Who Controls the Rules? Governance Credibility and the $109 Billion Question
The rules of money change whenever someone decides they should. We measured how often.
There is a question that almost nobody in the blockchain space asks correctly. The question is not who controls the protocol. The question is whether the rules will be the same tomorrow.
This distinction — between the identity of the controller and the stability of the rules — turns out to be the single most important variable in determining whether a low-cost payment system can actually displace the $109 billion in annual friction rents that the current financial settlement architecture extracts from the U.S. economy. We built a dataset of 74 governance episodes across 30 blockchain protocols to measure the answer. The results are not what either side of the decentralisation debate expects.
What Governance Credibility Is
Governance credibility, which we denote G, is a simple quantity: the probability that a protocol’s rules remain unchanged in the next period. If a protocol has G = 0.95, there is a 95% chance the rules — capacity, fee structure, consensus mechanism, transaction censorship policy — will be the same next year as they are today. If G = 0.05, there is only a 5% chance.
This is not a philosophical concept. It is a measurable parameter. For every governance episode in our dataset, we compute the restrictor coalition’s effective weight — the fraction of governance power held by stakeholders who benefit from changing the rules. We measure this from observable data: hashrate splits during forks, exchange ticker assignments after contentious splits, token vote tallies, post-fork market capitalisation ratios. The governance credibility estimate is one minus the restrictor weight: Ĝ = 1 − Ŵ_R.
A protocol where the restrictors control 90% of governance power has Ĝ = 0.10. The rules will change whenever it is profitable for the controlling coalition. A protocol where the restrictors control only 5% has Ĝ = 0.95. The rules will hold because no coalition can assemble enough weight to change them.
Why It Matters: The Friction Rents
The current U.S. payment architecture extracts $109 billion annually in identified friction rents. This number has two components. First, $34.1 billion in debit card interchange — directly measured from the Federal Reserve’s Regulation II data (100.7 billion covered transactions at $0.338 average interchange per transaction). Second, $75.4 billion in deposit franchise rents — the spread between what banks earn on noninterest-bearing deposits and what they pay depositors, estimated using Drechsler, Savov, and Schnabl’s published deposit beta of 0.38 applied to $3.861 trillion in NIB deposits at the federal funds rate.
These rents exist because the current settlement architecture is not final at the point of transfer. A debit card transaction traverses five institutions: the cardholder’s bank, the acquiring processor, the card network, the issuer, and back. Each step exists because the previous step did not settle the obligation. Reconciliation exists because there are multiple ledgers. Chargebacks exist because settlement is not final at the point of sale. Fraud screening exists because authorisation and settlement are temporally separated. Identity verification exists because the system must authenticate the transacting party to authorise the debit.
Atomic settlement on a UTXO ledger eliminates every one of these functions — not by doing them cheaper, but by making them unnecessary. Settlement is the transaction. There is one ledger, one step, no identity, no counterparty. The observed cost on a live production network is $0.00004 per transaction. The debit interchange rate is $0.34 per transaction. The ratio is 8,500 to one.
But — and this is the point of the governance work — the cost advantage only persists if the protocol’s rules remain stable. A protocol whose capacity can be restricted, whose fees can be increased, whose consensus mechanism can be altered, or whose transactions can be censored will eventually reimpose the friction layer under a new name. The low-cost settlement rail is only as durable as the rules that define it.
This is what governance credibility measures. And the measurement produces a striking result.
The Distribution Is Bimodal
Across all 74 episodes in 30 protocols, governance credibility is not normally distributed. It is bimodal. The overall median is 0.15. The mean is 0.286. And the distribution clusters at two poles: 72% of episodes have Ĝ below 0.30 (the rules change easily), and 18% have Ĝ above 0.60 (the rules hold). Only 11% fall in the middle.
When we condition on outcomes, the separation is sharper. In episodes where the rules actually changed — capacity was restricted, fees were imposed, consensus was altered, or the ledger was rewritten — the median Ĝ is 0.15. In episodes where the rules held, the median Ĝ is 0.85.
This is not a weak statistical pattern. It is a bimodal separation driven by the structural properties of the governance mechanism itself.
