pixie
Homepage
Research

Managing Exchange Counterparty Risk in a Post FTX World

Admire Chatiza
The Forteus Team
January 20, 2023

If there has been one key takeaway from the eventful past few months in the crypto space, it is the importance of managing exchange counterparty risk. The FTX debacle has notably instilled an additional layer of caution towards cryptocurrency counterparts, which is significantly hampering normal trading activities and market functioning. Failure of crypto exchanges is not a new occurrence. The collapse of Mt Gox in 2014 was a large event on a relative basis. Failure of counterparties is not limited to the crypto ecosystem either. Traditional finance (“TradFi”) professionals will recall the failure of MF Global in 2011 in circumstances not dissimilar to what we have seen with FTX (customer funds being used to cover losses / liquidity shortfalls in an affiliated entity). Managing counterparty risk in itself is not a new concept, having been in existence since the beginning of commerce. Events like FTX simply highlight the critical importance of managing counterparty risk.

To shed some light on the crucial role played by counterparty risk management within the institutional crypto ecosystem, we take a closer look at how digital asset funds custody their assets and explore the best practices that have been deployed to address exchange counterparty risk. We will then take a look at possible future developments that we believe will now accelerate given recent events, and that will help to further mitigate exchange counterparty risk in the industry, a natural evolution as the asset class matures.

In this piece, we will not seek to address the lender / borrower counterparty risk that many players in the crypto ecosystem were exposed to following the collapse of firms such as Alameda and Three Arrows Capital. The best practices and nuances of managing this type of risk will be better served by a standalone piece.

How Digital Asset Funds custody their assets

To better address the notion of counterparty risk within the crypto fund space, it is vital to understand how funds store their assets. Below we set out the most common options used by market participants to address the question of custody. Crypto funds typically will opt for one or a combination of these solutions.

Centralised Exchanges: Research shows that there are currently more than 500 crypto exchanges worldwide (according to CoinGecko). These entities play a central role within the institutional crypto ecosystem, with some of the more notable players including Binance, Coinbase, Kraken, Huobi and up until recently, FTX. Although the CME and NYSE offer futures trading in ETH and BTC via Bakkt, almost all the liquidity is on crypto native exchanges. The graph below shows the relative dominance of centralised exchanges (CEX) to overall spot trading volume when compared to decentralised platforms (DEX). Even though DEX has increased their share of total volumes since the middle of 2020, CEX still accounts for over 80% of trade volumes.

DEX-CEX Spot Volume.png Source: CoinGecko

Exchanges allow clients to hold their digital assets directly with the exchange itself and these are generally held in a commingled pool with the assets of the exchange’s other clients. Clients of an exchange deposit their assets in the full trust of the exchange, which in turn has complete control over those assets. While this handover of control is also present in TradFi, the lack of transparency and unclear regulatory status of exchanges is a significant risk, as we outline further below.

Amongst the initial investor concerns towards exchanges is that they were easy targets for hackers. Indeed, the perception was that crypto exchanges keep all client assets (and related private keys) online. In reality, our research of larger exchange entities shows that they maintain c.5-10% of assets online (i.e. in hot storage wallets) to meet customers’ ongoing trading requirements with the remaining 90-95% stored in cold-storage (albeit in a commingled fashion). This allows exchanges to hold the majority of client assets offline, thereby preventing bad actors from deploying traditional online hacking methods. These large pools of assets nevertheless will always remain an attractive target for an ambitious hacker.

To further mitigate counterparty risk, well run exchanges have established sizable insurance funds to cover unforeseen events such as potential hacks (particularly of assets in hot wallets), as well as to limit the exchange’s counterparty liquidations during times of extreme volatility. These funds have been built up over time as exchanges allocate a portion of their trading commission income to them. One of the better known examples is Binance’s “SAFU” (Secure Asset Fund for Users) fund which has recently increased to $1Bln. It is important to note that the level of transparency and the types of events / losses that qualify to be covered by these funds varies by exchange.

While the lack of transparency from exchanges in key areas of due diligence remains, as highlighted by the recent news surrounding auditing firm Mazar halting all of its crypto client work, some of the larger exchanges have begun to make progress in this area.

