Original title: "Asset Risk Assessment - Membrane Finance (EUROe)"
Original author: LLAMARISK, EVMKNOWS
Original translation: Kxp, BlockBeats
EUROe / Membrane Finance
EUROe is a MiCA-compliant custodial stablecoin issued by Membrane Finance, a subsidiary of blockchain development organization Equilibrium Group. It was officially launched on the Ethereum mainnet on February 1, 2023, and has been deployed to Polygon, Arbitrum, Avalanche, and some testnets. To date, a total of approximately 1.64 million EUROe have been issued, distributed across four chains: Ethereum mainnet (982,777 EUROe), Arbitrum (96,873 EUROe), Polygon (560,235 EUROe), and Avalanche (25 EUROe).
EUROe On-Chain Supply - May 26, 2023 EUROe is an electronic currency issued under a standard regulatory framework recognized by the European Union. It is regulated by the Finnish Financial Supervisory Authority (FIN-FSA), which can be confirmed by verifying the status of Membrane Finance Oy. In addition, EUROe is fully compliant with MiCA standards in preparation for the new regulations that will come into effect in summer 2024.
Currently, Membrane Finance only provides services for issuing and destroying EUROe directly to institutions, but anyone can obtain and use EUROe on the secondary market without permission. These channels include DeFi, brokers, OTC or centralized exchanges. This decision is intended to reduce the cost and security risks of storing large amounts of customer KYC data, as well as reduce the cost of processing issuance/redemption requests.
Release Overview
Membrane is the sole issuer of EUROe. A Membrane “customer” is an institution that has an account with Membrane and has gone through a due diligence process (including KYB, AML, CTF, and KYC audits). An “end user” is anyone who uses EUROe without an account. The following diagram shows the issuance/destruction process for Membrane’s whitelisted customers:
The issuance/destruction mechanism is similar to other centralized stablecoins, except that corporate clients can use personal IBANs.
Issuance/destruction operations are handled by EUROe's MINTER_ROLE and BURNER_ROLE and can be monitored through a specified address on each chain (Ethereum, Polygon, Arbitrum, and Avalanche). The following figure shows the change of issuance/destruction events over time on all chains:
Several Ethereum-based burn events occurred simultaneously with issuance events of equivalent value, which were likely cross-chain operations facilitated by Membrane (e.g. 60,000 EUROe issued to Polygon on March 20, 60,000 EUROe issued to Arbitrum on April 14, and 10,848 EUROe issued to Arbitrum on April 25). According to the pricing page, cross-chain operations (except for issuance/burn operations) are free services provided by Membrane.
A handful of addresses are responsible for the majority of EUROe issuance to date. About 95% of circulating EUROe are issued by 3 addresses. The chart below is color coded by chain (grey = Ethereum, purple = Polygon, blue = Arbitrum).
Reserve Management
Under European e-money regulations, reserves backing e-money must be carefully managed by electronic money institutions (EMIs). Key requirements include maintaining a minimum capital of €350,000 or a 2% buffer based on average outstanding e-money (whichever is higher), keeping the EMI’s own funds separate from the reserves, and protecting the reserves by investing in safe, low-risk assets.
Reserves can be held in dedicated bank accounts or invested in safe, low-risk debt securities issued or guaranteed by central governments, central banks, international organizations, multilateral development banks, or regional or local authorities within a member country. In addition, investments can be made in debt securities issued by AAA to A-rated financial institutions or corporates. In addition, reserves can be covered by insurance policies or other comparable guarantees to provide an additional layer of security.
As an alternative, EMIs can invest in collective investment transfer securities (UCITS) funds that specialize in investing in the above assets. These funds, managed by institutions such as BlackRock, provide a way to "outsource" reserve management operations. For a more detailed overview of the reserve requirements faced by e-money issuers, please refer to the e-money section of our Monerium EURe assessment.
Membrane publishes its reserve backing monthly on its website and commits to third-party audits every quarter. According to their documentation, they plan to implement "public on-chain reserve proof data" soon. According to the latest reserve check report, the reserves are held in cash at two different banks within the EEA, namely Bank Frick (Liechtenstein) and Osuuspankki (Finland).
Regulatory and legal matters
Membrane Finance is an authorized electronic money institution, authorised for the issuance of electronic money under Finnish legislation implementing Directive 2009/110/EC. Membrane Finance Oy has its registered office in Finland at Meritullinkatu 1, 00170 Helsinki, Finland (trade registration number 3236886-2). The company is regulated by the Finnish Financial Supervisory Authority (FIN-FSA).
According to the document "Legal Framework for the Safety of Client Funds" provided by Membrane, clients are protected by Finnish law in the following aspects:
1. EUROe reserves are legally considered to be client money – Section 26 of the Finnish Payment Institutions Act (297/2010).
2. Client funds must not be commingled and must be safeguarded in accordance with applicable law – Section 26 of the Finnish Payment Institutions Act (297/2010).
3. Client funds are protected in the event of Membrane’s insolvency – Chapter 5, Section 6 of the Finnish Bankruptcy Act (120/2004) and Chapter 4, Section 9 of the Finnish Execution Code (705/2007).
