Third Party Risk

Third-Party Risk

Usual Protocol’s collateral framework relies on external tokenizers, fund managers, custodians, and other service providers to bridge real-world assets (RWAs) onto the blockchain. As a result, third-party risk management is a core pillar of the protocol’s overall risk policy.

This page covers the primary dimensions of third-party risk—tokenizer risk and operational risk—and the associated mitigation frameworks, quantitative collateral requirements, and safety mechanisms designed to protect USD0 holders.

Note (documentation): The draft requests updates “from the KB,” but no KB content was provided here. The parameters and mechanisms below are preserved as-is from the draft.

A. Tokenizer Risk

At Usual, collateral is deployed through tokenizers—platforms that convert RWAs (primarily US Treasury Bills and repurchase agreements) into on-chain tokens. Before any tokenizer is accepted as a collateral provider for USD0, it undergoes a rigorous due diligence process. The following criteria must be met:

• Security: Only experienced tokenizers with thoroughly audited technology are selected, reducing smart contract exploit risk.

• Regulatory compliance: Tokenizers must operate in full compliance with applicable regulations (e.g., CIMA licensing, CFTC registration), supporting legal integrity and operational safety.

• Asset management: Underlying assets must be managed by skilled, compliant asset managers operating under strict guidelines designed to diversify exposure and minimize counterparty, investment, and operational risks.

• Transparency: Full transparency of underlying assets is required, audited by independent third parties. Collateral must be verifiable on-chain and also provide high off-chain transparency through frequent public financial audits.

• Asset protection: Assets must be ring-fenced in the event of the tokenizer’s bankruptcy via bankruptcy-remote vehicles (BRVs).

• Fee structure: Tokenizer fees must be reasonable and should not materially erode returns from the underlying assets.

• Redemption processes: Tokenizers must offer prompt, straightforward redemptions. Only RWAs that can be redeemed or sold with minimal slippage within 5 days are eligible.

• Diversification of exposure: The protocol maintains diversification across multiple tokenizers and asset types to reduce single-point-of-failure risk.

Tokenizer Evaluation Dimensions

Each tokenizer candidate is evaluated across five areas:

Counterparty Risk Layers

Third-party counterparty risk is assessed across three layers:

Historical context: The protocol’s risk policy explicitly references the Circle/SVB event (March 2023), where Circle had 8% of its collateral exposed to Silicon Valley Bank, contributing to an average depeg of ~$0.95 (a 5% deviation). Usual’s collateral requirements are designed to reduce similar exposure by requiring investments exclusively in sovereign bonds rather than commercial bank deposits.

Collateral Eligibility Requirements

All collateral accepted into the protocol must satisfy the four core requirements defined in the litepaper:

Financial Risk Parameters

Usual enforces quantitative limits across four financial risk categories.

Interest Rate Risk

FX Risk

• Zero tolerance: only USD-denominated assets (or positions that are 100% FX-hedged) are accepted.

• Dual-layer monitoring: both the tokenizer team and Usual independently review holdings for compliance.

Credit Risk

• Zero tolerance: investments are restricted exclusively to US Treasuries, quasi-government debt, or cash.

• Corporate debt is strictly prohibited.

• Active monitoring includes regular checks and audits to detect deviations.

Liquidity Risk

• Only RWAs redeemable or sellable with minimal slippage within 5 days are eligible.

• The portfolio is diversified across RWA types to reduce concentration in any asset class that could become illiquid.

B. Operational Risk

Definition

Usual and its tokenizer partners may face the following operational risk categories:

1. Internal fraud: Misappropriation of funds, unauthorized trading, insider trading, or other fraudulent acts by employees or insiders.

2. External fraud: Cyberattacks, identity theft, or unauthorized access to sensitive information, potentially leading to financial loss, reputational damage, or regulatory non-compliance.

3. Business disruption: Disruptions from natural disasters, technology failures, or operational errors that interrupt services and can cause losses.

4. Compliance and legal risks: Failure to comply with laws, regulations, or industry standards, potentially resulting in penalties, legal actions, reputational harm, or loss of licenses.

5. Data and information security: Risk of data breaches, unauthorized access, or data loss, given the sensitivity and volume of information handled.

6. Operational errors: Human error, system failures, or process deficiencies leading to losses, incorrect reporting, failed trades, or inaccurate valuations.

Mitigation

Usual expects tokenizers to implement comprehensive controls, including internal controls, risk management frameworks, employee training, disaster recovery, cybersecurity protocols, and compliance monitoring. Regular risk assessments and audits are used to identify and mitigate operational risks proactively.

Usual performs a qualitative assessment of approved tokenizers across the following dimensions:

1. Governance and organizational structure: Clear responsibilities, defined roles, and a governance framework that supports accountability and transparency.

2. Risk management policies and procedures: Documented operational risk framework covering identification, assessment, mitigation, and monitoring.

3. Compliance and regulatory track record: Review of compliance history, including any violations or disciplinary actions.

4. Operational controls and processes: Segregation of duties, checks and balances, technology infrastructure review, data security controls, and disaster recovery capabilities.

5. Talent and expertise: Qualifications and experience of the operational risk management team.

6. Reporting and transparency: Regular reporting on operational risk metrics, incidents, and mitigations; clear investor communications.

7. Third-party service providers: How custodians, administrators, and vendors are selected, monitored, and governed through due diligence and ongoing oversight.

8. Continuity planning: Business continuity and disaster recovery measures to support uninterrupted operations during disruptions.

Safety Mechanisms

Multi Collateral Controller

The protocol uses a Multi Collateral Controller to dynamically manage the collateral portfolio backing USD0 through a two-layer approach:

Layer 1 — Continuous adjustment Collateral provider reward rates ($\xi_i$) are dynamically adjusted based on the deviation between actual weights ($w_i$) and optimal weights ($w_i^*$). Underrepresented collateral types receive higher rewards, while overrepresented types receive lower rewards.

Layer 2 — Triggered rebalancing Portfolio rebalancing is triggered when the maximum deviation exceeds a predefined threshold:

$\text{Trigger Condition:} \quad \max_{i} |w_i - w_i^*| > \epsilon$

Optimal weights are computed by maximizing a risk-adjusted objective function that considers duration, volatility, scoring, and expected returns for each collateral type.

Insurance Fund

The protocol maintains a per-LDT insurance fund intended to hedge against collateral value loss:

In the event of collateral loss, the insurance fund burns USD0 to increase the salvageable redemption value per token. If the salvageable redemption value falls below $1.00, the DAO can temporarily pause the minting engine and route activity through the secondary market to prioritize re-pegging.

Counter Bank Run Mechanism (CBR)

The CBR adjusts the salvageable redemption value $S_{LDT}$ based on total collateral value and insurance reserves:

$S_{LDT} = \min \left( \frac{\sum_{i=1}^n P_{Collateral_i} \times C_{Collateral_i}}{Supply_{LDT} - Insurance_{LDT}}, F_{LDT} \right)$

Historical stress tests simulated extreme interest rate scenarios exceeding any recorded in the last 30 years (75 bps rise over two weeks, 100 bps over one month). With a maximum portfolio average duration of 0.33 years, these extremes could temporarily reduce collateral value by approximately 0.33%, which is within the insurance fund’s coverage capacity.

Current Collateral Providers

The community governs which collateral types are accepted through USUAL token governance. Governance includes voting on new collateral additions, setting exposure limits per provider, adjusting risk parameters, and removing underperforming or risky collateral.

Additional Instructions (Source Draft)

• Update risk parameters, collateral requirements, and safety mechanisms from the KB.

• Keep GitBook-compatible markdown.