A retired Rhineland mayor built a near-zero-default lender in 1864 with no bureau, no clerk, and a ledger kept partly in his neighbors' heads. The trick still solves the hardest problem in any trust system.
In a Rhineland farming village in the 1860s, a man who needed to borrow money for a cow had nowhere respectable to go. The banks were in the cities, and to a city bank he was a stranger with no ledger, no audited accounts, nothing a clerk fifty miles away could turn into a number. What he had instead was neighbors: people who knew whether he worked or drank, how good his fields were, and whether he paid what he owed. A retired mayor named Friedrich Wilhelm Raiffeisen built an entire banking system on a premise that still sounds radical: those neighbors already knew everything a loan officer would kill to find out, and the job was not to compute their knowledge but to make them stake their own farms on it.
The system he built (rural credit cooperatives, the first commonly dated to 1864, growing out of the famine-relief societies he founded in the Rhineland during the hungry 1840s) lent to exactly the farmers formal banks refused. It charged about 5% a year plus a handling fee usually under 1%. Its directors served unpaid. It deliberately confined itself to a single parish. And its losses were, by every contemporary account, remarkably low, low enough that "near-zero default" became part of the model's legend. (I'll be honest about that legend: I can't hand you a rigorously sourced default rate, and you should distrust anyone who quotes one to the decimal. What's well documented is that the losses were widely described as minimal, the model spread from about 100 cooperatives in 1869 to some 14,500 by 1919, and within a decade of Raiffeisen's death in 1888, credit cooperatives held roughly 8% of all German banking liabilities. Something was working.)
One more honest caveat, because the title invites a misreading: Raiffeisen's loans still required some security. He did not abolish collateral. What he abolished was the distant scoring apparatus: the bureau, the clerk, the file. That substitution is the whole story, and it has a great deal to teach anyone who builds systems that decide whom to trust.
Start with the fact that should bother every engineer who has ever shipped a scoring model. The global score is least accurate precisely where the cost of being wrong is highest.
In the United States today, more than 45 million adults are "credit invisible" or thin-file: people for whom the centralized scoring machine simply has no usable signal. They aren't necessarily bad risks. They're unseen risks: newcomers, the young, the cash-economy, the recently arrived. The apparatus that works beautifully for a salaried suburbanite with a fifteen-year credit history returns a shrug for exactly the people whose access to a first loan matters most. The Minneapolis Fed has documented this blind spot for years, and more recent work in MIS Quarterly on AI-enabled scoring finds the same shape: for underserved borrowers, alternative and social-network signals carry predictive power comparable to formal credit history, because the formal history isn't there to carry it.
Here is the inversion: the centralized model's weakest cases are the local community's strongest cases. A distant bureau is worst at the cold-start, long-tail, no-file borrower. A village is best at exactly that borrower, because in a village there is no such thing as a no-file stranger. Everyone has a file; it's just stored in other people's heads. Raiffeisen didn't out-compute the banks. He relocated the question to where the answer already lived.
That relocation ran on two mechanisms, and the second is the one most people miss.
The first mechanism was geographically restricted membership. A cooperative was confined to residents of a small area, in Raiffeisen's own logic, so that "all members would know each other," which would "improve solidarity and reduce losses to spendthrifts and frauds." Proximity wasn't sentimental. It was informational. The cooperative already knew each applicant's real character and circumstances, which collapsed the expensive information asymmetry a distant bank has to pay to estimate, and usually estimates badly.
Modern banking economics has a precise name for what the village had and the bank lacked. Berger and Udell, and Jeremy Stein, distinguish soft information from hard information. Hard information is quantitative, verifiable, transmissible: a credit score, a tax return, a number that survives being emailed upstairs. Soft information is qualitative, relationship-gathered, and does not survive transmission: the fact that a farmer is reliable but proud, or that his bad year was a sick ox and not bad character. The crucial finding is structural: large, hierarchical lenders are better at hard information and worse at soft, because soft information degrades as it climbs a hierarchy. It isn't that big institutions choose not to use local knowledge. Their architecture physically can't carry it. By the time the qualitative truth of a borrower reaches the committee that decides, it has been flattened into the few numbers that fit on the form.
This is the part that should make a software architect sit up, because it is Conway's Law wearing a frock coat. The structure of the organization determines the structure of the information it can act on. Centralize the decision, and you are forced to centralize the inputs, which means discarding everything about the borrower that couldn't be compressed into a transmissible number. The global score isn't lossy because its designers were lazy. It's lossy because centralization and local knowledge are in tension by design. You cannot have a single global view and keep the texture that only exists locally. You pick one.
Now the mechanism that does the heavy lifting, and the one nearly every modern "trust system" forgets.
Raiffeisen's members bore unlimited joint liability for the cooperative's debts. Limited liability wasn't even extended to German cooperatives until 1889; before that, a bad loan to one member could reach into every other member's pocket, without bound. To a modern risk manager this looks like madness: you could lose your farm because your neighbor lost his. Raiffeisen understood it as the opposite of madness. He used unlimited liability deliberately, as a trust technology. It gave every member skin in the game to screen and monitor the neighbors they were about to be financially chained to.
This is the hinge of the whole essay, so here is the plainest version of it. Local knowledge alone is not enough. Local knowledge that nobody pays to be wrong about is just gossip. What unlimited liability did was convert the community's soft information from something it merely possessed into something it would truthfully reveal and act on, because now a careless vouch cost the voucher personally.
