The “gray rhino” concept describes probable events that have a high impact on society. Unlike the unpredictable nature of Nicholas Taleb’s “black swan”events, gray rhinos, which was introduced as a concept by Michele Wucker (and written about in her book “The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore“) are visible and well-known risks that are often overlooked until it is too late. These risks are like a herd of rhinos, which are seen in the distance, and while we are aware of their potential danger, we cannot fully perceive their dimensions or predict when they will charge.
Gray rhinos are imminent risks that organizations must be prepared to handle. They require a framework in place to manage and mitigate the risks when they occur. Sometimes, multiple gray rhinos may stampede simultaneously, leading to a “crash” of rhinos, which can be devastating to society.
The development of artificial intelligence (AI), particularly Artificial General Intelligence (AGI), presents a “gray rhino” problem. AGI has the potential to revolutionize society, but it also poses a significant risk. AGI systems would have a broad range of cognitive abilities and could learn and reason about a wide range of topics, making them potentially more powerful than a human intelligence. However, the risks associated with AGI, such as unintended consequences or AI systems acting in ways that are not aligned with human values or goals, must be addressed.
The last week open letter signed by Elon Musk, Steve Wozniak, and other tech luminaries, argues that AI systems with human-competitive intelligence pose significant risks to society and humanity. The authors of the letter call for a pause in the training of AI systems more powerful than GPT-4 for at least six months highlights the need for a comprehensive risk management framework to mitigate the potential risks associated with AGI. It is crucial that such a framework involves a collaborative effort from various stakeholders, including policymakers, industry experts, and academics. It should be continuously updated and adapted as the development of AGI progresses, ensuring that it remains relevant and effective in mitigating potential risks.
Overall, the “gray rhinos” concept has significant relevance in the context of AI development, especially in the case of AGI. These risks demand a comprehensive risk management framework that requires a collective and coordinated approach from all stakeholders. It is imperative for organizations to anticipate and address the potential risks of AGI, like “gray rhinos”, to minimize their impact and ensure the responsible utilization of AGI’s benefits.
The image, shown below, features a gray rhino standing in the middle of a bustling business center. What makes this image remarkable is that it was generated entirely by AI for this article, utilizing a combination of machine learning algorithms and deep neural networks.
Originally published as a shorter version in the IRM’s Winter 2022 Edition magazine “Enterprise Risk”
The last few years have seen a lot of hype around the converging technologies of web3, blockchain, cryptocurrencies, NFT’s and the Metaverse. In a previous article we laid out how the Metaverse is shaping up and whilst we concluded that the Metaverse will take a while to become a reality, blockchain technology, in which much of web3 is built upon, has now risen to prominence, gaining wide spread adoption.
According to Blockdata research, 81 of the top 100 companies use blockchain technology. It was found that the technology is being used in areas such as payments, traditional finance, banking, supply chain and logistics. This is no longer a technology of the future that may or may not be useful, but a technology that is established and being developed. For more information on the Blockchain refer to a previous article here
The tumultuous rise and fall in the wider cryptocurrency market, led by Bitcoin, over the last two years has no doubt triggered renewed concerns regarding legitimacy of the asset class, with many pointing this out as proof that this is just a passing fad being fuelled by speculators. Whilst on the surface it may look this way, there are many indicators that suggest that it is actually here to stay. We will therefore take a closer look at the opportunities and risks of Bitcoin corporate adoption and review the possibilities that may exist in Web3, where cryptocurrencies, NFTs, the Metaverse, decentralised finance (Defi), community tokens and decentralised autonomous organisations (DAO’s) all converge.
What are Bitcoin and Cryptocurrencies?
Reflecting on the events of the past two years, you may be forgiven if you missed hearing about how Bitcoin has won over some of worlds best known billionaires. From technology entrepreneurs such as Jack Dorsey, Peter Thiel and Elon Musk to Wall Street legends such as Stanley Druckenmiller and Paul Tudor Jones. All have embraced Bitcoin, but why? What qualities does this relatively new, highly volatile and digitally intangible asset have that would garner such interest? To attempt to answer that question, one must first understand what Bitcoin is and what it does.
Bitcoin is a new digital form of money that is censorship resistant, seizure resistant, borderless, permissionless, pseudonymous, programmable and fully peer-to-peer. It is therefore available to everyone around the world and all that is required to interact with the network is a mobile phone and an internet connection. With Bitcoin, transactions are not managed by banks or financial intermediaries, but instead value travels directly from one person to another. Payment processing is not done by a regulated company like Visa or PayPal, but instead it is all facilitated by a decentralized global software network, with custodianship not handled by a bank but the users of the network.
Other cryptocurrencies aim to emulate these attributes.
While the wider cryptocurrency market is awash with different digital assets and tokens (over nineteen thousand of them), Bitcoin has, since inception, remained the largest cryptocurrency by market capitalization. To many investors, it’s Bitcoin’s longevity and simplicity that sets it apart from the rest of the digital asset market.
Bitcoin’s Mainstream Acceptance
A telling metric that reflects Bitcoin’s mainstream acceptance, is the increasing trend of corporate adoption. One of the most prominent examples of this was NASDAQ listed MicroStrategy Incorporated’s announcement in December 2020 that it had made more than $1B in total Bitcoin purchases in 2020, claiming that would “provide the opportunity for better returns and preserve the value of our capital over time compared to holding cash.” Following this other companies, such as Tesla, followed suit.
There may be several reasons why a company may wish to add Bitcoin to its balance sheet. This may be to leverage a potential opportunity for asymmetric risk returns observed over previous years (given its early stage of global adoption) or as a hedge against currency devaluation brought about by unprecedented state intervention in the money supply. It could be part of a corporate strategy to embrace modern, open-source technologies or to support an operational strategy that includes accepting Bitcoin as payments.
A major developing area of Bitcoin is that of energy optimisation and reduction of carbon emissions. Despite the commonly held view that Bitcoin is bad for the environment, there are a number of initiatives that are focused on using Bitcoin mining to both reduce carbon emissions and increase the use of and viability of, renewable energy. As an example, Bitcoin Mining is integrated with wind and solar farms to help balance grid loads and optimise energy generation. The weakness of solar and wind is that they are intermittent and there may be periods where supply exceeds demand, thus leading to waste. By signing agreements with Bitcoin mining companies who get exclusive rights for times of low demand and to turndown mining in periods of high demand, energy companies are able to more efficiently run their operations. The measures implemented by the Electric Reliability Council of Texas (ERCOT) is a great example of this. By augmenting power generation with Bitcoin mining energy companies’ are able to raise capital to build more infrastructure which will help speed up renewable adoption and support making grids more resilient. Some hydroelectric dams in North America are already seeing the advantage of Bitcoin mining with an increase of revenue allowing them to make repairs and upgrades and keeping them in operation.
Oil and gas companies such as Exxon, ConocoPhillips and Equinor are also exploring Bitcoin mining as part of their operations. Instead of letting excess gas be vented or flared which releases Methane (a more harmful greenhouse gas than CO2), they are looking to mine bitcoin with the excess gas which reduces emissions by up to 63% (according to Crusoe, a company dealing with Digital Flare Mitigation) whilst increases revenues (Bitcoin) allowing them to potentially invest in green initiatives or to make their operations more efficient.
Evolving landscape: From Cryptocurrencies to Web3
The past two years have been transformative when looking at the wider altcoin landscape. In the early days of Bitcoin, altcoins were largely cryptocurrencies that sought to challenge bitcoin. This is no longer the case. The concept of Web3 has risen to prominence where it’s staunchest supporters claim that we will have an “internet owned by the builders and users, orchestrated with tokens.” If Web1 was the Read internet and Web2 is the Read-Write internet, then Web3 will be the Read-Write-Own internet. In the following sections we will touch on various aspects of Web3 to understand whether this goal is being realised and what risks and opportunities may be presented.
Risks of investing in Bitcoin
Whatever the reason, holding a new asset such as Bitcoin on a balance sheet, most certainly exposes an organization to risk.
As this is a digital financial investment, it is essential that the CEO, Chief Financial Officer, Chief Risk Officer, Chief Technology Officer, Board of Directors all have a clear assessment the asset’s risk profile and where this aligns and diverges from the company’s tolerance for risk. As such risk managers are key to helping make their organizations aware of these risks so that appropriate mitigating strategies can be developed and implemented to help ensure success in this venture. Key areas of risk to consider are as follows:
* Regulatory Compliance Risk: Arguably the most important risk to consider given the relative immaturity of the asset class and the lack of firm regulatory treatment of Bitcoin and other digital assets across different jurisdictions. Not only is it important to consider the company’s regulatory obligations, but also those of it’s counter parties (e.g. exchanges or custodians). Items to consider would be KYC/AML rules, accounting rules, tax rules, commodity laws and securities laws. These should tie in with existing company Code of Conduct rules.
