Topic: IOU-BLoC (Business Lines of Credit) [Prequel thread - probing for interest] - page 2. (Read 6349 times)

We've talked about security quite frequently. It's our top priority (well... profits are my top priority, but that necessarily requires security), and the dev is familiar with infosec.

Accounts will only be allowed one whitelisted address. It can only be changed with a 48h wait after the request, and I'll be personally calling the phone number on the account's file as 2FA. All transactions beyond simply viewing account information will require a short code from the person logged in which will never be emailed, so even if an account-holder's email account is compromised and they've used the same password on another site where the login info was leaked, a malicious person should be unable even to request a loan to the account-owner's BTC address. A phone call will also be placed to the number originally registered with if the request is in a large amount.

I will note that I will be liable for malicious actions by unauthorized users, not the account-holders - but that liability's limited to not charging interest on a "fake" loan unless coins were sent to a BTC address other than the account-holder's. If a malicious person requests 100BTC to the account-holder's BTC address, the account-holder would be liable for that 100BTC. If a particularly nefarious person were able to compromise the db and change the BTC addresses (the hot wallet ofc wouldn't be hosted on the app server), then I would be liable for the principle of the loan since the account-holder didn't receive the coins. By keeping a relatively small amount of coins in the hot wallet, my maximum risk is pretty low, but will allow those auto-loans to occur without me needing to be online 24/7. Of course, if it is compromised, it's a pretty darn good warning (and cheap, relative to what others have needed to pay) to me that everything needs to come down while we investigate and resolve the problem.

A PGP key will be requested, but not required, upon registration. A valid phone number, however, will be required. As to companies opening up their books, an NDA would be accepted, but companies wishing to keep their BLoC unfrozen must publish their financials to the public, and those records can be no more than 6 months out of date. Businesses will be required to file monthly with me, and they can opt to keep that private or have it automatically published on the public side of BDK-BLoC to fulfill their public disclosure requirement. I'll pull that requirement if enough companies refuse based on it that I have significant idling funds, but that's never a problem, even now. The credit rating is broken down into 10 categories which will also give the public a bit of an idea of the financials of the company (how the credit rating is calculated will be published in the mock-up, and the exact meaning of the numbers will be published when BDK-BLoC launches).

I think it is a great idea.  We have been considering using a line of credit to acts as a buffer allowing us to complete sales "instantly".

By having funds at the exchange when a seller deposits coins, we can sell the same number at the exchange and thus avoid currency risk during the 6 confirms.   The main reason we haven't done this is it would make us very long BTC.  The traditional lending forum is looking for rates aproaching 1% per day which is simply not viable for any serious enterprise.   3% per month may be useful for our needs.

My only fear (and it is more for you and your investors) is the hot wallet.  Is instant 24/7 funding that important to risk a Bitcoinica type event.    I see you also have a cold wallet.  It is unlikely we will ever need hot wallet access.

A couple things from the business owner perspective.

Funding requests should be strongly secured and verifiable.  Nothing less than PGP signature should be accepted.  I can't imagine a worse nightmare than someone impersonating our company, getting funds, and then you seeking repayment from us. 

Another security option for businesses would be a hardcoded disbursement address provided at the time the business requested the LoC.  If that option is chosen funds can never be disbursed to any other address without a new contract.  The hardcoded address would be included in the contract and pgp signed by both parties.  This would make any sort of impersonation attack a moot point.

Lastly if you wish us to open our books I assume you will be comfortable signing an NDA.

There will be a hot wallet, too, but it won't ever contain more than 150BTC, so if someone had the clearance, they'd be able to request <100BTC and have it sent to them immediately after they request it (assuming the hot wallet isn't empty and they have a LoC available). Automated CD sales and repayment should be cheap to have implemented, too, so if an entity had reserves, they can quickly send it to me, I'll pay them a % interest multitudes superior to a USD bank (BDK is not a bank, btw, and never will be [I'm based in the US - claiming BDK is a bank is probably something like a 5-year prison sentence and $100k fine] -- all loans are personal loans to and from me, and I'm legally disallowed from creating a demand deposit scheme, which I wouldn't want, anyway). I already do CDs with pen & paper, and that's a pretty quick process. No need to calculate a bunch of different rates each month, even -- I can set a prime rate as appropriate, and everything else can automatically adjust.

So by reading the chance of implementation score the minimum "BDK-BLoc" will be :

A cold wallet with thousands of BTC that business and can view  and that you can decide to do whatever you want with. 


Seriously ,  its a great idea.   

