Three Risk Lessons of FTX
The FTX story continues to dominate Web3 dialog, and with good reason: it was the black swan event almost nobody saw coming. Naturally, the focus is on understanding how it happened and if it could have been prevented. As founders of the world’s first crypto insurance company, we’ve conducted many thorough assessments of the business, operational and technology risks inherent to custodial crypto firms and feel that three areas of risk contributing to the failure of FTX likely would have been, at the very least, identified through that process, and as a requirement to securing coverage would have been rectified.
The lack of basic governance structures translates to a lack of accountability, which greatly increases the likelihood of misbehavior. Indeed, the new CEO of FTX has called the lack of governance structures there “unprecedented”. Considering he also oversaw the liquidation of Enron, that’s saying something.
It appears that FTX’s operating structure ignored the most foundational principle of corporate governance: the existence of an empowered and independent board of directors. Instead, the FTX board had at one point consisted of founder and CEO Sam Bankman-Fried, another FTX employee and an outside lawyer; however, in the end, it was comprised only of Bankman-Fried, who, it is said, would respond harshly to suggestions that the company might benefit from some independent oversight.
Had such a body existed, in addition to adding an element of accountability, transparency and responsibility, it would have played a vital risk management role, likely producing an outcome very different from the one playing out currently.
Evertas underwriting examines a firm’s corporate governance and – in the case of an entity the size of FTX – would have made an effective and independent board of directors a condition of insurability.
The Web3 space is dominated by founders with outsized personalities that are often heavier on vision than experience running companies. That’s fine, as long as they are supported by an executive team that is strong, qualified, empowered, complementary and diverse.
When too much authority is concentrated in the hands of too few people – particularly in the absence of an independent board of directors – the risk of unaccountable misconduct becomes unacceptably great. In the case of FTX, all executive authority was understood to reside with the founder, who operated free of board oversight.
Central to an Evertas underwriting is an examination of corporate leadership and the strength of policies and controls in place to prevent illegal activities and self-dealing. This most certainly would have flagged the high level of concentration of power with the CEO as well as the problematic background of the chief regulatory officer.
Most Web3 offerings incorporate a proprietary token, and indeed these generally make companies more attractive to investors. An over-dependence on these self-minted tokens for use as collateral leaves a company highly exposed to small shifts in the market – especially during a bear market. This, in turn, makes it tempting to use questionable tactics to influence the value of the token.
In the case of FTX, sister company Alameda Research bought a high percentage of the FTT token. This simultaneously inflated the price of FTT and the Alameda balance sheet while also leaving the two entities’ fates dangerously intertwined. As such, FTX and Alameda developed an unhealthy over-dependence on one another – failure of one guaranteed the failure of the other.
Evertas underwriting requires a thorough understanding of the policies that enforce the firm’s tokenomics: how tokens are minted and issued, how they’re used in theory and how they’re distributed through the ecosystem in practice. When policies are not in place to prevent tokens from generating excessive leverage, the risk is considered unacceptable.
A cryptonative, dedicated, A+ rated insurer like Evertas would have identified excessive risks brewing within FTX and required they be rectified as a condition of insurability. As it is, FTX did secure a small amount of coverage, but through unrated sources whose underwriting standards do not meet our own.
TradFi has long had to balance corporate profits with fiduciary responsibility, and Web3 must do the same. For a crypto custodian, being able to secure and retain A+ rated insurance coverage, sends an important message to the market and regulators: that account holders are dealing with a company whose operations have met the standards of risk tolerance of independent underwriters who, by definition, have plenty of skin in the game.
We believe this is foundational to a restoration of confidence in crypto, which is in turn vital to Web3’s post-FTX recovery.