* Liquidity Risk: This risk seeks characterize the company’s ability to meet its day-to-day working capital requirements through deployment of cash reserves. A working capital threshold should typically be established with only cash in excess of this to be made available for digital asset investment.
* Technology Risk: While Bitcoin has a provable decades long track record of performance, it is vital that the technology be understood and monitored as it evolves. Material changes affecting the validity of the protocol are deemed to be highly unlikely (not necessarily the case with other blockchains). Nonetheless, the protocol continues to evolve, albeit at a measured pace. Incorporation of bitcoin improvement proposals (BIPs) typically take years to agree before being incorporated into the protocol. Adoption of the proposals does come with new features that allow for more functionality (e.g. BIP9, which facilitated deployment of the Lightning Network, a layer 2 solution that scales Bitcoin’s transaction throughput). These could be leveraged by the company, but may also introduce unforeseen risks.
* Custody and Information Security Risk: Thorough appreciation of the various risks associated with custody of bitcoin needs to be undertaken. This is particularly important in the face of historical high-profile hacks. There are different strategies a company may decide to follow with respect to custody of its bitcoin. Self-custody, fully outsourced custody to a trusted third party, or using some combination of the two via multi-signatory custody may be considered. Self-custody is considered harder to do securely for most organizations, but outsourced and multi-signatory custody are not without risk either. Should the latter two options be explored, secure private key storage, assurance of account statement accuracy, custodial service liquidation risk management, market volatility management (especially if the bitcoin is being rehypothecated) and information security protocols all need to be thoroughly understood and vetted.
* Transaction Control and Authorization Risk: Executing inbound and outbound transactions and cross account transfers will create several risks. Transaction workflows need to be fully understood with key controls put in place. These include documented segregation of duties outlining who has access to the accounts and clear levels of authority detailing what type and threshold of transaction each person can or cannot undertake.
* Stakeholder Risk: Bitcoin’s energy consumption has been a major point of concern raised by environmental groups and competing less energy intensive blockchains in mainstream media. While recent studies have largely refuted these claims and indeed Bitcoin has even been demonstrated to promote responsible and efficient use of energy (e.g. the one USA’s oldest running renewable energy plants was kept afloat as result of mining bitcoin during off peak demand periods, promoting grid resilience). Nonetheless, understanding and addressing stakeholder concerns with respect to adopting Bitcoin must be an imperative. This will require well thought out proactive stakeholder engagement planning.
Decentralised Finance
To understand Decentralised Finance, one must first appreciate the challenges associated the traditional (centralised) finance system. Most people can relate to the friction, inaccessibility and regulatory burden associated with interacting the current banking system. In recent years, these challenges only seem to be worsening and a trip the dentist seems preferable to a trip to the bank. In many parts of the developing world even having a bank account is a privilege.
Decentralized Finance or DeFi attempts address these challenges by allowing users to utilize financial services such as borrowing, lending, and trading without the need for a bank or financial institution. These services are provided via Decentralized Applications (Dapps), which are deployed on smart contract blockchain platforms such Ethereum, Solana or Cardano. Many have benefited from the boom in Defi. It has also however had its fair share of controversy. This ranges from abuse of smart contract bugs, Miner Extracted Value front-running, flash loan manipulation, and rug pulling. Any venture into Decentralised Finance should only be undertaken with a full understanding of all the risk categories mentioned above.
Decentralised Autonomous Organisations (DAOs)
As with Defi, let’s start with a definition. A DAO is a digitally native community that centres around a shared mission and whose assets are managed by the community’s contributors. A DAO is code committed to a public ledger and the blockchain guarantees user accessibility, transparency and rights. The DAO’s token determines its voting power, allocation of funds to achieve the groups goals, incentivizes participation, and punishes anti-social behaviour.
DAOs can be set up for a variety of purposes where groups of individual need to raise funds to achieve a goal. Some examples of this include Uniswap, a decentralized cryptocurrency exchange built on the Ethereum blockchain worth $ billions; and UkraineDAO, a fundraising DAO set up to collect and distribute donations to assist those affected by the war in Ukraine.
A significant advantage of DAOs over traditional organisations is the lack of trust needed between two parties with no leader or board making decisions. DAOs are however not without risk. The now famous Ethereum DAO hack highlighted the importance of ensuring Technology risk is properly managed. A bug in the DAO’s code led to the theft of $60 million worth of Ethereum tokens. Regulatory Compliance risk would be another area that will require detailed understanding as regulators seek to define how these entities should be treated.
The Metaverse, Cryptocurrencies, NFTs and Community Tokens
In a previous article we already highlighted all the opportunities and risks of the Metaverse and its important to highlight that if the Metaverse becomes a reality and widespread, the use of cryptocurrencies and NFT’s will boom. Cryptocurrencies is the main way in which people will conduct financial transactions in the metaverse whilst NFTs will be the items you buy.
Whilst the Metaverse will ensure widespread adoption, NFTs don’t require the metaverse to have a use case. They can be, and are being adopted right now for university degrees, house ownership, artwork purchases and any other real-world item that is unique and requires ownership proof that can be stored and found securely on the blockchain.
Some organisations are developing their own Cryptocurrencies or NFTs in order to reward customers or staff and tie them into their own ecosystem. JPMorgan developed one to make global transfers cheaper and faster whilst Amazon have developed one to work as a store card. Binance, a cryptocurrency exchange that allows users to trade various tokens, have their own cryptocurrency to reward users for using their services and helps provide a competitive advantage against the competition. Football clubs have developed NFTs for fans, allowing them access to players and allowing them to vote on things such as what song to be played when a player scores a goal and this could be extended to much more serious votes in the future. Expect the emergence of cryptocurrencies and NFTs being created by companies to increase further with Google and Facebook expected to launch too in the near future.
What about Central Banking Digital Currency (CBDC)?
Central banks have been providing money to the citizens of the respective countries for centuries. To keep pace with a rapidly changing world and pursue their digital public policy objectives, some central banks are actively investigating offering their own digital currencies to the public
CBDC’s are being considered as a future for the national currency by some central banks. Where previously we had paper money and money sitting in our bank accounts, some central banks are now looking at creating CBDC’s which are essentially centralised cryptocurrencies. They claim it has a number of benefits from reducing tax evasion to understanding population spending habits and reducing fraud and the funding of illicit activities. The potential risks it poses however include the ability of a government to fully monitor the population and restrict access to their funds or what they can spend their money on. Currently countries like the UK and USA are already reviewing the concept and have plans to implement them whilst the e-Krona in Sweden is already under testing and countries like the Bahamas have already adopted it. Whether benefits outweigh the risks remain to be seen and it is likely that CBDC’s will live alongside their decentralized counterparts such as Bitcoin.
Conclusion
Despite the concerns and scepticism associated with of Bitcoin, NFTs and altcoins, it is clear that adoption is happening, and it is likely only going to become more wide-spread. The question is what involvement should an organisation looking to get involved have? From investment to developing their own cryptocurrency or investing in the ecosystem, there is plenty to explore, and as with all initiatives that have high rewards, they come with plenty of risk.
Alignment with the organisations vision, mission and values would be the starting point, followed by development of a digital asset strategy. Once this is in place a thorough assessment of the opportunities and risks needs to be undertaken with particular emphasis on where these converge and diverge with the company’s risk tolerance.
Written By
Alexander Larsen, CFIRM – Founder of Risk Guide & Chair of the IRM Energy & Renewables SIG
Dylan Campbell, SIRM – Secretary IRM Energy & Renewables SIG
A few years ago I was asked by Strategic Risk Magazine to record a short video on what I would like to see change and improve in the Risk Management Profession. Having reviewed the video in the last few days I wanted to see if it was still relevant (Hint: yes it is! now more than ever!) Since I recorded the video, we have all gone through a Pandemic that has lasted 2 years and had a major impact on businesses, countries and societies globally. The video can be watched here:
During these last couple of years, aside from the crisis meetings focused on survival, we have seen organisations focus on restructures, new strategies and business models changing. Amongst other things, digital technology adoption and transformation initiatives have been accelerated. These are all areas where risk managers and risk departments should thrive, providing added value support for decision-making.