The Counterintuitive Finding: It Is Not About Decentralisation
Here is what the data shows by governance type:
Developer-led protocols (Bitcoin Core, Monero, etc.) have a median Ĝ of 0.075. These are the protocols where a small group of developers controls the reference implementation and can impose changes through soft forks. The developer coalition functions as a restrictor — it can restrict capacity, impose new script rules, or alter consensus parameters. Bitcoin’s SegWit activation (Ĝ ≈ 0.025), Taproot activation (Ĝ ≈ 0.075), and the BTC/BCH fork (Ĝ ≈ 0.125) all demonstrate this pattern: a developer coalition with sufficient node and exchange support can change the rules despite miner opposition.
Foundation-led protocols (Ethereum, Solana, Cardano) have a median Ĝ of 0.10. This is essentially the same as developer-led: the foundation controls upgrades, coordinates hard forks, and can unilaterally alter the protocol. Ethereum’s DAO hard fork (Ĝ ≈ 0.09) rewrote transaction history. The PoS Merge (Ĝ ≈ 0.005) replaced the entire consensus mechanism. EIP-1559 (Ĝ ≈ 0.075) changed the fee structure. In each case, the Ethereum Foundation and core developers implemented the change over whatever opposition existed.
On-chain token voting (Tezos, Compound, Uniswap, MakerDAO, Polkadot, etc.) has a median Ĝ of 0.15. This is the largest category in the dataset (32 episodes) and it is indistinguishable from centralised control. Tezos has passed 19 consecutive amendments through its on-chain governance process, each changing protocol rules, with Ĝ between 0.10 and 0.20 for every one. Tornado Cash governance was hostile-takeovers by a token accumulator (Ĝ = 0.00). Beanstalk was seized through a flash loan governance attack (Ĝ = 0.00). Compound faced a governance concentration attack (Ĝ ≈ 0.075). Aragon’s treasury was seized by its own Association (Ĝ ≈ 0.113).
The pattern here is that token voting does not produce governance credibility. It produces the appearance of decentralised decision-making while concentrating effective control in the hands of whoever holds or can borrow the most tokens. A flash loan can acquire a temporary governance majority. A whale can accumulate a permanent one. The “one token, one vote” mechanism is structurally identical to a shareholder vote — and shareholder votes change the rules whenever the majority wants to.
Protocol lock has a median Ĝ of 0.925. This is the other pole of the bimodal distribution. Only protocols that have explicitly committed to rule immutability — locked the protocol and refused to change it — achieve governance credibility above 0.60 consistently.
This is the key finding: governance credibility depends on what the controller does, not on whether a controller exists.
A developer coalition that changes the rules at every release has G ≈ 0. A foundation that coordinates hard forks has G ≈ 0. A token-voting mechanism that passes amendments quarterly has G ≈ 0. A controller that locks the protocol and defends the rules against change has G ≈ 0.90.
The “decentralisation” framing misses the point entirely. A protocol with no identifiable controller but easy rule changes (most DAOs) has low governance credibility. A protocol with a clearly identifiable controller who locks the rules and refuses to change them has high governance credibility. The question is not who holds the keys. The question is whether they use them.
Five Episodes That Tell the Story
The DAO Fork (Ethereum, 2016). When $60 million worth of ETH was drained through a smart contract exploit, the Ethereum Foundation coordinated a hard fork to rewrite transaction history and return the funds. Approximately 85–97% of token holders voted in favour. The minority chain (Ethereum Classic) retained 5–10% of market cap. Ĝ = 0.03–0.15. This is the canonical case of low governance credibility: the rules of the ledger — that transactions are immutable — were overwritten by a coalition that controlled sufficient governance weight. If the ledger can be rewritten once, it can be rewritten again. The probability of rule stability is the probability that the next controversy is smaller than this one.
The PoS Merge (Ethereum, 2022). The entire consensus mechanism — the most fundamental rule of any blockchain — was replaced. Proof-of-work was discarded. The merge was coordinated by the Ethereum Foundation and core developers. The proof-of-work chain (ETHW) retained less than 1% of market cap. Ĝ = 0.00–0.01. This is the lowest governance credibility in the dataset. The consensus mechanism is the protocol. Changing it is changing everything.
