Bitcoin Matters

As a wide range of digital assets become mainstream, organisations need to carefully assess the opportunities and risks of adoption

By Dylan Campbell, SIRM & Alexander Larsen, CFIRM

Originally published as a shorter version in the IRM’s Winter 2022 Edition magazine “Enterprise Risk”

The last few years have seen a lot of hype around the converging technologies of web3, blockchain, cryptocurrencies, NFT’s and the Metaverse. In a previous article we laid out how the Metaverse is shaping up and whilst we concluded that the Metaverse will take a while to become a reality, blockchain technology, in which much of web3 is built upon, has now risen to prominence, gaining wide spread adoption.

According to Blockdata research, 81 of the top 100 companies use blockchain technology. It was found that the technology is being used in areas such as payments, traditional finance, banking, supply chain and logistics. This is no longer a technology of the future that may or may not be useful, but a technology that is established and being developed. For more information on the Blockchain refer to a previous article here

The tumultuous rise and fall in the wider cryptocurrency market, led by Bitcoin, over the last two years has no doubt triggered renewed concerns regarding legitimacy of the asset class, with many pointing this out as proof that this is just a passing fad being fuelled by speculators.  Whilst on the surface it may look this way, there are many indicators that suggest that it is actually here to stay. We will therefore take a closer look at the opportunities and risks of Bitcoin corporate adoption and review the possibilities that may exist in Web3, where cryptocurrencies, NFTs, the Metaverse, decentralised finance (Defi), community tokens and decentralised autonomous organisations (DAO’s) all converge. 

What are Bitcoin and Cryptocurrencies?

Reflecting on the events of the past two years, you may be forgiven if you missed hearing about how Bitcoin has won over some of worlds best known billionaires.  From technology entrepreneurs such as Jack Dorsey, Peter Thiel and Elon Musk to Wall Street legends such as Stanley Druckenmiller and Paul Tudor Jones. All have embraced Bitcoin, but why?  What qualities does this relatively new, highly volatile and digitally intangible asset have that would garner such interest?  To attempt to answer that question, one must first understand what Bitcoin is and what it does.

Bitcoin is a new digital form of money that is censorship resistant, seizure resistant, borderless, permissionless, pseudonymous, programmable and fully peer-to-peer.  It is therefore available to everyone around the world and all that is required to interact with the network is a mobile phone and an internet connection.  With Bitcoin, transactions are not managed by banks or financial intermediaries, but instead value travels directly from one person to another.  Payment processing is not done by a regulated company like Visa or PayPal, but instead it is all facilitated by a decentralized global software network, with custodianship not handled by a bank but the users of the network. 

Other cryptocurrencies aim to emulate these attributes.

While the wider cryptocurrency market is awash with different digital assets and tokens (over nineteen thousand of them), Bitcoin has, since inception, remained the largest cryptocurrency by market capitalization.  To many investors, it’s Bitcoin’s longevity and simplicity that sets it apart from the rest of the digital asset market.

Bitcoin’s Mainstream Acceptance

A telling metric that reflects Bitcoin’s mainstream acceptance, is the increasing trend of corporate adoption.  One of the most prominent examples of this was NASDAQ listed MicroStrategy Incorporated’s announcement in December 2020 that it had made more than $1B in total Bitcoin purchases in 2020, claiming that would “provide the opportunity for better returns and preserve the value of our capital over time compared to holding cash.”  Following this other companies, such as Tesla, followed suit.

There may be several reasons why a company may wish to add Bitcoin to its balance sheet.  This may be to leverage a potential opportunity for asymmetric risk returns observed over previous years (given its early stage of global adoption) or as a hedge against currency devaluation brought about by unprecedented state intervention in the money supply.  It could be part of a corporate strategy to embrace modern, open-source technologies or to support an operational strategy that includes accepting Bitcoin as payments. 

A major developing area of Bitcoin is that of energy optimisation and reduction of carbon emissions. Despite the commonly held view that Bitcoin is bad for the environment, there are a number of initiatives that are focused on using Bitcoin mining to both reduce carbon emissions and increase the use of and viability of, renewable energy. As an example, Bitcoin Mining is integrated with wind and solar farms to help balance grid loads and optimise energy generation. The weakness of solar and wind is that they are intermittent and there may be periods where supply exceeds demand, thus leading to waste. By signing agreements with Bitcoin mining companies who get exclusive rights for times of low demand and to turndown mining in periods of high demand, energy companies are able to more efficiently run their operations. The measures implemented by the Electric Reliability Council of Texas (ERCOT) is a great example of this. By augmenting power generation with Bitcoin mining energy companies’ are able to raise capital to build more infrastructure which will help speed up renewable adoption and support making grids more resilient. Some hydroelectric dams in North America are already seeing the advantage of Bitcoin mining with an increase of revenue allowing them to make repairs and upgrades and keeping them in operation. 

Oil and gas companies such as Exxon, ConocoPhillips and Equinor are also exploring Bitcoin mining as part of their operations. Instead of letting excess gas be vented or flared which releases Methane (a more harmful greenhouse gas than CO2), they are looking to mine bitcoin with the excess gas which reduces emissions by up to 63% (according to Crusoe, a company dealing with Digital Flare Mitigation) whilst increases revenues (Bitcoin) allowing them to potentially invest in green initiatives or to make their operations more efficient.

Evolving landscape:  From Cryptocurrencies to Web3

The past two years have been transformative when looking at the wider altcoin landscape.  In the early days of Bitcoin, altcoins were largely cryptocurrencies that sought to challenge bitcoin.  This is no longer the case.  The concept of Web3 has risen to prominence where it’s staunchest supporters claim that we will have an “internet owned by the builders and users, orchestrated with tokens.”  If Web1 was the Read internet and Web2 is the Read-Write internet, then Web3 will be the Read-Write-Own internet.  In the following sections we will touch on various aspects of Web3 to understand whether this goal is being realised and what risks and opportunities may be presented.

