Bitcoin and Risk Management

Horizon scanning enables you to catch a glimpse of the future by observing fragments embedded in the present.
Roger Spitz

Imagine yourself in 1995, working in the job you (or your parents) had at that time with the knowledge you now have. With the benefit of hindsight what risks was your job, your organization, or your market facing due to the imminent rise of the internet? Were there threats to be mitigated as well as opportunities to be taken? Or consider that you worked for Blockbuster. If you knew then what you do now, and you were a senior officer in a public corporation, you would be negligent of your fiduciary duties as a custodian of shareholder funds if you didn’t seek to add the risk of the rise of the internet to your organization’s Risk Register.

The internet was an emerging risk in 1995, just as Bitcoin is today. The internet was widely recognised in discourse by 1995; it wasn’t a tech secret. However, it was little understood or applied by any businesses, and few, except for new internet startups, made much effort to learn about it or even monitor it as a risk.

Like the internet in 1995 Bitcoin is widely recognised, but little understood or applied by businesses, except for those operating largely in the Bitcoin economy. By 1995 the internet had evolved from its origins in the 1960s through the addition of new protocol layers until it had reached a level of usability that ignited its explosive growth.

Bitcoin has been evolving in a similar fashion since its inception in 2009, gradually improving usability and abstracting away complexity. Just as with the internet the number of users of Bitcoin has been growing slowly (https://bitcoinmagazine.com/markets/an-objective-look-at-bitcoin-adoption) while these technology improvements have been happening. Like the internet, we won’t know which improvement will be the spark that ignites the explosive adoption until afterwards, but we already have data from 2022 onwards showing “fragments embedded in the present” (Roger Spitz).

Strategic planning is not strategic thinking. Indeed, strategic planning often spoils strategic thinking, causing managers to confuse real vision with the manipulation of numbers.
Henry Mintzberg

The best people to identify risks will be those who have an in-depth knowledge of their organization and its stated objectives, products, markets, channels and current strategy. These people must also have studied Bitcoin, have acquired a good understanding of why it exists, what problem it is here to solve, and why it has acquired value.

Therefore, the first step is to develop people with the necessary knowledge if they do not already exist. This library of MPB for organizations moduless, and this module in particular, have been created specifically to help meet this training and development need.

Once the skills are in place, the next step is to consider how best to identify risks when they are related to an overall potentially transformational change. Emerging risk is a “risk that is evolving in areas and ways where the body of available knowledge is weak”1.

A good risk manager should focus on outcomes where the consequence is high, even if the likelihood is (considered) low. So, rather than starting from the present, start by imagining an endpoint future where Bitcoin has become a global store of value, medium of exchange and possibly even unit of account. In this scenario consider questions like the following:

• How does trade in your domestic market now compare with global trade? What has changed?
• How has geopolitics changed?
• Which markets/products have grown in value? And which contracted?
• Which organizations have done relatively well? And which poorly?
• Which countries have emerged stronger? And which weaker?
• Has wealth distribution amongst people changed? In what ways?
• How has the role of financial institutions changed? And governments?

And then try to work back from the endpoint to consider how the transformation from the present to this future scenario unfolded. Consider topics like :

• The order of events
• The smoothness or suddenness/volatility of intermediate change
• The nation state, market, organization, individual roles in causing the change
• The emerging data points that retrospectively would be the footprints of the journey

Finally, convert observations from the above exercise into risks pertinent to your organization. Consider second and third order factors. It is likely that each observation may contain a number of risks. The risks could be both threats and opportunities.

The Internet’s impact on the economy has been no greater than the fax machine’s…. ten years from now, the phrase “information economy” will sound silly.
Paul Krugman

Following the quote above, 10 years later smartphones had only just emerged, their subsequent impact on the development of new internet services and apps wasn’t anticipated even by 2007. The evidence is that current experts are not the people who in retrospect turn out to have been experts on transformational change; a new class of experts emerges. The following quote explains why 'experts' within a legacy model are blind to radical change - it's happening outside their purview.

You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.
R. Buckminster Fuller

The learning point – forward extrapolation can be very weak when assessing the impacts of potentially transformative technologies. Instead, we suggest that you try to create scenarios of what a world where Bitcoin was global money would look like, and then try to backward extrapolate to today. This is the method we outlined for creating a list of risks in 1.1.

To identify impacts, take the risks identified one by one and consider them within both the internal and external context of your organization. The materialization of a risk can create a threat, an opportunity or both, and may be different for different organizations. This is a key insight as a threat for your organization may be an opportunity for one of your existing competitors or a new start up.