Unfortunately, this has not always been the case. Whilst I have seen Risk Mangers being brought to the top table for their insights and support during the pandemic I have also (and far too often) seen Risk Management (and therefore the risk managers) being cast aside or forgotten about for these important decision making meetings and initiatives. I therefore believe, now more than ever, that the suggestions in my video are even more relevant than before. So what are the key suggestions? Of course this is not an exhaustive list, however here are the three areas I discuss, all of which requires the risk manager to wander away from the comforts of their office desk.
Getting a seat at the top table
Risk Management / the Risk Manager needs a seat at the top table. If Risk Management isn’t featuring in decision making at the top levels, then what is the worth of having a risk management program? The Question is how do risk managers get invited?
As a first step, risk managers should be knocking on the door and asking for an invite. It is surprising how often this works. Assuming this doesn’t work then its important to catch their attention by demonstrating value.
During filming of “Risk Managers Getting Coffee” a question I often asked the guests was “What makes a great risk manager… what do you look for when recruiting for such a role?” The overwhelming answer was always around the soft skills. Communication, relationship building, adaptability, strategic mindset and a salesman-like ability to sell risk management. Whilst quantitative analysis skills, industry knowledge and company knowledge featured in the answers, they were always second to the important soft skills. These skills play a key role in being able to demonstrate the value of risk.
The risk manager needs to Identify influencers and allies who they may be able to approach to get an invitation in the first place. Failing an invitation, at the very least, it may give them a heads up as to when those important meetings are happening (This doesn’t need to be senior leadership meetings but it could be important innovation meetings, digital transformation meetings, project meetings etc). It also gives risk managers a starting point for relationship building in order to develop trust and an understanding of the value that risk management can bring them.
In order to demonstrate true value, the risk manager first needs to understand what is important to their senior executives and learn to speak their language. If the risk manager can understand what is close to their heart, such as a pet project or initiative, it’s a great starting point to offer help or support. And what does support look like?
There are numerous ways a risk manager can add value to senior executives. One way is simply meeting their team and discussing risks to the initiative/decision/project with the team and reporting this back to support decision making. Other approaches include optimising insurance programs, offering solutions to risks or running quantitative risk analysis. Quantitative risk analysis (QRA) can be tricky as it would require information and more time with their teams which may not be an option, however, where possible, then providing QRA data (in a digestible and visual format) will be something that decision makers will not be used to seeing and will usually leave a lasting impression, and with it, an invitation to the top table thereafter.
Its important to point out at this time that a senior exec is unlikely to be impressed if the risk manager only comes to them with roadblocks, negative risks or doom and gloom. Therefore it would be wise to consider opportunities and solutions to the risks or indeed what the deviations (both positive and negative) to the objectives may be when reporting back.
Gain Staff buy-in
Whilst proving value to top management and gaining their support is vital, equally as important is ensuring that the wider staff are on board. They are being asked to identify risk. They are asking to take time out of their jobs to support a risk management program that they often don’t understand, don’t see the value of, or don’t receive feedback from. It is therefore important to focus on communication. If people take their time to identify risk in their departments then the risk manager better make sure that they receive a proper thanks along with feedback on how their risks are supporting decision making or being escalated and used at the highest levels. This can be achieved by producing newsletters, creating (interesting and visual) annual risk reports, undertaking roadshows, creating videos, or getting away from the desk and meeting people on an individual basis daily.
Whether it be department managers or individual staff members, its important for the risk manager to understand what motivates them and again requires the risk manager to get out into the business and talk to people to understand their concerns about the risk management process as well as getting to know how busy they are (and at what times of the year they are most busy), the challenges in their job role, the challenges to their objectives, what motivates them (money, exposure to senior management, recognition etc). . This one-on-one time can be used sell risk management but also use another important risk manager skill, listening. These discussions alone already set the risk manager up with:
identified risks (without the need for the staff members to go through a boring form or formal process and offering a great starting point for them)
an understanding of the time-consuming or frustrating aspects of the ERM program that could be improved as well as how they like to receive information (detail vs visual for example)
a good idea of how staff can be supported better to either avoid busy periods or receive additional support
the opportunity to explain why risk management is important and how it might help them and their departments.
a starting point for developing incentives and motivations for identifying risk and developing a positive risk culture
Risk Culture
Without the right risk culture in an organisation there is a good chance that even the best designed risk management program will fail. Risk Culture is the combination of values, attitudes and behaviours within an organisation in relation to risk management. This creates the foundations of an organisations approach to risk as it affects all risk decisions and ultimately the delivery of business objectives.
Building a positive risk culture takes time and effort. There is a large amount of work that needs to go into developing a positive risk culture which can take up several articles in itself however we will highlight a few of the key areas. We already discussed the importance of obtaining buy-in from the top as well as from all other staff in the organisation. In addition to this, developing a positive risk culture requires extensive training and hearts and minds sessions as well as constant communication to ensure an organisation-wide understanding of risk management and its benefits.
This requires the risk manager to be visible, approachable and an ally to the business. The following is a list of areas where the risk manager should be actively involved and will be the subject of a separate article that will go into further details.
Training
Risk Management Training forms a fundamental part of developing a positive risk culture. It is not only the technical aspects of the training but the hearts and minds.
Risk Workshops
The Risk Manager needs to act as a support to the organisation when it comes to identifying risks. Identifying risks consistently doesn’t happen overnight Facilitating risk workshops on behalf of departments can help them ease into the process.
Risk Champions
Risk champions can be a powerful tool in an organisation with few staff in a risk department. The risk champions, with the right training and understanding of the framework, along with the right personality and engagement, can act as culture builders in their own departments or functions.
This brings me back to the fact that the risk manager needs to be away from their desk more often than not and ask the right questions. They need to be seeing their risk champions, understanding what will motivate them.
Soft Skills of a Risk Manager and the Covid challenge
Essentially, what Risk Managers need to focus on, in order to take the risk profession forward, is their soft skills such as presentations skills, listening, speaking the language of staff, diplomacy and collaboration to name a few. Communication is ultimately key. Getting away from the desk and out into the business and communicating their aspirations and asking the right questions of staff to better develop a risk framework that fits in with their schedules and type of work and actually starts to add value to them.
But, this is not as easy when the organisation and its staff are dispersed. As we have seen this past couple of years, COVID has altered the way we work. Overcoming this obstacle is where another key skill comes into play: creativity.
If there are concerns about social distancing and not being able to meet one-to-one, or in groups in the office, then think differently. There are a number of alternatives that might work, such as holding outdoor meetings, investigating and using new technologies, hosting highly interactive and visual virtual meetings and workshops and/or adding risk as a regular agenda item in weekly team meetings and ensure that you attend as many as you can.
As we continue to navigate through the crisis, let us lean on our soft skills to better leverage the technical skills we, or other team members may have, to improve risk management now and into the future.
As introduced in Part 1, the Cyber generation kids are entering their mid-teens, those who are not already running their own companies are preparing to enter your workplace in a few years.
They do not like supervision; not because they are arrogant, but because they have not grown up with the concept and they do not need that. They have grown up with both parents working; now they manage their own time and most of them are getting through High School “on their own”. A recent study showed that
“Boys get an alarmingly low average of one half-hour of direct face time with their dads per week, but over 40 hours of screen time (Internet, TV, and gaming).”
(From Fuller Youth Institute article entitled “Guys and Gaming” by Brad Griffin)
As they do not like supervision, they are not likely to fit into the “boxes & lines” of your current corporate structure of supervisors and different levels of management and as such these will naturally disappear when these Cyber-kids come into the workplace. Their collaboration and teamwork skills that they learned through playing massively multiplayer online role-playing games will ensure their success in the workplace. (There you have it: It is a type of game genre which allow thousands of gamers to play in the game’s evolving virtual world at the same time via the Internet, a perfect training ground for today’s Global business world)
They are driven to survive and win; In Cyber- world, you are not accepted onto teams if you do not have the capability to deliver; and if you get in and do not deliver, you are quickly told to move on. I guess it is more “cut-throat”, direct and gender irrelevant than today’s business world, so changes are surely coming the day these guys and girls get to where you are today; the top chair. “Dead wood” will never grow in their companies; companies that will be just be very large networks of partners and providers.
These guys will still be living with Mum & Dad when they enter the workplace in a few years’ time, they are DOING LIFE, not gathering possessions and worrying about retirement. They are generations away from the great depression of the 30’s. They will not iron out used gift-wrap for re-use and they cannot gather all the used Christmas and Birthday cards, as they never got any “paper” ones. They do not have childhood photo albums and home videos to show, it’s all on Facebook and YouTube.
