The Downside of Programmable Money

Software bugs aren’t the half of it, says Steven Kelly of Yale in a Q&A with CoinDesk. “You can’t preprogram the exigencies of a crisis.”

AccessTimeIconNov 30, 2021 at 5:27 p.m. UTC
Updated May 11, 2023 at 5:19 p.m. UTC
Layer 2
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

If smart contracts, the self-executing financial agreements that have drawn hundreds of billions of dollars in investment to blockchain networks, seem magical, then maybe it’s time to rewatch “The Sorcerer’s Apprentice.”

In the iconic segment of Disney’s 1940 animated film “Fantasia,” Mickey Mouse plays the titular character who learns a hard lesson about the dangers of automation. To avoid the drudgery of carrying buckets of water down castle stairs to fill a cauldron, Mickey dons his master’s magic hat and animates a broom to do his chore for him. The rodent dozes off, then awakens to find the anthropomorphic broom has been following his instructions all too literally, with disastrous results.

This article is part of Future of Money Week, a series exploring the varied (and sometimes weird) ways value will move in the future.

Skeptics of the idea of programmable money see similar risks in entrusting financial activities to code.

For one thing, hackers have drained some $685 million from various decentralized finance (DeFi) systems over the last 18 months, according to The Block, showing that at a minimum code needs to be thoroughly inspected before deployment.

Yet, to Steven Kelly, a research associate at the Yale Program on Financial Stability, software bugs aren’t the half of it.

While cryptocurrency was born partly as a rebellion against the bailouts that followed the financial crisis of 2008, Kelly sees the ultimate lesson of that era as the need for the discretion that smart contracts remove.

CoinDesk recently chatted with Kelly about why he thinks programmable money is a boon during normal times, why it could create problems in market calamities and the difficulty of creating “kill switches’' for when things go awry. A lightly edited transcript of that conversation follows.

CoinDesk: When you consider the idea of programmable money, contracts that are set out in code rather than executed by humans, what do you see as the potential benefits? And what do you see as the downsides?

Steven Kelly: It’s sort of my natural inclination to split things into peacetime versus crisis time.

In peacetime, this is an unequivocal good. You’re just talking about faster, cheaper payments [and] less discretion, which means less room for human biases, less room for human error. Of course, this introduces all the [risk] of coding errors and protocol vulnerabilities, but since we’re talking about the future of money, we’re kind of assuming that gets worked out. And so you have the potential to streamline things, have payments happen when they’re supposed to happen, as opposed to “after forms get filled out and people press buttons and so-and-so gets back from vacation and remembers to return your call” and things like that.

There’s a huge potential in financial markets, as well. For instance, part of the disruption of March 2020 was literally people just going into their home offices where it’s a different phone number, and the trades just weren’t happening as quickly because people literally weren’t answering phones. Those kinds of things can happen in peacetime, too, because somebody’s on vacation or just because legacy systems are slower. [Processes] can be quickened and made more efficient, and you reduce the cost, basically, of the float.

But in crisis time, I get nervous. I get nervous about this idea because I’m dubious of the notion that you can pre-program all the exigencies that may occur in a crisis cycle.

In my Twitter thread from Sept. 21 on the systemic risk of smart contracts, for instance, some of the pushback [amounted to], “We in crypto, we programmers, we’re thinking about this, and we know that we need central actors, sometimes, in crisis. We can code in certain contingencies when certain things happen in the market, outside of, you know, x range or whatever.”

And I just don’t buy that at all. I believe what they’re saying. I don’t believe it’s enough.

The stock market peak in 2007 was after the failure of the Bear Stearns hedge funds [one of the earliest signs that the U.S. subprime mortgage market was unraveling]. You just can’t program in, “OK, if the market’s doing this, then this is going to happen.” You can, to some degree, but you’re always going to miss the next crisis. You can’t preprogram the exigencies of a crisis.

We as a society have decided, when it’s war time we sort of let these failures slide, they sort of have a public good purpose. Like I had mentioned in my thread, banks used to just stop giving you your money back in a crisis. You’d go to get your deposit and they would say, “sorry.” That was not legal. It was never legal. And when this went to court [for example, in 1857, in the case of Livingston v. Bank of New York], the courts basically just said, “Well, if everybody’s doing it, then we’re not going to let one bank be charged for this.” Because basically the courts understood the exigencies of a crisis. And we sort of let illegal things happen for the greater systemic good. And that’s the kind of discretion that is sort of antithetical to smart contracts and programmable money.

Read more: The Future of Money: A History - Dan Jeffries

Yet, if these exigencies aren’t programmed in, and people get their money out, doesn’t that get us through the crisis faster? Wouldn’t it be better to just force us to rip the Band-Aid off?

