Crypto Requires Robust Risk Management Framework

  • Effective and comprehensive risk management is key to the cryptocurrency industry’s future success.
  • The industry would mitigate various risks by following the five principles described here.

The recent bankruptcy of a major cryptocurrency exchange came as a surprise and shock to most. The full impact from this event is still playing out and the extent of the contagion remains unclear. Events like this and other recent examples such as the collapse of Three Arrows Capital (3AC), Voyager, and LUNA raise questions about the risk management framework being applied by the cryptocurrency industry.

As we move forward and reflect on the events that have transpired this year, it has become clear that risk management should not be seen as a support function. Instead, risk management should be front and center as firms design new product offerings, onboard clients, invest in different protocols, and so on. The risk management principles discussed in this post are not unique to the cryptocurrency industry, but essential for their success. The principles have been developed over decades and have various applications across multiple industries. The cryptocurrency industry would significantly benefit from implementing the following fundamental principles.

Concentration Risk

Effective management of concentration risk can be the difference between survival and bankruptcy.

Concentration risk can take many forms and applies to various products and services. Specific to the cryptocurrency industry, concentration risk can arise because of overdependence on certain counterparties, specific products or asset classes, and certain types of collateral. Earlier this year, Voyager had to file bankruptcy when 3AC defaulted. Voyager, an exchange platform and publicly traded company in Canada, had lent 3AC, a cryptocurrency hedge fund, approximately $650 million and held approximately 60 percent of its outstanding loans, per the bankruptcy filing. Voyager learned a hard lesson regarding concentration risk.

While several ways exist for firms to mitigate this risk, the framework surrounding risk mitigation should be designed and tailored individually to each firm. Firms should assess and institute concentration limits for individual counterparties, exchanges, protocols, tokens, etc. For example, if a firm holds a significant stake in a token such that liquidating a large stake will significantly affect the market prices, it must consider the downside risks if something were to go wrong with that token. This is an example of concentration vis-à-vis average trading volumes. Risk managers should also consider the percentages of a firm’s net worth and liquidity when evaluating concentration risk. Outside of setting limits, firms can apply alternative strategies such as using derivatives to mitigate this risk. Identification of concentration risk is one step toward mitigation, followed by establishing a framework for controls, reporting and regular monitoring.

Collateral and Custody

Establishing appropriate collateral management practices also should be a top priority for any firm transacting in the cryptocurrency industry.

Given that the industry relies significantly on digital assets (including stablecoins) as collateral, it is important to look at the liquidity (or illiquidity), volatility, average trading volume, and market capitalization, among other factors that may affect the ability to liquidate such collateral in an orderly fashion. Managing these risks should help firms decide the appropriate haircut (the difference between an asset’s market value and the value that can be relied upon as collateral for a loan) as well as their internal concentration limits on certain tokens. As a practical matter, firms may categorize acceptable tokens into different tiers and assign a haircut percentage to each tier. We note that the categorization is not static and should be reviewed as market conditions change.

A firm may take physical custody of tokens. Although this mitigates risk to a custodian or counterparty, it creates new risks and trade-offs that firms must consider. Firms electing to self-custody need to conduct a thorough review of their own controls (hot or cold wallets, multi-sig, etc.) to ensure safekeeping of tokens. Firms posting collateral should consider segregating the collateral with an unaffiliated third-party. This does not mitigate all the risk, rather, it provides an additional level of security and removes the ability for a counterparty to rehypothecate the tokens. This may increase the cost of trading, which may be a better outcome than the risk of losing it all.

Wrong Way Risk

Wrong way risk can take multiple forms and can arise when an exposure to a specific counterparty is highly correlated with the counterparty’s probability of default.

Wrong way risk arises through poorly structured transactions, for example, those collateralized by own or related party shares (or tokens). Wrong way risk also can arise from general, broader correlations across assets. For example, the correlations of various cryptocurrencies to one another, paired with the extreme volatility, have shown that although a counterparty may not have direct exposure to a failing company, it may be exposed to that company indirectly. As firms set limits for counterparties, tokens, products, etc., they should consider these wrong way risks and reflect these considerations in their limits.

All else being equal, a higher specific wrong way risk should lead to lower limits. Firms could establish policies to ensure transactions are structured appropriately, such as requiring that collateral received from a given counterparty must be in an uncorrelated asset.

Inter-Affiliate Relationships

Recent events highlight the importance of risk management surrounding affiliate and related party transactions.

The bankruptcy of FTX, including many of its affiliates, highlighted that affiliates may pose risk regardless of legal entity structure. While creating separate legal entities can produce efficiencies and help grow business, it also can create added complexity that increases risk. The key takeaway is that organizing various legal entities aligned to certain jurisdictions is normal, however, it is important to manage risks across legal entities on a consolidated basis while also managing at a legal entity level. This is particularly important when risk taking and risk managing entities are separate. For example, a firm may trade in spot markets in the United States but use an offshore entity to hedge the risks on offshore exchanges. While this is a common practice even in traditional finance, each entity should structure its risk limits and risk management framework while considering its capital and liquidity needs. This should be supplemented by a firm-wide risk management program where one can assess the overall exposures across the whole family for clients, tokens, etc.

Liquidity Risk

Establishing sound liquidity risk management principles is fundamental for all risk management programs.

Even the best of products, protocols and tokens may come under tremendous pressure in stressed market conditions and sometimes for unrelated reasons. However, as the saying goes—the market can remain irrational longer than you can remain solvent.

Liquidity risks may arise through mismatches in the maturities of assets and liabilities. For example, a firm may have short-term funding requirements that cannot be met by its illiquid assets. While it may have good assets, they may be locked for longer terms and may not be available to meet short-term needs. This could include tokens locked into staking contracts or outstanding lending and credit obligations. Firms need to ensure they have processes to forecast liquidity and funding needs over various horizons, such as a “sources and uses” report. Firms should also incorporate stress scenarios for the various periods that model varying levels of stress (e.g., low, moderate and extreme). A contingency funding plan that considers stress scenarios and market contagion also should be in place and reviewed regularly to confirm its practicality with the changing market conditions.

The cryptocurrency industry is still young and fast growing, and it features many new players. For newer market, it is not always practical to have concentration limits or demand higher collateral from counterparties. Firms, however, must identify and recognize the risks they face even if those risks cannot be adequately mitigated in the short term.

The first step of risk identification would facilitate firms to prepare better for unforeseen market conditions—such as the recent events described above.

Put Patomak’s Expertise to Work

Patomak has deep experience in designing and assessing risk management at banks, swap dealers, broker-dealers, digital asset trading platforms and other financial firms. If you’d like to learn more about how Patomak can partner with you, contact Keith Noreika ( or Sudhir Jain (