I would integrate deposits into the same website/business and then you will be  a real bank!

Any ideas or criticisms -- now's a great time, even if you think they may be absurd, or would cut into my bottom-line. I figure I should have the mock-up and formulas complete by next week, and the dev already has much of the complicated core infrastructure complete from other projects, though neither of us have fully committed to each other just yet. I don't plan on bringing a designer in unless I have lack of demand, which isn't a problem even while I'm only using "pen&paper," so the site will likely look pretty ugly and basic, but with some maff-intensive infrastructure underneath making it seem a fair bit simpler than it is. Launch may be just 4-8 weeks away.

I'll post the mock-up when finished (6/20 maybe? We're house-hunting and will be away more than usual this week). Primary objective is to make lendees feel empowered with information, and making sure nobody's getting hit with something they don't understand. I want to be very up-front to prevent time-consuming disputes in the future, and I certainly don't want business partners feeling like they were treated unfairly, because I want their business. Additionally, security is extremely important. I want to feel very confident someone's BSing me or was negligent in the extreme if they claim a malicious person made a loan in their name. Not only will it be impossible for an account to request withdrawals to any BTC address but the one they've whitelisted (48h mandatory wait & phone call to the number registered with the account if you request it to be changed), but having your email account compromised will not allow a hacker to make loans to your own address, either.

In the second tier of objectives, I want BDK to force transparency in the market. BDK-BLoC will permit automatic publishing of businesses' financial reports if their account opts in, fulfilling their public disclosure responsibility without having to do much manually. Additionally, I want BTC to be known as a legitimate medium of exchange, and that includes having BTC associated more with generosity than drug & firearms sales (not that I have anything against 'em). CD-holders will be allowed to choose a % of their interest to donate to a charity. Additionally, lendees are permitted to donate up to 5% of what would otherwise be BDK's profits on the interest of their loan to charity of their choosing.


Cheers!

Talking with the dev, and getting pretty excited about this. I'm creating a detailed mock-up (Google spreadsheet with links, so it shows what users would see), all the formulas for him. A fair chunk of the core infrastructure necessary, he's already developed for other services. Additionally, implementing the ability for the site to securely sell CDs is no problem. If someone wants to make a deposit, it's as simple as clicking a button, choosing which duration-to-maturity you want and how much you want at next maturity date (interest-only, partial-principal+interest, full repayment, or full reinvestment/renewal), receiving an address, and sending coins from your client to the given address. You won't need to interface with me at all to loan to me, and in many cases, I won't need to interface with you if you want a loan from me.

None of the private keys will be on the app server, and the wallet for everything (less the hot wallet, which is used exclusively for smaller "auto-loans") is offline, so we use an alerter system to keep everything automated, and customers knowing exactly the status of their money. Password recovery can be automated, but only if you remember certain critical information (which won't be in your email account unless you circumvented certain protections by writing down and saving information there). Otherwise, if you can't remember your password or critical info, you'll probably have to request I call you (but only with the address Loan requests can't be made without a 4-digit PIN code (very long delay between retries). BTC addresses will be whitelisted and locked without a phone call, so there's effectively no risk at all of a malicious person making a loan to a themselves with your account, even if they've managed to break into your account. By requiring a valid phone number and requesting a gpg key, I can be pretty confident I'm talking to the true account owner even in a catastrophic event.

Repayments for loans is super-simple, and I think people will appreciate the detail and transparency with credit reports. Everything's totally transparent for the users -- they can see and confirm pretty much everything before taking an action. There will be a lot of maffs, but it'll be broken down for users. Additionally, there's no reason I can't allow current trusted lendees to sign up without business information, too.

I'll also be receiving a few thousand coins soon which I can use to pay the dev & keep for lending. There's really no limit to what this site can do. It could handle everything from charity registrations vying for a % of loan arb, to allowing companies to post investor information all in one place and opt to have their financials they send to me released publicly each month, to even allowing a referral system for depositors. Letting individuals have accounts for smaller LoCs or deposits only is minimal trouble. Lots of exciting stuff which could be done.