Decentralised Exchanges: An increasing number of crypto funds have strategies that require assets to be deposited into the smart contracts of decentralised protocols, e.g., Uniswap. Whilst in this scenario funds are not exposed to a centralised party (i.e., a counterparty with unilateral control of the deposited funds), smart contracts do carry their own unique sets of risks. This includes the risk of programming errors, where erroneous code can open a decentralised protocol to the risk of asset theft. Poly Network is a good illustration of a vulnerability exploitation where c. $611m was stolen in February 2022, although the hacker subsequently returned the stolen funds. Fortunately, the crypto ecosystem has benefited from the emergence of specialised smart contract auditing firms, such as Quantstamp or Chainsecurity, which have developed robust due diligence practices to assess the security of such smart contracts. Most of the major protocols have benefited from significant due diligence and have often passed the test of time. Newer, emerging protocols are, by definition, riskier than their more established counterparts.

Custodians: The landscape of crypto native digital asset custodians has significantly expanded over the past few years, with a number of established players now offering crypto custody solutions. These include Coinbase, Copper, BitGo, Anchorage and BitPanda to name but a few. The lucrative crypto custody market has also attracted the interest of large traditional financial institutions with participants such as Fidelity, BNY Mellon, Nomura and Standard Chartered now offering custodial solutions, albeit some of these support only a limited number of crypto tokens at present. Others, such as Sygnum and SEBA, have relevant banking licences in chosen jurisdictions.

Custodial infrastructure and services can differ among custodians, but generally, customers' assets are segregated from each other. Assets in such segregated wallets are visible on-chain to anyone with the associated public key or wallet address. Controls over the withdrawal of these assets further enhance their security. We summarise some of these controls further down in this piece. Custodians may also hold commingled wallets in some form to enable a faster trading turnaround for clients, particularly where withdrawal protocols impose a long lead time.

Some custody infrastructure allows for safeguarding of assets by not permitting transfers outside a network of pre-approved trading venues, colloquially referred to as a ‘walled-garden’ within the crypto ecosystem. Funds will have trading agreements with respective crypto exchanges, and therefore on its own, a ‘walled-garden’ does not protect crypto funds against exchange counterparty risk. It is critical for a crypto fund manager (as well as investors carrying out due diligence on the manager) to understand the exact custodial arrangements in place.

Another solution rapidly gaining traction is that of off-exchange settlement. Examples include Copper’s ClearLoop, Binance Custody mirroring, or Coinbase Prime off-exchange settlement. Under these arrangements, crypto funds delegate assets to be traded to relevant exchanges in some form, but the assets do not leave the custodian’s cold storage platform until settlement, thereby reducing exposure to exchanges’ counterparty risk. Typically, absent such off-exchange settlement arrangements, trading directly on crypto exchanges requires pre-funding. These solutions come at a cost, which should be weighed against the exchange counterparty risk being mitigated. Although the technology has proven sound, a limiting factor has been the unwillingness of some crypto exchanges to work closely with these platforms. This means that the list of exchanges where funds can benefit from off-exchange settlement has so far been limited.

Following the events of 2022, and notably the FTX implosion, this trend has reversed as exchanges are actively partnering with service providers to offer off-exchange settlement.

Self-Custody: It is possible for funds, or indeed any user, to store their own private keys to digital assets, with various service providers offering wallet-as-a-service custodial solutions. Examples include Ledger, Trust Wallet and Trezor, among others. Although the technology is viable, self-custody is a new concept for institutional allocators, and is often viewed as a red flag given the perceived risk of the fund’s assets being moved or withdrawn directly by staff or insiders. In the case of many early stage tokens, these are often not supported by custodial platforms or exchanges, and self-custody is therefore the only option for funds wanting to hold these tokens. It is therefore critically important that proper processes are put in place to manage private keys, such as use of multi-signature wallets. Equally, seed phrases that facilitate regaining control of assets in the event of a compromise of private keys require secure storage.

In the majority of cases, crypto funds custody assets either with custodians or on exchanges (including on smart contracts of decentralised exchanges for funds with DeFi strategies), with a limited number employing pure self-custody.