Note that the materialization of a risk can create several impacts for an organization.

Examples

Risk that bitcoin becomes the primary, global treasury reserve asset

• Organizations that spot this early will benefit, and those that are late may suffer (Opportunity / Threat ?)

Risk that the Bitcoin network becomes the settlement layer for internet-based commerce

• How could product design and delivery evolve with micro-payments? (Opportunities for streaming payments / Threats to subscription models)
• Organizations engaged substantially in the legacy payments systems market may need to evolve (Threat)

Risk that the price of credit may be significantly higher in future

• Product demand impact of a long term change in the availability / price of credit (Threat?)
• Balance sheet structure impact (Opportunity / Threat?)

Risk that the demography of wealth and income may change

• Channel marketing impact of a long term change in wealth / income distribution (Opportunity / Threat?)
• Investor equity mix impact (Opportunity / Threat?)

Risk that everyone on the Earth uses the same currency

• Operational impact of accounting in a new currency (Opportunity)
• Operational impact on treasury management of only having one currency (Opportunity)
• Operational impact on national and international payment costs of one currency (Opportunity)
• Marketing impact of having more easily comparable pricing by geography (Opportunity / Threat?)

Using a table like the example below can help to evaluate the organizational impacts of the materialization of a risk.

The two elements that should be considered are the likelihood of risk materialization and the magnitude of the impact on the organization. Both of these factors would normally be affected by the timeframe under consideration, so it is worth producing a table for each impact identified over a series of different timeframes.

These three factors are to some extent related, for example, the likelihood of an immediate large magnitude change is probably very low, but over a longer timeframe or at a lesser magnitude it may be quite high.

The coloring of the cells in the table provides a way to help prioritize actions, covered in Section 3.5.

It is important to note that this exercise should be ongoing. As the uncertain future crystallizes into the known past, likelihoods, magnitudes and future timeframes will all change and evolve. When new facts emerge, revisit your prior conclusions.

1.3.1 Likelihood

Management is, above all, a practice where art, science, and craft meet
Henry Mintzberg

What do you consider the likelihood of the materialization of the risk, leading to the impact, over the timeframe under consideration. What would be the level of magnitude of the impact?

There are no ‘right’ answers here; only different judgements based on individual and organizational interpretations of each event's impacts.. Having a diversity of conversations can help to refine estimates based on the ‘ask the audience’ principle, although views should be weighted based on relevant skills and knowledge.

1.3.2 Magnitude

The magnitude of any impact is likely to increase as the reference time frame lengthens. This means that it is more likely that actions should be taken the longer the view. Measuring magnitudes across time frames provides an opportunity to prioritize actions across all risks. 

1.3.3 Timeframe 

On average for a given likelihood and magnitude, the shorter the time frame the higher the priority that should be placed on taking action.

In the following exercise, facilitated by your class tutor, we’ll choose an example organization, perhaps one that is pertinent to a student present, and pursue the method outlined in sections 1.1-1.3 in practice.

Here are some questions you might ask:

• What does the market for my products / services look like in the future?
• How might our balance sheet / funding sources be changed in a world where debt is less accessible / more costly?
• Would my organization be affected by changes in the following customer or supplier markets:
  • Construction / real estate
  • Energy / heating
  • Financial services
  • Government procurement / services
  • Waste management

The purpose of identifying risks and evaluating impacts is so that your organization can take action to mitigate threats or exploit opportunities, if the analysis supports such action.

• Accept / Monitor
• Mitigate
• Embrace / Exploit

Prioritization is helped by reference to the color of cells in your impact tables. Where an impact is coloured red then it should be prioritized against other impacts of similar or longer timeframes for action, green box impacts are better suited for accepting and monitoring. 

Be aware of the temptation to only monitor, rather than take action, on all risks though, as that may mean a lot of things hit at once at some point in the future.

Avoid loss aversion. Loss aversion is a cognitive bias that suggests that for individuals the pain of losing is psychologically twice as powerful as the pleasure of gaining. Focus at least as much effort on identifying and exploiting opportunities as on avoiding threats.

Avoid being overly decisive. You can prepare for mutually exclusive outcomes and this can be a useful risk management strategy.

In this section we highlight some generic groups of actions to help you convert analysis into actions. This list is not meant to be exhaustive, but rather is designed to help you get started.

Notes

See page 6 of https://www.theirm.org/media/9230/charities-sig-an-introduction-to-emerging-risks-and-how-to-identify-them.pdf