LlamaRisk.

Asset Risk Assessment - Monerium (EURE)

evmknows
evmknows

A risk assessment of e-money, the Monerium (EURe) stablecoin, and its risks for Curve LPs

This research was spearheaded by @evmknows and was funded by the Curve DAO. The research is meant to inform users of risks associated with the platforms researched, and should not be used standalone to make investment decisions. The author holds no ANGLE tokens or Monerium equity.

Useful links

Website
Documentation
Github
Gauge request

Abstract

In this asset risk assessment, we will cover the EURe stablecoin issued by Monerium prompted by the request to deploy an agEUR/EURe gauge. Since the stablecoin is issued under the strict regulatory requirements imposed by the e-money directive we decided to elaborate on the concept of e-money and its regulations. If you are familiar with the latter and only interested in the Monerium review you can skip to that section by clicking here.

A quick TL;DR of our findings:

  • Monerium offers a EURe stablecoin which can be on- and off-boarded using an IBAN (International Bank Account Number). When registering with Monerium you get a personal IBAN that you can fund in order to receive EURe on your on-chain wallet. In the same way, you can off-board EURe by funding your on-chain wallet and sending the EURe via the Monerium app to an IBAN. By doing that the EURe is directly burnt from your wallet.
  • Monerium is regulated as an electronic money institution (EMI) for the issuance of e-money.
  • An EMI must meet a number of regulatory requirements, such as over-collateralization of the reserves with at least €350k or 2% (whichever is greater) based on the outstanding issued amount of e-money, segregating the EMIs funds and reserves by using different custodians and investing the reserves into secure, low-risk assets denominated in euro.
  • We identified two centralization vectors in the Monerium smart contracts that allow infinite mints of EURe. We communicated our concerns to the team and were able to work out solutions to mitigate these issues. According to Monerium, these will be implemented with high urgency in the coming weeks.

What is e-money?

In the context of European regulation (e-money directive 2), e-money (electronic money) represents a blanket term for any "electronic store of value ... that can be widely used to make payments to entities other than the e-money issuer." (ECB, 1998). Here, an "electronic store of monetary value on a technical device" can be understood as the digitization of an asset such as cash or bank deposits. To obtain an EMI license, explicit approval by the European central bank (ECB) and a national financial services supervisory authority like the German BaFin e.g. is required. Furthermore, an EMI must meet a number of regulatory requirements to be allowed to issue e-money, these include:

From an end-user perspective, the notion of e-money and the associated regulations may seem new. However, a person living in the EU is most likely already using e-money on a regular basis without even realizing it. A classic example of an EMI is PayPal, whose euro offerings are regulated as e-money.

What is it backed by?

As per Article 7(1) of the e-money directive an EMI is obliged to safeguard the reserves backing the e-money in accordance with Article 9(1) and (2) of the payment services directive 1.

Article 9(1) of the payment services directive

(a) they shall not be commingled at any time with the funds of any natural or legal person other than payment service users on whose behalf the funds are held .. and they shall be deposited in a separate account in a credit institution or invested in secure, liquid low-risk assets as defined by the competent authorities of the home Member State;

(b) they shall be insulated in accordance with national law in the interest of the payment service users against the claims of other creditors of the payment institution, in particular in the event of insolvency;

or

(c) they shall be covered by an insurance policy or some other comparable guarantee from an insurance company or a credit institution, which does not belong to the same group as the payment institution itself .. payable in the event that the payment institution is unable to meet its financial obligations.

Article 9(2) of the payment services directive

Where a payment institution is required to safeguard funds .. to be used for future payment transactions .. shall also be subject to the requirements under paragraph 1. Where that portion is variable or unknown in advance, Member States may allow payment institutions to apply this paragraph on the basis of a representative portion assumed to be used for payment services provided such a representative portion can be reasonably estimated on the basis of historical data to the satisfaction of the competent authorities.

In layman's terms: The buffer to meet the daily redemptions e.g. needs to be safeguarded in accordance with the same requirements as laid out in paragraph 1.

To summarize the above: The EMI is obliged to hold all reserves in a bank account segregated from the EMI or have these invested into secure, low-risk assets, or have the reserves covered by an insurance policy.

Now the last outstanding question is probably, what exactly are secure, low-risk assets? For that we have to look at paragraph 2 of Article 7 (EMD):

For the purposes of paragraph 1, secure, low-risk assets are asset items falling into one of the categories set out in Table 1 of point 14 of Annex I to Directive 2006/49/EC of the European Parliament and of the Council of 14 June 2006 on the capital adequacy of investment firms and credit institutions (10) for which the specific risk capital charge is no higher than 1,6 %, but excluding other qualifying items as defined in point 15 of that Annex.