Crypto Fund Custody Requirements

In addition to security considerations, the choice of where a crypto fund custodies its assets is largely driven by the requirements of the fund’s strategy. For example, more active investment strategies will pay particular attention to the time required to move assets from their custodian to a trading venue, such as a centralised exchange. This will depend on the technological infrastructure deployed by the custodian to store private keys. Some transfer protocols can take up to 24 hours to process a withdrawal, whereas with other technical solutions, such as multi-party computation (“MPC”), customers can withdraw assets within minutes. On the other hand, a long-only crypto fund with a low trading frequency has a much wider choice of custodial solutions.

Other strategies require a fund’s assets to be held as collateral on trading venues (centralised exchanges or decentralised protocols). Such funds will then be exposed to the counterparty risk of the respective exchange.

Counterparty Risk Management Best Practices

As we have highlighted previously, exchange counterparty risk remains a primary concern within the institutional ecosystem. To address this, crypto market participants can borrow from the TradFi space and apply battle-tested best practices. These include:

  • Diversification by holding assets on several exchanges with strict limits of exposure to each exchange on a risk assessment basis. Ongoing monitoring of the credit health of the exchanges that a fund is exposed to is also key.
  • Strong real time risk management is essential. This requires a strong technological stack and development teams. As a result, sophisticated players closely monitor an exchange’s credit health by reviewing news flow as well as live-tracking an exchange’s on-chain transaction data for signs of abnormal activity or large capital outflows, taking remedial action as appropriate. In the recent case of FTX, this monitoring often made the difference between crypto funds that were able to remove assets from the exchange prior to the suspension of withdrawals, and those that were not.
  • Sweeping any assets not required for immediate trading to a custodian(s).
  • Maintaining excess fiat collateral with credible financial institutions, which can be held in the form of money market funds or Treasuries (for example), to the extent possible; subject to maintaining operational buffers at the custodians and/or exchanges.
  • Making use of off-exchange settlement of crypto assets or similar arrangements offered by some custodians (as outlined above).

Whilst storing assets with a custodian reduces exchange counterparty risk, a fund will however be exposed to the credit risk of the custodian as a counterparty. There are several factors that allow participants to gain additional comfort when facing custodian counterparty risk:

  • Custodians are more heavily regulated than exchanges, with fiduciary responsibilities associated with the custody of client assets. Anchorage for example has a bank charter in South Dakota, USA and Coinbase Custody is a qualified custodian under the New York Banking Law. From our research on larger exchanges, regulations are generally limited to the requirement to carry out AML and KYC checks on customers. Moreover, some offshore exchanges are not even subject to such licensing requirements.
  • Custodians are generally more transparent during the due diligence process compared to exchanges. Custodians are more willing to disclose key information on their governance, financial condition, infrastructure setup and third-party audits of such, e.g., reports on internal controls, audited financial statements, summary results of penetration testing, amongst others.
  • The segregation of wallets at custodians, as well as controls observed at the custodians over the withdrawal of assets, provide a significant level of comfort. Withdrawal of assets requires the involvement of the asset holder, thereby reducing the risk of asset misappropriation. The ability to make asset transfers only to pre-approved addresses (and stringent controls over adding to such addresses) further enhances the security of assets.
  • The custodians we have researched also have insurance coverage in place, e.g., Copper recently announced its insurance policy with Aon for a USD500m coverage. The coverage differs by custodian, but our general observation is that aggregate insured amounts are significantly lower than total assets under custody (c. <1% of AUC in some cases).
  • It is also important to note that custodian’s balance sheets (including insurance coverage) are only a small fraction of assets under custody. This is not unusual for standalone custodians (even in TradFi) and they are therefore unlikely to refund all clients for losses under the extreme scenario of a total loss of client assets. That said, we do however estimate the probability of total loss of assets at a reputable custodian to be low based on the robustness of their infrastructure setup.

What remains to be tested however is how a custodian bankruptcy scenario would play out in practice; and how long it would take clients to access their assets. Custodians that utilise MPC technology to manage private keys (e.g., Copper) distribute digital asset key shards between a client (a fund), the custodian and a trusted third party entity that is pre-approved by the custodian. In theory, if the custodian were unavailable for any reason (including bankruptcy), a fund and the trusted third party could use their two shards to move assets from the custodian. On the other hand, custodians that hold digital asset keys predominantly in hardware security modules (“HSMs”) (e.g., Coinbase) generally store all the shards of a private key; and a custodian’s employees are always involved in the withdrawal process. These custodians have failover systems in place that would enable clients to access their assets in particular scenarios. However, until such an event has taken place it is difficult to know for sure how this process would unfold. For this reason, it is prudent to have more than one custodial arrangement in place.