Risks of investing in Bitcoin

Whatever the reason, holding a new asset such as Bitcoin on a balance sheet, most certainly exposes an organization to risk. 

As this is a digital financial investment, it is essential that the CEO, Chief Financial Officer, Chief Risk Officer, Chief Technology Officer, Board of Directors all have a clear assessment the asset’s risk profile and where this aligns and diverges from the company’s tolerance for risk.  As such risk managers are key to helping make their organizations aware of these risks so that appropriate mitigating strategies can be developed and implemented to help ensure success in this venture.   Key areas of risk to consider are as follows:

  *   Regulatory Compliance Risk:  Arguably the most important risk to consider given the relative immaturity of the asset class and the lack of firm regulatory treatment of Bitcoin and other digital assets across different jurisdictions.   Not only is it important to consider the company’s regulatory obligations, but also those of it’s counter parties (e.g. exchanges or custodians).   Items to consider would be KYC/AML rules, accounting rules, tax rules, commodity laws and securities laws.  These should tie in with existing company Code of Conduct rules.

  *   Liquidity Risk: This risk seeks characterize the company’s ability to meet its day-to-day working capital requirements through deployment of cash reserves.  A working capital threshold should typically be established with only cash in excess of this to be made available for digital asset investment. 

  *   Technology Risk:  While Bitcoin has a provable decades long track record of performance, it is vital that the technology be understood and monitored as it evolves.  Material changes affecting the validity of the protocol are deemed to be highly unlikely (not necessarily the case with other blockchains).  Nonetheless, the protocol continues to evolve, albeit at a measured pace.  Incorporation of bitcoin improvement proposals (BIPs) typically take years to agree before being incorporated into the protocol.  Adoption of the proposals does come with new features that allow for more functionality (e.g. BIP9, which facilitated deployment of the Lightning Network, a layer 2 solution that scales Bitcoin’s transaction throughput).  These could be leveraged by the company, but may also introduce unforeseen risks.

  *   Custody and Information Security Risk:  Thorough appreciation of the various risks associated with custody of bitcoin needs to be undertaken.  This is particularly important in the face of historical high-profile hacks.  There are different strategies a company may decide to follow with respect to custody of its bitcoin.  Self-custody, fully outsourced custody to a trusted third party, or using some combination of the two via multi-signatory custody may be considered.  Self-custody is considered harder to do securely for most organizations, but outsourced and multi-signatory custody are not without risk either. Should the latter two options be explored, secure private key storage, assurance of account statement accuracy, custodial service liquidation risk management, market volatility management (especially if the bitcoin is being rehypothecated) and information security protocols all need to be thoroughly understood and vetted.

  *   Transaction Control and Authorization Risk: Executing inbound and outbound transactions and cross account transfers will create several risks. Transaction workflows need to be fully understood with key controls put in place.  These include documented segregation of duties outlining who has access to the accounts and clear levels of authority detailing what type and threshold of transaction each person can or cannot undertake.

*   Stakeholder Risk: Bitcoin’s energy consumption has been a major point of concern raised by environmental groups and competing less energy intensive blockchains in mainstream media.  While recent studies have largely refuted these claims and indeed Bitcoin has even been demonstrated to promote responsible and efficient use of energy (e.g. the one USA’s oldest running renewable energy plants was kept afloat as result of mining bitcoin during off peak demand periods, promoting grid resilience).  Nonetheless, understanding and addressing stakeholder concerns with respect to adopting Bitcoin must be an imperative.  This will require well thought out proactive stakeholder engagement planning.

Decentralised Finance

To understand Decentralised Finance, one must first appreciate the challenges associated the traditional (centralised) finance system.  Most people can relate to the friction, inaccessibility and regulatory burden associated with interacting the current banking system. In recent years, these challenges only seem to be worsening and a trip the dentist seems preferable to a trip to the bank.  In many parts of the developing world even having a bank account is a privilege.  

Decentralized Finance or DeFi attempts address these challenges by allowing users to utilize financial services such as borrowing, lending, and trading without the need for a bank or financial institution. These services are provided via Decentralized Applications (Dapps), which are deployed on smart contract blockchain platforms such Ethereum, Solana or Cardano. Many have benefited from the boom in Defi. It has also however had its fair share of controversy. This ranges from abuse of smart contract bugs, Miner Extracted Value front-running, flash loan manipulation, and rug pulling.  Any venture into Decentralised Finance should only be undertaken with a full understanding of all the risk categories mentioned above.

Decentralised Autonomous Organisations (DAOs)

As with Defi, let’s start with a definition.  A DAO is a digitally native community that centres around a shared mission and whose assets are managed by the community’s contributors. A DAO is code committed to a public ledger and the blockchain guarantees user accessibility, transparency and rights. The DAO’s token determines its voting power, allocation of funds to achieve the groups goals, incentivizes participation, and punishes anti-social behaviour.  

DAOs can be set up for a variety of purposes where groups of individual need to raise funds to achieve a goal.  Some examples of this include Uniswap, a decentralized cryptocurrency exchange built on the Ethereum blockchain worth $ billions; and UkraineDAO, a fundraising DAO set up to collect and distribute donations to assist those affected by the war in Ukraine.

A significant advantage of DAOs over traditional organisations is the lack of trust needed between two parties with no leader or board making decisions. DAOs are however not without risk. The now famous Ethereum DAO hack highlighted the importance of ensuring Technology risk is properly managed.  A bug in the DAO’s code led to the theft of $60 million worth of Ethereum tokens. Regulatory Compliance risk would be another area that will require detailed understanding as regulators seek to define how these entities should be treated. 

The Metaverse, Cryptocurrencies, NFTs and Community Tokens

In a previous article we already highlighted all the opportunities and risks of the Metaverse and its important to highlight that if the Metaverse becomes a reality and widespread, the use of cryptocurrencies and NFT’s will boom. Cryptocurrencies is the main way in which people will conduct financial transactions in the metaverse whilst NFTs will be the items you buy. 

Whilst the Metaverse will ensure widespread adoption, NFTs don’t require the metaverse to have a use case. They can be, and are being adopted right now for university degrees, house ownership, artwork purchases and any other real-world item that is unique and requires ownership proof that can be stored and found securely on the blockchain. 

Some organisations are developing their own Cryptocurrencies or NFTs in order to reward customers or staff and tie them into their own ecosystem. JPMorgan developed one to make global transfers cheaper and faster whilst Amazon have developed one to work as a store card. Binance, a cryptocurrency exchange that allows users to trade various tokens, have their own cryptocurrency to reward users for using their services and helps provide a competitive advantage against the competition. Football clubs have developed NFTs for fans, allowing them access to players and allowing them to vote on things such as what song to be played when a player scores a goal and this could be extended to much more serious votes in the future. Expect the emergence of cryptocurrencies and NFTs being created by companies to increase further with Google and Facebook expected to launch too in the near future.

What about Central Banking Digital Currency (CBDC)?

Central banks have been providing money to the citizens of the respective countries for centuries. To keep pace with a rapidly changing world and pursue their digital public policy objectives, some central banks are actively investigating offering their own digital currencies to the public

CBDC’s are being considered as a future for the national currency by some central banks. Where previously we had paper money and money sitting in our bank accounts, some central banks are now looking at creating CBDC’s which are essentially centralised cryptocurrencies. They claim it has a number of benefits from reducing tax evasion to understanding population spending habits and reducing fraud and the funding of illicit activities. The potential risks it poses however include the ability of a government to fully monitor the population and restrict access to their funds or what they can spend their money on. Currently countries like the UK and USA are already reviewing the concept and have plans to implement them whilst the e-Krona in Sweden is already under testing and countries like the Bahamas have already adopted it.  Whether benefits outweigh the risks remain to be seen and it is likely that CBDC’s will live alongside their decentralized counterparts such as Bitcoin.

Conclusion

Despite the concerns and scepticism associated with of Bitcoin, NFTs and altcoins, it is clear that adoption is happening, and it is likely only going to become more wide-spread. The question is what involvement should an organisation looking to get involved have? From investment to developing their own cryptocurrency or investing in the ecosystem, there is plenty to explore, and as with all initiatives that have high rewards, they come with plenty of risk. 

Alignment with the organisations vision, mission and values would be the starting point, followed by development of a digital asset strategy.  Once this is in place a thorough assessment of the opportunities and risks needs to be undertaken with particular emphasis on where these converge and diverge with the company’s risk tolerance.

Written By

Alexander Larsen, CFIRM – Founder of Risk Guide & Chair of the IRM Energy & Renewables SIG

Dylan Campbell, SIRM – Secretary IRM Energy & Renewables SIG

Risk Managers Getting Coffee: Episode 1

Season 1, Episode 1: Alexander Larsen meets with Gregory Irgin in the UAE to share experiences and insights

In this series of Risk Managers Getting Coffee, we’ll be meeting with seven Risk Managers to gain insight into their risk experiences, areas of expertise and to learn more about risk management in the country they work in.

In this first episode, Alexander Larsen met Gregory Irgin in the UAE. Gregory influences and drives integrated risk management – enterprise risk management, insurance, resilience (business continuity management and crisis security management) – resulting in shareholder protection and return on investment. He has worked across the Middle East and Africa and has exciting stories to share around geopolitical risks.

Introduction: Gregory is Head of Group ERM and Insurance within the aluminium and smelting sector in Dubai and Abu Dhabi, producing and selling aluminium in its 100% form. His customers are all over the world including big companies such as BMW. A mine coming online in Guinea and sales offices are based in America, Europe and China.

Episodes will be released every few weeks here on the Risk Guide website and via our LinkedIn (https://www.linkedin.com/company/risk-guide) and YouTube pages (https://www.youtube.com/c/riskguide).

Episode 1 Overview:

2:36 How did you get into Risk? Gregory originally trained as a lawyer in England, worked in New York until 9/11. Following this he worked in the UK in insurance construction claims and contracts. He has always been an advocate of ethical leadership. Worked all over the world in places such as Jordan, Iraq, Syria and Afghanistan. He discusses headlines v reality, understanding whats really going on in the country and once you know there’s no going back.

3:47 Geopolitics: Africa & Latin America: Working in London, Gregory was travelling to Africa and Latin America. Previously had a trip to Guinea to meet a Government representative and while boarding the plane, received a call saying the person he was due to meet had just been shot. Looking at it now, the stability in Guinea has changed a lot over 10 years.

4:38 People Risk: Nationalisation & Recruitment: Alexander and Gregory discuss bringing on board nationals to be involved and trained early in a project. They want to feel valued, rather than just expats on site. Bringing nationals in early so they are mentored and embedded within the team before expats leave. There will be an issue with Brexit as skilled workers may be leaving.

6:28 What makes a good risk manager, soft skill set vs quantitative and technical knowledge. Gregory is pro soft skills and breadth in risk management. It is essential to step back and review the situation, communication is key. A Risk Manager can draw on technical experts in any industry and don’t need to be quant heavy. They need to analyse information and interpret this to the top level management. Ultimately need a balance around the table to extract the right information from the right people and experts in the company.

9:03 People Bias- How do we engage people? The fundamentals to any organisation are the people. There is a duty of care to lead with ethics, manage people well and drive behaviour. However how can we do that? Each department has own agenda, KPIs arise as tick-boxes and everyone should all be working towards same goals. Alexander had previously worked with a national park senior management team in the UK. Some directors hadn’t ever seen company objectives and some didn’t agree with them. The CEO had just put them together and assumed they would be backed by the rest of the board. How can the whole organisation work together if the CEO and board management aren’t even aligned?

We hope you find this interview useful and informative!

