# Third Party Risk ### Third-Party Risk Usual Protocol’s collateral framework relies on external tokenizers, fund managers, custodians, and other service providers to bridge real-world assets (RWAs) onto the blockchain. As a result, third-party risk management is a core pillar of the protocol’s overall risk policy. This page covers the primary dimensions of third-party risk—**tokenizer risk** and **operational risk**—and the associated mitigation frameworks, quantitative collateral requirements, and safety mechanisms designed to protect **USD0** holders. > Note (documentation): The draft requests updates “from the KB,” but no KB content was provided here. The parameters and mechanisms below are preserved as-is from the draft. *** ## A. Tokenizer Risk At Usual, collateral is deployed through **tokenizers**—platforms that convert RWAs (primarily **US Treasury Bills** and **repurchase agreements**) into on-chain tokens. Before any tokenizer is accepted as a collateral provider for USD0, it undergoes a rigorous due diligence process. The following criteria must be met: * **Security**: Only experienced tokenizers with thoroughly audited technology are selected, reducing smart contract exploit risk. * **Regulatory compliance**: Tokenizers must operate in full compliance with applicable regulations (e.g., **CIMA licensing**, **CFTC registration**), supporting legal integrity and operational safety. * **Asset management**: Underlying assets must be managed by skilled, compliant asset managers operating under strict guidelines designed to diversify exposure and minimize counterparty, investment, and operational risks. * **Transparency**: Full transparency of underlying assets is required, audited by independent third parties. Collateral must be verifiable on-chain and also provide high off-chain transparency through frequent public financial audits. * **Asset protection**: Assets must be ring-fenced in the event of the tokenizer’s bankruptcy via **bankruptcy-remote vehicles (BRVs)**. * **Fee structure**: Tokenizer fees must be reasonable and should not materially erode returns from the underlying assets. * **Redemption processes**: Tokenizers must offer prompt, straightforward redemptions. Only RWAs that can be redeemed or sold with minimal slippage within **5 days** are eligible. * **Diversification of exposure**: The protocol maintains diversification across multiple tokenizers and asset types to reduce single-point-of-failure risk. *** ### Tokenizer Evaluation Dimensions Each tokenizer candidate is evaluated across five areas: | Area | Key factors | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | **Structuring & Regulation** | Issuing entity, jurisdiction, regulatory framework, bankruptcy-remote structuration | | **Product Description** | Issuance/redemption timelines, accepted currencies, token characteristics (accumulative vs. distributive), compatible blockchains, fee structure | | **Asset & Management** | TVL, token structuring, custody setup, investment policy details | | **Risk Policy** | Technical and smart contract audits, conflicts of interest, derivatives usage, counterparty risk, recovery procedures | | **Security Requirements** | Audit history, regulatory compliance, ring-fenced assets, reasonable fees, prompt redemption | *** ### Counterparty Risk Layers Third-party counterparty risk is assessed across three layers: | Layer | Risk | Mitigation | | -------------------- | --------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | | **Tokenizer** | Platform failure, smart contract exploit, bankruptcy | BRVs, independent audits, periodic performance reviews, diversification across multiple tokenizers | | **Fund Manager** | Poor investment decisions, regulatory violations, operational failure | Regulated fund managers with proven track records; regular assessment of decisions and compliance history | | **Bank / Custodian** | Institutional failure (e.g., SVB, Lehman Brothers) | Highly rated institutions (e.g., BNY Mellon with **AA- via DTCC**); diversified banking relationships; contingency plans | > **Historical context**: The protocol’s risk policy explicitly references the Circle/SVB event (March 2023), where Circle had 8% of its collateral exposed to Silicon Valley Bank, contributing to an average depeg of \~$0.95 (a 5% deviation). Usual’s collateral requirements are designed to reduce similar exposure by requiring investments exclusively in **sovereign bonds** rather than commercial bank deposits. *** ## Collateral Eligibility Requirements All collateral accepted into the protocol must satisfy the four core requirements defined in the litepaper: | Requirement | Standard | | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Fully collateralized** | 100% collateralized with no leverage. Fractional reserve risk (as in traditional banking) and any form of leverage that could lead to collateral loss are explicitly excluded. | | **Low risk** | Invested exclusively in liquid **US Treasury Bills**—the lowest-risk yield-generating asset class. **Sovereign bonds only**; **corporate debt is strictly prohibited**. | | **Transparent** | Verifiable on-chain in real time, with frequent off-chain public financial audits. No reliance on periodic attestations. | | **Liquid** | Portfolio duration must remain below **0.33 years** (\~4 months). Collateral with duration above this threshold is ineligible. Must be redeemable within **5 days** with minimal slippage. | *** ### Financial Risk Parameters Usual enforces quantitative limits across four financial risk categories. #### Interest Rate Risk | Defense line | Parameter | | ------------ | ------------------------------------------------------------------------------------------------------------------------------------ | | **First** | Individual RWA duration < **0.5 years**; portfolio average duration ≤ **0.33 years** | | **Second** | Continuous monitoring with a tolerance threshold of **0.25 years** for passive deviations | | **Third** | Corrective measures: duration adjustment (selling/redeeming higher-duration RWAs), withdrawal restrictions, insurance fund increases | #### FX Risk * **Zero tolerance**: only USD-denominated assets (or positions that are **100% FX-hedged**) are accepted. * Dual-layer monitoring: both the tokenizer team and Usual independently review holdings for compliance. #### Credit Risk * **Zero tolerance**: investments are restricted exclusively to **US Treasuries**, **quasi-government debt**, or **cash**. * **Corporate debt is strictly prohibited.** * Active monitoring includes regular checks and audits to detect deviations. #### Liquidity Risk * Only RWAs redeemable or sellable with minimal slippage within **5 days** are eligible. * The portfolio is diversified across RWA types to reduce concentration in any asset class that could become illiquid. *** ## B. Operational Risk ### Definition Usual and its tokenizer partners may face the following operational risk categories: 1. **Internal fraud**: Misappropriation of funds, unauthorized trading, insider trading, or other fraudulent acts by employees or insiders. 2. **External fraud**: Cyberattacks, identity theft, or unauthorized access to sensitive information, potentially leading to financial loss, reputational damage, or regulatory non-compliance. 3. **Business disruption**: Disruptions from natural disasters, technology failures, or operational errors that interrupt services and can cause losses. 4. **Compliance and legal risks**: Failure to comply with laws, regulations, or industry standards, potentially resulting in penalties, legal actions, reputational harm, or loss of licenses. 5. **Data and information security**: Risk of data breaches, unauthorized access, or data loss, given the sensitivity and volume of information handled. 6. **Operational errors**: Human error, system failures, or process deficiencies leading to losses, incorrect reporting, failed trades, or inaccurate valuations. ### Mitigation Usual expects tokenizers to implement comprehensive controls, including internal controls, risk management frameworks, employee training, disaster recovery, cybersecurity protocols, and compliance monitoring. Regular risk assessments and audits are used to identify and mitigate operational risks proactively. Usual performs a qualitative assessment of approved tokenizers across the following dimensions: 1. **Governance and organizational structure**: Clear responsibilities, defined roles, and a governance framework that supports accountability and transparency. 2. **Risk management policies and procedures**: Documented operational risk framework covering identification, assessment, mitigation, and monitoring. 3. **Compliance and regulatory track record**: Review of compliance history, including any violations or disciplinary actions. 4. **Operational controls and processes**: Segregation of duties, checks and balances, technology infrastructure review, data security controls, and disaster recovery capabilities. 5. **Talent and expertise**: Qualifications and experience of the operational risk management team. 6. **Reporting and transparency**: Regular reporting on operational risk metrics, incidents, and mitigations; clear investor communications. 7. **Third-party service providers**: How custodians, administrators, and vendors are selected, monitored, and governed through due diligence and ongoing oversight. 8. **Continuity planning**: Business continuity and disaster recovery measures to support uninterrupted operations during disruptions. *** ## Safety Mechanisms ### Multi Collateral Controller The protocol uses a Multi Collateral Controller to dynamically manage the collateral portfolio backing USD0 through a two-layer approach: **Layer 1 — Continuous adjustment**\ Collateral provider reward rates ($\xi\_i$) are dynamically adjusted based on the deviation between actual weights ($w\_i$) and optimal weights ($w\_i^\*$). Underrepresented collateral types receive higher rewards, while overrepresented types receive lower rewards. **Layer 2 — Triggered rebalancing**\ Portfolio rebalancing is triggered when the maximum deviation exceeds a predefined threshold: $$\text{Trigger Condition:} \quad \max\_{i} |w\_i - w\_i^\*| > \epsilon$$ Optimal weights are computed by maximizing a risk-adjusted objective function that considers duration, volatility, scoring, and expected returns for each collateral type. *** ### Insurance Fund The protocol maintains a per-LDT insurance fund intended to hedge against collateral value loss: | Parameter | Value | | ---------------------- | ------------------------------------------------------------ | | **Accrual rate** | \~20% of yield (set by DAO) | | **Maximum cap** | 0.33% to 5.33% of all USD0, based on historical VAR analysis | | **Replenishment time** | \~24 days (at 0.33-year avg. duration and 5% coupon rate) | In the event of collateral loss, the insurance fund burns USD0 to increase the salvageable redemption value per token. If the salvageable redemption value falls below $1.00, the DAO can temporarily pause the minting engine and route activity through the secondary market to prioritize re-pegging. *** ### Counter Bank Run Mechanism (CBR) The CBR adjusts the salvageable redemption value $S\_{LDT}$ based on total collateral value and insurance reserves: $$S\_{LDT} = \min \left( \frac{\sum\_{i=1}^n P\_{Collateral\_i} \times C\_{Collateral\_i}}{Supply\_{LDT} - Insurance\_{LDT}}, F\_{LDT} \right)$$ Historical stress tests simulated extreme interest rate scenarios exceeding any recorded in the last 30 years (75 bps rise over two weeks, 100 bps over one month). With a maximum portfolio average duration of 0.33 years, these extremes could temporarily reduce collateral value by approximately **0.33%**, which is within the insurance fund’s coverage capacity. *** ## Current Collateral Providers | Provider | Asset | Key Infrastructure | Regulatory Status | | ---------------------- | ---------------------------------- | ----------------------------------------------------------------- | ------------------------------ | | **Hashnote** (primary) | USYC — reverse repos & US T-Bills | Custody: BNY Mellon · Prime Broker: Marex · Auditor: Cohen and Co | CIMA Licensed, CFTC Registered | | **M0 Foundation** | M — tokenized money market | — | — | | **Superstate** | USTBL — US Treasury Bills | — | SEC-regulated | | **Circle** | USDC — indirect minting collateral | — | — | The community governs which collateral types are accepted through **USUAL** token governance. Governance includes voting on new collateral additions, setting exposure limits per provider, adjusting risk parameters, and removing underperforming or risky collateral. ***