This insight was originally published as a guest article in TabbFORUM. Click here to view.
If banks want to protect and grow their market share, they need a competitive strategy for DeFi. But how does an inherently centralized industry coexist and potentially interoperate with a decentralized model? Is institutional DeFi an oxymoron, or are there, in fact, new opportunities and use cases yet to be unlocked that combine traditional finance with smart contracts, crypto wallets, NFTs, and decentralized autonomous organizations (DAOs)? Yuvraj Sidhu, Principal Consultant at Lab49, explores these questions in this article.
Although nascent, decentralized finance (DeFi) platforms have seen spectacular growth over the past year. Despite adjusting for valuation effects of cryptocurrencies such as Ethereum and Solana, it’s clear that there’s a vibrant and growing market for DeFi applications and their unique value propositions.
We could be looking at a world where traditional financial services are integrated with emerging DeFi infrastructure. But, are banks and other financial incumbents ready for it?
DeFi is gradually making its way into a wide range of financial transactions. Assets typically handled by the financial system—real estate, equities and bonds—are migrating to systems powered by blockchains. We could be looking at a world where traditional financial services are integrated with emerging DeFi infrastructure. But, are banks and other financial incumbents ready for it? And, how are traditional institutions responding to this new world?
Uncovering the dilemma
While banks make all the correct strategic decisions within the traditional sphere, they may still lose market share to new entrants that operate in a completely different paradigm. Banks understand how best to leverage and monetize capital. However, new entrants are technology firms that put data at the front and center of their entire operation – they understand how to leverage and monetize the biggest asset at their disposal i.e., data.
This is a familiar theme, but on an exponential scale.
Consider this. Cryptocurrency movements serve as packets of raw data, meaning every transaction in a DeFi system is a node in a massive graph of related events that cross the boundaries of applications, platforms, organizations, and blockchains themselves. This data mesh, combined with the composability of smart contracts, has the potential to unleash previously unimagined use cases and business models.
If banks want to protect and grow their market share, they need a competitive strategy for DeFi. But how does an inherently centralized industry coexist and potentially interoperate with a decentralized model? Is institutional DeFi an oxymoron, or are there, in fact, new opportunities and use cases yet to be unlocked that combine traditional finance with smart contracts, crypto wallets, NFTs, and decentralized autonomous organizations (DAOs)?
Certain characteristics of DeFi (covered in greater detail below) pose risks and challenges that have not been seen or experienced before. If regulated entities such as banks are to pursue these areas, technical design challenges must first be resolved.
Certain characteristics of DeFi (covered in greater detail below) pose risks and challenges that have not been seen or experienced before. If regulated entities such as banks are to pursue these areas, technical design challenges must first be resolved. Stepping into this space unprepared is a recipe for disaster and would expose banks to a host of security breaches. Some firms are familiar with this situation all too well: in 2021, cryptocurrency theft grew by 516% compared to the previous year. Roughly $2.3 billion of those funds — 72% of the 2021 total — were stolen from DeFi protocols.
Despite this, banks have boldly begun experimenting with DeFi, even opening branches in the metaverse. And while they are opening their doors to this new landscape, a compelling model that integrates traditional finance with DeFi use cases is yet to gain traction.
Foundational differences
There are several characteristics that set DeFi apart from existing architectural patterns, and make the technology so revolutionary. Inspected one at a time, each of these factors expose risks along with benefits. How banks leverage the benefits of DeFi while warding off risks is crucial to a successful implementation.
Transparency: Transparency engenders trust for customers and counterparties alike. Unlike traditional systems, public blockchains provide full visibility into the business logic and transactional information contained in an application. This helps identify any bias in decision-making processes and enables independent verification that certain values that are aligned.
On the other hand, this transparency makes it much easier for competitors to gain an advantage by inspecting the business rules and customers’ transaction history with other banks. What’s more, it presents hackers – who are always on the hunt for vulnerabilities to exploit – with a new opportunity to observe banks’ smart contracts. Additionally, validator nodes are able to inspect pending trades and front-run them to extract value from unsuspecting users.
Composability: Often compared to Lego blocks, smart contracts expose APIs that other applications may access, enabling developers to re-use existing functionality rather than building from scratch. This is similar to utilizing microservices or open-source libraries in the traditional sense, and enables accelerated market experimentation for innovative use cases. However, the DeFi smart contract ecosystem is still in its early stages. It’s not immediately clear which contracts are safe to build on, and which should be avoided.
Immutability: The fact that it’s not possible to overwrite or delete data in confirmed blocks means that blockchains can be relied on as a source of truth. Perhaps more importantly, users and counterparties can rely on the predictability of business rules executed by smart contracts, and know that the rules won’t change after business plans are put into effect.
For development teams, however, this constraint means that blockchains must be designed with append-only operations. While it’s not impossible to update smart contract code, it’s also not trivial. A decentralized governance model may need to be instituted alongside the DeFi application, adding a layer of complexity to the implementation. In short, there is a higher price to pay for code changes, and the corresponding benefit needs to justify the effort. As a result, many minor improvements or bug fixes may never see production.
Determinism: Circling back to trust, for each node of the network to resolve to the same state – given specific input for a contract – the functions must be deterministic. If not, it would be virtually impossible to guarantee consensus. If any sort of randomness is required for a specific use case, this must be verifiable to maintain determinism. Nuances such as the elimination of rounding differences across nodes must also be considered.
Operational economics: With the aim of lowering carbon footprint, there’s now a general movement towards energy-efficient blockchain implementations. While developers of traditional systems need not worry about issues such as gas requirements and leakage, development teams on DeFi applications must optimize compute and storage efficiency to minimize transaction fees for their users.
Rails: While traditional systems run on private infrastructure, DeFi systems depend on public blockchains such as Ethereum, Solana, Cardano and others. Although these nodes may run on cloud or on-prem infrastructure, they inherit the consensus mechanism, security, availability and performance characteristics of the underlying protocol. Each of these protocols have made architectural choices with respect to security, availability and performance, leaving technical stakeholders to carefully weigh which implementation is best suited for a specific use case.
Pseudonymity: For regulated financial entities that are subject to strict KYC and AML rules, the pseudonymity of DeFi applications presents an interesting challenge. Although anonymity or pseudonymity is not a strict requirement for distributed applications (DApps), banks may elect to leverage the cryptographically secure trust mechanism that public blockchains provide, rather than create private (permissioned) or otherwise centrally controlled networks.
It’s easy to visualize how some of these characteristics could generate new vulnerabilities. The bigger the risks, the bigger the opportunities, which is why, in a follow-up article for TabbFORUM, I will dive deeper into some of the vulnerabilities associated with DeFi, along with actionable mitigation strategies.
One example of these vulnerabilities is the expanded attack surface exposed by unfettered visibility into smart contract code and internal state. Security by obscurity is not an option with public blockchains.
There is an outsized asymmetry in terms of risks borne by financial institutions vis-à-vis those borne by DeFi-native startups. It’s just a matter of time until financial institutions understand how to strategically leverage DeFi and develop new applications to make the most of these systems.
Other risks are not as easy to foresee. There is an outsized asymmetry in terms of risks borne by financial institutions vis-à-vis those borne by DeFi-native startups. It’s just a matter of time until financial institutions understand how to strategically leverage DeFi and develop new applications to make the most of these systems.