At the heart of most web3 projects is the assumption users will be better off with decentralization than with centralized control. But what if in an effort to innovate and disperse control, projects are putting users in a more vulnerable position?
Vulnerability can grow when risks are underestimated or ignored. We are seeing some of that pressure with Celsius, Three Arrows Capital, and most recently with the SEC action against Forsage. Risk management is more important than ever, yet many DeFi and web3 projects spend time and money creating a legal framework without carefully considering operational risks. A stress test of a project’s legal structure can help assess its resilience and indicate whether it is well-positioned to handle predictable surprises such as governance, compliance, and risk (GRC) events. In a time of growing concerns about the financial stability of crypto-assets, and a call for more regulation, this assessment exercise is needed to deftly adjust to the changing tides. FSB July Statement
This summer a16z crypto published part 2 of a DAO legal framework. This article relies on that framework adding a lens for operational and compliance risks. a16z whitepaper; Jennings & Kerr framework; DAO Entity Selection Framework
DAOs & Managing Risks
“DAOs — decentralized autonomous organizations — are an essential tool in achieving the self-empowering benefits of web3, including more equitable ownership among stakeholders, reduced censorship and greater diversity” Jennings & Kerr framework
DAOs are a crucial counterbalance to centralized technology innovators, but to make open and decentralized alternatives sustainable, risk management needs to be prioritized. If it isn’t, users are exposed to unnecessary risk of loss of their data, investments, and other contributions.
In a previous post, I introduced a new GRC framework that can be used to score how well a project manages risk.
To start the assessment, consider two pivotal questions:
- Are you positioned to engage with the community and get ahead of developing risks?
- Are you agile enough to address inevitable GRC risks or does your legal structure increase operational friction and inefficiency?
How do you measure up?
Use the GRC Comparison Chart below as a check on your legal and risk framework. As you consider these questions, test your assumptions against 5 different priorities. These will inform your conclusion about whether you are positioned to handle GRC.
GRC Comparison Chart: Observations about whether and how each organizational structure can help manage specific GRC risks within GRC Principles & Pillars.
Managing GRC is more than just working on your initial legal structure. Reach out if you are interested in learning more about how to protect your project and users with GRC risk management. email@example.com
Beth Haddock is an advisor to stablecoins, Defi platforms, and fintech projects including the Balancer ecosystem and GYEN.