The first report on developments and risks "assesses the development of DeFi, its distinctive features, and the risks it raises to ESMA’s objectives, with a view to informing the future review of the markets in cryptoassets regulation (MiCA).

The report finds that although investors’ exposure to DeFi remains small overall, there are "serious risks to investor protection", due to the "highly speculative nature of many DeFi arrangements, important operational and security vulnerabilities, and the lack of a clearly identified responsible party." 

The report looked at decentralised exchanges and found that they purport to "eliminate important pain points in the trading of cryptoassets but bear their own flaws and challenges." Although market integrity in DeFi and cryptoasset markets is under-researched, says ESMA, the report shows that "DeFi has spawned new market manipulation issues and techniques, such as maximal extractable value and flash loan attacks, that the industry needs to address."

The second report on categorisation of smart contracts introduces a methodology for the categorisation of smart contracts which "leverages on the latter’s source code and on topic modelling." It explores the "rate of deployment of smart contracts belonging to the identified categories over time, contributing to an enhanced and nuanced understanding of DeFi, and also to identifying related significant risks."

The report defines five major smart contract categories and monitors their relative incidence over time. It notes a significant difference in terms of "heterogeneity between the first and the second surge in smart contract deployment (occurring in 2017 – 2018 and in 2021 – 2023, respectively), reflecting the adoption of increasingly complex and interdependent protocols that have come to characterise DeFi."

The article is in six sections:

(i) an overview of recent market developments; 

(ii) analysis of specific sources of risk; 

(iii) potential transmission channels to traditional financial markets; 

(iv) ESMA's approach to monitoring risks in the market; 

(v) a brief overview of regulatory responses; and 

(vi) concluding remarks.

The Joint Committee of the ESAs advises national competent authorities, financial institutions and market participants to take a number of policy actions including:

1. Supervisors should continue to monitor risks to retail investors some of whom buy assets, in particular cryptoassets and related products, without fully realising the high risks involved. 

"Some retail investors may not be fully aware of the long-term effects of rising inflation on their assets and purchasing power. In the context of growing retail participation and significant volatility in cryptoassets and related products, retail investors should be aware of the risks stemming from these. The recent events and subsequent selloff of cryptoassets raises concerns on the appropriate assessment of the risks and the developments of this market segment going forward and requires particular attention of financial institutions and supervisors. Where disclosures are ineffective, these risks are compounded.

2. Financial institutions and supervisors should continue to carefully manage environmental related risks and cyber risks. 

"They should ensure that appropriate technologies and adequate control frameworks are in place to address threats to information security and business continuity, including risks stemming from increasingly sophisticated cyber-attacks."

The report says cryptoasset markets reached new records in 2H21, with a peak at EUR 2.6 trillion in November, which was fuelled by "investor appetite for riskier assets and growing institutional adoption."

Stablecoins and decentralised finance (DeFi) continued to "expand rapidly", along with concerns over the resilience of their business models. The implementation of the markets in cryptoassets (MiCA) proposal is therefore a "priority matter", as it will bring unregulated cryptoassets into the EU regulatory perimeter.