The BCH IFP Tax Defeat (2020). Bitcoin Cash ABC proposed an “Infrastructure Funding Plan” that would redirect 8% of block rewards to a development fund controlled by ABC developers. This is a fee extraction — the restrictor coalition attempting to impose a tax on the protocol. The mining community rejected it: BCHN (the anti-tax implementation) captured approximately 63–65% of hashrate, and ABC was expelled from the BCH ecosystem. Ĝ = 0.60–0.65. This is one of the few episodes where a restrictor action was defeated by the governance mechanism. The rules held because the miners — not the developers — controlled the effective governance weight, and the miners’ incentive was to keep fees low.
The Parity Wallet Freeze (Ethereum, 2017). A bug in Parity’s multi-signature wallet library froze approximately $300 million in ETH. Parity and affected users requested a hard fork (EIP-999) to recover the funds. The Ethereum community refused. The funds remain frozen to this day. Ĝ = 0.85–0.95. This is the highest governance credibility event on the Ethereum chain. The rule — that the state of the ledger is not retroactively altered — held despite enormous pressure and a clearly identifiable set of victims. The contrast with the DAO fork is instructive: the DAO fork happened when Ethereum was small and the Foundation’s social authority was unchallenged. By 2017, the community had developed sufficient resistance to ledger rewrites that the same Foundation could not push through EIP-999. Governance credibility is not fixed. It can evolve.
BSV Protocol Lock. After the Genesis upgrade (February 2020), BSV locked its base protocol — the original Bitcoin script set, the UTXO structure, the economic incentives. No further consensus-level changes. No soft forks. No hard forks. No developer coalition with authority to alter the rules. Ĝ = 0.85–1.00. This is the maximum governance credibility in the dataset. The rules are stable because the protocol has been explicitly locked, and the institutional structure (the BSV Association) defends the lock rather than seeking to change it.
Why This Matters for the $109 Billion
The governance credibility parameter enters the household’s portfolio allocation problem directly. A household deciding between bank deposits and a digital cash instrument discounts the digital instrument by (1 − G) × δ, where δ is the expected loss if the rules change adversely. If G is low — if the protocol can restrict capacity, impose fees, or censor transactions — the household rationally stays in bank deposits, and the friction rents persist. If G is high — if the rules will hold — the outside option is credible, and competitive pressure forces banks to raise deposit rates and compress interchange.
Our Lagos-Wright general equilibrium model confirms that the welfare effect of introducing a low-cost outside option is approximately zero through the standard liquidity channel — 95.7% of deposit demand is convenience-driven and invariant to transfer cost. The welfare gain operates entirely through the rent-compression channel: the outside option disciplines bank deposit pricing, compressing the deposit franchise spread and transferring $28–48 billion from intermediaries to end users. But this channel only works if the outside option is credible. And credibility, as we have now measured, is a function of governance.
The Comparison That Nobody Makes
There is one final point that the data makes unavoidable. The governance credibility of incumbent financial institutions is zero.
Visa changes its interchange schedule annually. Banks change account terms and fee structures by board vote. Central banks change monetary policy at every FOMC meeting. The Federal Reserve raised the federal funds rate from 0.08% to 5.33% in eighteen months. From the perspective of end users, every participant in the current financial system has G ≈ 0: the rules change whenever the controlling entity decides.
The conversation about blockchain governance usually frames the question as “decentralised governance versus no governance.” The actual comparison is: governance credibility of a locked protocol (Ĝ ≈ 0.90) versus governance credibility of Visa (G ≈ 0) versus governance credibility of the Federal Reserve (G ≈ 0) versus governance credibility of most blockchain protocols (Ĝ ≈ 0.15).
Almost everything in the current system — incumbent and crypto alike — has low governance credibility. The rules change constantly. The only outlier is a protocol that has explicitly committed to not changing. That is the institutional innovation. Not “blockchain.” Not “decentralisation.” Not “Web3.” Rule immutability, demonstrated and measured.
The data is publicly available. Seventy-four episodes. Thirty protocols. A decade of governance decisions. The distribution is bimodal. The median is 0.15. And the only way to get above 0.60 is to stop changing the rules.
This post summarises findings from “Scalable Blockchain Digital Cash, Conditional Settlement, and the Reorganization of Global Financial Intermediation,” currently under peer review. The full governance credibility dataset (74 episodes, 30 protocols) is available in the paper’s replication package.