ESMA publishes risk analyses on decentralised finance and smart contracts

Published Date
Dec 4, 2023
On 11 October 2023, the European Securities Markets Authority (ESMA) published two reports on Decentralised Finance (DeFi) and the use of smart contracts. The first report analyses the recent developments and the associated risks of the European DeFi market. The second report proposes a categorisation of smart contracts. 

I – Context: why ESMA is focusing on DeFi

DeFi is one of the hottest topics in the crypto industry. In a nutshell, DeFi is a new paradigm for offering financial services without relying on traditional centralised intermediaries. Born with the advent of the Ethereum blockchain in 2014, this model leverages distributed ledger technology and smart contracts to enable peer-to-peer financial services, aiming to become an alternative to traditional finance (TradFi). Although still limited in size, the DeFi market is projected to grow significantly in the coming years and have concrete repercussions on the real economy. Yet, DeFi remains to this day mainly unregulated. The Markets in Crypto-Assets Regulation (MiCAR), partially in force since June 2023, only addresses centralised and partially decentralised crypto-services, i.e. those provided by an identifiable legal entity, leaving fully decentralised platforms outside its scope of application . Nevertheless, DeFi entails risks and vulnerabilities akin to those of traditional finance, together with novel risks. From here, stems ESMA’s need to gauge – in the first report – the nature and importance of these risks, with a view to informing MiCAR’s future review. The second report tackles the ever-increasing complexity of smart contracts, the backbone of DeFi.

II – Analysis of DeFi in EU by ESMA

After analysing the genesis of DeFi, its constitutive elements and the recent turmoil ignited by the 2021 collapse of Terra/Luna DeFi protocol, the report highlights potential benefits of DeFi: speed; security; cost efficiency; uninterrupted functioning; financial inclusion; and development of innovative financial products. ESMA is however concerned about DeFi’s vulnerabilities which can lead to various risks. In addition to those already present in TradFi, such as market and liquidity risks, and albeit to a lesser degree, counterparty risk, DeFi displays novel risks for investors, such as increased likelihood of scams (e.g. Ponzi schemes), and exposure to overly complex products and security risks  . According to ESMA, DeFi is not immune to concentration risk. The majority of DeFi activities currently rely on a handful of blockchains. DeFi applications have also been accompanied by several forms of market manipulation: wash trading; pump and dump schemes; frontrunning; and oracles’ manipulation often affect the proper functioning of crypto exchanges, in particular decentralised exchanges.

All in all, although DeFi does not pose particular risks for financial stability due to its current limited size, it creates significant risks for investor protection, that could, in the future, unleash negative spill over effects on the wider financial system if the DeFi trend is to gain traction. ESMA indicates that such risks will need to be carefully assessed and mitigated in MiCAR’s future review. 

III – Categorisation of smart contracts by ESMA

DeFi allows users to bypass intermediaries. In the DeFi world, the human role in facilitating financial transactions is mainly replaced by smart contracts, which are self-executing pieces of computer code that run automatically when predetermined conditions are met. ESMA categorises smart contracts by their source code, in an attempt to map their ever-increasing sophistication. The topic model programme used by ESMA concludes that smart contracts can be categorised, based on their common features and functionalities, into five major categories: financial; operational; tokens; wallet; and infrastructure. An analysis of the use of smart contracts on Ethereum between 2017 and 2023 revealed two main surges in smart contract deployment coinciding with the two main Ethereum (ETH) price surges, reflecting the 2017-2018 Initial Coin Offering boom and the rise in interest for DeFi applications and token-related projects between 2020 and early 2023. If the first wave saw the almost exclusive deployment of financial smart contracts to perform rather simple transactions, from 2020 onwards the heterogeneity and sophistication of smart contracts deployed on Ethereum significantly increased, to support a wider array of applications such as derivatives management, prediction markets, insurance, yield farming, stablecoins, decentralised asset management, and other. 

The increased heterogeneity and sophistication of smart contracts reflects the growing versatility and the evolution of DeFi, yet it comes with a series of risks. In particular, the “dependency risk” deriving from the reliance and interconnectedness of newer smart contracts on their primitive versions. Despite the report’s attempt to shed some light on the dynamics of smart contracts, ESMA denounces the current absence of public scrutiny over smart contracts and DeFi activities, echoing other institutions, such as the Organisation for Economic Co-operation and Development (OECD) and the European Commission, that recently called for the establishment of a mechanism of public oversight on DeFi.  


Still limited in size, DeFi promises to grow consistently in the upcoming years, strengthening its ties with TradFi and its impact on the global economy. The ESMA reports on DeFi and smart contracts mark the first EU attempt to monitor developments and risks of this fast-growing and yet unregulated market. This may set the beginning of a future regulatory environment for the DeFi space.  

Acknowledgments to Giacomo Benincasa, trainee, and Erwan Broudic, intern, in the A&O Luxembourg Financial Services Regulatory team, for their contribution to this post.

Content Disclaimer
This content was originally published by Allen & Overy before the A&O Shearman merger