The Role of Crypto Prime Brokerage

The concept of prime brokerage within the crypto space is still in its early stage, although developing rapidly, and in many ways will differ from the version familiar to TradFi professionals. That said, a number of new crypto prime brokers such as Hidden Road, FalconX, BeQuant and Floating Point have emerged, offering a range of solutions to optimise leverage, execution and trading fees. A number of these prime brokers offer an alternative to exchange counterparty risk by opening sub accounts for their clients on exchanges in the prime broker’s own name. The client then faces the prime broker directly and has the option to insure their assets. Unfortunately, the players currently involved in this segment are still small, with smaller balance sheets and no access to central bank liquidity, a critical difference to their TradFi counterparts. However, following the collapse of FTX, crypto exchanges appear to be cooperating with crypto prime brokerage firms in the latter's efforts to minimise exchange counterparty risk. We therefore expect a growing importance of the prime broker community in the crypto ecosystem.

Looking Ahead

Thorough due diligence of crypto exchanges is required because of their significance to the crypto ecosystem. That due diligence requires constant updating during a crypto fund’s lifecycle. The challenge so far has been the level of transparency from crypto exchanges, as outlined above.

How can another FTX be avoided and how can market participants further mitigate counterparty risk? This is a much broader question that goes beyond just performing thorough due diligence on exchanges and the associated risks facing a centralised entity.

Enhanced transparency from exchanges: In an effort to increase transparency and keep up with institutional requirements, larger exchanges have been proactively providing additional due diligence information to market counterparts and regulators. The FTX event has accelerated this trend as various exchanges have now begun to publish their proof of reserves. Although these are positive initial steps, we expect additional efforts in this direction to be made.

Whilst not fool-proof, transparency on an exchange’s liabilities (customer claims) will be helpful in order to assess its solvency. Gaining assurances that clients’ assets are segregated from an exchange’s own assets is also critical. Working closely with independent auditors to produce reports on internal controls, including proof of solvency, would go a long way in providing additional comfort to participants in the crypto ecosystem.

Increased regulation: In the short term, we expect increased regulation of exchanges to enforce additional risk management guidelines. In fact, regulation already exists, particularly in Japan where, after the events of Mt.Gox and Coincheck in 2018, Japanese exchange operators are required to segregate customer accounts and maintain 95% of customer assets in cold storage. We expect other regulators worldwide to implement enhanced regulatory obligations on exchange operators and other participants in the crypto ecosystem generally.

Separation of execution from custody: Longer term, we would favour the separation of execution from custody, much like the process observed in TradFi. With this in mind, many exchanges should move towards becoming non-custodial over time. This can be achieved through tri-party arrangements whereby collateral is held by a third party custodian in escrow, thereby limiting the counterparty risk of exchanges. Again, this is something we observe in TradFi. In fact, some crypto prime brokerage players are already working on similar arrangements.

Consolidation of exchanges: There is also likely to be consolidation of exchanges and an emergence of a smaller number of players with larger balance sheets. Concurrently, there is likely to be continued growth in the importance of crypto prime brokerage, with closer links to crypto custodians, which could be vertically integrated. Ironically, this is no different to what we observe in TradFi today.

DeFi and Self-custody: While DeFi and self-custody also conceptually solve for counterparty risk, more stringent application of KYC rules is needed to attract the interest of the institutional community. Certain platforms such as AAVE are making progress on this front and there is also innovation taking place in on-chain KYC solutions.

Conclusion

FTX’s collapse is a real wake-up call for the crypto industry and serious efforts are already being made to ensure that the impact of a similar event in the future would not have the same systemic impact. As we have highlighted above, solutions already exist to significantly mitigate counterparty risk, but FTX has provided the impetus for these to become more widely adopted. Such solutions include off-exchange settlement, albeit with wider participation from the crypto exchange community.

Authors

Admire Chatiza, Barry Thomas, Christophe de la Celle, Nicolas Vanhoutteghem, Ryan Ebner

Acknowledgements

Ahmad Zeitouni, Nobel Gulati

Disclaimer