How To Think About Operational Risks in Institutional DeFi Asset Management

Paul Faecks
February 8, 2023
5 min read

Whether operating in traditional finance (TradFi) or decentralized finance (DeFi), managing operational risks is critical to effective asset management. Recognizing that operational risk means different things to everyone, we refer to the definition published in 2012 by the Basel Committee on Banking Supervision (BIS).

In its report titled “Principles for the Sound Management of Operational Risk,” the BIS defines operational risk as “failure coming from insufficient or failing internal processes, people, and systems or external circumstances.” Based on this definition and the accompanying framework, we’ll explore the most critical operational risks in DeFi, how select TradFi risks compare to DeFi, and how you can manage these risks while participating in the digital asset class.

The Five Key Risks in DeFi Asset Management

When it comes to managing operational risks in DeFi asset management, there are five key areas that asset managers should be aware of—let’s take a closer look at each one.

1. Custody Risk

Among all operational risks, custody risk is one of the most important in DeFi asset management. Custody risk occurs when an investor or custodian fails to control the funds or assets they're responsible for. A key aspect of DeFi is that users can opt for self-custody. However, in the case of institutional DeFi asset management, custodial services are often provided by third parties. This practice occurs not just for operational purposes but also to ensure the segregation of duties. Such providers can be technology-based solutions (i.e., MetaMask and Fireblocks) or licensed custodians that maintain your private keys while following bank-level regulations.

It's important to note that funds can be lost or stolen if these services aren't maintained properly. As such, asset managers should understand the service providers and technology they're working with to ensure funds remain safe and secure. Additionally, verifying any custodian's credentials and the regulatory situation is essential before entrusting them with funds.

2. Liquidity Risk

When managing DeFi assets, liquidity risk is another critical concern. This risk occurs when an asset becomes illiquid or difficult to trade, negatively impacting the price. While DeFi has experienced exceptional growth over the past few years, not all market segments offer deep liquidity.

For this reason, asset managers need to understand the underlying liquidity of their assets and the DeFi pools they're interacting with. For example, the actions of large market participants or severe market stress events can negatively impact liquidity. As such, asset managers should carefully and systematically choose the protocols and pools they're investing in. This process may limit the investable universe but also helps to ensure adequate liquidity when needed.

3. Smart Contract Risk

Smart contracts can also present an operational risk when managing DeFi assets. Since smart contracts are segments of blockchain-based code that execute automatically, it’s essential to understand the underlying code and ensure it functions properly. If the code doesn’t work correctly, vulnerabilities may result in funds being lost or stolen. As such, asset managers need to understand blockchain technology and rely on thorough analyses (conducted in-house or by specialist providers) to ensure the code is safe and secure.

4. Governance Risk

Asset managers should continually assess governance risk when managing DeFi assets. Because DeFi asset management involves decentralized protocols and services, investors must understand the unique governance mechanisms in use. This process may include exploring a specific voting process, token model, or decentralized autonomous organization (DAO) with authority to propose and implement protocol changes. Investors must be aware of such changes or updates to ensure asset management strategies are adapted accordingly.

5. Execution Risks

It’s also essential to consider execution risks when managing DeFi assets. One way execution risk occurs is when a transaction fails or executes at unfavorable prices due to technical problems or a lack of resources. For example, latency issues, network congestion, or coding errors can result in execution risk. Alternatively, execution risk can occur when a complex user interface (UI) or poor user experience (UX) leads to process errors. In either case, asset managers should ensure they have the necessary infrastructure, resources, and safeguards in place to reduce execution risk. This process might include conducting thorough tests and audits to ensure transactions are functioning as expected.

How Traditional Asset Management Risks Compare to DeFi

With the main operational risks of DeFi asset management identified, let’s delve deeper into the unique ways DeFi differs from TradFi operational risk management.

Counterparty Risk

Although counterparty risk is one of the top risks associated with traditional asset management, it's negligible in (true) DeFi by design. Specifically, there's no need for a third-party intermediary, such as a bank, broker, or clearing entity, when executing trades or making investments. Instead, transactions occur directly between two market participants according to predetermined smart contract conditions. These smart contracts allow for trustless interactions and peer-to-peer trading without intermediaries. In addition, all transactions occur on the blockchain and are fully traceable. This dynamic eliminates the counterparty risk typically associated with traditional asset management.

Post-Trading Risk

From a process perspective, DeFi post-trade activities differ the most from TradFi. Like counterparty risk, post-trading risks are greatly reduced in DeFi asset management due to the trustless and peer-to-peer nature of blockchain technology. Specifically, transactions are almost immediately settled on the blockchain, meaning—at the on-chain level—asset managers don't have to worry about trades not settling or funds being delayed or frozen. Typical TradFi post-trade considerations such as settlement instructions, T+2 settlement cycles, and delayed delivery vs. payment are made redundant in DeFi (i.e. when natively accessing decentralized exchanges and protocols to trade coins).

Technology and Cyber Security Risks

Despite its advantages, DeFi asset management has some unique risks. For instance, technology and cyber security risks are much higher in DeFi asset management than in traditional asset management. This dynamic emerges because DeFi assets and underlying values are entirely virtual, compared to stocks representing companies with physical assets, for example.

Specifically, DeFi asset management utilizes a trustless system, meaning all transactions occur on the blockchain. However, because these interactions are based purely on code, they can leave asset managers vulnerable to cyber-attacks. For those chains that are relatively new, the risk for bugs or other technical glitches is potentially higher and can lead to significant losses for asset managers if not adequately managed. As a result, asset managers need to take proactive steps to mitigate these risks.

Legal, Regulatory, and Compliance Risks

Like technology and cyber security risks, legal, regulatory, and compliance risks are higher in DeFi asset management compared to traditional asset management. This dynamic emerges because the legal and regulatory frameworks governing DeFi asset management are less established than in TradFi. As a result, asset managers should follow processes that align with current regulations but remain flexible enough to comply with forthcoming rules.

Although it's hard to predict the future development of regulatory policies, asset managers may benefit from adopting TradFi practices like anti-money laundering (AML) and know-your-customer (KYC) protocols. In other words, like TradFi, DeFi asset managers should exercise caution when investing and be prepared to abide by upcoming laws and regulations likely to follow similar TradFi frameworks. 

The Alloy Difference

At Alloy, simplifying digital asset management is at the heart of what we do. In addition to BaFin-regulated asset custody, we follow strict internal processes when selecting crypto-denominated investment products. Specifically, we consider the liquidity, robustness, and reliability of each DeFi protocol integration while providing a host of analytics to help clients navigate the market and measure liquidity metrics. Similarly, Alloy only works with the most widely used, proven digital assets, mitigating smart contract risk.

We also help manage governance risk by providing industry insights via embedded news feeds, ensuring clients stay updated on what's happening in DeFi, especially regarding chains and tokens offered on the platform. Finally, Alloy offers a dramatically simplified process flow for executing and automating complex, multi-protocol DeFi strategies. This streamlined approach to asset management ensures DeFi investment strategies can be executed consistently and in line with the defined investment policies.