Coffee and Crypto YouTube channel added to Risk Guide

By Alexander Larsen

Risk Guide is delighted to add a new channel to our RiskGuide YouTube page. Cryptocurrencies are really beginning to hit the mainstream with even major companies beginning to put their reserves into bitcoin rather than holding FIAT currency. If you’re interested in learning about cryptocurrencies and Bitcoin, or interested in certain coins or use-cases or even to understand where the market stands, then visit the Coffee and Crypto YouTube channel: https://www.youtube.com/channel/UCi3gwY5gEanoN1P0nyI1rGw

About Coffee and Crypto

Coffee and Crypto was started when a group of friends who are excited about cryptocurrency but geographically dispersed decided to connect virtually over coffee (timezones meant drinking beer in the morning for some was a no-no) to discuss all things crypto. Our discussions are centered around knowledge sharing and demonstration of tools and techniques.

After a few of a sessions, it was felt that the content being shared was of sufficient quality that it may benefit the wider crypto community and so we created this channel. Hopefully you find some of what we share of interest.

DISCLAIMER: No part of this channel constitutes investment advice. The analysis is presented for information only. It is important that all the risks associated with investing in cryptocurrency are fully understood before undertaking such an investment. Use of or reliance on this data is purely at the users own risk.

IRM Risk Predictions 2021- Cryptocurrency

Alexander Larsen provided insight into cryptocurrency for the latest IRM Risk Predictions 2021 report. The article looks into the value of Bitcoin over the last year and the rise of other cryptocurrencies. You can see the full IRM Risk Predictions 2021 report via the following link:

Bitcoin boom 10x

2021 will be the time for Bitcoin to shine. For years the argument for Bitcoin has always been that it has been a store of value and protection against irresponsible monetary policy. Countermeasure against inflation. This pandemic has only further proven what Bitcoin supporters have been saying. That the money machine keeps on printing. It has piqued the interest of wealthy investors and major companies alike. Microstrategy has already invested the majority of their reserves out of USD into Bitcoin. To be clear… this now values at 1.6 billion USD!

2021 will see more companies follow this strategy. Once budgets are finalized, tax is paid, and investments are to be made, we can expect to see a huge jump in price over the coming year. It has already jumped from the 10,000 marks to the mid 30,000s, and many are predicting a price in the region of anywhere from 100,000 USD – 500,000 USD. This is coming from “reputable” institutions such as JP Morgan, Deutsche Bank and others, although it is also important to remember that these are the same institutions that were very clear in their statements that Bitcoin was a scam only three years ago.

Altcoin boom 100x

With the rise of Bitcoin, however will also be the rise of altcoins. The altcoins that still have life left in them, and this is where the major gains will be found. Most coins are still down 60-90% from all-time highs whilst some of the more established coins have reached their all-time highs again. As Bitcoin increases and slowly stabilises, much of the money will trickle down to these altcoins which will experience phenomenal growth of 1000% and more.

This will of course, lead to another crash/bubble burst with altcoins expected to crash as spectacularly as they rose. However, Bitcoin will unlikely see such radical falls.

The rise of Defi & Stable Coins

Unlike the previous altcoin boom of 2017, where Initial Coin Offerings (ICO’s) drove growth, this Altcoin cycle will be riding off wave of decentralized finance. If ICO’s were the theme of the 2017 cycle, Defi is the main theme for this one. Defi is an experimental form of finance which utilizes smart contracts on blockchains. Defi platforms allow people to lend or borrow funds from others, insure against risks, trade and speculate as well as earn interest in a savings-like account. It does away with the usual financial intermediaries such as brokerages, exchanges, or banks.

Last year we predicted the rise of Stable coins, and whilst it wasn’t necessarily visible, it seems that country governments globally have been taking notice and making preparations. An article by the International Monetary Fund highlighting this rise was published at the end of 2020 and can be found here: https://blogs.imf.org/2019/09/19/digital-currencies-the-rise-of-stablecoins/

As an example, regulators in the USA have accepted the use of stable coins by banks, whilst numerous banks and countries globally are working on their own stable coins.

2021 could see the introduction of an official country stable coin or country approved stable coin (such as Facebook’s Libra). At the very least, a white paper will be published.

Risk Managers Getting Coffee

Meeting and Sharing experiences (and coffee) with Risk Managers across the world, with Alexander Larsen.

We are proud to announce the first season of “Risk Managers Getting Coffee”. In Season 1 of Risk Managers Getting Coffee, we’ll be meeting with seven Risk Managers to gain insight into their risk experiences, areas of expertise and to learn more about risk management in the country they work in.

At a time where risk and resilience has never been more important, Our guests share risk management expertise, opinions and thoughts on the future.

Trailer- Risk Managers Getting Coffee

Episodes will be released every few weeks here on the Risk Guide website and via our LinkedIn and YouTube pages.

Season 1 Participants:

Gregory Irgin – UAE – Gregory influences and drives integrated risk management – enterprise risk management, insurance, resilience (business continuity management and crisis security management) – resulting in shareholder protection and return on investment. He has worked across the Middle East and Africa and has exciting stories to share around geopolitical risks.

Episode released on 23-Mar-21, found here https://riskguide.wordpress.com/2021/03/23/risk-managers-getting-coffee-episode-1/

Dr Maria Papadaki – UAE – Years of experience in Risk Management from both Academia and Industry, with numerous of years in the implementation, development, improvement and management of risk frameworks, tools and techniques. Involved in Blockchain technology and other innovative technologies.

Peter Smith – UAE – Peter has over 13 years of experience leading teams of advisory professionals and implementing innovative initiatives in Project Controls Solutions and Risk Management across sectors including Oil & Gas, Rail, Infrastructure and Construction in countries like the UK, UAE and Iraq

Horst Simon – Namibia – A veteran in banking operations management, mergers, take-overs and implementation projects; who is now at the forefront of the Future of Risk Management with Risk Management Concepts and Risk Culture Building programs that disrupt and transform organisations to build sustainable competitive advantage.

Mykhailo Rushkovskyi – Ukraine – Has Held several high level risk positions in Energy companies across Ukraine and is a strong advocate for improving risk culture and reporting in his companies.

