Proposal for a Safety Net (Deposit Insurance?)

[isis]

Hello

Although I'm new to the forums here, I've been lurking for some time.
Allow me to introduce myself.  My name is Steve and I'm an IT Consultant, Systems Analyst and Software Developer with over 15 years experience, located in Utah in the USA.

I first started getting heavy into Bitcoin when a client asked me to look into how they could integrate Bitcoin acceptance into their Point of Sale software. 
This particular software Point of Sale is used by major retailers around the world.
The result of that inquiry will be the topic of another thread, for now I wanted to propose a fairly simple idea.

In the "real world" aka meat space, people generally don't have to worry about what would happen if someone stepped into their bank and robbed it. 
This is because most banks and many financial institutions offer deposit insurance against theft and/or financial collapse of the bank. 
I believe that implementing a version of that is a good idea and one that might help speed a wider acceptance of Bitcoin into everyday transactions.

What I'm not saying here is "Hey let's all go bail out every fly by night that gets their wallet file hacked."

What I am proposing is that members of the community who operate services such as eWallets, public mining pools, exchanges and banks really ought to consider offering deposit insurance to their clients.

One thing I've noticed about the recent closures of significant bitcoin entities, is that seemingly obvious security measures are not being taken by operators of these services and because of this the services end up compromised and quickly pushed out of business. 

I say this because in order to qualify for the deposit insurance system I'm proposing, an entity would have to first meet certain minimum requirements.

For example...

• Undergo an independent source code review/audit
• Complete a full enterprise-wide security audit (all systems).
• Demonstrate full compliance with record keeping rules and any applicable rules on data retention.
• Have a well thought out, up to date disaster and business interruption plan
• Demonstrate regular adherence to a full system backup schedule (including restoring from backup)
• No fat online hot wallets, only enough in the wallet to handle an average day's volume.
• No hosting "in the cloud".
• Access to coinservers should be physical access ONLY whenever possible.
• SSH access to coinserver machines ONLY with a proper private key.
• Multi-factor authentication on all systems etc

There are quite a few more I could list, but you get the idea.

The point is that compliance with the rules set down by the proposed "deposit insurance" cooperative would allow any operating entity that chose to become compliant, to petition for acceptance into the cooperative.  After they are accepted, then all deposits into said organization would be mutually re-insured by all the other members at a rate proportional to their total deposit size.

To fund this all members would be charged a small premium for insured deposits, that premium would be directed to an entirely offline wallet and used to offset losses in the event there was a breach resulting in a claim. 

If something like this were implemented then break ins wouldn't matter so much because they would never interrupt business, things could keep chugging along like normal.

Now obviously centralization in Bitcoin is a bad thing and even worse would be having something like this run by a single company.
This is why I mention a cooperative institution, because each member would have an equal voice.

The day to day executive functions would be handled much like any other business i.e a President, Vice President, Secretary, Treasurer etc.
The executive branch would be appointed by and serve at the pleasure of, a board of directors which would be comprised of long term well known members of the Bitcoin community.
The nominating and appointing of board members would be handled by a vote of the leadership of the member organizations.

There are a whole lot of other parts to this idea such as how to certify independent auditors and the like, but I'll leave it here for now as I gather feedback.
My long term plan is to invest significant resources into the Bitcoin eco-system and this is but one of many ideas.  If you like it let me know and I'll post more.

[1713554884]

1713554884

[1713554884]

1713554884

[1713554884]

1713554884

[CIYAM]

(Voting closes: August 24, 2012, 07:02:23 PM)

That date just happens to be my birthday.

I think this idea (or something similar) is indeed something that would benefit Bitcoin.

[JJJJust]

In the "real world" aka meat space, people generally don't have to worry about what would happen if someone stepped into their bank and robbed it.  
This is because most banks and many financial institutions offer deposit insurance against theft and/or financial collapse of the bank.  
I believe that implementing a version of that is a good idea and one that might help speed a wider acceptance of Bitcoin into everyday transactions.

You're right that people don't have to worry about it in the real world, but at the same time, the fund is mostly there for consumer and investor comfort and isn't expected to be tapped often.

In the real world of the US, most of the time when a bank fails it's not because of theft... and the failing institution is assumed by another institution so the cost to the FDIC deposit insurance fund is zero. I don't see that happening here with Bitcoin the moment since organizations don't have the ability to cover theft-related failures of another entity like that.

So, my concern is: Given the size of some of these Bitcoin depository "institutions" and the fact that "failures" lately seem to be one right after another, is it even likely that the fund would build up sufficient reserves to be able to provide a meaningful return to depositors?

[paraipan]

I like the idea, watching...

[molecular]

I read OP really fast, so tell me if I'm wrong, but as argued here, I think it's a good idea: https://bitcointalk.org/index.php?topic=79555.msg921330#msg921330

[ErebusBat]

So.. PCI+FDIC for bitcoin?

Who insures the fund?

