Systemic Risk Mitigation in DeFi
Introduction
Financial speculation and risk-taking are essential features of all monetary economies in which the distribution of profits is determined by the ‘independent’ decision-making of individual buyers and sellers. History has shown that without appropriate rules, safeguards, and behavioral norms, financial markets become more prone to fraud, pro-cyclical excess, and crises. Occasionally, these crises take systemic proportions, threatening the stability of the economic system as a whole. In a worst case scenario, a financial meltdown can lead to an economic depression, extreme social divisions, and even violent political conflict.
There is no universal path to preventing financial crises from happening. In a world where people are free to become party to financial contracts that extend into a fundamentally uncertain future, systemic risk can only be partially managed. Economic conditions, technology, and human practice are all subject to change, and thus approaches to systemic risk mitigation must also evolve over time. In practice, this evolution is not always moving towards a more effective and stable state, as it is constantly affected by innovation, (de)regulatory intervention, and the changing mental models and behavior of those participating in financial markets. This is equally true of traditional as well as the growing field of decentralized finance (DeFi).
A popular analogy for thinking about systemic risk in the financial sector is fire and building safety. Concepts such as architecture, structural integrity, safety standards, danger detection, contagion, compartmentalization, and emergency measures are all helpful in thinking about how to reduce the likelihood of systemic failures. While the analogy is far from perfect, perhaps there are lessons that today’s financial innovators can learn from the evolution of actual fire and building safety? Before turning to answer that question, here is a brief history using the United Kingdom (UK) and the United States (US) as primary examples (readers interested only in the main takeaways for DeFi can skip this historical overview and continue with the next section).
A Brief History of Fire and Building Safety
There are three key components to understanding the story behind modern standards of fire and building safety: (1) catastrophic events as turning points, (2) the guiding role of insurance providers, and (3) (self-)regulation aligned with technological innovation.
The first fire insurance company in the world, Hamburger Feuerkasse (Hamburg Fire Office), was established in 1676 upon the realization that earlier guild-based mutual aid arrangements were insufficient for dealing with fires that destroyed many businesses and households simultaneously. [1] Similarly in the UK, it was a large-scale catastrophe — the Great Fire of London in 1666 — that triggered the launch of the domestic fire insurance industry.
At first, individual UK insurance companies employed their own fire brigades and issued ‘fire marks’ to be displayed on buildings that were insured so that firefighters could recognize which ones to try and save first. Unsurprisingly, fire insurers quickly realized that the spread of fire could not care less about the distinction between insured and uninsured buildings. In London, they thus pooled their resources into a municipal authority that established a firefighting service willing and capable of effectively responding to fires regardless of location. Insurance companies continued to issue fire marks and were known to provide bonuses to firefighters who managed to save insured buildings by prioritizing them during fires but, at least in principle, the fire department was now serving the community as a whole. [2] [3]
Fire risk underwriters had a strong financial incentive to prevent fires from happening, which led insurance companies to play a big role in the development of UK building standards. After a period of local fragmentation, the first national building codes were established in the middle of the 19th century, including regulations regarding building materials, the height and thickness of walls, space between houses, and the design of fireplaces and chimneys. Surveyors were employed to make sure new constructions were built to basic requirements and insurance company representatives provided additional guidance when assigning risk premiums and assessing the safety status of insured buildings. [4] Since then, all UK fire and building codes have evolved iteratively in line with developments in fire safety technology.
The general sequence of events was similar in the US, although timing varied depending on the region. The first fire insurance company was formed as early as 1732 in Charles Town, South Carolina. A couple of decades later, Benjamin Franklin played a key role in popularizing the perpetual form of fire insurance, and made other contributions toward fire prevention. Most importantly, the Philadelphia Contributionship — a property insurance company that Franklin founded — introduced different premiums based on individual risk assessments and refused to insure any building that didn’t meet certain construction standards, thus establishing a synergistic link between its private business and public interest. [5]
Over the next hundred years, even though property insurance was becoming increasingly popular, US insurance companies experienced many failures, mainly due to poor management and a lack of effective regulation. As a result, customers began demanding better oversight and stronger guarantees of the certainty of their contracts, as well as the overall stability of the industry. In 1837, the State of Massachusetts became first to make it mandatory for insurance companies to maintain sufficient reserves, signaling the beginning of state supervision. Other regulators followed suit and, by the end of the century, some form of reinsurance had become a standard requirement for anyone entering the business, along with various other rules intended to protect consumers against irresponsible business practices by the managers of insurance companies. [6]
The end of the 19th and early 20th century became a major turning point in the history of US fire insurance. Tragic events such as the Great Chicago Fire of 1871, the Great Boston Fire of 1872, and the San Francisco earthquake of 1906 triggered re-examinations of conventional building and safety practices with insurance companies leading the effort in collaboration with public authorities. After the Chicago and Boston fires had wiped out numerous insurance providers across the country, there was a sharp increase in insurance premiums, triggering a wave of new companies. Local trade associations were formed in the 1880s to help coordinate between them while standardized policy forms were made mandatory, first in a handful of leading states, but eventually throughout the country. Perhaps most importantly, the National Board of Fire Underwriters (NBFU), which had been established in 1866, went on a public crusade against certain forms of construction that were particularly prone to destruction by fire. The understanding was clear: it was a lot cheaper to prevent fires than to deal with the consequences.
Between 1895 and 1897, a series of meetings took place in New York and Boston involving representatives of various fire insurance and safety associations, as well as manufacturers of fire prevention technologies. The most important of these technologies were automatic sprinklers which had been commercialized already in the 1870s but became sufficiently effective and reliable by the end of the century. However, the benefits from technological advancement were limited because there were no unified standards around the production and installment of not just sprinklers but also other key elements of fire safety such as electrical wiring, water supply, and heating systems. Coordinating around such standards thus became one of the most important tasks on the road towards effective fire prevention.
Two organizations in particular played a key role in the development of standardized fire and building codes. The first was Underwriters’ Electrical Bureau, later known as Underwriters Laboratories, which was established in 1894 by the NBFU to develop a unified approach to the safety of electrical technology through research and testing. The second was National Fire Protection Association (NFPA), first organized in 1896 to develop a standard for sprinklers but later responsible for administering and publishing various other guidelines on fire safety. [7] Adhering to these increasingly uniform standards quickly became the most important factor determining fire insurance premiums. In 1905, for example, the use of appropriately installed sprinklers reduced premiums by as much as 50–60%. [8]
Having realized that paying losses was only a small part of the fire insurance business, US insurance companies thus established themselves at the forefront of fire prevention. Today, more than a hundred years since its birth, the NFPA continues to function as a nonprofit organization with over 65,000 members globally, including not just insurance providers but also engineers, elected officials, manufacturers of safety equipment, and other professionals whose input is relevant for the continued improvement of fire safety. To reduce regional fragmentation, the NFPA fire codes have been widely used as the basis for local building codes, which in turn provide essential guidance to architects, manufacturers, and the construction industry. [7]
By historical standards, modern methods of fire and building safety are extremely effective in preventing systemic damage from the spread of fire. However, it is worth remembering that many of these methods were met with considerable resistance when they were first introduced. Even today, fire and building codes remain an object of contention between various interest groups who stand to materially benefit or lose whenever formal standards or laws are changed. [9] But from a generalized point of view, the objective of these and other similar standards should always be to maximize safety over risk in the most cost-effective way possible by relying on science, technology, and multi-stakeholder cooperation.
Lessons for DeFi
Systemic crises and risk mitigation have long been areas of interest to financial theorists, economists, and policymakers alike. As DeFi grows, constructively engaging with this tradition becomes increasingly relevant, and no doubt a challenge for many years to come. Lessons drawn from a different field can serve only as a minor complement to this important work ahead. Nonetheless, here are some lessons for DeFi drawn from the historical development of fire safety, together with some general observations on the relation between financial innovation and stability:
- Similar to rooms in a house and buildings in a city, economic entities are interconnected through contracts and financial obligations. Digital finance, which includes DeFi, adds an additional layer of technological interdependence by linking together various computer and software systems tasked with administering financial information and processing transactions connected to that information. The higher the level of interconnectedness, the higher the likelihood of systemic contagion as parts of the system fail.
- Before considering strategies for systemic risk mitigation, it is important to identify individual types of risk with systemic implications. In DeFi, these include risks that could result in large financial losses or other types of damage to many entities simultaneously, leading to the failure of specific institutions, networks, or software protocols in a way that could threaten economic and social stability more broadly. Such risks may stem from a limited understanding of growing complexity, deficiencies in cyber and other security practices, excessive levels of poorly managed financial and counterparty risk (including insufficient use of insurance and hedging), deterioration of underwriting or other professional standards, lack of transparency, proliferation of fraud, and inadequate rules or oversight, especially around market integrity and consumer protection.
- One of the most important steps in avoiding conflagrations is preventing the spread of fire by containing it. Similarly, systemic risk mitigation in DeFi relies heavily on how risk and emergency situations are managed at the level of individual users, businesses, and networks. The effectiveness of risk management therefore depends on the social distribution of relevant knowledge and tools, as well as requirements and behavioral norms in following best practices.
- There are different paths to improving systemic safety standards in DeFi. Depending on the context, these paths will include a role for both public regulators, as well as a more bottom-up, self-regulatory approach led by private market participants. Historically, regulation has tended towards a combination of the two approaches with periods of more extensive government regulation usually triggered by systemic crises or the inability of the private sector to enforce self-imposed rules. In general, the more prudent and effective self-regulation is in containing crises and protecting consumers, the more difficult it is to find political support for public regulation. The overall regulatory regime of DeFi will therefore depend heavily on the nature and efficacy of the self-regulatory measures introduced by the private sector.
- Similar to the historical development of fire and building safety, insurance underwriters could play a key role in promoting best practices in DeFi. There is considerable incentive alignment between risk insurers, DeFi service providers, and end users — all stand to benefit from higher levels of systemic safety. Insurance providers already play a role in directing smart contract security practices [10] but there is room for a more concerted effort to map out other systemic risks, create insurance products to widely protect against those risks, and develop standards and techniques to minimize the likelihood and collateral damage of catastrophic events.
- Depending on their method of managing capital, insurance providers themselves may become a source of systemic instability. DeFi insurance underwriters should therefore continuously assess their own exposure to both technological and financial risk which can be partially mitigated through reinsurance agreements. In the long term, depending on how DeFi evolves, there may also emerge a need for an equivalent of universal deposit insurance as well as institutional backstops similar to those that have historically been provided by central banks.
- In addition to multi-stakeholder collaboration, the most important factor in the historical development of fire safety has been technological innovation. Examples include automatic sprinklers, extinguishers, fire hydrants, smoke detectors, and fire-resistant materials and building methods. Similarly, the DeFi industry should take full advantage of technology by ensuring that the most effective techniques of risk mitigation are standardized, continuously improved upon, and adopted as widely as possible. However, technology is not a panacea, and its effectiveness in mitigating systemic risk will also depend on the quality of human decision-making. In the case of DeFi, this is particularly evident in smart contract governance, operational security procedures, and behavioral factors that drive financial decision-making.
- In comparison to traditional finance, the key technological advantages of DeFi as it relates to systemic risk mitigation are higher levels of digitization, transparency, and automation. The more widely DeFi relies on formally verifiable open source code and publicly verifiable ledgers, the easier it will be to set up automated systems of risk simulation, stress testing, monitoring, early warning signals, circuit breakers, insurance cover, claims processing, reporting, and other embedded forms of managing risk. Ideally, these mechanisms should minimize the likelihood and collateral damage of catastrophic events without radically compromising end user privacy or hindering the growth potential of DeFi, similar to how modern principles of fire safety limit the areas in which fire can freely spread rather than overall building size.
Conclusion
Despite impressive growth, DeFi is still a nascent industry. It may therefore seem premature to think about systemic risk, especially in relation to the rest of the economy. But such a view underestimates the technological tailwinds behind DeFi and the real-economic and political implications of not preparing for potential systemic failures.
Good DeFi governance includes establishing and maintaining high standards of cyber security, risk management, and consumer protection. The goal of such standards is not to sterilize DeFi of normal business or financial risk. Instead, the goal is to ensure that there are mechanisms in place to compartmentalize fragility and deal with technical or financial failures in a manner that distributes losses fairly and minimizes collateral damage. This can be done by learning from historical experience, leveraging the power of technology, and intelligently distinguishing between the strengths and weaknesses of existing regulatory and institutional frameworks. Most importantly, it requires leadership and collaboration.
DeFi is not just about rebuilding finance. It’s about building it better.
Footnotes
[1] Evenden, W. L. (1989). Deutsche Feuerversicherungs-Schilder — German Fire Marks. Verlag Versicherungswirtschaft.
[2] Dickson, P. G. M. (1960). The Sun Insurance Office, 1710–1960: The History of Two and a Half Centuries of British Insurance. Oxford University Press.
[3] Klein, B. (2001). The World’s First Insurance Company. IRMI. Available here.
[4] MBO. (2020). Metropolitical Buildings Office. London Metropolitan Archives: City of London. Available here.
[5] TPC. (2020). History. The Philadelphia Contributionship. Available here.
[6] This and the following two paragraphs draw heavily on: Oviatt, F. C. (1905). Historical Study of Fire Insurance in the United States. The Annals of the American Academy of Political and Social Science, Vol. 26, pp. 155–178. Available here.
[7] Grant, C. C. (2020). History of NFPA. National Fire Protection Association. Available here.
[8] Calder, K. (2015). Establishing the Risk Basis of Building Size Limits. WoodWorks. Available here.
[9] QRFS. (2017). The Evolution of Local Fire Regulations: History and Processes that Shape U.S. Building Fire Code. Quick Response Fire Supply. Available here.
[10] For example, Nexus Mutual, a leading underwriter of smart contract risk adjusts cover premiums based on risk assessors’ confidence in the security of each particular contract. To broaden the user base of smart contract applications by bringing down cover premiums, developers are thus incentivized to follow best security practices. This includes sourcing audits from reputable experts and using smart contract administration tools such as Defender from OpenZeppelin. The role of insurance providers in driving risk management practices in DeFi is expected to grow in the future, opening the door to a wider variety of insurance products and more automated claims management. Disclosure: The author’s work is funded by Placeholder, an investor in both Nexus Mutual and OpenZeppelin.
Related Writings
The Great Automaton (December 2020)
Ten Theses on Decentralized Network Governance (September 2020)
The DeFi Déjà Vu (December 2019)
The Bookkeeping View of Money (October 2019)
Cryptonetworks and Governments (August 2019)