They will not apply for jobs; your Human Resource function will have to search for them on Linked-In if you want to employ some of them, remember, they are the only people who would be able to protect you against the Cyber-threats of the future, they grew up with them; sometimes creating them. If your company’s profile in Cyber- world and on Social Media is good enough; they will find you! They will walk through the door and tell you how they can add value to your business and they would expect to be adequately compensated for that value. After that, they will move on to the next place; as mentioned, they have no interest in becoming a slave to your payroll!
Will you be ready? Alternatively, will you risk going out of business by refusing to accept MMORPG- warriors and all the changes coming with them.
“People are now increasingly being found for jobs, versus having to find their next job,” Jon Bischke said in an article on Quartz and in the same article, Jeff Zinser is quoted to have said: “To a good recruiter there is no difference between passive and active candidates”
So, the future of work is like owning a shopping mall, you are the manager and marketer of Your Own Brand. You will have one, preferably two anchor tenants; the ones who pay the bills, and then you will be in the open market for the rest. You’ll be opening and closing the outlets as the market rolls on; to those who need a coffee shop, you will give a coffee shop and to those who need a bank, you will give a bank, or at least be able to find a bank in your network and collect some commission during the referral and introduction process. Sometimes you will close some areas for renovations and improvements.
People will focus on their key skills and develop an income stream for a steady income by applying those key skills in the businesses of their “anchor tenants” adding value and building sustainable competitive advantage as without that, your mall will close down and go to the corporate graveyard.
The rest of your time you will spend on helping other smaller outlets to do business, riding the ebb-and-flow of the market to make sure your mall stays in business.
Therefore, if your shopping mall has some really good anchor tenants and an attractive, well-kept building in the right business neighbourhood and you have a good marketing strategy; the smaller outlets will queue up at your door for space in your mall. Keep in mind that building a mall is very hard work; it will require some capital and good risk management skills, as it is very different from “just renting a shop”
“The butterfly can just look back, Flap those wings and say, oh, yeah; I never have to be a worm again”
The Real Future of Work is like a Shopping Mall, the days are gone when employees were looking for bosses and long-term employment relationships. Prospective employees are looking for customers; and they favour the ones paying the highest price in relation to their perceived total personal value. In this global war for talent, people have taken charge of their own careers and they manage their careers the way they want, focused on achieving their personal goals. Sort of their own brand managers, after all, Human Resource Directors failed for over fifty years to get to understand the top of Maslow’s pyramid—for all people, it is all about themselves!
Many people are now working from their homes and converted garages became home-offices; perhaps the layout of the family home of the future will be much different to what we have today. We see how 24/7/365 broadband connections run trillions of megabytes of data all through our quiet and peaceful neighbourhoods. Mothers and Fathers again have time to play with their children and not just exist to “keep up” with the Jones’ next door.
Chief Executives must prepare their businesses for the Cyber Generation of MMORPG- warriors; they will not apply for jobs and will not become slaves to your payroll.
The Cyber generation kids are entering their mid-teens, those who are not already running their own companies are preparing to enter your workplace in a few years; will you and your company be ready for them? Who are they? The front-runners are those born in the year after Y2K, remember that fiasco? They follow the Millennials, but are very different; for some of you, these are known as your grandchildren.
They are from two worlds; the one you and I know and Cyber- world, hopefully they have grown up spending more time in the real one, but that could be debatable. Their worldview has a few new lenses and filters added to it, lenses and filters you are not familiar with and as such, if you do not shape up, you will not understand them.
They have more friends than you do; both in the real world and in their Cyber-world, simply because they had more opportunities to make friends than you had. The early ones, before 2005, came quietly into the world; later, their brothers and sisters (and in a few cases their parents) posted their births on Facebook, it was the way to tell the family and the whole world they have arrived.
They know more about computers than you do; they are currently hacking; or at least trying to hack the High School’s computer system. Either to make a statement, or to improve their grades for re-gurgling information that they have been fed through things called books by people called teachers. The successful ones will be the ones who supplemented that learning with Khan Academy! By the time they leave school they will also know a lot more than MS Office, they will have some programming skills and most will run their own websites and blogs.
They are better at Strategy, Operations and Teamwork than you are; By the time they enter your workplace, they would have spent 30% of their lives playing MMORPGs (if you do not know what that is, ask Google) In my opinion, that is a better way to prepare for the business world than learning “outdated” information and reading historic works of corporate literature written by retired CEO’s who once had some “claim to fame”. Anything older than 5 years is outdated in today’s world, sadly some are hanging on to the thought that the degree they got in the early 80’s still means something and even more sadly- some companies still want to see the evidence of 30-year-old degrees, thinking that such historic knowledge can add value to their business today!
Blockchain technology presents users with enhanced security and efficiency, but it is not without its challenges – including overcoming the ingrained habits of its users
BY ALEXANDER LARSEN AND FAISAL ALNAHDY originally published in Enterprise Risk publication by the Institute of Risk Management (IRM)
The last couple of years has seen a real buzz around a new technology called blockchain, which in essence is just a decentralised public database (the chain) of digital information (the block). Transactions are recorded into this public database through consensus across a network of decentralised computers, which is achieved by a proof-of-work system called mining.
Many organisations are implementing it already including IBM, Google, American Express, Oracle, Facebook, Ford, Amazon and Nestlé. There are also blockchain-specific companies offering blockchain solutions for supply chain, social media and stock control. These companies often use crypto-utility tokens within their ecosystem. There are also blockchain-based coins with no other use than that they seek to behave in a similar way to traditional currency and to potentially replace it. Whether a utility token or currency coin,
both of which fall into the category of cryptocurrency, most are available for purchasing as investment or as a way of speculating on various exchanges globally.
Hacking incidents and vulnerabilities
There has already been a number of major and high-profile hacking incidents which has government regulators concerned. When it comes to hacking, it is not so much the cryptocurrencies that are the problem, but rather the exchanges on which they are traded and the digital wallets where many of them are held.
Many exchanges are unregulated or loosely regulated at best. Their governance standards and cybersecurity measures are severely lacking, which is where the problems lie. Some exchanges have been hacked in recent years. Interestingly, hacking risk is also one of the main concerns for the existing banking system, which means fiat and cryptocurrencies have the same security concern. For instance, online banking apps can be exposed to hacking which aims to steal users’ login data and debit or credit card information.
A potential solution to hacking incidents on exchanges is the introduction of decentralised exchanges, essentially a cryptocurrency exchange on the blockchain. This would reduce hacking significantly. Unfortunately, it is not currently practical, due to poor user interfaces, but it could become the standard of the future, especially if regulation supports this innovation.
While it is difficult to govern cryptocurrency itself, and due to the fact that cryptocurrency is apparently unhackable, what policymakers should focus on is the regulation of the services associated with the use of cryptocurrencies. Regulation should focus on stricter business practices within exchanges to avoid fraud and scams, as well as introducing minimum but high standards of cyber risk requirements in order to protect against hacking, phishing and other cyber-related attacks.
Most people involved with the technology agree that blockchain networks are virtually unhackable although some argue that all “software” is vulnerable. The one vulnerability that everyone agrees on is that blockchain technology can be hacked through a mechanism called 51 per cent attacks. This happens when 51 per cent of a network is owned by the same group of people, enabling them to manipulate transactions on what is effectively no longer a decentralised network.
While this is possible on some of the very low market cap coins and tokens, it is highly expensive, and some would suggest impossibly expensive, on larger market cap coins such as Bitcoin. According to the CEO of a new blockchain company in Oman, who we interviewed, aside from a 51 per cent attack, no one can hack a blockchain. The CEO echoes the sentiment that vulnerabilities tend to exist in the applications that use blockchain technology such as exchanges and wallet.
Blockchain and financial services
Various studies suggest that implementing blockchain in the banking industry alone could decrease expenses by $20 billion by 2022. In addition, the technology could boost the safety of customers’ data in a business. Many policymakers in the banking and finance sector already believe that blockchain technology could replace the existing SWIFT transfer system in banks.
According to the IT department of Dhofar Bank in Oman who we spoke to, the bank has already implemented the Ripple blockchain. They said it provides a better experience for international money remittances, increased security against cyberattacks, an improved speed of transfers and is more cost- efficient. The bank added that it did not see any unique challenges in implementing blockchain solutions compared with other technologies.
A significant indication that blockchain is being embraced by banks came from JP Morgan, when they announced their blockchain project, JPM Coin. It has already been approved by 75 banks, such as Santander Bank, in order to enhance the testing process. JP Morgan believes it will help to reduce costs, increase security and improve the speed of financial transactions.
