The International Monetary Fund’s (IMF) latest Global Financial Stability Report highlights myriad risks for the global financial system.
3 min
The International Monetary Fund’s (IMF) latest Global Financial Stability Report highlights myriad risks for the global financial system. They include the war in Ukraine, high debt, and soaring inflation.
But the report also warned about the impact of decentralized finance, or DeFi, an emerging set of financial services applications that are based on blockchain and other crypto technologies and don’t involve banks other traditional financial intermediaries
Citing possible systemic risk, the IMF wants governments to impose regulations because, the report says, DeFi results in the “buildup of leverage, and is particularly vulnerable to market, liquidity, and cyber risks.”
DeFi may not be a mainstream vehicle yet, but that doesn’t mean financial advisors don’t need to know about it.
What is DeFi?
It’s a kind of financial application that uses “smart contracts,” to operate on a blockchain platform, usually Ethereum. These software programs allow for fully automated, peer-to-peer financial transactions without intermediaries like banks or brokers, which generally means faster settlements of trades.
“With DeFi, users are able to perform most functions that a bank can,” says Jeremy Almond, founder and CEO of Paystand, a B2B payments platform. “This includes earning interest, borrowing, lending, buying insurance, trading derivatives, and trading assets.”
Supporters of DeFi say it offers the potential to democratize financial services for the unbanked. This is a key reason the Federal Reserve is looking at creating a digital currency.
The world currently has around 1.7 billion people who are unbanked, according to Yubo Ruan, founder and CEO of DeFi provider Parallel Finance. “Some of the reasons include a lack of government-issued IDs, problems with credit history, restrictive bank requirements, or a lack of banking infrastructure within a country.”
How easy is it to use?
It can actually be cumbersome. You need several applications to accomplish what may seem like routine transactions if done at a bank, and the jargon and concepts can get complicated.
“A combination of highly technical requirements, high fees, and confusing user interfaces are putting off potential users,” says Jackie Bona, CEO of Valora, a mobile crypto wallet. “This is making it difficult for people to get started in DeFi, scaring away those who need these apps the most.”
What are the risks?
According to Archie Ravishankar, CEO and founder of mobile banking app Cogni: “Regular consumers in this space lack the regulatory protections they’re accustomed to in traditional finance.” So if you lose money, you have no consumer protection, such as the Federal Deposit Insurance Corp. True, you could bring a lawsuit, but the target DeFi organization may be an offshore entity.
Another issue is volatility. Just look at so-called stablecoins such as Luna. Within a week, its value plunged from $80 to virtually zero, tantamount to a run on the bank.
So should financial advisors suggest clients avoid these applications?
Generally, the answer is yes. DeFi is an emerging category of finance and it can be difficult to perform due diligence on new and decentralized technologies. Even those applications that are backed by venture capitalists have seen breaches.
When it comes to clients, DeFi is for those that have a high tolerance for risk. And if they are interested in investing, they should allocate a small part of their portfolio to it.
Can DeFi disrupt traditional financial services?
Even if it takes only a relatively small portion of the global market, the impact would be substantial.
“DeFi certainly has the potential to disrupt traditional finance across the board, and in some ways it already has—on a small scale so far,” says Liam Kelly, Europe news editor for Decrypt, a cryptocurrency news site. But he adds, “a lot of this hinges on breakthroughs in scalability and cutting reasonable lines between things like centralization and decentralization or opaqueness and transparency. Another possibility is that these technologies simply get absorbed by financial institutions to a point where to the consumer, nothing has changed at your brokerage account, except now on the back end it’s running on Ethereum or another blockchain network.”
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
What a quarter-million dollars gets you in the western capital.
Alexandre de Betak and his wife are focusing on their most personal project yet.
CIOs can take steps now to reduce risks associated with today’s IT landscape
3 min
As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.
IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.
“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.
That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.
“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.
While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.
“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.
Automation, and maybe even artificial intelligence-based IT tools, can help.
“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”
An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.
One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.
Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.
Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.
For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.
“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.
If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.
The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.
This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.
The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.
CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.
Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”