[edd]

Personally, I'd trust a company more if they said "Our security and contingency plans have been audited by Organization XYZ and have earned their highest certification," where Organization XYZ is a well-known and trusted group of experts.

Just saying, "Your bitcoins are insured by the ABC Fund" doesn't instill as much confidence.

[isis]

You're right that people don't have to worry about it in the real world, but at the same time, the fund is mostly there for consumer and investor comfort and isn't expected to be tapped often.

In the real world of the US, most of the time when a bank fails it's not because of theft... and the failing institution is assumed by another institution so the cost to the FDIC deposit insurance fund is zero. I don't see that happening here with Bitcoin the moment since organizations don't have the ability to cover theft-related failures of another entity like that.

So, my concern is: Given the size of some of these Bitcoin depository "institutions" and the fact that "failures" lately seem to be one right after another, is it even likely that the fund would build up sufficient reserves to be able to provide a meaningful return to depositors?

The system would be there to "make whole", any depositor, not to bailout the institutions themselves.  I'm not proposing a system where one entity would assume the liabilities of another.  Instead it would be a sort of "shared risk" pool that all member organizations would participate in.  This would provide a rapid liquidity mechanism that could help stabilize the Bitcoin ecosystem in the case of a major break-in or a catastrophic collapse.

The co-operative would have fairly strict membership criteria. Compliance with the security, "best practices & audit requirements" would prevent 90% of the failures we've seen lately.  There is a vanishingly small, but non-zero probability that any entity which could meet the qualifications to join, would suffer any of the breeches we've seen lately.  

Furthermore, the pool funds should grow really quickly...  Assuming that the premium was 0.1% of incoming deposits (this could be paid by the institution or passed along as a fee to the account holder).
It would only take 100 days to fully back an institution that had a 1% churn rate.  In fact the higher the churn rate, the faster the institution is fully backed.

As a final condition of membership the co-operative could require a surety bond depending on the financial conditions of the potential member.
This bond could serve as a recourse of last resort in the unlikely event of a catastrophic collapse.

Another key feature is that it would be a distributed risk insurance.  Each member would be issued a unique "offline" wallet that would receive a pro-rata amount of the premiums. The premium is spread to these "issued wallets" , there would be no single wallet that would hold all pool funds.

The risk pool would be spread across n-1 separate wallets in geographically isolated locations with n being the size of the membership base.

If a break-in or collapse did occur, the member would be expected to report the break-in to the co-operative first.  
Upon notification of the event, the co-operative members would all be expected to make a pro-rata disbursement from their pool wallets.  
As a last resort the compromised members bond would be "called in", to provide a final back stop.

Thoughts?

[Ippolit]

I really don't like the idea of setting it up as one organization overseeing everyone. We don't need that kind of centralization IMO.

What about promoting an Intrade-like site to bet on defaults? You could have bets like "each share pays 10 BTC if MtGox defaults within the next 30 days" with a floating price, where people can either buy the shares, to insure themselves, or short them, if they think the price is above what the risk of default merits and think they can expect to earn a profit.

I think it could work for sites where account holder can expect to earn a profit, like GLBSE and Bitcoinica.

[isis]

I really don't like the idea of setting it up as one organization overseeing everyone. We don't need that kind of centralization IMO.

What about promoting an Intrade-like site to bet on defaults? You could have bets like "each share pays 10 BTC if MtGox defaults within the next 30 days" with a floating price, where people can either buy the shares, to insure themselves, or short them, if they think the price is above what the risk of default merits and think they can expect to earn a profit.

I think it could work for sites where account holder can expect to earn a profit, like GLBSE and Bitcoinica.

I don't see this as a central body, it wouldn't be "overseeing" everyone.  It's just a membership organization and would be totally optional.
There are significant benefits to giving users peace of mind that their Bitcoins will still be there tomorrow if there was a break in, and that other organizations have fully vetted you & your practices and believe them to be within industry best practices and standards.

I'm not quite sure I follow on the betting aspect.  Can you elaborate further?

[molecular]

maybe relevant thread "p2p insurance": https://bitcointalk.org/index.php?topic=84540.0

[TRUERELIGION]

I like the idea but I think it should be up to the exchange/deposit entity to provide refunds if they screw up themselves. There should be a better 'reserve-system' imo. And how are you going to handle claims? Let's say for example that one just transfers his coins to another address of his and claims fraud? I can't think of a way to actually verify that his coins got stolen. The best solution atm is more transparency, reserve capital and to trust the exchanges that are doing good business. The bad ones will blow up eventually over time, but so will some of the investors money...
But I agree, we need more security/infrastrucure to attract more capital and trade. Will subscribe if I find the button...

[molecular]

But I agree, we need more security/infrastrucure to attract more capital and trade. Will subscribe if I find the button...

no need to use the notify button. once you posted, you can click "show new replies to your posts" at the top to see new posts in this thread.

*ducks*