Other sectors
A number of countries, such as Estonia, Slovenia, Malta, UAE and France, are actively promoting blockchain technology by implementing positive regulation and encouraging start-ups to set up in their countries. They clearly see the benefit that the reduction of transactions and middlemen can bring with a database that is apparently tamper-proof and auditable.
There is a particular focus on cybersecurity. As universities, governments, companies and major projects add more security cameras and sensors that require communication of data across device networks, there is an increased
need to protect their networks from hackers. This is also true of the internet of things, which sees devices such as fridges, coffee machines and heaters sending data across networks.
Cybersecurity in retail is another area that blockchain could help. Retailers have a long history of using prepaid and loyalty cards, and blockchain provides an excellent opportunity to offer a more secure gift card and loyalty programme that is not exposed to the same data breaches from hacking incidents that has plagued the industry for years. Many suggest that blockchain could also be the solution that Elon Musk needs to get autonomous cars on the road. The threat of terrorists hacking self-driving cars, robots, drones or automated transportation systems in itself is a scenario that would strike fear in any government. Blockchain could provide a solution not only
to the hacking threat but also to potential accidents arising from other challenges too, such as the current lack of accuracy of verifying of data collected from the surrounding environment and potential downtimes and systems failures that are inherent in a centralised network.
Challenges
One of the major drawbacks of the technology is the need for mining, which essentially requires computing power. It has been estimated that during a week, the entire blockchain network consumes energy on a par with the total amount of electricity used by Hungary – or 0.25 per cent of the entire planet’s energy needs. Recent research estimated that mining could account for 1 per cent of global energy usage by 2020, an amount that would increase rapidly through mass adoption. Blockchain technology is
improving and a number of updates have already made many blockchains more energy efficient. Nonetheless, it should be a concern for governments looking to reduce carbon emissions. Regulation could be introduced to ensure that mining companies adhere to strict renewable energy requirements, although this will also potentially shift mining activities to countries who have less stringent rules on mining activity (and cheaper electricity).
A fully decentralised system would enable users to trade, transfer and receive money directly without intermediaries. It could be argued that some intermediaries may be seriously exposed financially or resist the technology. As a result of this, and in countries or cities largely reliant on the financial sector, unemployment rates could rise, and policymakers therefore need to think about whether creating new roles for intermediaries may be possible in order to avoid this scenario.
There is also the matter of investor and customer protection to consider. The existing centralised financial system has a level of trust built into it that protects money in events such as bankruptcy, fraud or in the event of the death of a family member. This level of protection does not exist in a decentralised system. It seems as though the most likely scenario is a semi-decentralised system, which could therefore still be potentially more vulnerable to cyberattack.
What about GDPR?
A major area of concern for all businesses over the past couple of years has been the General Data Protection Regulation (GDPR), introduced in May 2018 to increase people’s data privacy. It presents a possible stumbling block for blockchain implementation. The major areas of conflict include the fact that blockchain would hold personal data that is publicly accessible at the same time as not allowing for changes, such as deletion as per requirements of GDPR under “the right to be forgotten”.
This is a direct clash of function. However, by ensuring that the blockchain does not hold any personal details, such as individual names, there may be a way to get around this problem. Additionally, GDPR does not aim at regulating technologies as such, but regulates how organisations use these technologies.
Both GDPR and blockchain’s main focus is the protection of data, something which blockchain does very well as we have already discussed, and as a result, while initially it may seem that they are incompatible, blockchain could actually be a potential solution to meeting the GDPR requirements of encryption. Additionally, one of the reasons for the existence of GDPR was the misuse of data by major corporations, something that the decentralised nature of blockchain totally removes from the equation.
The same, but different
A blockchain future with levels of security we have previously not been used to seems difficult to imagine.
We have grown accustomed to major cyberattacks and breaches. While blockchain, if embraced and implemented properly, is certain to reduce these attacks significantly,
we will still be faced with a fact not yet mentioned in this article. Ninety per cent of cyberattacks come from human error and social engineering – a risk that blockchain would be unable to remove. As technology moves forward, humans seem to be unable to adapt quickly enough. The staggering speed of innovation could mean that while the future may turn out to be very different to today, many of the same old threats could remain.
This article was written by Alexander Larsen CFIRM, president of Baldwin Global Risk Services Ltd, and Faisal Alnahdy, senior auditor at the State Audit Institution in Oman. It is based on Alnahdy’s MSc dissertation, “Evaluation of risks associated with cryptocurrency: case study on Oman”, which he wrote at Glasgow Caledonian University.
This article was originally Published by the Institute of Risk Management’s ERM Magazine & Blocktribune.com
The ICO Boom
The ICO space saw a boom in the last couple of years and has been looked upon as a valid alternative to Initial Public Offerings. Less regulation, more opportunity for the average investor to “get in early” and the excitement of new technology and a movement.
I recently had the pleasure of meeting up with a number of companies in the crypto space and they all suggested that we are seeing a revolt against IPO’s due to investments being heavily in favour of venture capitalist getting the most out of it. This has seen a huge rise in ICO’s and expected to see the same for STO’s. Aside from raising funds, a major benefit of these token offerings is that it has brought in a community and supporters.
This has been extremely positive for them and has brought enthusiasm and motivation to all involved including token holders. As an example, a few companies have between 3000-8000 members of which ¼ are active every 30 days. An impressive figure for smaller crypto companies and one that shows the enthusiasm that token offerings can bring.
More recently, ICO’s are being seen as purely speculative and a money making opportunity. Additionally they are being looked upon with scepticism by investors and regulators alike. This has a lot to do with the huge number of ICO’s being launched, often with no real vision or potential product, as well as outright scams. As if it wasn’t already difficult enough to meet such aspirational objectives with the myriad of technological issues they face, these additional pressures only make it more difficult for ICO’s with a genuine and innovative proposition to prosper or survive
Due to a number of scams (80% of ICO’s are now considered to have been scams according to a study by Statis Group) and the crash of the crypto market however, there has been the creation of a new form of ICO. a hybrid between traditional IPO’s and ICO’s. These are called Security Token Offerings (STO’s) and have more stringent requirements and regulation to follow.
With 80% having been scams, it leaves the leftover 20% of ICO’s to be successful, however according to a number of studies, 50% of these fail with the verdict still out on the rest. That means a whopping 90% have failed (if you include the scams). What does it mean for the other 10% and why do so many fail?
Technological Challenges
The fact that this is a new space based around innovation and firsts, makes the technological challenges numerous and difficult to predict. This has also been the case for a number of the companies I spoke with. One smaller company has employees based globally in over 10 countries with 8 of them being based at the Headquarters.
A couple of the companies were set up between 5 – 10 years ago with a specific vision. Whilst It was initially expected to take 2-3 years, the vision remains. The fact it has taken so long to make progress is an indication of the technological challenges that the space faces.
Many companies in the crypto space focus on timescales but the companies I spoke to by their own admission, realise these timescales were not so accurate.
“It’s always difficult to predict new technology like this and you can never be sure what problems you will face.” one CIO suggested. As a result, a few of the companies have decided to stay away from timelines although this type of honesty is rare in the space and can also be seen as a weakness by the typical cryptocurrency investors who demand timelines (whether unrealistic or not).
Building strong foundations
The recent ICO boom, which has seen thousands of new ICOs and some huge funding raised, means that many companies don’t have time or the possibility to be so transparent and honest. Their investors expect immediate results, and being a speculative market, they care more about their token price than the technology or results produced. This has put additional pressure on companies to overpromise and launch unfinished products too soon.
Some companies do focus more on product however. Two companies I spoke to have seen their product take longer than many new ICO’s to launch or progress. The reasoning for this is, that unlike many companies who simply launch their product after ironing out only a few teething problems, these particular companies have been determined to get the bigger more complex problems resolved as a priority before launching anything.
The trouble with launching a product early is that it causes major difficulties down the line when the larger problems make themselves known and they need to resolve these issues within the confines or parameters of the design they have already launched.
“By solving the fundamentals we can ensure we are less likely to be disrupted. The downside is that it appears you are moving backwards and slower than competitors. Mostly however, others are only making incremental changes to an existing flawed design” says one CIO.
So what are the key risks to survival in the coming years for these companies?
Risks and challenges in the space:
Below are just some of the key risk areas the companies I have spoken to face going forward, and which I believe all ICO’s and STO’s need to be in a position to manage:
1. Funding related risks:This is the nature of the business. With much of the work being research and development based as opposed to creation of an immediate product, initial funding, ongoing funding and future funding remains a key risk to the industry.
2. Regulation related risks: I have written several articles on regulation and self-regulation (see riskguide.wordpress.com for these articles) and it is a major concern to companies in the space.
