Credit Risk in the Dark Forest (Wildcat at EthCC)
Source: https://www.youtube.com/watch?v=WooDFQPzKNQ
Laurence (the speaker) will cover what credit risk is, how it is typically inferred for sovereign nations and companies, the challenges in applying credit risk techniques to DeFi/crypto firms, and mechanisms to simulate something similar.
What is credit risk? (1:55)
Credit risk is an entire industry of people who analyze audited financial accounts and assign numerical ratings and probabilities of default to entities, whether countries or companies.
These credit risk assessments focus on two main things:
- The probability that a counterparty will default on an obligation
- The expected loss is given that default
For companies, credit risk analysis typically looks at the "five Cs":
- Character (credit history)
- Capacity (debt-to-income ratio)
- Capital (amount of capital/assets)
- Collateral
- Conditions (how the capital is being used)
DeFi doesn't worry about credit risk, as the common approach is to require over-collateralization (e.g. 140% collateral) to mitigate credit risk, rather than using traditional credit risk assessment.
There are well-known credit rating agencies like Fitch, Moody's, and Standard & Poor's, which assign letter-based ratings (e.g. BAA3, CCC+, A+) that correspond to probabilities of default.
At the sovereign (country) level, credit risk assessment is more abstracted, as it's indexed on CDS spreads.
Meanwhile, at the company level, it requires a more detailed analysis of factors like cash burn rate, asset composition, and governance.
The credit risk between countries and companies can be quite close. The difference in risk between Italy and Netflix is only 2-3 bps (0.02-0.03%)
Onchain Credit Risk is difficult (4:50)
It is very difficult to assess the credit risk of crypto-native entities like market makers, DeFi protocols, and crypto firms, compared to traditional companies.
The crypto space has "good quality" assets like Bitcoin, Ethereum, and stablecoins, but many projects may only have speculative "shitcoin" holdings, making it hard to gauge their true financial strength.
Concentration risk is extremely high in crypto, where problems at one major entity can quickly spread and impact the entire ecosystem.
Therefore, traditional finance firms are often hesitant to audit or vouch for the financials of crypto companies, fearing legal liability if issues are later discovered (e.g. Alameda)
Some specialized firms like Credora are providing financial data analysis and reporting for crypto entities. These services offer monthly reports and some real-time analytics.
But those reports have limitations:
- Static monthly reports may quickly become outdated in the fast-moving crypto market.
- Real-time analytics are helpful but not comprehensive.
- Attacks or issues with major DeFi protocols (like Aave) can render existing credit ratings meaningless.
The crypto industry has been working on solving issues of on-chain trust and reputation, like Gitcoin Passport and anti-sybil detection mechanisms.
The thing is, different entities require different types of trust assessment, making standardization difficult.
In addition, as crypto continues growing, there may not be enough skilled professionals to scale traditional credit risk assessment techniques to meet demand across the industry.
TLSNotary (8:10)
Instead of traditional methods, Laurence suggests it may be more appropriate to leverage the cryptographic tools and techniques that have been developed.
TLS (Transport Layer Security) is a protocol that allows for secure communication and attestation of data legitimacy between parties, without fully revealing all the data.
TLS Notary is a library that enables multi-party computation (MPC) to verify the legitimacy of data, such as credit scores or account information, without disclosing the full details.
This technology could be used for several use cases:
- Verifying asset holdings and liquidity of borrowers.
- Proving credit scores or compliance checks without revealing personal data on-chain.
- Avoiding the need to store sensitive personal information on blockchains.
An idea would be to set up a series of questions that can be attested to or rejected through zero-knowledge proofs, allowing entities to demonstrate their creditworthiness on-chain without extensive third-party audits.
It could """potentially""" replace manual review processes with more efficient computational methods.
Wildcat V1 had difficulties in user onboarding and data verification.
Now Wildcat is partnering with Keyring and Accountable to build Wildcat V2, where lenders onboard themselves, and borrowers provide data about their financials with privacy preserved.
Despite current market conditions and negative sentiment on "Crypto Twitter", we must keep in mind that long-awaited technologies are finally becoming usable, and these advancements will enable more sophisticated financial markets in the crypto space.
Laurence said "The future is bright and it uses circuits", as he believes the cryptographic tools now available offer a promising path forward for building more secure and transparent financial markets.
Questions & answers (13:00)
"You said that you're looking for a yes or no answer to several questions. Have you thought about using a ZKML decision tree model?
Laurence is not familiar with using ZKML (zero-knowledge machine learning) decision tree models for this purpose, but suspects "people smarter than myself will think about this and present it as a tool for them".
"This is a rising consideration that cryptos should tend towards two different worlds, either the regulated side and the anon side. Do you think that the credit risk world should fall towards the regulated side with KYC, AML systems, all of that, or it could also thrive through the anon world?"
It's possible to have both regulated and anonymous/decentralized worlds co-exist when it comes to credit risk assessment in crypto.
Laurence is not in favor of having a gated, private blockchain just for compliance purposes, preferring to keep everything on one (Ethereum) platform.
There can be two distinct worlds, but they don't need to clash, and it's possible to have compliance/KYC for certain use cases while still enabling "degeneracy" (likely referring to more permissionless, anonymous activities) in other areas.