Swiss regulator publishes financial sector risk assessment for 2022 with a DeFi focus



On 10 November 2022, the Swiss Financial Market Supervisory Authority (FINMA) released its assessment of the main risks for the Swiss Financial Sector in 2022, identifying seven principal risks. Six risks are the same as in the previous year, the new risk being the widening of credit spreads.

FINMA still considers that the risk of cyber-attack is high and note that all other risks are still present (i.e. interest rate risks, credit risks associated with mortgages, credit risks associated with other loans, AML risk and risks due to increased impediments to cross-border market access) largely due to the international context.

Focus on Decentralised Finance (DeFi)

Each year, FINMA takes the opportunity in its risk assessment to focus on a specific trend. For 2022, the Swiss supervisory authority chose the topic of DeFi, which relies on open blockchain to process and execute financial transactions based on automated protocols without using traditional financial institutions, which is generally called "CEFi" for centralised finance by the proponents of DeFi.

DeFi vs quasi-Defi projects

Like the International Organisation of Securities Commissions (IOSCO) had before, FINMA notes that the governance of many DeFi projects lies in fact with identifiable persons or group of persons, the decentralisation element characterised only by the use of blockchain. In addition, FINMA points out a lack of transparency, including any underlying risks involved, which is generally detrimental to investor protection.

As of now, FINMA recognises that the use of a DeFi application by institutional investors remains marginal and that systemic risk can thus be ruled out. However, should the use of DeFi tools become widespread among institutional players, FINMA agrees with the IOSCO that DeFi could threaten the stability of traditional financial markets. This position indicates that building bridges between CeFi and DeFi could face regulatory hurdles for Swiss regulated financial market participants.

FINMA approach to DeFi

FINMA further reiterates that its approach to DeFi projects is above all based on the following cardinal and well-known principles:

  • same business, same risks, same rules; and
  • substance over form.

In short, this means that any such project must be analysed from an economic perspective, which suggests that a purely legalistic approach is not the best method to apprehend a DeFi project from a regulatory standpoint.

In addition, the original intention supporting the genesis of a DeFi project will often color its nature. The same is true in other instances, including analysis of tokens issuance projects (typically with utility tokens and certain NFTs) as well as traditional structuring, which includes a pooling element (with respect to collective investment schemes regulation). In all these projects, the initial intention and the economics of the project are pivotal in the regulatory qualification.

Challenges raised by DeFi

FINMA also observes that the allocation of responsibilities between participants in DeFi projects is a regulatory challenge on its own given financial market laws. Current rules and regulatory concepts are hardly applicable when there are no clearly identifiable intermediaries, which is the case in a fully decentralised sets-up.

This challenge, already discussed by the IOSCO in its Decentralised Finance Report issued on 24 March 2022, is increased due to the difficulty in identifying a clear-cut jurisdictional connecting factor due to the absence of identifiable presence and substance in a specific country, which raises questions regarding cross-border supervision and cooperation among authorities.


The conclusions drawn by FINMA on DeFi projects are not surprising and are aligned with the IOSCO's own findings. Pure DeFi projects are new "regulatory animals", which require a new approach to regulation if their inherent identity is to be preserved. Similar challenges also exist in other areas of law, particularly contractual and private international law.

It is important to recognise, however, that many recent events in the crypto industry, particularly the downfall of FTX, has nothing or little to do with DeFi and blockchain application to investments. As pointed out by several informed observers, these events are primarily linked to CeFi poor governance and a lack of proper controls. These situations are not new in a CeFi context irrespective of involvement of crypto-based assets or applications. Appropriate due diligence applied by investors and ultimately proper regulation and supervision will be sufficient tools to prevent or mitigate these kinds of "CeFi events".

For more information on DeFi, FinTech and crypto-based projects, contact your CMS client partner or local CMS expert: