Open in app

Sign in

Write

Sign in

Risk! IT’S NOT JUST A GAME…

TCT Program Lead - JD Sutton (DeepSea)
10 min readDec 11, 2022

--

TLDR: We have seen recently through centralized exchanges such as Celsius and FTX the negative affects that occur with the lack of risk analysis. We can not afford to make the same mistake when it comes to managing the Community Shimmer & IOTA Treasuries. We must practice proper risk and capital management to ensure a sufficient and long-lasting treasury.

The definition of risk analysis is: what is the probability of a risk occurring and what is the consequence (impact) of that risk occurring? The question becomes, what happens after you analyze those risks? After analyzing risks they must be mitigated by using analysis to lower the probability and or impact. We can take this thinking and apply it to not only when we build the treasury governance framework , but also we need a program lead that has experience with and training in managing organization with risk management in mind.

Risk Analysis Matrix — Probability and Impact Severity Scoring

TREASURY RISK

A good process of risk analysis is to simply think of known risks that could occur and then assess the consequences of those risks occurring. As an example, let’s think of a few risks examples that could occur and how they would negatively affect the Treasury. Note, risks can be categorized into macro and micro categories. Let’s take a look at a just a few.

Macro Risks:

  • The treasury, through market volatility, poor capital management, or theft could be fully depleted and no longer have sufficient capital for grant funding to the ecosystem.
  • A bear market occurs and the $SMR price drops by such a large extent (eg. -90% market move downward) the affect would be not enough funding to cover treasury committee salary and administrative costs.
  • The committee funds one or two large projects and uses up the allocated funds for the entire year. The treasury would then have no more funds to support the ecosystem until the next years allotment.
  • A risk to the longevity of the the Shimmer Treasury is that it never gets a chance to increase with the $SMR price and thus never reaches the level to become fully self sustaining.
  • The Smart-Contract that manages the Treasury gets hacked and the funds are depleted through theft.
  • The legal setup of the Treasury was formed incorrectly and thus has regulation authorities shut down the treasury, potentially fine the treasury, and induce additional costs when creating new legal setup in a new country.

Micro

  • A grant applicant scams the Treasury by submitting a false proposal and thus steals the funds of the proposal grant.
  • A committee member or program lead takes bribes and gives special favors to grant proposers.
  • A committee member rejects proposals of competing projects in which they are members of.
  • Committee members and the program lead prioritize paying themselves hourly funds over focusing on successful grants for the ecosystem.
  • The funds that are granted to a grant receiver are wasted due to the grant receivers practicing poor capital and project management.

As we can see there are different macro and micro risks that may greatly affect the treasury and the overall public relations of the Shimmer ecosystem. Above is just a few risks that can be foreseen, but we always know there will always be unforeseen risks that occur, this is inevitable. However, by addressing the foreseeable known risks the overall consequences and negative issues that could affect a project or service are greatly mitigated. It is imperative that when managing such projects, a proper initial, and ongoing, risk analysis is conducted.

Risk Analysis Examples

Risk Matrix — Analysis Tool

Let’s put in practice one or two examples of risk analysis and mitigation. The above risk analysis matrix shows a very basic quantitative approach to analysis probability and impacts of known risks.

We can practice risk analysis and mitigation by looking at a foreseeable macro risk such as that the $SMR token may experience a 90% market drop as we described above. If $SMR experienced a 90% drop, it would then lower the treasury value by 90% and bring its worth so low that by funding a few grants could completely deplete the funds alloted for that year. Another risk is that due to a 90% $SMR price loss, if running costs need to be paid, the conversion of $SMR to USDT would use up so much $SMR that either A) the SMR may be used up for the year, or, B) there will not be enough SMR to cover yearly running costs.

We can see a real life example by looking at recent examples such as Celsius, FTX, and Voygater.

What is the impact of this risk?

  • The impact would be [Severe (5)]

What is the probability of this risk?

  • The probability is [Almost Certain (5)]

By using the above risk matrix to quantify the risk, the above analysis would give a total of (25) points Extreme! This is where FTX, Celsius, Voyager, etc. failed. They put their organizations funds in a situation where the risk of a borrower going insolvent would have such impact that it would bankrupt their own organization and thus become insolvent.

Let’s look at real life example that just occurred with Celsius and 3 Arrows.

Example 1: Celsius and 3 Arrows

At the time 3 Arrows was a multi-billion dollar company. The market was roaring as a bull market was in full swing at the time. Celsius lent 3 Arrows huge sums of funding while holding minimal to no collateral. Had anyone actually conducted a proper risk analysis they would have analyzed the situation and found to things below.

  • The Impact of that Risk— Severe (5)
  • The Probability of that Risk— Moderate (3)

By following the risk matrix table the total score would be (15) Very High! Notice, by using the risk matrix we can never get to (0) zero. Instead, the lowest we can quantify in an analysis is (1) insignificant and (1) rare for both probability and impact. That is because every risk is always statistically probable at some point, yet at most rare; as well as, every impact will always have some sort of consequence and at most the lowest being insignificant. So what would had happen if Celsius the company practiced just the most basic risk mitigation analysis? After seeing a risk analysis score of (15) Very High when evaluating what the risk would be if the market dropped by 90% and they had loans outstanding with nearly zero collateral, they would have noticed the needed to bring such a risk, and particularly the impact to a lower consequence. It would have been clear that they should implement some mitigations to better protect against such a probable situation. Below are a few easy methods Celsius could have put in place to mitigate that risk after being aware of it.