Aarn Wennekers – Qatar – Extensive international experience supporting Board Chairmen and Directors to promote good governance and enhance oversight of the executive management team to ensure the organization achieves its strategic, operational, reporting, and compliance objectives.

Paul Edge – Portugal – Based in Portugal, Paul is a Risk Manager with years of experience working with Quantitative Risk methods and has been involved in the blockchain space for a while. He has also established a cryptocurrency StatiCoin, a stable coin solution for traders looking for safe investment and merchants looking for a non-volatile digital currency.

We are sure you will enjoy these interviews with these excellent risk professionals!

Small Countries Compete for Crypto as Major Regulators Mull Crackdown

Originally Published on CryptoNews, April 08, 2018 and written By Emily Perryman

Smaller countries are taking advantage of the widespread crackdown on cryptocurrency exchanges by ushering in liberal legislation that aims to entice investors to their shores.

It comes after major governments around the world introduced strict crypto regulation and, in some cases, completely banned Initial Coin Offerings (ICOs) following a series of high-profile scams.

It was recently revealed that Binance, the world’s largest cryptocurrency exchange by traded value, is planning to open an office in Malta. The company had an office in Japan and tried to get a license to operate there, but decided to move to the European island to avoid a clash with local regulators.

Meanwhile, South Korea has put the brakes on its anti-crypto drive after regulations banning ICOs and trading for youths and foreign passport holders sparked a backlash against the government.

Emergence of ICO hubs

For smaller countries, there is a lot to gain from positioning themselves as the ICO hub of choice.

Alexander Larsen, president, Europe & Middle East at Baldwin Risk Services, an enterprise risk management firm, told Cryptonews.com that several small countries are actively looking at how to attract ICOs. They include Malta, Slovenia, Estonia and Switzerland.

 

Switzerland, for example, published guidelines earlier this year that aim to assist ICOs in navigating its “principles-based” regulatory framework. The country was home to the record-breaking USD 232 million Tezos ICO last year.

Other countries are encouraging investors by deciding not to tax income from cryptocurrencies. They include Germany, Denmark, Singapore, Belarus and Slovenia.

“I think countries who have a tech hub that doesn’t embrace ICOs will be questioning whether their tech will start lagging behind other, ICO-driven countries,” Larsen said. “In particular, I think all those countries who thrive on banking and their offshore status will be trying to attract ICOs because there’s no doubt ICOs will provide a real financial gain for the country.”

Avoiding the Wild West

Just because a country has extensive regulation, it doesn’t necessarily mean it won’t attract ICOs. Larsen pointed out that a country with no regulation could easily legislate the following year, thus hampering the ICO’s plans.

“As long as it’s positive regulation that is robust and ICO friendly, with the right investor protections in place, that’s a positive thing,” he added.

Nenad Gregec, compliance officer at Etherum-based investment platform ICONOMI, which is registered in Malta, said his company leans towards countries where regulation exists but is not too strict.

Gregec suggested that countries in Europe who lost out to Silicon Valley in the tech boom want to be early adopters of crypto so they don’t miss out again.

He added: “I expect more countries will follow Malta and Switzerland in setting up a legal framework. There might be competition, but eventually we will see harmonization. The European Union has a very good track record of harmonizing regulation in the financial sector.”
Waiting for the G20

It is likely regulation will continue to be fragmented until the G20 nations make a definitive decision on crypto and how to move forward.
David Coker, lecturer in accounting, finance and governance at Westminster Business School, told Cryptonews.com, that the G20 has been “bumbling around” and still lacks a cogent view on the future of crypto.

He added: “If ICO regulation is light-touch that would give crypto investing a degree of legitimacy. But if it goes down the US route, which treats crypto platforms like a security requiring authorization, ICOs wouldn’t be happy because they are very fast-moving and don’t want the additional costs.”

For now, the future regulatory environment is uncertain, but one thing is for sure – smaller countries with a lot to gain will be keeping a close eye on the developments to ensure they stay ahead of the competition.

Managing the risk of regulation: How Self-Regulation could reinvigorate the Cryptocurrency boom

Background

It is often claimed that external risks such as major regulation are impossible to manage, and certainly in an industry that is mostly unregulated such as the cryptocurrency space, the claim could be even more justified. This article hopes to prove otherwise however, with some examples of how the cryptocurrency space is already adapting and trying to reduce the impact of regulation through self-regulation and ideas of what self-regulation might look like.

Calls for regulation & the G20 summit

The cryptocurrency space has been fraught with cases of fraud and scams and with it being such a new industry with little in the way of regulation, it has been an ongoing focus of governments. This focus has only increased in recent months due to the number of high profile incidents. Following the theft of $500 million of digital money from the Coincheck exchange earlier this year, Japan’s financial regulator ordered all cryptocurrency exchanges to submit a report on their system risk management in relation to managing their customer assets and measures to counter cyberattacks.

The incident, and subsequent action from the regulators added to the ongoing pressures to introduce regulation into the cryptocurrency space and has been one of the contributing factors to the fear, uncertainty and doubt that has seen a cryptocurrency crash and an ongoing bear market with prices having fallen over 70% from all-time highs set in December 2017 and January 2018.

The uncertainty surrounding regulation also makes it very difficult for companies in the space to properly plan or remain innovative until there is more clarity over what regulation will look like. Some of the technology being developed for example may fall foul of future regulation whilst certain countries may prohibit investing in certain types of cryptocurrency.

The discussions around Cryptocurrency regulations have been as far reaching as the G20 Summit in Argentina (March 19^th2018). The G20 has rejected calls for regulation which has alleviated some of the fears of any major regulation being implemented any time soon, but it still leaves the uncertainty of future regulation or country specific regulation being put in place. This positive news is therefore the ideal time for the industry to take action and ensure this delay of regulation becomes permanent.

