On Greed and Poorly Managed Risk:  From The Titanic to Hedge Funds 

In 1912, the Titanic embarked on her maiden voyage from the bustling port of Southampton, England. She was nothing short of a maritime marvel, with an awe-inspiring 882-foot frame, and a weight of 45,000 tons. It was the epitome of luxury, with more than 2,000 passengers aboard and boasting the audacious reputation of "unsinkable". But destiny took a fateful turn on April 15, 1912, as the Titanic collided with an iceberg in the icy North Atlantic waters. The Titanic had received six warnings of sea ice the day prior but was travelling at too high a speed when her lookouts sighted the iceberg. Unable to turn quickly enough, the ship suffered a blow that crushed her starboard side and opened six of her sixteen compartments to the sea. In that frigid night, 1,503 souls were claimed by the abyss, including our beloved Jack.

Fast forward eighty-something years, a bunch of Nobel laureates and financial whiz kids coalesce to create Long-Term Capital Management (LTCM). They managed to amass an astounding $4.7 billion in capital (not-so-shabby back in those days) and leverage their investments to over $100 billion by 1998. Fueled by an invincibility complex and armed with sophisticated strategies and mathematical models that seemed to defy gravity, LTCM met its fate during the Russian financial crisis of '98. Their models had bet big that the market would quickly revert to normal, but when it didn't, the fund incurred staggering losses that wiped out nearly all of their capital and threatened to disrupt global financial markets. It was the Federal Reserve, in collaboration with other major financial institutions, that orchestrated a bailout and prevented a systemic collapse. To borrow a line from John Maynard Keynes, the LTCM debacle served as a stark reminder that markets can remain irrational far longer than you can remain solvent, and that excessive risk-taking and a lack of risk management can swiftly turn seemingly unsinkable hedge funds into relics. After all, humans are integral to markets, and humans can be unpredictable in stressful situations. 

We didn't need to let another eight decades slip by before another harrowing financial crisis descended upon us, claiming even more colossal victims. In the tumultuous years of 2007-2008, the Global Financial Crisis left in its wake a trail of shattered firms, with three names etched in the annals of history: Bear Stearns, Lehman Brothers, and Merrill Lynch.

Bear Stearns, with a risky plunge into the subprime mortgage market and a rather lackluster risk management approach, found itself in the eye of a liquidity crisis. In a flash, it was gobbled up by JPMorgan Chase in March 2008. Meanwhile, the Lehman Brothers' saga unfolded as a tale of excessive leverage and a portfolio laden with toxic assets, which culminated in its abrupt bankruptcy in September of the same year. Even Merrill Lynch, a colossus that had become one of the foremost underwriters of subprime collateralized debt obligations, found itself teetering on the precipice of collapse, its salvation ultimately delivered through the timely intervention of Bank of America. These names, once synonymous with unshakable Wall Street prowess, were brought to their knees quickly by a fatal cocktail of greed and a dearth of risk management practices.

Around the same time, the name Bernard Lawrence Madoff became synonymous with one of the most audacious financial frauds in history (we’ve touched upon Bernie before). For over 18 years, leading up to 2008, Madoff was a beacon of unwavering consistency. Boasting an average annual return of over 11% and very little volatility, he appeared invincible. Yet, beneath this façade, lurked a $65 billion Ponzi scheme, a financial house of cards waiting to collapse.

And collapse it did. But this is not a tale of Madoff’s risk management failings, for this was a fraud with nothing substantial to manage. This time, the onus of failure rests squarely on the shoulders of investors and regulators alike. The landscape was riddled with red flags, and those diligent enough to apply proper due diligence and operational risk management guidelines (Goldman Sachs, as usual) should have steered clear or, at the very least, minimized their exposure to his fund as Goldman did. For instance, a research firm sounded the alarm when they uncovered that Madoff's books were being audited by a meager three-person accounting outfit. The SEC conducted two investigations and three examinations of Madoff's investment advisory business, in response to detailed and credible complaints that hinted at potential misrepresentation and Ponzi scheme operations, only to find and report nothing amiss. As for Ernst & Young, they audited specific funds-of-funds connected to Madoff's investments but conveniently overlooked his direct holdings, exhibiting woefully inadequate audit procedures. In this saga, the ultimate failure lay not with Madoff, but with the investors who placed unwavering trust in him, neglecting fundamental due diligence and risk management principles, and with the regulators who allowed the charade to persist.

Risk Is Everywhere: Be Proactive

Revisiting historical debacles can be entertaining. The point of all this, however, is to recognize how risk is a constant presence that can strike unexpectedly, often from unanticipated corners. Of course, it’s much easier to address this in a rear-view mirror, but it pays handsomely to be aware and prepared. Countless firms, big and small, have experienced the harsh consequences of inadequate risk management practices in seemingly inconspicuous areas.

Consider the case of cybersecurity, a critical concern in today's digital landscape, and take, for instance, the unfortunate events involving Tillage Commodities Fund and SS&C Technologies Holdings, a major player in financial services software and fund administration. In 2016, in a mere twenty-one days, SS&C's egregious lapse in diligence led to a devastating CEO fraud scam resulting in a series of fraudulent transactions that saw hackers from China abscond with $5.9 million. The crime was committed through fake emails sent by the hackers to company staffers to trick them into releasing client money. The execution of the crime was amateurish, and the emails fraught with errors. Yet, shockingly, SS&C staff failed to spot any red flags and even helped the criminals by fixing failed transfer orders that had initially failed. This unfortunate incident forced Tillage to halt its operations, putting cybersecurity and operational risk management measures into perspective.

Also consider the issue of counterparty risk, as highlighted in 2022 when many funds and firms, including well-regarded names like Galois Capital, Voyager Digital, BlockFi, and Ikigai, suffered significant losses by parking a substantial portion of their capital on the FTX exchange.

The truth is that while market risk-related wipeouts often dominate the headlines, the threat of closure can originate from diverse sources. Risk is multifaceted: market, counterparty, custody, operational, compliance and regulatory risks, among others. As a matter of fact, a 2003 Capco White Paper titled "Understanding and Mitigating Operational Risk in Hedge Fund Investments" unveiled that a significant proportion of hedge fund collapses can be traced back to operational issues, such as misrepresentation of fund investments, misappropriation of investor funds, unauthorized trading, and insufficient resources. To be precise, as illustrated in Figure 1 below, operational issues were responsible for 54% of the failures among funds studied, with half of all closures solely attributed to operational risks.

Comprehensive Risk Management Is Mandatory

Given these considerations, it becomes evident that effective and comprehensive risk management is not a routine checkbox - it stands as the cornerstone of sound fund management. Only through proactive identification, vigilant monitoring, and robust mitigation of all risks can a fund thrive amidst challenging market conditions. This not only preserves investor confidence and trust but also ensures the fund's long-term viability. Protection of capital and reasonable appreciation of risk-adjusted return are paramount.

The journey towards effective risk management begins with a meticulous examination and quantification of the primary risk categories, which include:

• Market Risk: The potential loss arising from changes in market conditions.

• Liquidity Risk: The challenge of promptly selling assets to meet financial obligations.

• Counterparty Risk: The risk associated with the default or insolvency of a counterparty.

• Regulatory and Compliance Risk: The potential for non-compliance with pertinent laws and regulations.

• Operational Risk: The risk of losses due to failures within internal processes, systems, or personnel.

• Technology Risk: The risk linked to technology failures.

  Asset Custody Risk: The risk of asset loss or theft held by a third-party custodian.

• Information and Cybersecurity Risk: The risk of unauthorized access, theft, or destruction of sensitive data.

• “Black Swan” Risk: The risk of a high-impact event that is difficult to predict under “normal” market conditions.

In crypto, many of these risks are substantially elevated (for instance, market risk is 24/7/365).  Effectively managing these identified risks requires a structured process of real-time risk monitoring, tailored to the unique characteristics of crypto and your fund. Consider its size, approach to portfolio management, and the complexity of its investment strategies.  Where and when are you most exposed, and how can you systematically mitigate that? This journey is a continuous one, akin to keeping a vigilant watch on the horizon for any signs of trouble, and risks (and therefore risk management) are evolutionary. Every known risk must be scrutinized, and emerging threats are identified early in the process.

But it doesn't end at mere observation. You should leverage all the tools at your disposal, each designed for a specific purpose. Stress testing helps assess your resilience under various stress scenarios, scenario analysis offers glimpses into potential futures, and contingency plans are there to mitigate the consequences of adverse events. As crypto matures, excellent risk management tools such as the Serenity Platform offered by Cloudwall are becoming more and more available to automate such activities (such as stress testing, attribution analysis, and scenario analysis). 

Finally, supporting the risk management process are policies, procedures, systems, and governance structures:

• Comprehensive Policies, Procedures, and Guidelines: These need to cover all aspects of risk management, spanning from initial identification and assessment to ongoing monitoring and mitigation.

• Skilled Personnel: Those involved should be well-versed, trained and experienced in risk management. Application of risk management frameworks from traditional finance to the unique curvature of crypto is crucial.

• Governance: Through policies, committees, and controls, the entire structure seamlessly incorporates risk management into all decision-making processes, ensuring accountability at every organizational level.

• Adaptability, Reviews, and Monitoring: A steadfast commitment to periodic reviews and enhancements of risk management policies, procedures, and personnel, to adapt to changing market dynamics and emerging risks.

Conclusion

The disaster stories presented in this blog all share a common thread: a notable absence of effective risk management. The key takeaway here is that if risk is not proactively and fulsomely managed - and by risk, we mean a wide array of factors including market, counterparty, custody, operational, cyber, compliance, and regulatory risks - then sooner or later, external forces like the market, unscrupulous actors, or unforeseen events will step in and will (mis)manage the risk for you. And just like in boxing, it’s not necessarily the biggest punches, it’s the ones you don’t see that will put your lights out.  Appropriate and diligent practice now will save you later.

Also, before parting, there is an important historical distinction between many of the financial blow-outs and the Titanic disaster.  Did you spot the difference? In the case of the Titanic, the captain famously went down with the ship, demonstrating some sense of responsibility. Often, in the realm of Wall Street, individuals who preside over the mismanagement of their firms tend to resurface, even supported by the unyielding trust of their investors. The risk in crypto is higher and the industry’s risk management reputation has taken a hit. It’s now the industry’s responsibility to put a belt and suspenders on this thing.

At Valmar, we spend quite a bit of time thinking about risk management. If, like us, you can’t get enough of it, we had the pleasure of joining Cloudwall (and crypto risk evangelist Kyle Downey) on its inaugural episode for its risk-management centered podcast Blockchain Confidential. 

And as always, if you are a fund or an investor looking to more deeply understand risk and risk management as it relates to crypto, please contact us for a more in-depth discussion.