As an example, for many companies, a major part of their envisaged product would be encryption or privacy. Therefore, The UK’s Prime Minister, Teresa May’s current focus on access to information, would potentially require banning encryption.
“This is only the beginning and with the rise of ICO’s it is probably an important and necessary step as not everyone is fully equipped to understand what they are investing in. There needs to be a middle ground in terms of regulation. Too little doesn’t offer protection. Too much stifles innovation.” suggests a CEO of one crypto company who is open to regulation.
There are upsides to regulation too however, which I have suggested in previous articles. China’s move for example, can be taken as quite positive in terms of coming out and taking a definitive stand which should encourage other governments to do the same. It essentially removes uncertainty. Uncertainty is the source of so many risks and often a negative certainty is better than uncertainty as it allows a focus within set parameters.
One CEO suggests that if regulation was introduced it could make their job easier:
“If we knew what was coming we could work around it but when its uncertain we can’t prepare properly.”
Many countries are also encouraging blockchain and ICO investment by implementing clear regulation that is often positive. Slovenia and Malta are just some examples of countries encouraging growth.
3. Exchanges related risks: Many coins and tokens are on various exchanges globally but 90% of volume may be on one specific exchange, such as on a US based exchange for example. If that exchange shuts down (hacking incident, new regulations, and business decisions) their coin could be heavily impacted
4. Assets: This is no doubt a concern for many companies. There needs to be a balance between having your assets in crypto currency and cash. Some would argue that you should keep it in the currency you trade with, but others would say Bitcoin increases so much and is a better long term investment. It is however also very volatile. Additionally, there is 18 trillion dollars in circulation vs 66 billion Bitcoin. So it is therefore easier to manipulate the Bitcoin market.
5. Product completion – too many ICO’s and STO’s have a vision that is just unachievable. The scales and promises are too grand. Not only do deadlines get missed but a product never seems to be anywhere near completion. Whilst investors will “HODL” (a term used in the cryptocurrency community for holding a coin no matter how low the price gets and for the long term) as long as possible, when products don’t see the light of day and no progress seems to be being made, it spells trouble.
In these situations, communication is key! Keeping investors up-to-date with progress helps. Mostly however, unless you have achievable objectives, you are doomed to fail. During the height of the crypto and ICO mania, it was difficult to set achievable objectives. These wouldn’t excite investors. Now that the cryptocurrency market is down 90% however, investors are beginning to look for the few who might actually achieve what they set out to do.
6. Lack of use cases, competition and traditional alternatives:going hand-in-hand with product completion is use case. whilst some companies may go on to develop and launch a working product, the use case for these products is often limited. Firstly, a product has to solve a current problem. If it doesn’t, it’s unlikely anyone will use it.
If it doesn’t solve a problem you face the reality of competing against traditional alternatives. “But it’s on the blockchain” doesn’t cut it as most users of software or social media or any other technology don’t care what’s running it. Most don’t know what blockchain is and couldn’t care less. If it doesn’t improve their user experience and it doesn’t have as many users, or if it’s too difficult to migrate, then they aren’t going to swap what they currently use for this new technology. Even when using traditional technology backed by a mega company like Google, their initiative to try to compete with Facebook failed (see Google Plus)
Even if it solves a problem however, in most cases, ICO or STO backed companies are competing with the big boys. Companies like IBM who do this kind of stuff for a living. They have a large R&D centre with experienced staff and a structure that has worked for decades. They also have a large client base to sell to, something the ICO’s and STO’s can’t compete with. Moreover, these larger companies also have a large set of products with which to integrate their new technology with.
7. Bear Market liquidity: finally, looking at this bear market where prices are down 90% or more in most cases. Many ICO’s have held onto tokens (see assets above) instead of diversifying their assets into FIAT. Many can only last a few months to a year with current spending on staff, infrastructure and having no workable product. Expect to see many cryptocurrency companies fail during 2019 if prices don’t pick up!
Whilst the above risks are certain to be relevant to many ICOs, it’s interesting to see some of the more interesting challenges of the last five years that early crypto companies faced, that whilst not specifically relevant nowadays, at a higher level still remain very much a top risk :
Combination of getting the right people and funding – in the early days there wasn’t the abundance of developers and programmers who were used to the technology, but at the same time there weren’t the same amount of competition as there is today either.
Technology related risks – most employees are working remotely. Nowadays it’s easy to do this due to online tools such as slack, Skype, hangouts and screenshare etc. but back then it wasn’t so easy. So the business model was far more difficult. To add to this, bandwidth at the time was a real challenge. You are talking about speeds of 2 mb vs 300 mb in terms of broadband. Whilst these days you wouldn’t be concerned about bandwidth or the lack of apps, technology still remains a major risk.
ICO launch related risks – these days, the technological advances have made it easier than ever to launch an ICO. The number of tools and platforms on which to launch are increasing every day. Imagine the difficulty however for those who didn’t have such options and were trying to raise an ICO during an experimental phase. Too many coins launched, the ICO launch continuing past the deadline, and the technology it was launched on becoming obsolete were some of the examples.
Alexander Larsen can be contacted on linkedin or Twitter @alexlarsen_Risk
2017 was the year of the ICOs with a record 5.5 Billion USD raised compared to 90 million USD the year before and 2018 has been no different and has already surpassed this figure with 7 billion having been raised to date, according to ICOdata.io.
Whilst it sounds like the ICO machine is growing in strength, the trend tells a different story. A dramatic fall in funds raised month on month during 2018, as well as the number of ICO’s reducing suggests that all is not well with the market.
A number of high profile incidents regarding outright scams, alongside poor management, overvaluation of ICO’s and the crypto space have had an impact on the market with investors being more careful and more demanding of ICO’s.
Additionally, regulators getting stricter and introducing KYC and other requirements for investing in ICO’s means that ICO’s are now facing a tougher time getting off the ground and raising funds. This has created the rise of the STO. The security token offering which is more regulated and a hybrid of IPO’s and ICO’s.
It is here that Risk Management can help ICO’s and STO’s gain credibility and stand out from the crowd and gain competitive advantage, adding value by bringing a level of transparency rarely seen in the industry, and ultimately, leading to investor confidence in the token offering and it’s management team.
One example that springs to mind was a Nordic property development company who decided to not only introduce risk management within their organisation but also communicate it (along with their top risks to the various developments) to potential investors. The results were two fold with sales increasing as a result of increased confidence in the company compared to competitors, as well as better performing projects/developments.
This example highlights the fact that it is not just during the token offering stage that risk management will play a key part. The introduction of risk management to the company will lead to improved performance, resilience, strategy setting and optimisation of said strategy, as well as improved decision making. Consider that yet more competitive advantage!
Innovation
It has long been said by people who don’t understand risk management, that it is a hinderence to innovation. Quite the opposite is true however. Risk management can help foster a company’s innovation agenda by revealing blind spots and areas of underinvestment. Companies such as Google, who challenge staff to find faults and risks in their projects, are a perfect example of the marrying of risk and innovation.
Clearly the blockchain space is all about Innovation which makes risk management all the more important. So what do current organisation’s in the space do in terms of risk management?
What should ICO’s focus on?
Objectives and strategy setting
There are a number of articles and courses out there that cover how to set up risk management within an organisation and how to identify risks, however some key focus areas for this industry is that ICO’s and STO’s need to be very clear as to their objectives and focus their efforts on Identifying and assessing their risks to these objectives whilst looking at solutions to mitigate them.
These companies in particular are covering uncharted territory and at the very least, areas that most investors are not familiar with. This is why having clear objectives that investors can understand is a must. This then sets context when identifying risk.
Opportunities need to be considered in this context too, and embedding the risk process within strategy setting or objective setting can add real value to an organisation’s success as risk management can often influence the strategy significantly.
Innovation, Research and development
It’s not just the high level objectives that need to be considered with regards to risk management however. A process needs to be developed that allows risk to be embedded throughout the research and development process. It should be a natural part of idea generation and a tool to enhance all aspects of the project. Risks that are identified when an idea is born on the back of a napkin at a coffee shop, are cheaper and easier to rectify than once infrastructure or software has been built!
Having met with a few companies in the space, it is clear that some have decided to focus their approach on getting the fundamentals right. One reason it has taken these specific companies longer for them to achieve their goals is that, they have been determined to get the bigger more complex problems resolved as a priorty before launching anything. This makes managing any unforeseen risks in the future much easier.
Many other companies who simply launch their product after ironing out only a few teething problems, then realise they face major difficulties going forward when the larger problems make themselves known and they are forced to resolve themn within the confines or parameters of the design they have already launched.