For the purposes of paragraph 1, secure, low-risk assets are also units in an undertaking for collective investment in transferable securities (UCITS) which invests solely in assets as specified in the first subparagraph.

Table 1 of point 14 of Annex I to the Capital Adequacy Directive reads, as far as relevant:

Debt securities issued or guaranteed by central governments, issued by central banks, international organisations, multilateral development banks or Member States' regional government or local authorities which would qualify for credit quality step 1 or which would receive a 0 % risk weight under the rules for the risk weighting of exposures under Articles 78 to 83 of Directive 2006/48/EC.

RISK CHARGE: 0%

Debt securities issued or guaranteed by central governments, issued by central banks, international organisations, multilateral development banks or Member States' regional governments or local authorities which would qualify for credit quality step 2 or 3 under the rules for the risk weighting of exposures under Articles 78 to 83 of Directive 2006/48/EC, and debt securities issued or guaranteed by institutions which would qualify for credit quality step 1 or 2 under the rules for the risk weighting of exposures under Articles 78 to 83 of Directive 2006/48/EC, and debt securities issued or guaranteed by institutions which would qualify for credit quality step 3 under the rules for the risk weighting of exposures under point 28, Part 1 of Annex VI to Directive 2006/48/EC, and debt securities issued or guaranteed by corporates which would qualify for credit quality step 1 or 2 under the rules for the risk weighting of exposures under Articles 78 to 83 of Directive 2006/48/EC.

RISK CHARGE:

0,25 % (residual term to final maturity 6 months or less)

1,00 % (residual term to final maturity greater than 6 and up to and including 24 months)

1,60 % (residual term to final maturity exceeding 24 months)

Excursus: A risk capital charge is a measure of the amount of money that a financial institution is required to hold in reserve in order to protect itself and its creditors against the possibility of losses on its investments or other activities. This capital is often referred to as "risk-weighted" because it is based on the level of risk associated with various assets or institutions.

Without going into the details of what step 1-3 under the rules of risk weighting exactly means and how it is calculated, we will boil down the variation of possible and relevant secure and low-risk liquid assets to the table below for the sake of simplicity:

Debt securities issued or guaranteed by central governments, issued by central banks, international organisations, multilateral development banks or Member States' regional government or local authorities. For example government bonds.

With a risk capital charge of 0% which equals a AAA to AA- rating.

The same type of debt securities as before but with a risk capital charge of 0.25% to 1.6% which equals A+ to BBB- rating.
or debt securities issued by AAA to A-rated financial institutions
or debt securities issued by AAA to A-rated corporates

Reference for the rating scale with regard to the credit quality step

A third option is UCITS funds, which invest in the very same assets as specified above. This could be a fund vehicle provided by asset managers (like BlackRock) that can be used by an EMI to "outsource" the operations behind managing the reserves.

Risk Summary E-money:

It is important to note that there are residual risks associated with e-money, such as defaulting governments or banks. Although EMIs operate under heightened regulatory scrutiny, technology is rapidly developing, and therefore requires regulators to continually adapt to an ever-evolving landscape. Nonetheless, considering that an EMI is likely banking with systemically important banks and investing in AAA-rated government bonds, the remaining risks have significant regulatory oversight. In certain regards, EMIs introduce additional operational risk since their products are built on top of other financial institutions.

If we disregard these unquantifiable operational risks, which could e.g involve malicious conspiracy, the counterparty credit risk could, under certain circumstances, be even lower than with banks.

In the case of Monerium:

  • As opposed to the fractional reserve banking system, e-money is over-collateralized 2% in excess of the outstanding issued e-money.
  • Most holdings are invested into high-quality liquid assets, whereby the reserves are also segregated from the EMI, and only the necessary amount is kept at a bank to meet regular withdrawals.
  • Government bonds are secured through the ability of the government to tax its citizens, while banks do not have such an option and solely rely on trust, both in customers and risk management.
  • Reduced risk from diversification in multiple government bonds.

All of these factors combined can make the case for (e)-money that provides better protections to consumers than demand deposits. However, it is worth noting that such assumptions stand and fall with transparency efforts from the EMI.

Monerium

Similar to Circle, Monerium is a TradFi-rooted stablecoin provider that, to date, is the only issuer of on-chain euro regulated as e-money under the e-money directive (2009/110/EC). As previously discussed, e-money is always redeemable at par value and is issued under the premise of strict reserves safeguarding measures. For now, Monerium offers only the euro stablecoin, however other currencies will be added in the future. Like the euro, these will be following (as possible) the same high standards of the EMD regardless of the jurisdiction.

How does it work?

First, a customer needs to register at https://monerium.com/ and go through the KYC process to finish the registration. After successful KYC, the customer receives a bank number (IBAN) that can then be connected to a corresponding on-chain address. This is achieved by signing a message which proves the ownership of the on-chain address. Once this is done, the customer can send euros to their IBAN via the SEPA Instant scheme for example. Subsequently, the equivalent amount of EURe will be credited to their on-chain wallet within 1-2 minutes.

