SIP-273: Risk Framework

Author
StatusDraft
TypeMeta-Governance
NetworkEthereum
ImplementorTBD
ReleaseTBD
Created2022-08-22

Simple Summary

This SIP proposes that the SNX DAO utilise a formal risk management framework to support the synthetix DAO. An effective risk management framework will support the growth of the SNX protocol through understanding of uncertainties in current operations, and those introduced through changes. The SNX protocol risk management shall be overseen by a newly created position of Risk Chief, who shall be selected by the SC. The Risk Chief shall oversee the SNX risk management framework, supporting its operation, and ensuring that it is fit for purpose for SNX.

Abstract

This proposal includes the following elements;

  • The SNX DAO utilise a risk framework
  • Risk assessment to be a part of change processes
  • Risk assessment to be performed on identified risks
  • A new position of Risk Chief responsible the appropriate risk process
  • The SC shall be ultimately accountable for risks

Motivation

The block-chain ecosystem in which synthetix operates is constantly challenged by uncertainty from emerging technologies, diverse competition, shifting societal and customer expectations, potential regulatory oversight, and macro economic conditions. Taking the right risks and managing them effectively are key organisational attributes to scaled adoption of the SNX protocol. All activities of an organisation involve risk, a systematic and logical risk framework will allow SNX to approach uncertainty consistently.

Currently the synthetix DAO approach to risk is inconsistent and ad-hoc, often relying on the heroic effort of a few to ensure that uncertainty is accounted for. This proposal aims to formalise a risk management approach headed by a Risk Chief that will assist the DAO in making the reasonable decisions into the future.

The aim of this proposal is to institute a formalised risk management approach that can integrate with the way the synthetix DAO works today. The advantages of a robust risk framework this shall include;

  • Protect protocol value by identifying and managing risk
  • Providing a repeatable process to analyse and describe risks to stakeholders
  • Improving understanding of risks to the synthetix protocol
  • Provide assurances to third parties (customers, business partners, and regulators) that the Synthetix protocol is robust and secure
  • Establish a reliable mechanism for decision making and planning

To oversee this risk framework will be a Risk Chief (RC) will lead efforts to reduce business risks;

  • The Risk Chief responsible for risk oversight, not ownership of risk
  • The Risk Chief shall oversee the risk framework and ensure it is effective for SNX
  • The Risk Chief shall lead efforts to identify and assess risk

Specification

Overview

The Risk Chief (RC) will be responsible for managing and operating a risk framework appropriate for the Synthetix Protocol. The RC will operate across financial, non-financial, and strategic risk domains. More specifically the RC will initially be responsible for:

Risk Framework

Maintaining the foundations of designing, implementing, monitoring, reviewing, and continually improving risk management throughout the SNX ecosystem. The risk framework describes how risk is to be assessed. This also includes specifying and ensuring that a risk management process is appropriate for SNX.

Risk Identification, assessment, and evaluation*

The RC shall proactively identify risks that may be present within the ecosystem in which SNX operates. The RC shall also operate the mechanism whereby the community, SNX development team, or other parties may report risks. The RC may perform risk assessment and evaluation on identified risks, or this may be performed by others. However, all risk identification, assessment, and evaluation will be in line with the SNX risk framework. For externally identified risks, the RC is responsible for providing a public forum to discuss and address any community concerns in relation to ecosystem developments that may impact the Synthetix Protocol as well as be proactive in managing overall risk.

Risk in change; SIP workflow*

The RC will assess risks identified as part of other SIPs via a step in the SIP workflow. Material risks shall be given a rating which shall be communicated to the SC for consideration.

Risk Monitoring and Reporting

The RC shall maintain inventory of current risks. The RC shall prepare regular reports to the SC on the current risk

SIP Workflow

The RC will be responsible for an additional step in the SIP workflow which will run in parallel with the engineering "feasibility". In this step, the RC will conduct an in-depth risk analysis to provide to the Spartan Council to utilise during their debating and voting process. Each SIP will be assigned an extra status decided on by the RC. This status shall indicate the highest risk associated with that change, utilising the SNX risk appetite, from the following (assuming 5x5 matrix):

  • Very Low
  • Low
  • Medium
  • High
  • Very High
  • Extreme

The assignment of each label will be based on a 2/3 majority vote; if all members wish to assign a separate label to a SIP they must each present their reasoning in an individual report to the Spartan Council prior to the SIP being presented.

Acceptable

If a SIP is assigned this label, the RC has found that there is negligible risk in the proposed SIP.

Caution

SIPs marked with this label require additional review of the highlighted risks by the Spartan Council when debating and voting on the SIP.

Unacceptable

This label should be used by the RC if they believe a SIP creates an unacceptable risk to the Synthetix Protocol.

The assignment of each label will be based on a 2/3 majority vote, if all members wish to assign a separate label to a SIP they must each present their reasoning in an individual report to the Spartan Council prior to the SIP being presented.

Protocol Risk Oversight

Historically the management of risk has been dealt with on an ad-hoc basis by Core Contributors. The RC will be appointed the governance body responsible for managing risk in protocol policy changes (usually via SCCPs - such as proposed inflation or c-ratio changes). For SCCPs, the same process outlined in the SIP workflow applies.

For external risk, the RC is responsible for providing a public forum to dfiscuss and address any community concerns in relation to ecosystem developments that may impact the Synthetix Protocol as well as be proactive in managing overall risk.

The Risk Council is an informational body, they are responsible for assessing and reporting on protocol risk for the benefit of the community, the Spartan Council and protocolDAO retain ultimate responsibility for enacting and implementing recommendations by the Risk Council.

Rationale

The existing system whereby risk assessment is not assigned to a particular individual or body presents an existential risk to the Protocol. There have been several incidents over the last year where a more thorough risk assessment could have significantly reduced the risk of SIP implementation. The rapid growth and development of the Synthetix Protocol and ecosystem has increased the bandwidth required to manage risk within Synthetix.

Operation

  • The Risk Chief shall be appointed by the SC for a period of 6 months. The successful appointee shall receive endorsement to the position by a majority SC vote.
  • Risk Council members will be made known to the community and the Treasury Chief will assign a budget to pay for the RC members stipends
  • The SIP workflow will be amended to include the "Risk Analysis" stage

In addition the TC will set a budget for external risk assessment by the Risk Chief through engagement with external service providers.

Operation
  1. Risk Council Members elections will utilise the voting strategy of the Spartan Council elections (quadratic-weighted debt)
  2. Risk Council members will be made known to the community and the Treasury Council will assign a budget to pay for the RC members stipends
  3. The SIP workflow will be amended to include the "Risk Analysis" stage

In addition the TC will set a budget for external risk assessment by the Risk Counciul through engagement with external service providers.

Examples

Risk in Change

A community member authors a SIP, to create a new string of liquidity incentive pools. The SIP is merged by the SIP editors and labelled as "Draft". During the CC Sprint Planning, an engineer is assigned to the SIP for feasibility, and the assignee notifies the Risk Council members via Discord that there is a new SIP that they are conducting feasibility research on. The Risk Council schedule a meeting to discuss how the introduction of liquidity incentive pools (in which sUSD is part of the proposed plan) might affect the system and they concluded that it might cause the sUSD to de-peg. The likelihood of this is determined to be ‘moderate 3’ and impact to be ‘major 4’, the resultant risk is rated as ‘High’ and the SIP is given this tag as this is outside of the DAOs risk appetite.

Configurable Values (Via SCCP)

N/A

Copyright and related rights waived via CC0.