Look at what passes for a "vouch" in modern systems and the gap becomes obvious. A LinkedIn endorsement costs the endorser nothing. An eBay or marketplace five-star rating costs the rater nothing. "I can vouch for this person" on a hiring thread costs the voucher nothing. These are cheap talk: signals with no downside for being false, which is exactly why they inflate into uselessness. Everyone is "highly skilled at Microsoft Excel." Raiffeisen's vouch was the most expensive kind imaginable: you put your own livelihood behind your neighbor's loan. Reputation without skin in the game is just opinion. A system that collects opinions and calls them trust signals has built a machine for laundering noise.
The economics here were worked out rigorously more than a century later. Maitreesh Ghatak's "Screening by the Company You Keep" (Economic Journal, 2000) showed why joint liability works so well: borrowers self-select into groups assortatively. Good risks team up with good risks, because nobody wants to be on the hook for a bad one. The contract makes borrowers reveal the type-information the lender can't observe, and it transfers the hard, expensive work of screening, monitoring, and enforcement onto the only people who can do it cheaply: the neighbors with the local knowledge. The lender outsources the part it's worst at to the people who are best at it, and the liability is what makes them do it honestly.
If you build systems that decide whom to trust (fraud scoring, marketplace reputation, vendor risk, content moderation, decentralized identity, even who gets to merge to main), the Raiffeisen result generalizes into something usable. A credit bureau, or a global trust score, is an expensive, lossy proxy for knowledge a well-scoped community already holds for free. And the two failure modes of the global score are not exotic; they're the ones you fight every week.
The first is cold start. Trust and reputation models are notoriously bad with newcomers: there's no history to score, so the system either rejects them or flies blind. Worse, global-popularity scoring tends to curdle into a Matthew effect: the already-popular get shown more, gather more signal, and get more popular, while newcomers and the long tail starve. A bounded community sidesteps this entirely, because a newcomer isn't a cold-start row in a table; they're known locally on day one. If your recommendation, fraud, or reputation system is brutal to newcomers, the fix may not be more global data. It may be a smaller, more local context that already holds what the global model lacks.
The second is the unpriced vouch, and the design instinct it should provoke is: make the voucher carry risk. Stake-weighted attestations, reviewers who inherit responsibility for what they approve, "you build it, you run it" ownership that puts the author on the pager for their own merge: these are all the same move as unlimited liability, dialed to a survivable setting. The point isn't the size of the penalty. It's that the signal is only worth what the signaler risks.
I want to be equally honest about the limits, because a one-sided essay is a worse guide. Joint liability is not a free lunch. It imposes real costs: meeting burden, social pressure, the deliberate exclusion of the riskiest people who can't find anyone to be chained to. Grameen Bank, the most famous modern heir to group lending, actually moved away from strict joint liability with its "Grameen Generalised System" around 2002, and randomized trials (Giné and Karlan, among others) have found that individual liability can perform comparably in some settings. The often-quoted 95–98% microfinance repayment rates are real talking points but contested ones, and they don't prove that group liability causes the result. So the lesson is not "joint liability always wins." The lesson is the more durable abstraction underneath it: locate the knowledge, and price the vouch. Joint liability is one (costly) implementation of that principle, not the principle itself.
And the decentralized dream has its own well-mapped traps. A "web of trust" where people vouch for each other instead of deferring to one authority runs straight into two walls. The first is the "who rates the rater?" recursion: if anyone can vouch for anyone, you now need reputation for the vouchers, and reputation for those raters, all the way down. The second is centralization creep: power quietly re-coalesces to a few hubs, and your federated system grows a new global score in the middle without anyone deciding it should. Raiffeisen avoided both by keeping the scope small enough that the raters were already mutually known and mutually liable. Boundedness wasn't a limitation he tolerated. It was the feature that kept the knowledge cheap and the vouch honest.
Strip away the history and the economics and you're left with a diagnostic you can run on any system that decides whom to trust:
Where does the cheapest accurate knowledge about this subject actually live, and do the people supplying it bear any cost for being wrong?
If your score is computed far from the subject when a bounded local context already holds the answer, you are paying to reconstruct, lossily, something you could have read for free, and you'll be weakest on exactly the cold-start and long-tail cases that matter most. And if your trust signal costs its supplier nothing when it's false, you don't have a trust signal. You have opinion with a star rating on it.
A Rhineland mayor figured this out in 1864, with no computers, no bureau, and a ledger kept partly in his neighbors' heads. He didn't build a better way to measure strangers. He built a structure in which the people who already knew the truth had every reason to tell it, and your farm on the line if you lied. A hundred and sixty years of credit scoring later, that is still the hardest problem in trust, and still, often, the best answer: don't compute the knowledge from far away. Move the decision to where the knowledge already is, and make the people who hold it pay to be wrong.
A vouch is only worth what the voucher risks.
If "reputation without skin in the game is just opinion" changes how you think about agent trust, that is the right reaction. The Agent Rating Protocol builds reputation the way Raiffeisen built it: a rank of relative track record earned from what an agent actually did, where an attestation carries weight because the attester has standing to lose, not a free five-star tap that costs the rater nothing.
pip install agent-rating-protocol · npm install agent-rating-protocol
vibeagentmaking.com → · See it in action