  • Impact — They could have increased the collateral required by 3 Arrows for the loan.
  • Impact — They could have lowered the funds borrowed out from Celsius holdings.
  • Impact —They could have diversified borrower clients so that if a single borrower goes insolvent it doesn’t affect their entire business flow.
  • Probability — They could have hired an expert team to dive into and analyze the financial holdings of 3 Arrows prior to a loan being approved, and required regular quarterly audits to ensure they can meet their obligations.
  • Probability — They could have, and should have had liquidation tiers in place if the overall crypto market cap drops the borrow 3 Arrows must liquidate their position to cover their loan.

As we can see these are just a few mitigations that can be in place to both lower the Impact and the Probability of the risk of a market crash. Such actions will lower the consequence fallout of a borrow going solvent that results taking down the lending organization as we saw what happened with Celsius, Voyager, FTX, and others. If a risk analysis and mitigation process was conducted mitigations would have been put in place. Instead, companies like Celsius simply assumed that a market crash wouldn’t have occurred, they “assumed” the probability would be extremely low. Yet had they been realistic and admitted the probability was almost certain given this is a common a occurrence in the crypto market, they would have implemented mitigations and saved themselves (and user funds) from liquidation. Most importantly, by implementing such mitigations, they could “re-analyze” the risk and the resulting quantifying results would have been:

  • Impact — Minor (2)
  • Probability — Moderate (3)

If these impact mitigations were executed the risk would have been mitigated and Celsius would have had enough capital because they would have been diversified and the liquidation tier would be in place thus triggering to minimize the capital loss. Now, the analysis and mitigation lowers the consequence score from a (15) Very High to a (6) Medium.

Example 2: Wasting Shimmer Community Treasury Funds

We have used this risk analysis when developing the Shimmer Community Treasury framework. Yet we as a community, and particularly a treasury program lead , need to continue managing the community treasury with the mindset of risk analysis and mitigation. As an example, let’s look at the risk of granting funds that simply get wasted due to inefficiency and funding project teams that practice capital mismanagement and waste grant funding.

From ScaleFinance.com, “The common rule of thumb is that of 10 start-ups, only three or four fail completely. Another three or four return the original investment, and one or two produce substantial returns. The national Venture Capital Association estimates that 25% to 30% of venture-backed businesses fail”.

What is key to the above statement by ScaleFinance is that we know the probability of projects that receiving grant funding will have a likely chance to fail. The (U) Probability is known to be “likely”. On top of the probability that projects will likely fail, we can assess the impact. If largely funded projects fail we will be wasting the treasuries funds. Given that the Shimmer community has a very small amount of community treasury funds compared to other crypto projects, we need be very careful ho wmuch we use. A failed projects (U) Impact would be significant.

I have made a simply and basic risk analysis table to show an example of how a risk mitigation analysis process can work with the treasury if I was program lead. Click on this public Notion page to see an example of a risk analysis report: Risk Analysis Report

Risk Analysis Example

So after analyzing this risk we know (U) Impact = (4) Significant and (U) Probability = (4) Likely and the sum of the two risk variables equals (12) High. Clearly, we understand that we need to mitigate this risk within the farme work. The community and the IOTA Foundation representatives have been assessing this risk and came up with mitigations to put in place to lower the probability and impact of such risks. The framework was designed as below to mitigate the risk of proper grant funding and to avoid poor proposal funding and wasting of funding.

  • A tier system was developed based on the amount of funding requested (ie. Tier 1, Tier 2, Tier 3 & Tier 4).
  • After discussion it was concluded that the safest method would be to require KYC from all tiers. This sets a standard for all teams to meet and will vet out “some” teams that simply aren’t professional and experienced enough to be able to KYC.
  • The major mitigation that limits the impact of such a risk of funding grant receivers that practice capital mismanagement is creating milestones. With Tiers 2 to 4 milestones are required and the grant is divided into these milestones. For example, if a grant is seeking $100,000 USDT they may provide four milestones deliverables with $25,000 issued at each milestone.
  • Tier 3 and Tier 4 grants will have a reviewer act as a project manager assigned by the program lead to the project. The reviewer will give oversight and assistance to projects to either catch issues early or support the team with assistance so they can succeed.
  • I have proposed and enacted with Phylo to have a group of technical consultants (ie. code specialist) that can review projects to assess if project deliverables are achievable, realistic, and particularly if milestones deliverables meet what was proposed.
Risk analysis post mitigation

By conducting a quick and simple analysis, and then mitigating the risks, we can see that by integrating these mitigating factors into the Shimmer Community Treasury framework the risk of poor grant funding is minimized. By implementing these variables we lower the impact and probability to (C) Impact = (2) Minor and (C) Probability = (2) Unlikely with a combined risk score of (4) Low.

Organizations like FTX, Celsius, Voyager, and others had such great opportunities and completely wasted them by simply not apply just a bit risk management through analysis and mitigation. It is imperative that the Shimmer Community Treasury has a program lead that keeps risk management as a primary focus while we conduct the first year of funding. It is up to the community to vote for a program lead that will protect and do their best through proper risk management to ensure the treasury evolves into an everlasting fund.

I, DeepSea (JD Sutton) has years of experience as a mechanical integrity technician that practices asset integrity management specifically through quantitative and qualitative risk management. By voting for me I will not only practice risk management but I will do so in a transparent way always.

Please vote to support the Shimmer Community Treasury and select me to be your community delegated Program Lead.

Voting Link: https://govern.iota.org/t/sgp-0001-shimmer-community-grant-committee-lead-selection/1544

Name: JD Sutton

Age: 41 years old
Discord: DeepSea
Twitter: https://twitter.com/Deep_Sea_Iotan

Governance
Crypto
Dao
Iota
Voting

--

--

TCT Program Lead - JD Sutton (DeepSea)

Written by TCT Program Lead - JD Sutton (DeepSea)

212 Followers

I am DeepSea, the Program Lead for the Tangle Community Treasury. Below you will find articles about the TCT.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams