FTX An Alternative Risk Perspective

As we discover more about the FTX situation it is clear that there are facts that are left to be revealed. Presently, we know that there was a lack of controls (we will discuss later) and there could be mismanagement and even fraud. Regardless of one or the other or all three, people will tend to focus on the “big” issues and perhaps forget to even mention the risks that drive this type of event.

In a recent article by Reuters is was alleged that there was a back-door in IT controls that allowed one person to execute commands that could alter the company’s financial records. This back door would effectively place control of financial reporting in the hands of someone who was not the CFO. Additionally, no one would be able to detect this “change” unless they completed a review of IT controls.

The bankruptcy papers filed indicate a complete disregard for basic controls. For example there were no board of directors meetings and approval processes were, shall we say, impotent.

There is also speculation that FTX and subsidiaries or sister companies did no due diligence on investors and had little, if any, controls over financial accounts.

Now, many articles will be written on the ineffectiveness of controls at FTX. Lack of controls or deliberate circumvention of controls does not necessarily mean that controls are weak. Rather, it could be what it is, a complete disregard of controls period.

That leads us to ponder why events like Maddoff, Theranos, and now FTX continue to happen. Is there a “personal” risk dynamic in all three of these examples of fraudulent or near fraudulent business ideas? And if so, how does that “personal” risk dynamic impact us in our own lives. As investors or employees how do we recognize the personal risk dynamic in a company that will temper our decisions of either investing in or working with said company?

Internal auditors have tried to approach the personal risk dynamic with a question of “Culture”. These efforts have been met with few success stories. Risk Managers continue to look to Boards of Directors to resolve disagreements with senior management. This too has met with mixed results.

However there is a way for investors, employees, and other stakeholders to note which companies are serious about risk management and those that may not be as focused in this area. Let us introduce three concepts: 1) Risk Management to Show, 2) Risk Management to Comply and 3) Risk Management to Thrive.

Risk Management to Show is designed to play on leaderships charisma, promises of high returns on investments and an easy path to rewards while demonstrating little in organization or conversation regarding risks and controls. While risk management processes are said to exist they really don’t or are just a façade. Maddoff, Theranos and now FTX fall into this category. Investors were taken in by sales pitches and promised of rewards that under a personal risk view would be questionable, at best.

Risk Management to Comply is a design that allows businesses to “comply with regulations or industry practice.” There is value in this because it provides basic risk management and controls for the organization, defers regulatory scrutiny and attracts investment. However, these companies can be overly aggressive in liberally interpreting laws and regulations, focus on large revenue additions to the bottom line and solely focus on meeting analysts financial expectations, which are always short term.

Risk Management to Thrive, on the other hand, is designed to assure long-term viability and success of an organization. In addition to complying with regulations and laws, these organizations are typically at the forefront of building sustainable business models. The value for management is not only meeting financial expectations but also on positive community impact, employee satisfaction and compliance with the spirit and letter of the law.

The difference between the three risk approaches is the personal risk dynamic that drives the leadership of the organization. There are often very short-term rewards for a select few in risk management fraud. There are many companies that comply with laws and regulations and are successful, today but will cycle out of the market at sometime in the future. Then, there are also many businesses that thrive today and will continue to thrive tomorrow.

It may be time to reevaluate our own personal risk dynamic. How do we, as individuals, perceive risk? Is it enough to simply comply or do we want long-term survival? Do we provide our stakeholders with temporary satisfaction or do we offer future opportunities? Do we value our employees today by offering long-term growth and development? Regardless of which risk dynamic we seek, it is always best to seek that which most reflects our own beliefs.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Governance

Risk

Compliance

Governance

Risk

Compliance

New Jersey