At the heart of most web3 projects is the assumption users will be better off with decentralization than with centralized control. But what if in an effort to innovate and disperse control, projects are putting users in a more vulnerable position?
Vulnerability can grow when risks are underestimated or ignored. We are seeing some of that pressure with Celsius, Three Arrows Capital, and most recently with the SEC action against Forsage. Risk management is more important than ever, yet many DeFi and web3 projects spend time and money creating a legal framework without carefully considering operational risks. A stress test of a project’s legal structure can help assess its resilience and indicate whether it is well-positioned to handle predictable surprises such as governance, compliance, and risk (GRC) events. In a time of growing concerns about the financial stability of crypto-assets, and a call for more regulation, this assessment exercise is needed to deftly adjust to the changing tides. FSB July Statement
This summer a16z crypto published part 2 of a DAO legal framework. This article relies on that framework adding a lens for operational and compliance risks. a16z whitepaper; Jennings & Kerr framework; DAO Entity Selection Framework
DAOs & Managing Risks
“DAOs — decentralized autonomous organizations — are an essential tool in achieving the self-empowering benefits of web3, including more equitable ownership among stakeholders, reduced censorship and greater diversity” Jennings & Kerr framework
DAOs are a crucial counterbalance to centralized technology innovators, but to make open and decentralized alternatives sustainable, risk management needs to be prioritized. If it isn’t, users are exposed to unnecessary risk of loss of their data, investments, and other contributions.
In a previous post, I introduced a new GRC framework that can be used to score how well a project manages risk.
To start the assessment, consider two pivotal questions:
- Are you positioned to engage with the community and get ahead of developing risks?
- Are you agile enough to address inevitable GRC risks or does your legal structure increase operational friction and inefficiency?
How do you measure up?
Use the GRC Comparison Chart below as a check on your legal and risk framework. As you consider these questions, test your assumptions against 5 different priorities. These will inform your conclusion about whether you are positioned to handle GRC.
GRC Comparison Chart: Observations about whether and how each organizational structure can help manage specific GRC risks within GRC Principles & Pillars.
4. Personal Liability
5. Crisis Management
Managing GRC is more than just working on your initial legal structure. Reach out if you are interested in learning more about how to protect your project and users with GRC risk management. email@example.com
Beth Haddock is an advisor to stablecoins, Defi platforms, and fintech projects including the Balancer ecosystem and GYEN.
Legal Entity Definitions
1. Limited Cooperative Association (LCA) — Cooperatives are the original social enterprise business model and Colorado is emerging as the “Delaware of cooperative law” The limited cooperative association offers a balance of flexibility, self-determination, cooperative identity, and fundamental protection for the cooperative principles and economic structure. As of 2017, LCAs can also elect the protections and privileges of the Colorado Public Benefit Corporation Act. LCAs, like traditional cooperative corporations, are for-profit member-owned business structures that also subscribe and adhere to seven widely recognized cooperative principles. Washington, Utah, Nebraska, Oklahoma, Kentucky, Vermont, and Washington D.C. also permit LCA formation.
2. A limited liability company (LLC) is a company that protects its organizers from personal liability by creating a corporate shield of protection.
3. An unincorporated nonprofit association (UNA) is a nonprofit version of an LLC. A UNA is two or more people joined together by mutual consent to pursue a common nonprofit purpose.
Ecosystem Priorities Defined
1. Behavioral incentives to encourage community engagement: Is there a desire to grow the ecosystem and have more informed and productive engagement from the community by taking on projects and running SubDAOs?
2. Alignment to encourage duty of loyalty and care to the ecosystem: Is there a priority to have community members commit to a social contract or mission, fear of infighting, or belief that the project’s success is built on aligned incentives in the sense of equity ownership?
3. Ease of managing business risks for the community — tax, accounting, vendors and service providers, budget management: Is there a focus on delivering on operational tasks and being informed about risks so they can be managed?
4. Ease of managing personal liability for founders & others with control or influence. Terra: Is there a sensitivity to the regulatory and litigation environment such that founders and influencers want to manage their risks?
5. Ease of responding to a crisis: Is there a plan or desire to plan for communicating to the community, public, or government authorities if there is a project, security, regulatory, DAO, community, or other crisis?