FTX Court Filings Highlight Key Crypto Industry Risk Management Lessons

The FTX collapse provides a master class in caveat-emptor crypto industry risk management and accounting failures.

This, as court documents confirm that the world’s one-time third-biggest cryptocurrency exchange was set up from the start so that customer funds entrusted to the platform were able to be comingled without their owners’ knowledge or consent.

Disgraced FTX founder Sam Bankman-Fried in the past called risk management “probably the most important thing we do at FTX.”

Per a recent Securities and Exchange Commission (SEC) filing, FTX’s guiding whitepaper advertised that the exchange was built on “industry-leading risk management systems,” and boasted that the FTX “liquidation engine” was a safe and reliable way for the platform to manage risk.

The “engine” reportedly deployed a series of rules designed to automatically trigger certain actions that would reduce risk in client accounts, such as selling collateral on the occasion of an account being overextended.

In reality, and as a result of the specific manner in which the crypto trading platform was centralized to support the activities of sister hedge fund Alameda Research with “limitless credit,” there were no internal risk controls over the uncollateralized use of funds.

In their respective guilty pleas, Alameda’s former CEO, Caroline Ellison, as well as Gary Wang, the software engineer and FTX co-founder responsible for writing the code that gave Alameda Research its special permissions, confirmed the inappropriate organizational setup that allowed for funds to be comingled and for Alameda to make increasingly bigger trades with inversely diminishing controls attached to them, and they agreed to cooperate with authorities.

In contrast, just last week (Jan. 3) Bankman-Fried pled “not guilty” to eight criminal charges filed against him relating to his company’s demise and the loss of billions of dollars of customer assets.

Red Flags Were Everywhere in Retrospect

No matter the industry, when a company is privately held and not subject to the disclosure requirements public companies face in their incorporated jurisdictions, it can be a tall task to determine how effective any claimed controls are, up until the time when things start to go bad.

John J. Ray III, the interim CEO appointed to oversee FTX’s bankruptcy and restructuring, has said about the imploded crypto exchange that, “Nearly every situation in which I have been involved has been characterized by defects of some sort in internal controls, regulatory compliance, human resources and systems integrity. Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.”

Strong words from the man responsible for what was, by most creditor accounts, a surprisingly successful unwinding of the Enron scandal two decades prior.

While PYMNTS’ research shows that developing an infrastructure risk and control strategy to prepare for black swan events is critical to maintaining growth while mitigating risk, the repeated claims made by FTX and Bankman-Fried and likewise submitted to regulatory bodies were inherently compromised by a separate internal control allowing FTX’s sister hedge fund Alameda Research to use customer funds for its own trading purposes, rendering Bankman-Fried’s “24/7” automated risk monitoring engine essentially moot.

According to the SEC’s allegations, the operational realities of FTX, dating back to at least 2019 and now exposed by its bankruptcy filings, were little more than a “brazen, multi-year scheme” to defraud customers and investors.

After all, a properly functioning risk management program is not something to dangle in front of investors or pull the wool over the eyes of regulators, instead it represents the critical collection of systemic processes that backstop a business.

Innovative Benefits for Me, not Thee

As relayed in the SEC’s filing, FTX had tremendously poor internal controls — including no chief financial officer or independent board — and fundamentally “deficient” risk management procedures that allowed assets and liabilities “of all forms to be generally treated as interchangeable.”

For a financial exchange designed to facilitate the trading of digital cryptocurrency assets, having no distinction between those customer assets in custody offers a clear advantage only to the exchange itself, while representing a clear and present danger to clients whose entrusted money is being comingled and invested without their go-ahead or knowledge.

It also generates a massive exposure to the risk created by the exchange’s native positions, which is why management controls of the type FTX promoted externally while flouting internally are so important in establishing sustainable guardrails for growth.

The reality of FTX’s operations consistently stood in stark contrast to the assertations made repeatedly by senior leaders about its risk management processes and controls that helped create an image of FTX to the public and to investors as a mature company that managed funds and risk in a rigorous and conservative manner.

Most FTX entities never held board meetings, and CEO Ray has indicated during bankruptcy proceedings that he does not trust any financial statements provided by the FTX enterprise.

As eventually acknowledged by Bankman-Fried in a televised interview after his company’s stunning collapse, “I wasn’t even trying, like, I wasn’t spending any time or effort trying to manage risk on FTX.” Bankman-Fried went on to add, “What happened, happened — and, if I had been spending an hour a day thinking about risk management on FTX, I don’t think that would have happened.”

Laundry List of Failures

From corporate governance to risk management to celebrity-hyped false advertising, FTX was riddled with obvious-in-retrospect shortcomings meant to disguise that, as Ray said during his testimony, the company’s operations amounted to nothing more than, “really just old-fashioned embezzlement … just taking money from customer and using it for your own purposes.”

A silent majority of the digital asset industry operate among regulatory gray zones and offshore jurisdictional gaps chosen for their lax oversight. FTX’s failure has driven home the perils inherent to this existence of choosing celebrity spokespeople over regular, audited financial disclosures.

Disclosure of risks is the foundation of financial regulation in the U.S., but disclosures are largely absent in crypto, with those existing attempts often lacking good faith.

Because crypto companies often offer a variety of products and services across platforms that perform many functions, their operational lines are often blurred, and increasingly rife with conflicts, to the detriment of their customers.

By contrast, traditional financial firms that provide different services typically register their separate business lines with the respective regulators in charge of oversight.

As Ron Kruszewski, the chairman and CEO of Stifel, one of those very same traditional financial firms, told PYMNTS, “If I were running a crypto fund, I would be sitting in front of you saying we need to assure our customers that putting money in crypto is really no different than putting money in a bank, that we welcome the regulation. What I find amazing in all this, is that I’ve yet to see crypto leaders go out and say, ‘We segregate our clients’ funds and our clients’ securities.’ Until they can say ‘yes’ to that, the industry will not move forward.”

After all, caveat emptor is not a sustainable strategy for long-term industry growth.


For all PYMNTS cryptocurrency coverage, subscribe to the daily Crypto Newsletter.