In a similar manner, EURe can be off-boarded. For that, a user needs to hold EURe on the on-chain address which corresponds to his IBAN. He then initiates the withdrawal process to a bank account, whereupon an equivalent amount is automatically burned from the on-chain wallet.

Currently, the process of burning/withdrawing the stablecoins is being manually bapproved for amounts higher than low 3 figures. The Monerium team says this process will be scaled in the future to allow automatic withdrawals up to a certain threshold and will be cleared within seconds through SEPA Instant.

Furthermore, Monerium plans to allow users to change the on-chain redemption address for enhanced privacy of its customers.

Regulatory & Legal

Monerium is an authorised electronic money institution, granted authorization to issue electronic money according to Act no. 17/2013, on issuance and handling of electronic money, Icelandic Act implementing Directive 2009/110/EC. Monerium provides its services online but its registered office is at Bjargargata 1, 102 Reykjavík, Iceland (Company number 5711100240). The company is supervised by the Financial Supervisory Authority of the Central Bank of Iceland. (See here for further information)

Additional regulatory requirements (Markets in Crypto Assets Regulation - MiCA) are currently in the works which would impose further obligations on fiat-referenced tokens (e-money tokens). According to MiCA, such tokens should not only adhere to the EMD but also adhere to requirements such as diligent marketing, disclosure of risks, prohibition of interest, and more. Currently, MiCA is not yet in force, however, this is expected to happen sometime around Q1 2023, after which it will come into effect in 2024 when implemented by the member states of the EU. In this regard, Monerium is already compliant with future regulations by issuing their euro stablecoin under the EMD.

Beyond the 1B Eur mark of issued e-money among other conditions for the classification of e-money tokens as "significant", there are additional obligations to be considered under MiCA.

These additional obligations emphasize enhanced safeguarding measures such as due diligence to select a reasonable and appropriate partner bank for the custody of the funds. Other noteworthy requirements include:

Since Monerium operates as a regulated entity it is obliged to comply with law enforcement agencies and regulators. This means that, as with other centralized stablecoins, Monerium can blacklist any address from transferring. In that regard, we asked specifically what would happen if a hacker deposited or swapped into a Monerium pool - Would the pool contract be blacklisted? And should LPs worry about clawbacks? The answer was no since it's technically and practically impossible to carry out proper clawbacks in DeFi as there is no possibility to revise transactions without breaking the entire stablecoin system.

Review / Smart Contracts

While we were able to determine that Monerium has an EMI license and thus must comply with strict safeguarding requirements, we still have to emphasize the importance of trust assumptions that apply in this case. Currently, there are no publicly available proof-of-reserves attestations, audits or similar documents. Moreover, there were no smart contract audits provided for Monerium's EURe contracts. However, we decided to analyze the contracts ourselves, specifically looking for centralization vectors and elevated rights.

What we found was the following:

Though all of these findings are technically non-critical for Monerium since (for now) withdrawals above a low 3-figure amount are manually reviewed, they still pose critical risks for EURe LPs. By being able to infinitely mint EURe and sell into the pool, it is possible (for the EOA or the SystemAccount) to rug LPs.

After identifying the above, we reached out to the Monerium team to discuss the issues and how they could potentially be resolved. The result of this discussion was satisfactory in the sense that we were able to identify solutions to mitigate these issues. We were promised that these will be implemented in the coming weeks:

  • Replace the owner of the EURe contract with a multi-sig
  • Keep the SystemAccount as an EOA (for operational reasons > automating mints/burns), however implementing changes into the controller that would put a limit on how much EURe can be minted. This would greatly reduce the repercussions of a compromised SystemAccount.
  • Hire an auditor to review the smart contracts
  • Publish regular proof-of-reserves attestations from an auditor or through other ways

We will monitor the deliveries in the coming weeks and will notify the DAO should Monerium fail to fulfill their promises.

Conclusion:

In principle, the stringent regulatory framework under which Monerium operates provides a sound foundation for a stablecoin. However, at this point, there are still a few issues to work through to reduce the non-negligible operational risks.

As for the risks regarding the elevated rights within the EURe contracts, these will be mainly confined within the powers of the multi-sig, yet to be deployed. Since trust assumptions can be made by virtue of the regulatory compliance and reputation of the company (as with Circle or Stasis), the associated risks can be considered minimal.

Bridging regulated TradFi-rooted forms of money into DeFi is an inevitable and logical next step, especially compared with the uncertainties of unregulated stablecoin providers. Monerium appears to be a well-positioned contender amongst the custodial stablecoin issuers and we are looking forward to seeing them grow into the DeFi ecosystem.