The United States Congress is once again turning its attention to decentralised finance. Representative Sean Casten, a Democrat from Illinois with a background in science and business, has introduced the Compliant Operations of Decentralized Entities (CODE) Act of 2025.
This new bill sets out to address long-standing concerns around illicit activity in DeFi, particularly cases involving North Korean cyber operations and the broader lack of standardised compliance across protocols.
It is one of the most detailed legislative efforts to date that attempts to bring DeFi within the scope of the Bank Secrecy Act, which governs anti-money laundering regulations in the United States.
Rather than rushing towards rigid enforcement, the CODE Act proposes a cooperative and technically driven approach. But what exactly is being proposed, and how might it affect developers, users, and the future shape of decentralised finance?
What the CODE Act Proposes for DeFi in the US
At the heart of the CODE Act is the idea of aligning DeFi services with existing anti-money laundering and cybersecurity expectations.
To do this, the bill would establish a public-private partnership, led by the Secretary of the Treasury, that brings together key federal agencies, DeFi service providers, and experts in risk management.
The partnership would involve participation from bodies such as FinCEN, the Federal Bureau of Investigation, and the Office of Foreign Assets Control.
The primary aim is to determine whether identity checks, sanctions screening, and other compliance tools can be built directly into the code of decentralised applications.
This would shift the burden away from interfaces or off-chain platforms and move it to the foundational layer of DeFi services, smart contracts.
The bill highlights the need to embed compliance into DeFi infrastructure before it goes live, which could mean writing anti-money laundering safeguards directly into decentralised protocols.
This approach would avoid reliance on central operators and instead focus on how code itself can enforce legal standards.
To prevent conflicts of interest, the legislation includes a ban on the participation of entities linked to senior government officials or their families.
This is directly aimed at preventing companies with political connections, such as World Liberty Financial, from benefiting from insider access to the policymaking process.
The partnership is designed to last for eighteen months and will carry out several technical and regulatory tasks during that time. These include:
- Evaluating how decentralised applications and their interfaces function in practice
- Testing smart contracts that incorporate compliance tools before they are launched
- Exploring whether smart contracts could be safely upgraded post-deployment to meet changing rules
- Proposing consistent standards that could apply across DeFi without relying on central enforcement
After the partnership ends, FinCEN would be required to publish an advisory offering guidance on the responsible development and operation of DeFi services.
This advisory would inform a formal rulemaking process led by the Treasury Department. The goal would be to define what qualifies as a DeFi service under the Bank Secrecy Act and to set clear requirements around anti-money laundering and sanctions compliance.
The bill also calls for the Treasury to issue a final rule within thirty months of the Act becoming law. This rule would require eligible DeFi services to implement risk-based compliance programmes that align with existing federal financial laws.
It would also establish definitions for key terms such as “decentralised finance service” and “decentralised smart contract” to prevent ambiguity in future enforcement.
How This Benefits and Restricts DeFi in the Future
The implications of the CODE Act for developers are significant. Although the bill does not immediately impose new obligations, it sets the stage for a future in which DeFi projects may be required to demonstrate built-in compliance from the start.
This marks a clear shift in regulatory thinking, away from traditional oversight of intermediaries and towards embedding compliance into the design of decentralised technologies.
For developers, this could result in meaningful changes to how DeFi protocols are written, audited, and launched.
Instead of simply deploying open-source smart contracts, builders may now need to consider whether their code meets standards for anti-money laundering, sanctions screening, and cybersecurity.
Tools such as automated identity verification or on-chain monitoring systems could become essential components of protocol architecture.
This would likely increase the demand for specialist services, including blockchain analytics providers, smart contract auditors, and compliance-focused development firms.
As more projects seek to meet evolving standards, the market for technical compliance solutions may expand in parallel.
The CODE Act also introduces the idea of a regulatory gateway. This would allow smart contracts to connect with external, verifiable data sources and potentially receive updates in response to legal changes.
While this offers a degree of flexibility, it also raises questions about how such systems would operate in a trustless environment.
Upgradable contracts, for example, are often viewed with caution due to the risk of centralised control. Balancing adaptability with decentralisation will be one of the key challenges if this approach becomes widespread.
For users, the impact is less direct but still worth considering. On one hand, stronger compliance mechanisms could reduce the risk of DeFi platforms being used for illicit finance, which may encourage greater institutional adoption and regulatory acceptance.
On the other hand, critics may argue that these changes undermine core principles of privacy and autonomy in decentralised systems.
The CODE Act attempts to strike a balance between these competing goals. Rather than imposing one-size-fits-all rules, it encourages experimentation and feedback through a collaborative model.
Developers and risk experts are invited to help shape the eventual standards, which could result in more technically sound and flexible regulations.
Importantly, the bill avoids forcing immediate changes on existing protocols. Instead, it opens a channel for innovation in regulatory design and positions the United States as a jurisdiction willing to work with the DeFi community rather than legislate it into a corner.
This contrasts with approaches in some other regions, where enforcement has often outpaced engagement.
Conclusion
The CODE Act may prove to be a turning point in the regulation of decentralised finance. By focusing on collaboration and technical integration rather than sweeping enforcement, Representative Sean Casten has proposed a framework that reflects the complexity of the DeFi ecosystem.
The Act does not offer quick fixes, but it does offer a realistic path towards aligning innovation with public policy.
Whether it succeeds will depend on the quality of participation from both regulators and developers.
If the partnership delivers meaningful results, it could set a global standard for how to regulate decentralised systems without undermining their fundamental design.
For now, the CODE Act represents a thoughtful attempt to bring DeFi into the regulatory fold through smart, well-informed policymaking. The months ahead will show whether the sector is ready to meet that challenge.