There'd be a small fee for reviewing the potential lendee's information, assigning scores, and creating an account for him. ~3BTC

A LoC doesn't guarantee the money will be there to lend at all times, however (at least, not at the normal rate). I was figuring I'd keep 150BTC or so in the hot wallet for the <100BTC auto-transactions while there are only a few BDK-BLoC accounts, refill as needed and keep the rest as cash-on-hand (~1kBTC) or in liquid investments (~4kBTC). For >100BTC loans, it may be necessary to levy more interest on those who request 1kBTC+, because it means I'll probably have to sell some investments at a loss. The website could display something like "amount available to loan at base rate" which would be the cash I have on hand, and then "amount available to loan at Tier 2 rate" which would be what I have in liquid investments (or  for cases where I have to dip into my GoxUSD reserves to pay a loan in BTC), then "amount available to loan at Tier 3 rate" which would be what I have in relatively illiquid investments. So, the base rate would be Prime + Modifier for credit rating. Tier 2 would be the same, but with a higher up-front fee, perhaps 4% of principal (I forgot to mention this in the OP -- there's a %principal small fee for new loans, because it'd be stupid for me to free up 2kBTC to loan someone, then have them repay just 2002BTC the next day). Tier 3 would again be the same, but with a dramatically higher up-front fee, perhaps 25% of principal.

This way, it discourages lendees from taking out more money than I can easily lend unless they truly need it, but it's also there for them in case of emergency.

If someone owes me money, it'd be pretty stupid of me to damage their business and create outlandish fees, reputation damage not even considered. I want a symbiotic relationship with my lendees, not a parasitic one.

Loan acceleration is often used for loans on a fixed payment schedule. If the lendee misses a payment date, the loan can sometimes be recalled in full within, say, 72h. This is to ensure that in times of economic hardship, the contract between lender and lendee is fulfilled first, as red flags have popped up that the lendee may be insolvent. Not everyone is liable to have their loans recalled in the potential mechanism I've described, and the max 50% is only for the most risky lendees. Lendees who have liability of their loan being recalled would be notified immediately if their credit rating drops.

I think I will reword it so the LoC needs to be frozen first, a default to occur, and the credit rating below a certain threshold. With a frozen LoC, there are then minimum interest payments which must be made on certain dates to ensure the amount owed is less than the maximum LoC. If the lendee defaults on weekly payments to bring outstanding debt below their LoC, then the loan can be recalled. The penalty rate would be high (double daily interest rate, perhaps), but could likely be negotiated away if the lendee shows he's actually working on repaying. It's not like I give a damn about collecting punitive fees (fees like that are why I stopped using the local bank where I live and now do all my checking [including mailing checks] with a six-branch CU two states away), I just don't want a lendee to get to that point.

But - the line between encouraging and discouraging lendee failure is blurry. I don't charge late fees on fixed loans, because I care much more about receiving principal of the loan than pissing off the person who has the power to pay me $1500 or $0 for maybe $100 extra in fees to account for the opportunity cost of lendee payment delay. It's not too difficult to make the case that punitive fees, repossession, and other actions lenders could take to reclaim something from the lendee are often not the best choice. There are many cases of foreclosed homes being gutted, all copper taken, the building in terrible condition otherwise, and then the bank sits on these properties.... and they sit, and they sit, ignoring the property they took, and then eventually they get around to listing a house which's since been used by local kids as an indoor batting cage for 1/10 the outstanding balance of the mortgage. Since I wouldn't be holding collateral, people deposit with me based on reputation even knowing I give a relatively low rate, and taking legal action would be an enormous (and extremely expensive) pain in the ass, I really don't care to jerk my lendees around.[/list]

Is there a facility fee? or is it free to have 1000BTC of credit sitting doing nothing? 

(Starfish waves back)

Interesting proposition.

Having the automated loan would be very useful. Now that I'm starting to grow my mining business I'm starting to see opportunities that could pass by without funding instantly. Being pre-verified for a LOC and having access to BTC or PPUSD for those times there is a deal not in BTC would be very useful.

IOU-BLoC (formerly BDK-BLoC) is an idea I've been tossing around for a few days. I am not sure how far I want to take it, because having a website done right will be expensive. My envisioning of it:

(small number in parentheses indicates how confident I am the features/rules in the bullet point will be implemented - 0=0% chance, 10=100% chace)

• (6)BDK-BLoC will be hosted online, with a hot wallet, and allow loans to be made automatically without my manual approval (24h max of 100BTC, though lendees may reduce or disable the max amount per 24h for "automatic loans"). Obviously, a business needs to be approved for a BLoC before they can take out "automatic" loans.
• (9)Lines of credit can initially extend up to 5kBTC (most will have a LoC around 250-1500BTC). These lines of credit are established once a business registers and submits necessary info (this will require opening books to me) and the LoC will be adjusted as appropriate when businesses submit monthly financial reports. Failure to submit documents in a timely manner each month will result in a freeze of the LoC, and potentially a recall of the loan if the credit rating of the business is not particularly good. Businesses without sales to show are not eligible for a LoC.
• (7)Businesses are permitted to pay off their debt in full or in part via the website. Repayment will go to a cold wallet. Thus, an alerter system needs to be implemented which allows the website to confirm payment's been made.
  