Response in Japan, UK, South Korea and USA

Japan

In a proactive move, and perhaps to avoid heavy regulation, The Japan Blockchain Association (JBA) and the Japan Cryptocurrency Business Association are expected to merge to create a new self-regulatory organization to strengthen self-regulation and if approved, could act as an independent regulatory body of the government. It’s interesting to note that JBA has already set an example for the industry, having established self-regulation standards which includes the use of cold wallets amongst its 15 crypto exchange members although it has become clear that this was not enough.

UK

In the UK, according to the Financial Times, and in what seems to be a move inspired by Japan, “seven cryptocurrency companies have set up the UK’s first crypto trade association in a bid to inject more legitimacy and transparency into the sector while authorities weigh up a potential clamp-down.” The association in question is CryptoUK which has been put in place “to improve industry standards and engage policymakers”.

South Korea

In South Korea, 66 members have signed up to the Korean Blockchain Association (KBA) including 25 of the biggest crypto exchanges with a view toself-regulate.  KBA is said to be looking closely at how the Japanese approach develops.

USA

Perhaps the biggest news however, is that of the Winklevoss twins’ intention to create the Virtual Commodity Association, a self-regulatory organisation meant to police digital-currency markets and custodians in the USA. The high-profile brothers, who run the Gemini exchange, aim to develop industry standards, promote transparency and work with regulators including the U.S. Commodity Futures Trading Commission to prevent fraud.

These responses should be seen by investors and the cryptocurrency space as a whole, as very positive. In fact, it would do the industry good to focus more on using self-regulation as a way to reduce the risks of regulation if it wants the market to recover and innovation to continue.

What is self-regulation

Self-regulation, in the majority of cases, is when regulatory authority which usually creates regulation, enforces it and punishes any behaviour that is in breach of the regulation, is delegated to a private entity or body. In some cases, self-regulatory bodies may only create and enforce the regulation whilst passing the responsibility of punishment on to a formal regulatory authority instead.

The body will usually be membership based requiring its members to sign up to the self-regulatory requirements and punishments and in many cases, members will police each other. Some bodies will have statutory backing whilst others won’t and it very much depends on the motivations for self-regulation. For the cryptocurrency space however, which is seeking to keep heavy regulation at bay, it is crucial that any self-regulatory body will need to have statutory backing and close ties to government regulators.

Benefits of Self-Regulation

Having a self-regulatory body for the cryptocurrency space has a number of benefits to the industry.

Combatting heavy regulation

One of the key benefits is demonstrating that the industry is being proactive and responsible towards protecting investors, preventing fraud, protecting against cyber-attacks and stamping out scams. This could be enough to appease regulators enough to delay or stop the introduction of heavy regulation. This assumes that the self-regulation goes far enough and is proving to be effective.

By removing the threat of heavy regulation and replacing it with self-regulation, a high level of uncertainty is removed bringing back confidence in the market and organisations can plan effectively with a renewed focus on innovation.

Fit for purpose and industry specific

With the industry driving self-regulation, it will ensure that it is not only fit for purpose, allowing innovation in the space to continue, but also adaptable and able to evolve according to need or market changes. Additionally, rather than a one size fits all approach, separate and specific regulations could be developed for different types of cryptocurrencies such as privacy coins, smart contracts and settlement networks amongst others. The following graph provides an example of how cryptocurrencies may be differentiated although this could be split even further.

 

A global solution

Self-regulation also combats one of the drawback of every country potentially having different regulation, which makes it increasingly difficult for companies to operate on a global scale. Self-regulatory bodies have more opportunity to collaborate with each other and introduce global regulations that are consistent and meet the needs of investors and cryptocurrency companies.

Beneficial to Government

Self-regulation can often be useful for governments too. It is not only faster to implement, but the burden of costs falls on the industry rather than the government. This is a major selling point of self-regulation and as long as the government are involved and are kept informed, they may be happy to leave it in the hands of self-regulatory bodies.

Influence

Another aspect that should be considered as being highly desirable to the industry is that it allows them to lobby, interact with and educate regulators and legislators. This can ensure that any future regulation that is introduced is not detrimental to the industry and is developed in conjunction with businesses in the space.

Effective self-regulation:

Whilst the benefits of self-regulation are clear, the regulatory body in place needs to be strong, fit for purpose and effective. Some key areas for consideration by newly formed self-regulatory bodies are covered below.

Government support and backed by law

In order to remove the introduction of government regulation, the industry needs to ensure that the self-regulatory body is backed by law and has a government regulatory partner. A positive relationship needs to be built with them in order to have successful self-regulation. Unfortunately, there is a widely held view within the cryptocurrency space that the government and banks are enemies of cryptocurrency and are looking for every opportunity to shut the industry down. This view needs to change if self-regulation is going to work and if they want the industry to flourish.

Industry support

Another critical success factor will be industry support and involvement in the creation of regulation. This helps the buy-in process and also ensures well thought out and extensive regulations are put in place that have been agreed by all members. The more participation the better as self-regulation can have little effect if companies are not involved.

Accountability

With self-regulation, members need to be prepared to accept that there will be penalties and sanctions for non-compliance. Therefore, a strong accountability program should be implemented and committed to in writing by members with annual certified compliance submissions. It should focus on sound financial and non-financial practices with oversight and transparency and members should expect for information to be shared with government regulators as appropriate.

Detection

A key challenge with self-regulation is that of detection. There needs to be a system in place for detection from audits and reviews to incentivised Incentivize the detection and deterrence of manipulative and fraudulent acts and practices, including partnering with regulators and particularly the CFTC to share or refer information, as appropriate.

Reporting

The whole purpose for self-regulating the cryptocurrency industry is to avoid heavy regulation and improve transparency and investor protection. As a result, there should be transparent reporting that meets the needs of each stakeholder and provides the right level of transparency and information sharing needed to ensure confidence in the process.

 

What areas should be self-regulated:

Once a self-governing body has been established and has the right framework in place to be effective, the areas of self-regulation to consider are numerous and some examples follow. This is not an exhaustive list and indeed is only a very high-level overview of what should be considered. The real requirements, as mentioned previously, should be designed and agreed by the members who offer expertise in their fields.