Risk Culture
Whilst having a process is important, more important for any organisations looking to implement risk management, is understanding that having a positive risk culture is cruicial. All employees, managers and directors are responsible for managing risk and making risk based decisions. Therefore, aside from having the necessary training, they also need to feel empowered to bring bad news to the table and share concerns. The risk framework needs to ensure that risks can be escalated and not blocked by managers or directors protecting their bonus. Building a strong risk culture isn’t easy but the value it brings is unparalleled. Recently, I sat down with Vibeke of Kontrapro Risk Management to discuss the topic of Risk Culture, what it means and ideas on how to build a positive risk culture. This has been launched as a Video Miniseries that can be found at www.riskguide.wordpress.com and www.youtube.com/c/riskguide
Some aspects to consider in order to build a successful risk culture are:
Ensuring there is incentive to identify and manage risk
Involving everyone in the process and breaking down silo’s. Your people are your experts, use them!
Engaging people and ensuring that they see the value of risk management
Consider looking past regular reporting and instead focusing on real time risk sharing and communication
Having a communication plan that includes internal and external risk communication (investors, partners and other stakeholders)
Risk Communication
Communicating risk is a critical part of risk management success. Both internally and externally. Internal risk communication ensures that everyone in the organisation is aware of the top risks and can work towards solving or reducing them. It also allows staff to see the results of their input into the process.
External risk communication on the other hand ensures that the company can work with partners to understand risks that they may not have been aware of. It also encourages partners to engage in risk management.
In the early 2000’s, Dell computers discussed upcoming risks with partners in Asia and one particular risk, the closure of the east coast ports due to strikes, was managed by chartering jumbo jets and ensuring that if the risk occurred, they would be in a position to continue building and delivering computers to customers. The risk did happen and Dell did continue to keep customers happy and it played a major part in propelling Dell to becoming one of the major computer manufacturers.
The importance of the Non-Executive Director or ICO Advisor
Often, improvement to the process or a better understanding of risk within companies & ICO’s, come from having non-executive directors (NEDS) or ICO advisors who have a wide variety of experience and who can add, for example, to the risk management process. Better still however, is having someone on board with a full understanding of risk management who will ultimately bring the most value as they work towards embedding risk management into the culture and decision making of the organisation. Especially in the case of ICO’s, which can make great use of a variety of advisors, it is an opportunity not to be missed. It is therefore important to choose your advisors and NEDS wisely.
Companies should look for experienced risk professionals who have worked with boards, had involvement in setting strategy, understand technology companies (and have a grasp of the underlying technology), have strong communication skills (communicating with board members, developers, programmers, marketing people etc.) and understand the need to be flexible and adaptable in their approach. Companies in the space already have an abundance of blockchain and tech expertise and therefore, although it is useful to have a deeper understanding of the technology, it remains low on the list of requirements from a risk expert. At the end of the day, everyone in the organisation is responsible for managing their risk.
Originally Published on CryptoNews, April 08, 2018 and written By Emily Perryman
Smaller countries are taking advantage of the widespread crackdown on cryptocurrency exchanges by ushering in liberal legislation that aims to entice investors to their shores.
It comes after major governments around the world introduced strict crypto regulation and, in some cases, completely banned Initial Coin Offerings (ICOs) following a series of high-profile scams.
It was recently revealed that Binance, the world’s largest cryptocurrency exchange by traded value, is planning to open an office in Malta. The company had an office in Japan and tried to get a license to operate there, but decided to move to the European island to avoid a clash with local regulators.
Meanwhile, South Korea has put the brakes on its anti-crypto drive after regulations banning ICOs and trading for youths and foreign passport holders sparked a backlash against the government.
Emergence of ICO hubs
For smaller countries, there is a lot to gain from positioning themselves as the ICO hub of choice.
Alexander Larsen, president, Europe & Middle East at Baldwin Risk Services, an enterprise risk management firm, told Cryptonews.com that several small countries are actively looking at how to attract ICOs. They include Malta, Slovenia, Estonia and Switzerland.
Switzerland, for example, published guidelines earlier this year that aim to assist ICOs in navigating its “principles-based” regulatory framework. The country was home to the record-breaking USD 232 million Tezos ICO last year.
Other countries are encouraging investors by deciding not to tax income from cryptocurrencies. They include Germany, Denmark, Singapore, Belarus and Slovenia.
“I think countries who have a tech hub that doesn’t embrace ICOs will be questioning whether their tech will start lagging behind other, ICO-driven countries,” Larsen said. “In particular, I think all those countries who thrive on banking and their offshore status will be trying to attract ICOs because there’s no doubt ICOs will provide a real financial gain for the country.”
Avoiding the Wild West
Just because a country has extensive regulation, it doesn’t necessarily mean it won’t attract ICOs. Larsen pointed out that a country with no regulation could easily legislate the following year, thus hampering the ICO’s plans.
“As long as it’s positive regulation that is robust and ICO friendly, with the right investor protections in place, that’s a positive thing,” he added.
Nenad Gregec, compliance officer at Etherum-based investment platform ICONOMI, which is registered in Malta, said his company leans towards countries where regulation exists but is not too strict.
Gregec suggested that countries in Europe who lost out to Silicon Valley in the tech boom want to be early adopters of crypto so they don’t miss out again.
He added: “I expect more countries will follow Malta and Switzerland in setting up a legal framework. There might be competition, but eventually we will see harmonization. The European Union has a very good track record of harmonizing regulation in the financial sector.”
Waiting for the G20
It is likely regulation will continue to be fragmented until the G20 nations make a definitive decision on crypto and how to move forward.
David Coker, lecturer in accounting, finance and governance at Westminster Business School, told Cryptonews.com, that the G20 has been “bumbling around” and still lacks a cogent view on the future of crypto.
He added: “If ICO regulation is light-touch that would give crypto investing a degree of legitimacy. But if it goes down the US route, which treats crypto platforms like a security requiring authorization, ICOs wouldn’t be happy because they are very fast-moving and don’t want the additional costs.”
For now, the future regulatory environment is uncertain, but one thing is for sure – smaller countries with a lot to gain will be keeping a close eye on the developments to ensure they stay ahead of the competition.
Originally published as a feature on Financier Worldwide Magazine in July 2018
Sitting on the fence appears to be the policy of many countries when it comes to regulating the $700bn cryptocurrrency industry. Yet while cryptocurrencies do offer potential benefits, such as lowering transaction costs, reducing payment time frames and improving financial inclusion, they also raise significant security, consumer protection and financial crime concerns.
Earlier this year, Christine Lagarde, head of the International Monetary Fund (IMF), stoked the debate when she stated that international regulatory action on cryptocurrencies such as Bitcoin, Litecoin, Ethereum, Zcash, Dash and Ripple (utility tokens also known as user tokens or app coins) was “inevitable”.
Hot on the heels of Ms Lagarde’s commentary came a G20 summit in Argentina in March 2018 which saw the world’s economic leaders ponder the cryptocurrency regulation question – an issue which Frederico Sturzenegger, Argentina’s Central Bank chief, declared “needed to be examined”. Although the summit resulted in no firm commitments, aside from setting a July 2018 deadline for the first step toward unified regulation of cryptocurrencies, the propensity for leaders to refer to them as “crypto-assets” perhaps gives a clue as to the direction future talks may take.
If regulation is therefore a matter of when and not if, the overriding question is the shape the regulation should take. “The conundrum, as opposed to the solution, is clear,” says Chris Warren-Smith, a partner at Morgan Lewis. “On the one hand, there is a clear need to prevent cryptocurrencies being used for criminal and terrorist purposes. On the other, regulation needs to be effective and should not stifle innovation.”
According to Alexander Larsen, president of Baldwin Global Risk Services Ltd and an Institute of Risk Management (IRM) spokesperson, regulation is needed in areas such as transparency and taxation, in order to protect consumers against fraudulent initial coin offerings (ICOs) and ensure exchanges have sufficient liquidity and security. “When it comes to criminal activity, however, cryptocurrencies offer an advantage over traditional currencies,” he suggests. “With proper regulation that supports law enforcement with fraud and crime, along with training, facilities and infrastructure, it is possible to track transactions, and therefore track crime.”
Others, such as Joel Emery, a strategy consultant at Lupercal Capital, believe that the underlying distributed ledger technology of many cryptocurrencies can be more transparent than conventional transaction technologies, despite the cryptocurrency market’s ‘reputation’ as a platform for illegal activity. “This reputation is potentially a by-product of current regulatory efforts, rather than the market itself,” he says. “In jurisdictions that have embraced crypto-technology, such as Japan, well-designed cryptocurrency regulations can bring greater trust and stability and attract broader participation in the market.”
