- The implosion of FTX, one of the world’s largest centralised crypto exchanges, has sparked a new focus within the crypto industry on the importance of risk management and transparency.
- As the COO for BOMB Money, ensuring we have a robust risk management framework and governance model is one of my top priorities. In fact, my relentless focus on this, and particularly monitoring upstream regulation, has led to my internal nickname: “RegoRob”! I firmly believe that the level of focus we have in this area is a major differentiator and one of many reasons that we will lead the way in risk management across DeFi.
- In this blog I share an overview of our risk & control framework and how this will support us as we become the largest and safest staking platform in the world.
Setting the scene
The renewed focus on risk management following the FTX collapse is certainly very valid and will ultimately advance the industry. However, this focus has largely been targeted towards centralised exchanges. I’ve seen very little in the DeFi space around the need for protocols to ensure they have robust risk management practices. Perhaps it’s assumed that it’s sufficient to have code that is open source and audited. However, I would argue that wherever there’s ongoing management of a protocol and the surrounding business, and especially when there are investors’ funds at stake, there is a need for effective risk management practices.
Before I get into the BOMB Money Risk & Control framework it’s important to acknowledge that there’s risk in almost everything in life which is also the case in DeFi. That’s why we’ve just launched a new “Risk Information” document to help current & prospective investors understand the key risks that are at play when investing in DeFi.
Our Risk and Control Framework
Let’s break down some of the major components of our internal Risk & Control Framework. I think you’ll quickly realise the level of rigour we have is far beyond any other DeFi protocol and very likely many large centralised firms.
We’ve recently implemented defined risk appetite statements that clearly outline the level of risk we, as a company, are willing to accept. There will always be inherent risk in any business and particularly in DeFi, but making conscious decisions around what is acceptable vs what is not is essential. We centre these around the following headline material risks:
- Legal & regulatory
- Market and liquidity
- Strategic execution
- Employee conduct
- Statutory compliance
Each of these have an underpinning set of “key causes” – i.e., things that could cause them to crystalise. Together, these determine the controls we check against on a regular basis to ensure we are operating within our desired risk appetite.
Risk Culture is often an area that’s overlooked but is something that should be carefully nurtured. Ultimately, I think of it as the sum of a company’s norms and attitudes around risk awareness, risk taking, and risk management. At BOMB Money, we clearly outline the standards we expect from our team members within our policy documentation. However, even more importantly we place a huge emphasis on our hiring practices. Not only do we pride ourselves on being an equal opportunity employer, we heavily focus on only recruiting those with integrity and a strong moral compass. Perhaps most importantly, we ensure risk is something we actively discuss and we never shy away from highlighting the things that could go wrong and how we should manage these.
Governance & Oversight
Stop losing money in DeFi! How BOMB Money prioritizes risk management to keep investors’ funds safe.
At BOMB Money, we focus heavily on connectivity – our senior team meets daily (including weekends!) to track progress against our strategy, brainstorm new opportunities and agree on team priorities. This alone allows us to exercise day-to-day oversight over risks. However, we have recently implemented a formal Risk Committee where we’ll regularly meet with a dedicated focus on the firm’s risk profile.
Identification, assessment, monitoring & management
Although we have our headline material risks well defined, naturally new ones are identified on a day-to-day basis. Once identified, new risks will be classified based on potential impact and probability of crystalizing. We then define whether this is a risk we’re willing to simply accept (generally those that are low probability and low impact) or define mitigants and actively track the delivery of these through both our daily check-ins and monthly committee.
- Hopefully this gives you a sense of how seriously we take protecting our investors and why we’ll set the standard for risk management across the DeFi space. In future blogs I’ll delve into the framework further.
- I would urge you to question whether other projects you’re investing in have the right focus on this side of things and if not, you may want to re-assess whether it’s within your risk appetite to remain as an investor!