Cryptocurrency status protocols
One of the advantages of self-regulation, as mentioned earlier, is the ability to develop specific regulations for different types of cryptocurrencies depending on their status. Exchanges for example will have very different requirements from privacy coins or technologies that provide a platform for other tokens to be launched such as Ethereum/EOS.

Exchange regulation might focus on investor protection and ensure money on the platform is well protected, enough liquidity is available should the worst happen, and all user data is safe. Platform based tokens on the other hand might focus on ensuring that they do due diligence before allowing a token to be launched on their platform.

 

ICO’s & determining cryptocurrency status

A major area of concern for regulators has been ICO’s. There have been numerous out right scams as well as frauds when it comes to ICO’s being launched. Investors have lost a lot of money as a result and the industry should focus on ensuring that every ICO meets minimum requirements before it can be listed by any of the exchanges that are members of the self-governing body.

Minimum requirements such as clarity of who the board members are, checking that a physical address isn’t a “boiler room” address, ensuring other minimum due diligence has been undertaken by an external and approved organisation, etc.

Further work can also be done to analyse what type of cryptocurrency status the particular ICO will fall under as mentioned earlier (Privacy coin, smart contract etc.) and this could be extended to all members of the self-regulatory body. This can be determined from a legal analysis through to a technological analysis.

Fraud and money laundering

One of the ongoing criticisms of cryptocurrencies, whether valid or not, is that it is being used by terrorists and money launderers. It is therefore important to tackle this issue before it gets any further attention. Ensuring members properly screen their customers or analyse usage on their exchanges for trends that might indicate criminal activity could be one way of improving the image of the industry.

There needs also to be action taken by members when identifying such activity such as sharing information with the relevant agencies or regulators or freezing assets or accounts.

Cyber Security

Cyber security is the topic that launched regulators into action in the first place. Cyber risk has been a growing threat in the last few years. A recent report claimed that the risk in 2016 was four times higher than in 2015. 2017 was worse again.  Going forward we can only expect hackers to become more organised and well-funded, which, alongside advances in AI and technology, will lead to more sophistication in their attacks.

Some organisations are already spending hundreds of millions of pounds on cyber security, whilst governments are spending billions in order to prevent these attacks. It therefore makes sense for the cryptocurrency industry to be working hard to ensure this is the case for them too.

Transparency requirements

 Transparency requirements should be a basis of the regulation put in place and should cover aspects such as:

1. Conflicts of interest, Modern Slavery and ethics
2. Responsible financial management that ensures confidence for investors in the financial status of companies.
3. Investors complaints and communication process

 

Is self-regulation enough?

The cryptocurrency industry is a financially-strong industry, which is a pre-requisite to having successful self-regulation as a struggling industry is more likely to cut corners in its attempt to survive.

However, there are major challenges ahead. In various studies and theories such as Carlo Scarpa, “The Theory of Quality Regulation and Self-Regulation,” and the Australian Consumers’ Association, reporting to an Australian Taskforce in Industry Self-Regulation, it was found that self-regulation is more successful where non-compliance does not pose a high risk or serious harm to investors.

It is clear that the cryptocurrency space does indeed pose a high risk to investors. Other characteristics that are less favourable (and which describe the cryptocurrency industry) include an industry still in infancy and the absence of any cohesive industry association.

Additionally, the European Union (EU) study on self-regulation in Ecommerce highlighted:

1. The problem of enforcement if there is no statutory backing;
2. unless participation is obligatory, regulatory measures affect only those disinclined to flout the rules;
3. procedures can fall short of standards that would be set by courts (for example, for civil liberties);
4. the burden of the costs of regulation may discourage participants and thus fall on the consumer;

It is therefore wise that organisations and the industry as a whole should consider other Risk Management solutions alongside self-regulation such as identifying current regulation in other industries (such as the tech industry) and reviewing current business practices that could potentially fall foul of future regulation.

Conclusion

Risk Management seeks to mitigate risk by reducing the likelihood and/or impact of an event occurring. In this case, the introduction of regulation is the event in question and self-regulation is the solution to mitigate it.

Self-Regulation may reduce the likelihood of regulation being introduced but as we have covered with the EU and Australian Taskforce findings, even if self-regulation is successful, it may not be enough to convince regulators that government regulation is not required. All is not lost however, and just by having self-regulation, it will have prepared organisations for a regulated industry making them more resilient to change and therefore reducing the overall impact that regulations have on cryptocurrencies.

The conclusion therefore is that self-regulation, alongside other risk management solutions, has the potential to reduce both the likelihood and impact of regulation being introduced and the huge reduction of uncertainty that comes with it. This in itself should be enough to reinvigorate the cryptocurrency boom and see new all-time highs in the market and drive innovation further.

 

Alexander Larsen

President, Baldwin Global Risk Services Ltd

Fellow of the Institute of Risk Management

www.baldwinglobal.com

Twitter –  @AlexLarsen_Risk

Email – Al@baldwinglobal.com

 

 

Regulation of Cryptocurrencies

According to Reuters: “Japan’s financial regulator said on Friday it had ordered all cyrptocurrency exchanges to submit a report on their system risk management, following the hacking of over half a billion dollars of digital money from Coincheck.”

Whilst the whole premise of blockchain technology and crypto currencies revolves around it being essentially unhackable, the exchanges that trade these currencies are vulnerable. The introduction of system risk management (which we assume to be risk management of the software/operating systems and servers) checks is a step forward for the cryptocurrency space although it only covers one area of exposure linked to the cryptocurrency market.

History of incidents

Crypto currency has been a booming market with increases in some major coins in the high 1000’s of percent over the last year. This rise, coupled with a lack of regulation, has seen the crypto currency world being hit with a number of negative incidents from Ponzi schemes to fraud, scams and hacking incidents.

Bitconnect, which as of writing of this article, is trading at roughly $8.60, a huge fall from its height of over $300 a month ago, is an example of a potential major Ponzi scheme which has lost $2.4 billion worth of value over 10 days.

