DeFi vs. CeFi Spot Markets: FAQs

The regulation of crypto spot markets is a major focus of policymakers and regulators in Washington. (Next week, the Senate Committee on Agriculture will hold a hearing to discuss recently proposed legislation (summary) that would create a regulatory framework for digital commodity spot markets.)

The focus of the debate has been the centralized/custodial spot market businesses (like crypto exchanges), which function in fundamentally different ways than decentralized/non-custodial spot markets. This explainer examines those differences.

What are the key differences between centralized/custodial and decentralized/non-custodial digital asset spot markets?

  • Transparency: In a centralized/custodial market, only the market operator has full transparency into the operation of the trading protocol, including any matching algorithm, order types, order handling, market data, etc. In a decentralized/non-custodial market, the code governing how the protocol operates is open-source and transactions take place on a public blockchain, which gives regulators and market participants the ability to audit the market in real-time. No person or group of persons known to each other and acting in concert has unique visibility into trading activity or the unique ability to take action in connection with such activity.

  • Conflicts: In a centralized/custodial market, the market operator not only has access to confidential trading information but also may face conflicts of interest in the handling of that information (e.g., sharing with affiliates) and more generally through engaging in proprietary trading and other activities that might present conflicts with operation of the market. In a decentralized/non-custodial market, the protocol is neutral and no users have a “leg up” due to affiliation with a market operator.

  • Market Access: In a centralized/custodial market, the market operator decides who can access the market and the terms for such access. A decentralized/non-custodial market affords open access to anyone who can establish connectivity to the protocol.

  • Custody: In a centralized/custodial market, the market operator holds users’ assets, for purposes of safekeeping, effecting settlements and, if applicable, for margin or collateral. Assets are typically held by the centralized market operator (or a related clearing/settlement entity) in an omnibus account in its own name, directly or with a third party depository. In a decentralized/non-custodial market, participants are responsible for directly holding their own assets (or assets pledged to them by counterparties) or arranging themselves for custody and settlement through third party custodians. Any margin or collateral may be held directly, by a third party custodian or embedded in smart contracts traded on the decentralized market. Decentralized/non-custodial markets therefore eliminate the risk that users will lose funds due to custodial mismanagement.

  • Governance/Control: In a centralized/custodial market, a single entity or group of affiliated entities provides execution, settlement, and custodial services on behalf of customers, with direct control over customers’ trading activity and assets. A decentralized/non-custodial market is not controlled by any single entity or group of affiliated entities.

Do centralized/custodial and decentralized/non-custodial digital asset spot markets present the same risks?


In a centralized/custodial system, the risk exposure is to the central facility that is responsible for holding the users’ assets and settling the transactions. If that facility experiences any of the foregoing problems, assets could be lost or settlements may fail. The protections against these risks are typically regulatory requirements regarding capital, segregation of assets, system safeguards and similar matters.

In a decentralized/noncustodial system, there is no risk exposure to a central facility. Participants are responsible for ensuring that the manner in which they hold assets, including any margin or collateral transferred by third parties, is secure and that they utilize appropriate custody, systems or other mechanisms to effect settlements and protect against loss.

Both centralized and decentralized markets are exposed to risks arising from fraud, manipulation or other abusive or disruptive trading activity, as well as system shutdowns, errors or interruptions. In a centralized/custodial market, the market operator is responsible for safeguarding against these risks through identifying prohibited activity, how it detects and prevents that activity, and how it maintains the integrity of the systems over which trading activity occurs. In decentralized markets, although there is no central market operator exercising this function, these issues are more readily apparent to participants due the full transparency into the markets (visible on public blockchains) and the open-source code through which the system operates, which increases the ability of market participants to take action collectively to address problems with the code or other issues.

From a regulatory perspective, does it make sense to differentiate between centralized/custodial and decentralized/non-custodial digital asset spot markets?

Yes. The two models are very different.

It makes sense to require custodial and centralized exchanges to comply with a regulatory regime that protects against misappropriation, negligence, errors, bankruptcy, settlement failures, etc. by the centralized facility, or by third parties in a manner that affects the facility. This type of regulation does not make sense for noncustodial and decentralized exchanges for the reasons noted above – there is no sponsor or operator that can be required to comply with the same types of requirements nor is there a need for this type of regulation because the risk exposure of participants is not to a centralized entity. It is not a matter of regulatory arbitrage – these are two very different models that offer different advantages and different risk exposures. Regulatory considerations of each model should reflect those differences.

The same registration-based regime cannot be applied to decentralized exchanges and would not provide the same protections or benefits to market participants. A registration-based regime (like the one envisioned in the legislation being examined in next week’s hearing) for centralized/custodial businesses is premised on the existence of a central operator/sponsor that has responsibility for operation of the system, oversight, conduct of participants, etc. This makes sense, as a central risk exposure for market participants on a centralized exchange is to the centralized exchange itself. That model cannot be applied to a decentralized/non-custodial system, in which no person or group of persons has the ability to oversee or control trading activity. Nor would it provide the same benefits to market participants, as market participants on a decentralized exchange do not hold any risk to any centralized market operator. Instead, all participants have full transparency into the system and the community of participants is able to take action in the event of disruptions or other issues.