No, that’s just incredibly costly. There are incredible costs to financial crises and bankruptcies and disruptions to the financial system functioning. Because we can say, “This is a bad bank, we want it to go away, we want a good bank to come up in its place.” But in the time between a good bank, with lots of information about customers, failing, and a new bank arising, and re-gathering all that information about those customers and they can then make loans ... that’s incredibly damaging [to have a lapse in lending activity]. So we want to let those banks fail if they’re insolvent, but we don’t want to do that like that [snaps fingers]. If Lehman could have failed over the course of a year, that would have been great. At least in isolation, it would have calmed [the markets].

That being said, I think there is some nuance to this. Because another thing that happens in a crisis is that once an institution is stigmatized, or maybe they’re the main focus of the media as an institution that’s going to falter, they start getting collateral calls. Let’s say you’re Bear Stearns and you’re in the news now and your liquidity is in question. If I’m a counterparty to Bear Stearns, nothing has necessarily changed in the market other than I’m hearing this news about Bear Stearns. I’m going to go to Bear Stearns and say, “Hey, you know what? I don’t like your marks. Now I want a little bit more collateral.” And if you’re Bear Stearns and you refuse, well, then the next headline is “BEAR STEARNS CAN’T MAKE COLLATERAL CALL.”

And the news story will cite “people familiar with the situation.”

Right! [Laughs] So there’s an advantage to smart contracts here. This is the other side of it. Bear can say, “Well, our smart contract’s handling that. Nothing has changed in the market, our [credit default swap] is here, and the collateral is here, so this is what the margin call is, and you can’t refute that.” So there’s this sort of give-and-take, because as soon as a player is weak, markets will say, “Okay, let’s get some collateral from them, because we know they can’t refuse. And let’s stop paying our margin calls on our other trades with them [where] we owe them some collateral, and let’s conserve our collateral. And let’s just start making calls and make sure they can still meet those calls.”

Is there any kind of a hybrid model that you could foresee where you would get these benefits in normal times, while mitigating the downsides in times of stress?

You know, it’s really hard because, like I said, none of this is formalized. We sort of let illegal things happen. No one is going to formalize, “when [Federal Reserve Chairman Jerome] Powell says it’s okay to do illegal things, you can do illegal things”! So it’s very hard to formalize ex ante. So I just worry that [a crisis involving smart contracts] will unfold too fast, ex post [facto], before we can be ready for it.

I don’t want to stifle this innovation either. And I think there are huge benefits to be had. I want the central bank and others to be able to keep up, and these financial institutions. That’s the other thing: It’s not just crisis-fighter discretion. It’s crisis fighters within private institutions. It’s Goldman Sachs who gets to choose to ignore emails and not answer phone calls. And we kind of like that as a society.

A lot of the conversation now with programmability has to do with central bank digital currencies (CBDC). Couldn’t presumably a central bank have some kind of a kill switch, so contracts would be automated but there would be a “break the glass” option?

This is another thing that comes up even from DeFi folks. They say, “we have some sort of centralization in a crisis. Put in somebody who’s operating a kill switch, and they only get this discretion in a crisis.” But the problem, and this is a little bit of an irony, is that you need some decentralization. Yes, you can give that kill switch to the Fed. But Goldman is never going to go to the Fed and say, “Hey, we really can’t make a margin call today. Can you flip the kill switch on Citigroup for 48 hours and buy us some time?” That’s never going to happen. But if Goldman does it, then we all just kind of look the other way. And, and we say, “oh, you know, the marks were bad.”

Even accounting itself can be complicated, because stuff that’s marked to market all the time, it’s been marked to the price it’s trading at, in a crisis, all of a sudden [the banks holding the assets] will say, “You know? We’re not going to mark this to market any more, we’re going to re-evaluate this.” We see huge chunks of assets move from the trading book to the held-to-maturity book, which are accounted for differently. Another thing we see is [assets classified as] Level 1, which is “we take a market price, and that’s how we keep it on our books,” move it into Level 3, which is like mark-to-model. “We decided that the prices aren’t representative and we want to mark [the asset] to our model.”

The other thing that happens is the FASB [Financial Accounting Standards Board] comes out and says, “You know what? You guys don’t have to mark it to market so much. Don’t worry about it. If it’s illiquid, we’re going to change our standards. Here’s some new guidance.” And all that gets lost, you know, if it’s all pre-programmed.

Like I said, even in a crisis, there are pros and cons to this. Because in a purely programmed world you can’t prey on the weak advantageously as a counterparty, but also the strong can’t further draw a moat around themselves.

UPDATE (Dec. 1, 18:52 UTC): Fixes typo in sixteenth paragraph.

More from Future of Money Week

(Kevin Ross/CoinDesk)
(Kevin Ross/CoinDesk)

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Marc Hochstein

Marc Hochstein is the executive editor of Consensus, CoinDesk's flagship event. He holds BTC above CoinDesk's disclosure threshold of $1K and de minimis amounts of other digital assets (details on profile page).


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.