Regulatory forms
With cryptocurrencies proliferating worldwide, regulation must also have a global reach. But this is a challenging prospect for regulators, given the different approaches countries have to legislative issues. Ofir Beigel, founder and chief executive of 99Bitcoins.com, attributes much of the challenge facing regulators to the inertia often displayed by regulators themselves.
“The biggest difficulty is that cryptocurrencies are something new, something that does not fit entirely into the categories the likes of the Securities and Exchange Commission (SEC) is familiar with,” suggests Mr Beigel. “Regulators know that there is a lot at stake, because regulating the cryptocurrency market the wrong way could lead to many start-ups leaving the country or stopping the huge growth and innovation this new market can bring.”
According to Jill Lorimer, a partner at Kingsley Napley LLP, the main regulatory challenge posed by cryptocurrencies is that, unlike regular currencies, there is no centralised authority monitoring money transfers. In addition, the fact that cryptocurrencies can be transferred virtually instantaneously across international boundaries raises significant concerns. Also a problem is the anonymity issue.
“While most cryptocurrencies do not offer true anonymity, as there is no absolute guarantee that the real-life identities of users will remain private, the reality is that it is an extremely difficult and time-consuming task to work out the real-life user behind a Bitcoin address,” says Ms Lorimer. “As new cryptocurrencies are launched with strong claims of real anonymity for users, there is likely to be an arms race between cryptocurrency innovators on the one hand and regulators and law enforcement agents on the other, as each seek to develop systems of increasing sophistication.”
For Mr Larsen, regulation of cryptocurrencies should focus on ensuring that sufficient checks are made on ICO owners and backers. “ICOs should be made to follow similar requirements as companies looking to list on the stock exchange,” he says. “There is also a need for stringent security requirements as regards cyber hacking and data loss for ICOs and exchanges. There have been a number of incidents in the recent past whereby funds or tokens have been stolen from ICOs or exchanges.” That said, Mr Larsen also expects many countries to regulate in a crypto-friendly way in order to attract ICOs and cryptocurrency companies to their jurisdiction.
Constructing regulation
Constructing a legislative framework strong enough to cope with cryptocurrencies but which does not simultaneously straightjacket innovation is likely to be something of a balancing act for regulators. For many, the key word is flexibility.
“Not all cryptocurrencies are the same, so regulation should not treat them as such,” opines Mr Emery. “There is significant variety between the commercial purposes, legal rights and general features of different cryptocurrency tokens. Some are effectively shares in a company, some are a form of platform access right, some are commodity-like investments and others are effectively forms of money. The character of a particular cryptocurrency, not just the underlying technology, should inform how laws are applied.”
For Mr Emery, regulators need to strike a nuanced balance between effectively ensuring compliance and legal protections for participants, while avoiding overregulation that limits the industry’s growth. “On top of this, enforcement in the cryptocurrency space can be challenging and there are major problems with ensuring practical compliance,” he says. “Conventional regulatory frameworks that have thus far captured cryptocurrency activities, such as laws governing IPO-style securities issues and certain money transmission rules, have typically been designed to address major multinationals, with significant resources.”
And while attempting to regulate a market which already has a large number of well-established cryptocurrencies may seem akin to closing the stable door after the horse has bolted, the drive toward regulation continues nevertheless.
Money laundering solution
One issue that undoubtedly exists within the cryptocurrency sphere is that of money laundering. That said, the extent of the problem is largely unclear. Indeed, while some jurisdictions have imposed anti-money laundering (AML) and counter-terrorist financing (CTF) obligations on cryptocurrency trading exchanges, others implement AML voluntarily.
“Nobody can be sure about the extent of the use of cryptocurrencies in money laundering, save to say that it is real and is happening,” says Mr Warren-Smith. “As the market continues to develop and offer opportunities for illicit activity, it becomes more central to developing strategies to curb that activity.”
While money laundering is certainly an issue, research does suggest that illicit use accounts for only a relatively small proportion of current cryptocurrency market activity. “To my knowledge, it is far less extensive than what the media, for example, makes of it,” suggests Mr Beigel. “Research undertaken in Japan, where the cryptocurrency market is booming, has revealed that only 1 percent of money laundering in the country is done with cryptocurrencies.”
In fact, the undetermined extent of the association between cryptocurrencies and money laundering highlights a deeper issue with the rapidly-evolving market. “Cryptocurrencies have lacked extensive bodies of research, boundaries and trusted information providers,” explains Mr Emery. “As is often the case, once concerns like money laundering are raised, they become widely accepted as fact without true examination, and markets and the public react before the nature of the issue has been fully analysed.”
The cryptocurrency money laundering that does take place, suggests Mr Larsen, is on account of law enforcement agencies’ limited understanding of blockchain technology. “Privacy coins apart, cryptocurrencies are an extremely ineffective method of laundering money or transferring funds for illegal activities due to the fact that all transactions are recorded and searchable. Some would argue that a world where fiat currency is replaced with cryptocurrency would be a far safer one with regard to illegal activity or money laundering,” he says.
Taming complexity, volatility and unpredictability
With most legal regimes yet to effectively address cryptocurrency activity, the extent of the regulation in this area remains unclear. This is changing, however, with governments, authorities and researchers making steady progress toward understanding the industry and amending laws as appropriate.
“Regulators in developed economies generally have shied away from cryptocurrency regulation, so it will be interesting to see the response to the G20’s call for progress,” says Kim Larkin, a solicitor at Charltons Law. In the meantime, the G20 has pledged to apply the standards of the Financial Action Task Force (FATF) – an intergovernmental body set up to fight money laundering and terrorist financing – to the monitoring of cryptocurrencies and their risks.
A further indication of the likely shape of things came with the launch of another task force, this one in the UK. Made up of representatives from the Treasury, the Bank of England and the Financial Conduct Authority (FCA), the task force will, according to chancellor Philip Hammond, “help the UK to manage the risks around crypto assets, as well as harnessing the potential benefits of the underlying technology”. In addition, Bank of England governor Mark Carney has also acknowledged the potentially transformative potential of blockchain, which underlies cryptocurrencies, while calling for regulation.
“The major reason that regulators have not been more proactive in regulating cryptocurrencies is probably because, as Mark Carney has suggested, they are not perceived to present systemic risk,” continues Ms Larkin. “It is also probable that major regulators, such as the SEC and the FCA, will not take any major steps toward cryptocurrency regulation in the short term. Instead, they are more likely to take regulatory action in cases of fraud and clear breaches of securities laws.”
Complex, volatile and unpredictable, regulating the world of cryptocurrencies will undoubtedly take considerable time and resources. Some even characterise the process as the start of a revolution. “We have to remember that we are just at the beginning,” says Mr Beigel. “Email was invented in 1972, yet it took over 20 years until people started using it. The same thing will happen with cryptocurrencies. In this world, it is well known that user experience, complexity and monetary responsibility are the issues to confront.”
As the international approach to cryptocurrency regulation gravitates toward centre stage and acquires somewhat more clarity, the industry is at a crossroads. With regulation now virtually inevitable – a question of when, not if – all interested parties need to choose a path and get on board to ensure that regulation is uncompromising but fair.
Most people involved with the technology agree that blockchain networks are virtually unhackable although some argue that all “software” is vulnerable. The one vulnerability that everyone agrees on is that blockchain technology can be hacked through a mechanism called 51 per cent attacks. This happens 
improving and a number of updates have already made many blockchains more energy efficient. Nonetheless, it should be a concern for governments looking to reduce carbon emissions. Regulation could be introduced to ensure that mining companies adhere to strict renewable energy requirements, although this will also potentially shift mining activities to countries who have less stringent rules on mining activity (and cheaper electricity).
There are a number of articles and courses out there that cover how to set up risk management within an organisation and how to identify risks, however some key focus areas for this industry is that ICO’s and STO’s need to be very clear as to their objectives and focus their efforts on Identifying and assessing their risks to these objectives whilst looking at solutions to mitigate them.
Often, improvement to the process or a better understanding of risk within companies & ICO’s, come from having non-executive directors (NEDS) or ICO advisors who have a wide variety of experience and who can add, for example, to the risk management process. Better still however, is having someone on board with a full understanding of risk management who will ultimately bring the most value as they work towards embedding risk management into the culture and decision making of the organisation. Especially in the case of ICO’s, which can make great use of a variety of advisors, it is an opportunity not to be missed. It is therefore important to choose your advisors and NEDS wisely.
A Guide to Risk Management 