4. Client funds are protected in the event of insolvency of Membrane’s custodian bank – Chapter 5, Section 6 of the Finnish Bankruptcy Act (120/2004) and Chapter 4, Section 9 of the Finnish Execution Code (705/2007).
5. In the event of bankruptcy, investments in low-risk and liquid securities shall be considered as the client’s property – general provisions related to the aforementioned regulations.
6. Each Membrane client has deposit protection of up to €100,000 with the custodian bank – governed by the EU Deposit Guarantee Schemes Directive.
It is important to note that client funds would not be protected by the aforementioned regulations only in the event of criminal conduct by Membrane or its custodian bank, willful negligence to protect client funds, or if regulators in the relevant jurisdictions suddenly and unpredictably change regulations and established practices.
Additional regulatory requirements are currently being developed (Markets in Crypto Assets Regulation - MiCA), which will impose further obligations on tokens that are backed by fiat currencies (electronic money tokens). Under MiCA, these tokens must comply not only with the Electronic Money Directive, but also with requirements such as prudent marketing, risk disclosure, interest prohibition, etc. Currently, MiCA has not yet come into force and is expected to be implemented by EU member states in mid-2024. In this regard, Membrane is ready to comply with future regulatory requirements by issuing their Euro stablecoin under electronic money tokens.
Like other custodial stablecoins, Membrane Finance must comply with legal and regulatory requirements and therefore reserves the right to block individual EOAs or contracts. In accordance with its access denial policy, Membrane will not deny account access unless for the following reasons:
· Receive a request from a competent government agency, authority or regulator;
· receive a request from the owner or controller of the address and provide sufficient evidence; or
· Membrane considers that the denial of access is necessary to comply with a law, regulation or legal order recognised by Finland or the EU.
Safety and control mechanisms
Membrane employs a series of control mechanisms to maintain its operations, enforce security, and respond to emergencies. These mechanisms are determined by a series of defined roles, each of which is granted a different level of access to the EUROe stablecoin smart contract. Key roles include PROXYOWNER_ROLE (responsible for contract upgrades), BLOCKLISTER_ROLE (can assign and remove BLOCKED_ROLE, equivalent to blacklist), and MINTER_ROLE (the only role with minting permissions). There are also emergency roles such as PAUSER_ROLE and UNPAUSER_ROLE for emergencies, and DEFAULT_ADMIN_ROLE is responsible for supervising all other roles.
The addresses of the role holders on each chain can be found here.
EUROe’s smart contracts are managed internally, using security protocols to restrict unauthorized access to key roles. As part of these security measures, Membrane leverages multi-party computation (MPC) technology provided by Fireblocks. As a result, privileged roles appear on-chain as EOA accounts.
The contracts are designed to be upgradeable for potential improvements and modifications. Although there are no timelocks at the smart contract level to enable rapid adaptability, EUROe may use timelocks in its internal operations for added security (we were unable to verify this).
Contingency procedures are in place, with assigning a BLOCKED_ROLE to the token being the most common response to an emergency or black swan event. The extreme measure of suspending the EUROe stablecoin is in response to an imminent threat. EUROe governance is entirely in the hands of Membrane Finance, and there is currently no on-chain governance or voting mechanism.
External Dependencies
To improve operational efficiency, Membrane utilizes MPC for contract interactions. Since this service is provided by an external party and MP calculations are done off-chain, the robustness of the system cannot be publicly verified and evaluated. However, it is well known that Fireblocks is one of the largest infrastructure providers in the Crypto industry. Fireblocks employs multi-layered security measures and regularly undergoes penetration testing by third-party companies ComSec and NCC Group to identify and eliminate vulnerabilities. In addition, Fireblocks has received SOC 2 Type II certification from Ernst & Young.
Smart Contract Audit
The EUROe stablecoin's smart contracts have been audited twice. The first audit, conducted by PeckShield in July 2022, found one medium severity and one informational finding, both of which were resolved. The contract was then updated and the name was changed from "eEURO Token" to "EUROe Stablecoin". The second audit, conducted by Runtime Verification in December 2022, found one high severity and four informational findings, which were also resolved.
The full audit report can be found on PeckShield’s GitHub and Runtime Verification’s GitHub. Details on the commits and resolved findings can be found here.
in conclusion
In summary, Membrane Finance operates under a sound regulatory framework, complies with Finnish law, and is well prepared for the upcoming MiCA requirements. The company demonstrates transparency in the management of its reserves, which are held in two reputable banks within the EEA. Operational security measures are also on par with current industry leaders.
The fact that EUROe is not currently open to retail clients does not pose much of a problem for assessing the pool’s occupation risk. As long as EUROe is paired with another freely available asset with sufficient liquidity and balance, occupation risk is virtually impossible. Furthermore, it can be assumed that the presence, or more precisely competition, of multiple market makers (recruited by Membrane) will naturally prevent this from happening.
From a more general perspective, we believe that incentivized EUROe pools could be a good step towards enriching and diversifying Euro liquidity in DeFi.
Original link