There’s a lot of talk right now about traditional financial institutions adopting DeFi and crypto. It’s a sensible idea. DeFi and blockchain can bring speed and cost efficiencies to finance, and can help money and assets move and settle, cross-border or domestically, in seconds. 

This contrasts wonderfully with hellish processes that many can relate to, where money movement takes days or weeks, involves multiple banks and currencies, and crosses various time zones and bank opening times. Nevertheless, institutional adoption has not been rapid. There are several concerns.

The biggest concern for institutions is probably risk. With DeFi it comes in many forms, including:

These risks are compounded by the fact that blockchain settlements are immediate and in many cases irreversible. Banks and major institutions generally don’t like this. Go figure.

Fixing the Problem

We may be closer to a solution than people realise. Alex McFarlane, founder of Keyring, is working to bridge this divide by adding verifications and safety measures to DeFi, and to curate low-risk DeFi protocols that are fit for institutional use. In his own words, his core focus is “enabling low risk DeFi through scalable permissioning, curation-led risk management and robust governance."

Let’s put that another way. What McFarlane is doing is creating environments where institutions can use low-risk DeFi applications, safe in the knowledge that they are engaging with trustworthy and accountable counterparties. 

The solution starts with wallet-transaction screening. This process allows you to verify that you, and likewise the person you’re dealing with, have passed relevant KYC/AML checks. This doesn’t mean that either party has to disclose who they are, but with the use of zero-knowledge proofs, everyone involved is able to prove that they have been approved by an appropriate bank or exchange. This, by the way, can create an interesting shift in liability. Should anything go awry, the approving bank or exchange may have to explain how it happened.

There are other defensive measures in place. McFarlane mentions that insurance has a role to play in mitigating risks relating to code, information and technology. As such, he’s in talks with a highly reputable insurer to underwrite the risk of DeFi smart contracts, Oracle risk, and in his words, ‘everything to do with DeFi that makes it funky and exotic.’

Code is Law versus Spec is Law

Let’s stop for a second. This all sounds relatively straightforward, with KYC/AML checks and insurance derisking the process. However, are cultural barriers to jump between DeFi and TradFi. A huge sticking point here is the early and popular ‘Code is Law’ tenet of DeFi and crypto. Code is Law insists that code should determine the outcome of a transaction, regardless of whether it is fair, intended or legal. Many cypherpunks love this. Banks find this to be as pleasurable as waterboarding. 

We can illustrate this problem really easily, by looking back to 2020 and Citibank’s accidental wiring of $893 million* to a range of investment advisory firms. Under Code is Law, the bank would have had to suck up the loss and move on. Traditional institutions, you will be stunned to learn, do not find this satisfactory. 

For McFarlane’s proposition to work, and for banks to jump into DeFi, we need a shift from Code is Law to ‘Spec is Law’. Spec is Law means governance is based on what a system or protocol is designed to implement, rather than what it literally implements. If you find a way to exploit the code, you will not be rewarded, and if your actions fall under regulated activity, you could well be prosecuted. Due to the overlay of KYC/AML verifications, we’re also able to identify the person who’s hacked or exploited the system. 

McFarlane explains it bluntly.

“Code is law is always dumb. Spec is law is like what the auditor says things should look like.”

“[But] You can’t enforce Spec is Law unless you can pull people up on it. The reason code is law is so elegant is you don’t need to know who anybody is. If they violate the code, the code’s got a bug, whereas if you violate the code with Spec is Law, you need to find the guy** that violated the code because he’s not going to give you the money back unless you can drag him out of bed with blue flashing lights.”

This accountability is why permissioned markets are important. DeFi is known for a range of market manipulations, such as:

These activities can go unpunished in DeFi. However, in a permissioned environment where Spec is Law, and users are accountable, it’s far more likely that malicious behaviour will be punished

Crossing the Cultural Divide

Derisking DeFi is a good way to get banks and institutions on board with it, yet these battles are about hearts as much as minds, and partnerships between DeFi and TradFi can be scuttled for cultural reasons. Banks tend to avoid grey areas and likewise they don’t relish being first movers. 

This cultural challenge isn’t just about top-down management. McFarlane insists that very few high flyers in a bank would want to stake their reputation on a fledgling DeFi protocol, and poetically, he explains this in language that would make any bank’s PR or comms team run for the hills.

Fair point. 

Being more proactive, I ask McFarlane what banks can do to elevate their digital assets and blockchain game. 

“I think the easiest way for them to get involved is to tokenise existing products, especially good quality products,” he says. “The yield in DeFi has to be over 7%, so I’m thinking emerging market funds, A-grade credit funds, and corporate credit. These things are missing massively in DeFi.”

He also explains that compliance teams need to get comfortable with DeFi as soon as possible, which means hiring technical people or trusting external experts at the very least. “These guys don’t have a clue, generally, what is going on in the tech,” he adds.

A final point that he makes is around atomic settlement. For the uninitiated, atomic settlement is a DeFi term that relates to the instant execution and settlement of a transaction. TradFi isn’t optimised for this, as evidenced by the many processes that take days to settle and incur copious paperwork. 

“If I give you the money to invest in your fund and I don’t get the token as a receipt of your fund immediately, that’s a big problem for DeFi.”

Final Thoughts

Blockchain and smart contracts can add efficiencies to traditional finance, we all know that. However, institutions need to protect themselves when diving into the murky and unforgiving waters of DeFi. Permissioned environments, careful governance and insurance may go a long way towards reassuring those involved.

I also want to say a word for ‘rational privacy’ and zero-knowledge proofs. Rather than full disclosure or privacy as a default, there is vast potential for finance to be improved by contextual privacy. There are many cases, especially in DeFi, where it’s good to know that we’re dealing with someone reliable, but we don’t need to know exactly who they are unless something goes horribly wrong. Keyring appears to have a solution here. 

With greater risk management, more accountability, and the possibility of recourse if things go wrong, it’s likely that we’ll see wider adoption of DeFi and greater flows of capital to protocols as a result. 

Get involved with LFG

This newsletter exists to tackle the big questions and curiosities of fintech. If you’re building something exciting, get in touch at [email protected]. 

If you enjoyed this piece and are seeking a writer for editorial, marketing or whitepaper copy, also use the email address above.

Features are not endorsements unless explicitly stated.