Years ago in Shanghai, I attended a talk by the China general manager of a large American manufacturer. They were, among other things, in the business of making air scrubbers for coal-fired power plants. He had sold them to a Chinese power station, and some time after the sale went to the plant to see how they were getting on. In the corner on the floor, he saw the crated air scrubbers. Surprised, he asked why they had not yet been installed. The plant’s supervisor admitted they had bought them to satisfy local officials who had in turn wanted to show Beijing they were taking the central government’s initiatives to clean up the environment seriously. They would install them at 11:59:59 the day before the new regulations went into effect; the scrubbers reduced the plant’s efficiency to a degree, costing them money.
I apprenticed and built a career as a software engineer. There is a part of me that would like to believe that the answer to any problem is to build something: one more tool; one more line of code. And this is what Cloudwall is doing right now: building Serenity, a tool to help asset managers understand the risks in their portfolios so they can make better decisions. But tools and even rules are not enough: just as there will never be enough lines of code to cover every possible edge case, contracts and laws have gaps that require interpretation. This ambiguous space is at the end of the occupied by governance and ultimately culture, because when the question comes down to what is the spirit of a regulation or the intention behind a contract, if there is not a desire to honor that spirit, no technical solution or added rule will make a difference. A former colleague once said this, about being promoted to MD at a bank: “you remember how earlier in your career when something wasn’t right, you’d tell people ‘somebody ought to do something?’ Somebody, well that’s you now.”
Culture needs to be both strong and pervasive for this to work. Though I appreciated my colleague’s sentiment, it’s actually not enough, because no senior executive is omniscient. The something that is not right usually is seen first and best understood by someone closer to the problem. It is the foreman seeing that crate on the floor day after day, who feels a growing urgency that his children living downwind of the plant are breathing that air long before 11:59:59, who is most essential here. Integrity hotlines and whistleblower-protection laws only work in the presence of the person who sees the problems and picks up the whistle. Absent that, these policies are integrity theater: the performance of good governance without its substance. Post the FTX bankruptcy, for all the shaming of Sam Bankman-Fried and Caroline Ellison, it’s worth considering that FTX and Alameda Research had many employees, and some of what leaked out afterward suggests that there were senior executives who were very uncomfortable with what they were seeing, and they were unlikely alone.
I have worked on Wall Street for well over 20 years. That time spanned LTCM and the Asian financial crisis; the dot-com crash; 9/11, with a friend at Windows on the World attending a breakfast conference on risk, in a building targeted in part for what it represented; the Great Recession and financial crisis; the Occupy movement and the ensuing populist blowback; and now a number of years first interested in and now full-time engaged with Web3 and digital asset risk management. I would like to think I have a decent understanding of where both TradFi and DeFi are coming from on the hard issues of how to build a better financial system. Equally, I have never agreed with the Occupy movement or the sentiment that there is something morally wrong about finance itself. Finance fails when it is not working in support of the real economy, but when it does, it is fundamentally a noble endeavor. Taking risk and directing capital to the creation of things society needs, whether it is factories or fusion reactors, or nurses and doctors to staff the ICU: this is important work. Where it is inefficient, fraudulent, unfair or just plain inadequate to the need at hand, it is a problem we should take seriously. As the amount of money involved is often large and the temptation high, we should rightly have rules and tools that help protect it, but these are secondary and tertiary considerations: the primary is culture.
Many professions call us to a duty of care, whether we run power plants or trading desks. Finance’s duty of care — and, to be clear, this is one that both the fiduciaries at large pension funds or endowments own just as much as the asset managers must adhere to — requires asking hard questions not just about whether the right tools and rules are in place, but are we hiring people and creating a culture that will help catch those inevitable things that fall into the gaps. On your due diligence checklist, yes, please do ask if your crypto hedge fund is using an institutional-grade MPC custodian or self-custody solution, but also ask the policy questions around it: who authorizes the transfer of funds, and when those funds are at rest, are they bankruptcy remote, or not? Ask about their prime brokers and execution venues and OMS/EMS, but also ask about how they evaluate counterparties and assess the concentration of their risks. Is their credit risk assessment nothing more than picking up the phone and asking, “hey, we good?” Ask how they model & attribute risk and stress test, but also ask how they set the risk budget, who reviews it, and how do they decide about what stresses matter. Going beyond what must be done or what the tools can do and asking how the tools are used and what needs to be done when the tools are not good enough to compensate for the gaps: this is your duty of care.