Risk Management Model¶

Risk management across a decentralized network such as an Internet of Rules must at the same time facilitate the exercise of due diligence by autonomous administrators, and assure the integrity of the networked system as a whole.

A comprehensive risk management approach addresses operational, systemic and residual risk:

• Operational risk concerns the degree of assurance, integrity (freedom from tampering), privacy, confidentiality, auditability, reliability (freedom from ‘bugs’ in code, design and architecture), trustworthiness, authorization controls and availability, data/metadata ownership/access/holding/ persistence, and issue-response methodology/performance.

• Systemic risk has to do with intrinsic system design, adequate maintenance of system components, and auditable conformance with both Xalgorithms’ own documentation, and any formal standards that are required or referenced. Intrinsic security at the level of system design is paramount. For example, by narrowly constraining the Rule Schema, its potential attack surface is deliberately minimized. Also, deployment of the reference implementations for very diverse contexts and solutions attracts peer review from many perspectives, while it also encourages ‘whole system composability’.

• Residual risk management requires more than a routine percentage increase in liability coverage. The greatest risks are those not known. C.S. Holling has commented: “Experience shapes concepts; concepts, being incomplete, eventually produce surprise; and surprise accumulates to force the development of those concepts. This sequence is qualitative and discontinuous. The longer one view is held beyond its time, the greater the surprise and the resultant adjustment.” There is not one future to plan for, but a range of trajectories. To pre-empt surprise, Xalgorithms takes a creative proactive approach to residual risk through scenario envisioning and contingency planning. Accordingly, one of our three reference implementations is an agent-based model for scenario analysis.

Xalgorithms Foundation maintains two business services model for risk management, for refinement and implementation by entities in the risk management industry.

1. Xalgo Verify: Due Diligence Regarding Third-Party Algorithms. Xalgo Verify is a business service model for an algorithm integrity validation service that can be offered either commercially or on a not-for-profit basis. When such a service is operational, it would provide rule originators and their user communities a means to manage risk through due diligence regarding the integrity of the algorithms deployed. Such a service would provide users of any given rule — for example, buyers and sellers of licensed market data — a way to validate integrity when algorithms are sourced from third parties. The service can be offered with formal certification to a management standard — or, alternatively, with audited conformance to the principles and guidelines of such a standard, but without certification. The Xalgo Verify template includes an evaluation of whether the documentation of an algorithm is an accurate and comprehensible statement of what the algorithm is supposed to do; and that the algorithm indeed does precisely and only what is claimed. Xalgo Verify services may also include automated testing for compliance with external requirements, such as specific regulations or standards. The Xalgo Verify service package would include automated technical testing of algorithms similar in operation to the Comprehensive R Archive Network (CRAN).

2. Xalgo Indemnify: Comprehensive Risk Management and Risk Tolerance Xalgo Indemnify is a business service model for providing optional financial risk management to organizations that implement and/or use DWDS reference implementations, or derivative versions of them, for genuine market operations.

Xalgo Indemnify will describe policies to cover some or all aspects of operational and systemic risk, and would also provide guidelines to facilitate audits of system elements, from the logical architecture down to line-by-line tests. In communication with insurance firms, of a set of group packages will be designed to bundle defined benefits for scheduled preventative maintenance on deployed components plus 24X7 issue-management, emergency response and business continuity support, along with warranty and indemnity coverage at various scales of financial risk. Preventative maintenance benefits would be structured in a manner analogous to dental care benefits: regular check-ups and routine maintenance. Group insurance through Xalgorithms Foundation would be structured similarly to no-fault automobile insurance, including:

• Warranty and indemnification for defined classes of errors & omissions;
• Event-response and service continuity during adverse events;
• Specialists under pre-priced framework agreements for emergency response;
• A preventative maintenance package with defined benefits;
• Efficient audited-claims processing;
• Continuity of support during major financial crises or austerity.