DeFi $160 Million Coding Flaw—Lessons for Systematic and Quantitative Managers

On September 30, 2021, Compound, a popular decentralized finance (DeFi) software protocol, mistakenly made available as much as $160 million worth of cryptocurrency to users, the result of a bug in a recent upgrade. This was, presumably, an irretrievable loss, as the founder and CEO of the DeFi platform sponsor pleaded with users to voluntarily return the tokens.

The DeFi platform employs protocols that seek to recreate traditional financial systems by using algorithms to execute transactions. The Compound platform is run by a distributed ledger network of users utilizing smart contracts governed by computer code, rather than a central organization. While this may represent a step forward for the financial system, it also means that traditional concepts of checks and balances are, at best, in need of an upgrade or, at worst, simply antiquated.

While a DeFi platform differs in many respects from a systematic or quantitative investment program, this costly mishap serves as a cautionary tale for systematic managers and offers several lessons.

Lesson 1: There is No Risk-Free Option on the Bleeding Edge. The most uncomfortable take-away from this matter is that there is simply no way to innovate without exposure. The radical transformation of finance that an internet-enabled, decentralized operational model heralds is inevitably going to be accompanied by unforeseen or unexpected errors and even some calamities. Many quantitative and systematic managers generate alpha by inventing new tools and techniques or—for machine learning and artificial intelligence managers—by enabling their own creations to take the next step. Unanticipated outcomes are not just possible, but often are the goal.

Lesson 2: Risk Management is Key (and Can Be Costly). Systematic managers should expect that errors can and will happen, and prepare accordingly. Proper disclosure is part of this preparation (including preparing for disclosures of errors having occurred), but compliance managers for quantitative managers should undertake (or commission) reviews of their research and production systems. In particular, it may be useful to intentionally introduce errors or values that do not exist in any “real world” data sets—in additional to traditional testing and simulations. Compliance officers may need to seek additional financial or administrative support to adequately scope out and conduct this testing.

Lesson 3: The Regulators are Watching. The two leading cases involving errors by quantitative managers are the 2011 AXA Rosenberg and the 2018 AEGON/Transamerica matters.

AXA Rosenberg. On February 3, 2011, the Securities and Exchange Commission charged three AXA Rosenberg entities with securities fraud for concealing a material scaling error between the models embedded in a quantitative investment platform. The SEC alleged that a senior executive knew of the error, which inhibited the platform’s ability to properly manage risk and perform as predicted, in June 2009, concealed the error and instructed others to remain silent about the error. The three AXA Rosenberg entities settled the SEC’s charges by paying $217 million to affected clients plus a $25 million penalty.

AEGON/Transamerica. Similarly, on August 27, 2018, the SEC announced charges against four Transamerica entities for relying on faulty investment models and misleading retail investors. The SEC staff alleged that the investment adviser relied on inexperienced analysts, stating that “investors were repeatedly misled about the quantitative models being used to manage their investments, which subjected them to significant hidden risks and deprived them of the ability to make informed investment decisions.” The four Transamerica entities agreed to settle the SEC’s charges and pay $97.6 million to affected investors—$53.3 million in disgorgement, $8 million in interest and $36.3 million in penalty. Individual senior executives were also charged with compliance violations, because they “did not take reasonable steps to make sure the mutual funds’ models worked as intended,” which were also settled.

As we have noted in earlier alerts, the SEC has invested heavily in personnel and equipment to assist in policing these ever-developing financial markets. The combination of these SEC enforcement precedents, the SEC’s substantial internal capabilities in this space and the new focus on emerging technologies that may result from the explosion of the DeFi space all coalesce to make regulatory compliance a key area of focus for systematic managers.

As a result, systematic managers themselves have no alternative other than to embrace the potential risks, alongside the advantages, of their quantitative tools and systematic processes and similarly to invest in systems, tools and personnel to prevent, mitigate and address any unexpected outcomes.

Contact Information

If you need assistance or have questions regarding this alert, please contact your Akin Gump relationship attorney or one of the authors.