeting specific actors. Congress has not yet found a framework that reconciles those two realities, and the studies mandated by the CLARITY Act suggest it is not yet ready to try.