The subpoena by US regulators of crypto exchange Bitfinex and its relationship with Tether is another concern to the crypto currency market with many claiming Tether to be a scam. Tethers are tokens backed by US dollar deposits, with each tether always worth one dollar. These tokens should be backed by dollars but thus far the company has yet to provide evidence of its holdings to the public and has not had any successful audits as of yet.

There have also been a large number of Initial Coin Offerings (ICO’s), used to raise money for startups by issuing tokens/coins, which have raised vast sums of money only for the owners to disappear with all the money, whilst others have been less deliberate but have been just as devastating to investors. A cryptocurrency called Tezos, raised $232 million last year, but suffered internal power struggles which has left the project in disarray.

This brings us to the current concern in Japan of cyber attacks of exchange platforms. Cyber attacks and hacking attempts of exchanges have been frequent with Bitfinex, coinbase and kraken amongst others having been closed down for days at a time during 2017 due to a number of hacking attempts. It is the successful hacking incidents which are the most worrying however, with successful hacks such as MT Gox, which cost almost 350 million and two attacks on Youbit which led to it’s bankruptcy. The most recent coincheck hacking was worth 500 million, a record, and it is this which has caused Japan to act.

Regulation

Last year, China took a definitive stand on regulation on crypto currencies which sent shockwaves through the market. Some feel it was perhaps heavy handed with ICO’s being banned, bank accounts being frozen, bitcoin miners being kicked out and nationwide banning on the internet of cryptocurrency trading related sites. Others however believe that it has been a positive step, and has encouraged other governments to take regulation seriously and hopefully take a more balanced approach. It certainly isn’t in the interest of governments to stop ICO’s, which provide many positives including innovation, but they should certainly regulate them from a consumer protection, taxation and organised crime standpoint.

Implementing regulation also removes uncertainty for investors as well as the companies who are involved in ICO’s. Uncertainty is the source of many risks and often a negative certainty is better than uncertainty as it allows a focus within set parameters.

It’s important to remember that too little regulation doesn’t offer protection and too much stifles innovation.

How to regulate

There are a number of ways to regulate cryptocurrencies and the following are just some examples:

1)     Framework for ICOs

New ICO’s are currently not subject to much in terms of regulation globally. One of the problems is determining how they should be treated with some being considered securities. As a fund raising vehicle, there could certainly be a framework that lays out key requirements of an ICO such as a company needing to be registered in order to issue a token, transparency in terms of individual members of the registered company as well as perhaps introducing a few requirements that regular IPO’s require such as implementing risk management. Currently in USA, ICOs are expected to adhere to Anti Money Laundering (AML)/Know Your Customer (KYC) practices.

2)     Regulate exchanges

Exchanges, which is where much of the transactions take place in terms of trading coins, is a logical area of focus when it comes to regulations

South Korea’s financial services commission for example, has stated that trading of cryptocurrencies can only occur from real-name bank accounts. This ensures KYC and AML compliance. According to the FSC, the measures outlined were intended to “reduce room for cryptocurrency transactions to be exploited for illegal activities, such as crimes, money laundering and tax evasion,”

Regulators should focus on regulation that encourages transparency and minimises anonymity.

3)     Tax Laws

Clarity needs to be brought into the tax laws in terms of when investors should pay capital gains. The USA has been quite quick to ensure that crypto-to-crypto transactions are now taxable and not just crypto to Fiat currency transactions. This is not the case in the UK however, where things are less clear and will become even more so, once crypto currencies start to introduce dividend like behaviour.

4)     Reserve requirements of exchanges

Most banks and stock exchanges are required to hold a certain amount in reserves in order to survive any major downturn or crash. This should most certainly be the case for crypto currency exchanges too especially considering the volatility which sees crashes of 60% several times a year with some crypto currencies falling 90% before recovering. This is also known in part as systemic risk which could be what the Japanese financial regulator defines as system risk.

5)     System risk management

As we have seen from this Japan story, one way of ensuring more protection and reliability is by ensuring there is regulation around system risk management on exchanges. There should be minimum requirements protecting against hacking, phishing and other cyber related attacks. The requirements could be scaled against value of the exchange, number of users or number of daily transactions.

It’s important to note that much is being done to reduce the risks of hacking incidents such as the concept of a decentralised exchange. This would essentially be a crypto currency exchange on the blockchain, much like the crypto currencies themselves. This would reduce hacking significantly and whilst it is not currently practical, it could be the standard of the future.

Self-Regulation

The Crypto Currency market gets a lot of negative publicity and much of this could be rectified if there was more self-regulation. It would also reduce volatility within the market and bring about positive change. This refers to both exchanges and ICO’s alike.

The Japan Blockchain Association (JBA) for example has established self-regulation standards which includes the use of cold wallets amongst its 15 crypto exchange members (of which Coincheck was one of them) and are now looking to strengthen the standards further following this recent incident.

I will cover more on this in a separate article.

Risk Management in the Crypto Currency Space

Risk Management, as with all organisation’s, plays a vital role in meeting and exceeding objectives whilst providing resilience and stakeholder confidence. Exchanges and companies that are raising/have raised ICO’s should ensure that Risk Management is part of their business. Identifying risks and opportunities, assessing them and implementing response plans should be standard. Cyber risks, reputational risks, operational risks, system risks and strategic risks should all be considered and prepared for, which would minimise market disruption and reduce the likelihood of financial ruin. At the very least they owe it to the investors who have funded them.

For investors, with volatility so high, the rewards are great but so are the risks. Investors should ensure that they only invest what they can afford to lose, do their due diligence on their investments which includes understanding the technology, the team and look for a prototype rather than a wild concept. Additionally, investors should always be on the lookout for phishing scams and suspicious emails.

Finally, even the most optimistic investor should at least consider that cryptocurrencies are a speculative bubble that could burst.

Find out more about IRM’s Strategic Insights into Cyber Risk Course and many more here.