Risk Management Lessons from FTX’s Collapse: Let’s Move Fast, But Not Break Things
Jay Jamison | December 7, 2022
What a few months the tech industry has had.
Elon Musk’s takeover of Twitter and the internal turmoil that followed dominated headlines for the first week of November, but that fiasco was quickly overshadowed by an even more significant debacle: the dramatic fall of crypto giant FTX and its founder, Sam Bankman-Fried.
Revelations began breaking on a daily basis covering the bad accounting practices, undocumented trades, and complete lack of responsible oversight and internal risk controls that did the firm in. Take it from the embattled exchange’s newly installed CEO, John Ray, who is tasked with seeing it through bankruptcy: “Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here.”
Even Bankman-Fried himself, speaking in an interview with ABC's George Stephanopoulos , admitted: "I wasn't spending any of my time or effort trying to manage risk on FTX. I don't know what to say. Like, what happened happened, and if I had been spending an hour a day thinking about risk management on FTX, I don't think that would've happened."
The “move fast and break things” ethos has led to epic growth at no small number of tech startups in recent decades, but that mantra is not always compatible with responsible risk management. Indeed, following that advice appears to have directly contributed to the collapse of both FTX and Bankman-Fried — an outcome has seemingly never occurred with such sudden and disastrous consequences. Turns out, companies can break pretty fast, too.
Here at LogicGate, we certainly understand the pressure to “move fast.” We’re also a tech company, after all. But our core value proposition and goal is to help our clients move fast without breaking things. That mission has never been more important, particularly amid heightened economic uncertainty and risk of recession on the one hand, and the prospect of increasing regulatory oversight and scrutiny on the other. Executive teams and boards, considering their paths forward, are seeking guidance on how best to achieve this balance.
Here’s our take.
Shining light on the Unknown Unknowns
Executive teams and boards everywhere are looking on in horror at the FTX debacle — particularly, at the reports of an unfathomable lack of controls and foundational accounting practices that existed at a company that underwent annual corporate audits. Though the specifics appear extreme and unique, the FTX bankruptcy highlights a much more common theme for many business leaders and board members: They don’t entirely know what they don’t know.
These are the unknown unknowns: Common, potentially dangerous risks that exist in every organization. With the stark illustration of FTX, companies need a path to better visualize and manage the risks that are unseen and not tracked, and risk management processes and tools that will sustainably scale as their business size and complexity grows.
Had Bankman-Fried considered this from FTX’s earliest days, perhaps things wouldn’t have gotten so out of hand at the firm.
The first and most important step in managing all of the risks facing your business is getting them all together in one place, so you can get a complete picture of your organization’s risk landscape. It’s obvious from what we’ve seen at FTX that failing to connect the dots between your org’s exposure to specific risks can have disastrous consequences.
But too many organizations are still relying on spreadsheets and email to keep track of their risks. The people responsible for doing this at many organizations refer to this approach as “spreadsheet hell.” This approach works, right up until it doesn’t — it’s an arduous, manual process that’s prone to human error and it makes getting a full picture of risk very challenging.
Moving away from “spreadsheet hell” and towards a modern, holistic GRC approach, and automating the whole process with the right technology, is a much more effective strategy for ensuring your organization doesn’t fall victim to the same blindspots that took FTX down.
Holistic GRC platforms like LogicGate’s Risk Cloud provide real-time visibility across processes, systems, functions, and your risk posture. No system can guarantee the complete elimination of risk, but having a technology like Risk Cloud in place surfaces and connects the risks, controls, remediations, exams, and validations an organization faces, and establishes an automated system to ensure every component of your risk management program is efficiently managed in real-time.
This allows you to shine a light on all of those unknown unknowns and answer the types of questions that FTX should have been asking and answering quickly and efficiently — before they become an existential landmine for your business.
As technologists, we at LogicGate want to see other technology firms thrive and succeed. So let’s commit to moving fast and not breaking things. And that starts with getting a holistic handle on the risks facing your organization.