Working Framework | Version 1.1
Published: March 2026
Last updated: March 2026
Why FinTelegram Is Publishing This Framework
FinTelegram is publishing this framework as an evergreen reference page to help define a fast-evolving regulatory grey zone around DeFi brokers, DeFi investment schemes, and their supporting rails.
Our core thesis is simple:
The decisive question is no longer whether a project calls itself โDeFi,โ but when a DeFi-labeled scheme becomes a controlled, commercially organized financial service.
In our view, that turning point often becomes visible first in two areas:
-
Access Control
-
Flow Control
Once identifiable actors control the user journey, the funding path, the wallet logic, or the embedded execution stack, the โfully decentralizedโ narrative begins to weaken materially.
Core thesis
The real perimeter question is not โIs this DeFi?โ
How To Use This Framework
This framework is designed as a practical screening tool for:
-
compliance professionals
-
regulators and policy specialists
-
journalists and researchers
-
investors and market participants
-
whistleblowers
Use it to assess five core questions:
-
Who controls access to the product?
-
Who controls the funding, wallet, and execution flow?
-
Who monetizes the journey?
-
Who can change the rules or intervene in emergencies?
-
Which regulatory regimes may be relevant: MiCA, MiFID II, AML/CFT, investor protection, or gambling-adjacent logic?
The Regulatory Starting Point
MiCA Is Narrower Than Many Founders Claim
MiCA does not exempt a service merely because part of it is performed in a decentralized manner.
The key starting point is MiCA Recital 22, which makes clear that crypto-asset services can still fall within scope when they are performed, provided, or controlled directly or indirectly by identifiable persons, even if part of the activity is decentralized.
Only services provided in a fully decentralized manner without any intermediary fall outside MiCAโs scope.
MiCA Is Not The Whole Perimeter
MiCA is not the only relevant framework.
Some crypto-assets or related product structures may also trigger MiFID II analysis where they qualify as financial instruments. That means many DeFi brokers and DeFi investment schemes may test both sides of the perimeter at once:
-
MiCA, where the model looks like a crypto-asset service stack
-
MiFID II, where the product or exposure resembles a regulated financial instrument
Substance over form
โDeFi,โ โnon-custodial,โ or โinterface-onlyโ are not conclusions.
The real question is the substance of control, orchestration, and commercial organization.
The Four FinTelegram Control Layers
Access Control
Ask:
-
Who operates the front end?
-
Who controls onboarding, geoblocking, suspension, verification, or offboarding?
-
Who captures the client relationship?
If an identifiable actor controls the branded interface and the user journey, the claim of โpure DeFiโ weakens immediately.
Flow Control
Ask:
-
Who embeds the on-ramp?
-
Who selects the partner stack?
-
Who pre-fills destination wallets?
-
Who determines how fiat becomes crypto, and how crypto becomes trading access?
This is often where DeFi broker models become compliance-relevant. A platform may outsource execution but still tightly orchestrate the funding journey.
Economic Control
Ask:
-
Who earns from trading fees, spreads, routing economics, liquidation flows, vault fees, or referral income?
-
Who commercially benefits from user activity?
A structure may be technically modular while still being commercially centralized.
Governance & Risk Control
Ask:
-
Who controls admin keys, emergency pauses, fee changes, upgrades, or treasury decisions?
-
Who can change the rules when something goes wrong?
Many projects look decentralized until the moment governance power has to be exercised.
Practical Matrix
| Control Layer | Key Question | Typical Evidence | Risk Signal |
|---|---|---|---|
| Access Control | Who controls entry and the client relationship? | branded UI, geo restrictions, terms, operator references | Strong if entry is clearly managed |
| Flow Control | Who controls the funding and execution path? | prefilled wallets, embedded onramps, routing logic, payment confirmations | Strong if the journey is tightly orchestrated |
| Economic Control | Who monetizes the activity? | fee schedules, referral programs, spread capture, liquidation revenue | Strong if identifiable actors earn across the chain |
| Governance & Risk Control | Who can intervene or change the rules? | admin rights, treasury control, upgrades, emergency powers | Strong if power is concentrated |
Mini Case Snapshots
Example: Access Control
A project presents itself as decentralized, but users must enter through a branded front end controlled by an identifiable entity. That entity controls onboarding, eligibility, or market access.
Framework signal: strong Access Control.
Example: Flow Control
A โBuy Cryptoโ feature routes the user through an embedded onramp stack, pre-fills the destination wallet, and delivers funds directly into a trading environment.
Framework signal: strong Flow Control.
Example: Governance Concentration
A protocol markets decentralization, but a small group retains admin keys, emergency pause rights, or upgrade authority.
Framework signal: strong Governance & Risk Control.
Why this matters
The more seamless the user journey, the more likely the service is commercially organized rather than merely protocol-adjacent.
Working Hypotheses
FinTelegram proposes the following working hypotheses for public discussion:
-
A DeFi-labeled scheme moves into the practical compliance perimeter once identifiable actors exercise material Access Control or Flow Control over the client journey.
-
The presence of licensed on/off-ramp partners does not remove the perimeter risk of the destination platform.
-
The more seamless the retail journey, the more likely the service is commercially organized.
-
โNon-custodialโ is not the same as โnon-intermediated.โ
-
DeFi brokers are the evolutionary successor to earlier retail-speculation models, in the same way binary options once migrated from a gambling-adjacent presentation into financial supervision.
The FinTelegram DeFi Perimeter Test
For practical reporting, the more of these boxes a project ticks, the less credible the โoutside the perimeterโ narrative becomes:
-
branded front end capturing the client relationship
-
identifiable operator or operating entity
-
embedded on/off-ramp or payment stack
-
wallet or routing orchestration
-
integrated access to execution venues or yield mechanisms
-
fee capture by identifiable actors
-
governance concentration or emergency admin powers
-
retail-style leverage, yield, speculation, or copy-trading packaging
-
EU or UK user targeting, acceptance, or evident market reach
-
reliance on โinterface-onlyโ or โnon-custodialโ defenses despite visible operational coordination
Important
This is not a legal ruling tool.
It is a compliance-risk and perimeter-analysis tool.
Why Investor Protection Requires Earlier Scrutiny
The lesson from binary options was not only that the products were risky. The lesson was that markets can scale retail harm faster than regulation can define the perimeter.
By the time formal intervention arrives, the damage may already be substantial.
That is why FinTelegram is treating DeFi brokers, DeFi investment schemes, and their supporting rails as a developing investor-protection story, not merely as a crypto trend.
Glossary
Access Control
Control over who may enter, use, or continue using a platform or product.
Flow Control
Control over the funding, wallet, routing, or execution path used by the client.
Economic Control
Control over monetization through fees, spreads, revenue shares, or other economic benefits.
Governance & Risk Control
Control over upgrades, emergency actions, treasury decisions, and decisive operational powers.
Perimeter Risk
The risk that a product falls inside a regulatory framework despite being marketed as outside or adjacent to it.
Non-custodial
A model in which the operator claims not to hold client assets directly. This does not automatically mean the model is non-intermediated.
This Is A Living Framework
This framework is intended to evolve.
It will be refined as:
-
new cases emerge,
-
legal interpretations develop,
-
regulators clarify the perimeter,
-
and experts contribute feedback.
Living framework
This page is meant to be updated.
It is a public working framework, not a closed doctrine.
Call For Expert Feedback And Whistleblower Input
FinTelegram invites feedback from:
-
compliance officers
-
lawyers
-
regulators
-
policy specialists
-
DeFi builders
-
infrastructure providers
-
investors
-
whistleblowers
We are particularly interested in:
-
legal analyses of Access Control and Flow Control
-
case studies on wallet orchestration and rail design
-
MiCA/MiFID II boundary cases
-
on/off-ramp structures feeding DeFi broker environments
-
governance concentration evidence
-
internal compliance documents, risk memos, and investor-protection concerns
If you have relevant information, contact us confidentially via Whistle42.
Suggested submission labels:
DeFi Framework
DeFi Broker / Rail Analysis
Source Guide
For readers who want to consult primary materials directly, the main starting points are:
-
MiCA, especially Recital 22
-
AMF guidance on MiCA and DeFi-related intermediated activity
-
ESMA materials on MiCA and crypto-assets qualifying as financial instruments under MiFID II
-
EBA-ESMA work on DeFi-related risks
-
historical CySEC and ESMA materials on binary options supervision and intervention
Related FinTelegram Hubs
This page is the core framework reference.
Related hub pages map specific rail patterns and conversion architectures and should be treated as companion resources.
Editorial Note
This framework is an editorial and compliance-analysis tool. It does not prejudge any regulatory finding, legal classification, or enforcement outcome.