• (10)The website will allow businesses to see their line of credit, how much cash-on-hand BDK has available to make loans with, their interest rate, what they have out (as well as repay information), and see a transaction log.
• (10)BDK-BLoC will also have a cold wallet holding thousands of BTC. Businesses will be required to submit the request, and I'll check to make sure everything's in order within 48h, and extend that credit to them - no questions, no hassles. A minimum of 8 hours must elapse before the loan is made (an email will be sent to the address the business-owner signed up with immediately after the request is made), to ensure the person who requested the loan is the actual business-owner.
• (8)2FA will be implemented, but not required. Those who don't take advantage of 2FA will be required to wait the 8 hours stated above for >100BTC requests, while those with 2FA enabled on their account will have their loans processed as soon as I review the information and approve the request.
• (9)Aside from BTC, businesses may also request PPUSD/DwollaUSD/GoxUSD loans. The LoC for these will be greatly reduced (at least for the first few months of BDK-BLoC's existence), though the interest charged per day will be significantly reduced compared to BTC. There is currently no intent to work with fiat banks beyond that (wires, direct deposits, etc). The USD loan process will never be automated, and will require I manually approve every request.
• (8)Modifiers for LoC and credit rating include (not limited to) debt-to-equity ratio, monthly sales, credit history, duration of business operation, and how publicly-known the operators and equity-holders of the company are.
• (8)BDK will set a Prime Rate and assign both credit ratings and "market cap tier" to businesses who've submitted necessary information.
• (8)There will be a small one-time fee (3BTC, perhaps) to have information reviewed and categorized by me. Your business's credit rating and "market cap tier" can be listed and used for other purposes with other individuals should you choose. It's important to note that a credit rating assigned by me only reflects my opinion of the information made available to me.
• (9)The prime BTC rate will likely be the equivalent of 2-5% monthly (likely around .1% daily). Prime USD rate would be 1-3% monthly (significantly below .1% daily).
• (7)Interest is calculated daily and compounds. Payments also amortize, and would thus reduce interest due per day, even if only partially repaid. There are no maximum loan durations for outstanding debt accumulated through the BLoC program. Thus, there are no late fees to worry about unless a business's LoC has peaked or been frozen, in which case, there'd perhaps be a bill due every week to bring the business back under their max LoC.
• (4)Any business with an established LoC will be required to publish their financial information to the public. This should be a quarterly or monthly report, and only needs to be current up to six months ago (so, say it's August, you wouldn't be *required* to publish any information more recently than February of the same year). I'll admit this is an auxiliary goal of BDK-BLoC for my own personal reasons, and isn't very relevant to BDK-BLoC's success, IMO.
• (10)I can choose to freeze a LoC at any time I choose. Additionally, if similar services pop up, I reserve the right to sell your business's debt to another bank. Obviously, you'd get a lot of notice, detailed reason, and your loan would retain the original terms.
• (3)I reserve the right to call up to 50% of a business's outstanding BDK-BLoC debt once per 30 days for any reason (some may have heard of this concept as "loan acceleration"). The called debt must be paid off within 48h, or penalties will accrue. Businesses will be alerted via every communication mode they listed if a recall is initiated. Debt recalls can only occur is a business is below a certain credit rating, and the max recall % gradually increases to 50% for those with a poor credit rating, while those with a mediocre credit rating may only have a max recall % of, say, 25% per 30 days. Businesses will be explicitly alerted to this rule if their credit rating falls into the threshold where recalls may occur.

I haven't discussed this much with anyone, yet, so please ask in this thread if you have any questions. Constructive criticisms appreciated (please be detailed and "prove" why my initial envisioning is a poor business decision). In particular, I need thoughts on how to semi-verify a company's financial numbers without being too invasive for a relatively low LoC (compared to LoCs a legal business could get from a bank). I haven't decided how to handle mining ops, yet -- originally, I only intended this to be for businesses who deal with sales and end-users. I'm thinking I'll get quotes from a dev I trust within the next few weeks after working up better documentation of my vision instead of just this jumble of ideas.   There are currently no plans by me to establish a LoC for consumers. I believe this service could launch as envisioned within two months of me committing to it. Cheers!


It's worth re-stating that "BDK"/"IOU" is absolutely not a bank.