CRO Outlook

Crypto Risk Governance: Hazards and Opportunities

Clever asset innovation can happen seemingly overnight. Strong risk governance and regulation are needed to make it resilient.

Friday, April 16, 2021

By Brenda Boultwood


The crypto world is exploding in financial value and investment dollars. A Bitcoin now trades at more than $60,000 in a trillion-dollar market, while non-fungible tokens (NFTs) sell for millions. But crypto markets currently operate as a global financial system outside of national governments, central banks and financial institutions, and calls for more effective risk governance and regulation have been fueled by risk management failures.

Indeed, loss events have been fairly frequent in the crypto markets. Ponzi schemes, crypto application scams and other fraud schemes have been common. Moreover, crypto markets have suffered from market volatility and platform non-scalability. On the other hand, since Bitcoin's introduction in 2009, the growth in scope and value of the crypto-markets has been fantastic - particularly in comparison with other digital markets.

Figure 1: Crypto in the Context of Overall Digital Markets (Illustrative Examples)

Figure 1

So, how do we mitigate risk and leverage opportunities in the burgeoning yet complex crypto industry? Proper risk governance is a good place to start. Under a strong governance program, risk monitoring and decision support are based on a combination of external rules and standards and internal objectives and policies. Moreover, effective governance will provide clarity and transparency about who's making key crypto decisions.

Complicating the governance issue is the fact that there are many different elements of crypto markets - ranging from NFTs to decentralized finance (DeFi) to virtual currencies. Before we directly address crypto risk governance issues, it's logical for us to gain a better understanding of these elements.

Distributed ledger technology (DLT) is the underlying technology for cryptocurrencies like Bitcoin. It's a decentralized, peer-to-peer (or machine-to-machine) database that prevents manipulation by enabling the consensual sharing of transaction data across multiple points (or nodes) a network. Each DLT participant has an exact copy of the data, which is synchronized across all nodes. The blockchain protocol is a version of DLT that creates a consensus (fixed) ledger across all participants.

An NFT is a unit of data on a blockchain. Each NFT can represent a unique digital item (e.g., art, audio, videos, items in video games and other forms of creative work), and NFTs are therefore not interchangeable. Year-to-date, the NFT market has grown by 1800%.

Figure 2: NTF Types

Figure 2

DeFi covers any type of smart contract built on blockchain that automates transactions and enables financial instrument issuance. Figure 3 shows examples of DeFi markets, which have grown by 143%, year-to-date.

Figure 3: DeFi Markets

Figure 3

Cryptocurrencies are a type of DeFi that can be used to buy and sell goods and services without the backing of a central bank. They can be a token that represents value or a method of transferring value.

A blockchain can manage and record each cryptocurrency transaction. Protocols built into blockchain software determine the method for creation, total volume, transaction speed and accessibility.

Figure 4 lists the top cryptocurrencies from a market value perspective. Bitcoin was the first opensource blockchain token. (While not all blockchain tokens are as energy consumptive, a single Bitcoin requires 72,000 GW of electricity to mine.)

Figure 4: Largest Cryptocurrencies

Figure 4

Regulations and Standards

Rules and guidance from many regulators and standard-setting organizations have emerged, particularly for cryptocurrencies and exchanges. But these rules remain local (issued on a country-by-country basis), rather than global.

Progress has certainly been made on the crypto regulatory front in the U.S. FinCen, for example, has proposed a self-custody wallet rule and know-your- customer (KYC) guidelines. The SEC has made statements or proposed rules on digital asset custody, digital broker safe harbor, Bitcoin ETFs, fraud and market conduct. The OCC has issued a statement allowing national banks and savings banks to take custody of digital assets on behalf of their customers.

Worldwide, regulators have adopted varied approaches. For example, the UK's FCA has banned crypto asset derivative sales to retail customers. Supervisors like the BIS and MAS, meanwhile, have taken strong pro-regulation stances on crypto markets.

Today, a main point of debate is whether the crypto market requires a full, global regulatory framework.

Crypto Asset Risk Governance Questions

Blockchain protocols create rules about how participant nodes interact. Moreover, some crypto platforms - like Ethereum - are driven by standards, such as ERC-721. However, most crypto governance within or across crypto platforms today is opaque.

Going forward, it will be imperative to understand how the risks will be governed when more crypto markets are, by design, decentralized. How will global platforms be monitored? Who will make important decisions? More specifically, when, say, nodes on a single blockchain span Russia, China, EU, US and other countries, how will answers to the questions be agreed?

A comprehensive oversight framework is needed to cover crypto risk governance issues, which are illustrated (below) in Figure 5.

Figure 5: Key Crypto Market Risk Governance Issues

Figure 5

Parting Thoughts

Brenda Boultwood Headshot
Brenda Boultwood

Crypto markets have given rise to a powerful, alternate global financial system, but there are still concerns about proper risk governance and regulation.

Today, blockchains do not have to be domiciled in any single nation or continent. Indeed, any crypto market can be governed by the miners, the holders of tokens on a blockchain, a crypto dictator or a multilateral organization monitoring and providing decision-support for the shared crypto-market objectives.

If we wish to see successful adaptation of the crypto markets as they continue to grow, the development of a comprehensive risk governance framework will be vital.

Brenda Boultwood is an independent consultant. She is the former senior vice president and chief risk officer at Constellation Energy, and has served as a board member at both the Committee of Chief Risk Officers (CCRO) and GARP. Previously, she was a senior vice president of industry solutions at MetricStream, where she was responsible for a portfolio of key industry verticals, including energy and utilities, federal agencies, strategic banking and financial services. Before that, she worked in a number of risk management, business roles and as the global head of strategy, Alternative Investment Services, at JPMorgan Chase, where she developed the strategy for the company's hedge fund services, private equity fund services, leveraged loan services and global derivative services. She currently serves on the board of directors at the Anne Arundel Workforce Development Corporation.


We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals