The Case for Proportional GRC in the Crypto-Industry

Hauke Schupp

Director, Risk Practice, Clarendon Partners
Connect with me on LinkedIn


As the Banking and Financial Services industry continues to look towards the future, relatively new market participants such as FinTech and Crypto firms are becoming more important and integral to the overall ecosystem. FinTech companies provide new capabilities and products improving speed of decision making, execution, and investment options for both businesses and customers. Examples of this are the advent of Crypto currency, trading platforms, and exchanges, as well as predictive analytics and artificial intelligence.

Given the speed of adoption and entry into the new products by “mainstream” financial institutions it is important for FinTech and Crypto companies to focus on implementing proportional and scalable Governance, Risk, and Compliance frameworks to ensure safety and soundness for their customers, investors, and stakeholders while simultaneously maintaining their agility and speed of innovation. The speech by acting Comptroller of the Currency Michael Hsu at the American Bankers Association (ABA) Risk and Compliance Conference in June 2023 highlighted this, when he stated:

“In banking, the responsible approach to innovation is the better way: by progressing in tightly controlled stages where the risks can be identified, measured, and managed at each stage, by building the brakes and the engine at the same time, and by working with regulators, instead of around them. This takes discipline and time. It requires engagement by, and trust in, risk managers and compliance professionals from the get-go through every step of the process.” [1]

At Clarendon Partners we have observed a significant increase in the regulatory enforcement related to the crypto-industry both through application of existing regulations and implementation of new regulations across the globe. This is not a surprising development given the growth and speed of adoption of digital assets in the FinTech and Crypto market and the associated risk to customers and investors participating in the financial sector. As a result, crypto-firms are working to implement Governance, Risk, and Compliance (GRC) frameworks to both manage existing risks and identify emerging risks enabling them to take advantage of the opportunities in this growing market.

US Regulatory Perspective

As Crypto adoption increases so will the regulatory pressure and oversight both directly through new regulations specifically targeting Crypto and FinTech products and services and indirectly through third-party oversight traditional financial firms. As regulatory pressure from Capitol Hill, the OCC and SEC, and the CFPB increases the need for Governance, Risk, and Compliance becomes inevitable. The speed of regulatory oversight is likely to be similar to experienced after the 2008/2009 financial crisis across the global financial markets. In addition to new regulations, existing regulations are being applied to these new products and services as highlighted by the case of the state of New York shutting down two Crypto lenders where the New York Attorney General stating “Cryptocurrency platforms must follow the law, just like everyone else.” [2] Areas of immediate focus need to be financial stability, consumer and investor protection, operational and cyber resiliency, and financial integrity [3]. The regulatory risk associated with these areas range across the full spectrum of risk (strategic, financial, operational, compliance, and reputational) and require proportional and scalable risk management solutions to deliver the safety and soundness expected of traditional financial institutions.

International Regulatory Perspective

As the U.S. regulatory environment continues to increase compliance requirements in response to bad actors in this growing industry, many Crypto and Fintech companies are looking to become licensed internationally.  While this strategy initially alleviates strict US compliance requirements, international regulators are also evaluating the need for new regulations. As such regulatory changes and associated need for Governance, Risk, and Compliance are not limited to the US FinTech and Crypto market. International regulators are also evaluating the need for new and expansion of existing regulations as highlighted by the guidance issued by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) “that stablecoin arrangements should observe international standards for payment, clearing and settlement systems” [4]. The European Central Bank is actively considering a Markets in Crypto Assets (MiCA) Act, which would place Crypto assets under a defined regulatory framework. Per the Bank for International Settlement a firm “should have a clear and robust risk management framework that is appropriate for the risks of its crypto-asset exposures and related services.” [5]

Industry Response

We are observing two fundamental responses to the speed of regulation in the crypto-industry. The first is acceptance, where crypto-firms are responding to the speed of regulatory change and oversight by implementing Risk Management frameworks and generic policies as an initial step to demonstrate compliance to regulators. This approach is normally reactive as a response to licensing with regulations requiring Risk Management frameworks. Crypto-firms however need to ensure they operationalize GRC within their organization to meet the full spirit of the regulations. The second response is avoidance, where crypto-firms are establishing their operations in countries they believe have a more favorable regulatory environment. This response however, does not mitigate the regulatory risks nor leverage the future opportunities coming from the current and future speed of change in the global regulatory environment.

Proportional GRC as the Enabler for Growth

Given the above outlined increasing regulatory risks, Crypto firms regardless of their role in the markets (issuers, network operator, exchange, or wallet provider) need to implement a proportional and scalable Risk Management Framework including scalable policies and procedures tailored based on their business model, growth stage, risk to the market, and role in the industry. The policies and procedures need to be developed scale as a crypt-firm expands in revenue, product and service mix, and geographic reach to ensure compliance and provide agility for innovation. A Fractional CRO is a great way to start implementing a proportional Risk Management Framework and function as this model provides resources with deep subject matter expertise in Risk Management at improved economics. This approach enables crypto-firms to identify, assess, monitor, and report on risks as well as take strategic advantage of the opportunities the changing environment inherently provides. Utilizing GRC as a differentiator and embedding it within a firm’s culture and strategic decision making allows firms to respond according to their size, reach, and business model to grow market-share and improve customer experience and the safety and soundness of their platform, services, and products.

Clarendon Partners Risk Expertise

At Clarendon Partners our Risk Practice provides growing Crypto, FinTech and Financial Services clients with deep expertise in Governance, Risk, and Compliance to help them grow their business and implement proportional Risk Management Frameworks by providing Fractional Risk leaders, outsourced Risk services, or project based solutions We have supported clients in developing GRC frameworks, policies, and procedures and achieve licensing as well as in operationalizing the frameworks by providing Risk experts to work side-by-side with the client as they implement their proportional GRC framework to deliver a Risk culture to grow their business. Our Risk experts are here to help you evolve!

Contact us at evolve@clarendonptrs.com to discuss how we can help.


SOURCES

[1] Acting Comptroller of the Currency Michael J. Hsu Remarks to the American Bankers Association (ABA) Risk and Compliance Conference “Tokenization and AI in Banking: How Risk and Compliance Can Facilitate Responsible Innovation” June 16, 2023

[2] NY Attorney General

[3] International Monetary “Fund Regulating the Crypto Ecosystem” Note/2022/08

[4] CPMI and IOSCO publish guidance, call for comments on stablecoin arrangements

[5] Statement on Crypto Assets

Previous
Previous

Asset Management Outsourcing Considerations

Next
Next

A Risk Expert’s Opinion on ‘Auditors of Crypto Assets struggle to satisfy PCAOB’