On the Frontlines: Lessons From the Fall of FTX
Blogs Dana Lawrence, CIA, CRMA, CFSA, CAMS Aug 20, 2024
Ahead of her presentation at The IIA’s Financial Services Exchange, Dana Lawrence, explores lessons learned from the fall of crypto exchange FTX and the importance of adopting a “curiosity mindset.”
Whether you make a point to keep up with crypto news or not, you have likely heard of the collapse of major crypto exchange FTX and its founder and CEO Sam Bankman-Fried’s fall from grace. FTX’s sudden downfall in 2022 shook the digital asset and Silicon Valley worlds. It resulted in billions lost in customer deposits and sparked a domino effect which led to the failure of multiple prominent banks known for bolstering crypto and the broader Silicon Valley and start-up communities.
The FTX scandal marked a turning point for the blockchain and crypto industry and was an important reflection point for the internal audit profession. It reinforced how vital the foundations of internal audit are and demonstrated the magnitude of potential hazards when rudimentary risk management is overlooked.
Above all, it underscored the importance for internal audit professionals to not only apply strong fundamentals in our work with emerging technologies, but to adopt a curiosity mindset in which we embrace continuous learning and self-education, particularly when operating within a rapidly changing risk environment.
Back to Basics
Beneath the complex web of deception and misinformation, the FTX scandal was fundamentally caused by a lack of basic internal controls. The exchange did not have a strong risk management system in place, which allowed questionable behavior to flourish. In particular, it enabled a severe conflict of interest between FTX and Alameda Research, a crypto trading firm also founded by Sam Bankman-Fried, whereby FTX customer deposits were secretly used to fund Alameda investments.
To contextualize the unravelling of FTX, it is important to understand the risks and complexity presented by blockchain and digital assets broadly. Namely, the lack of consumer understanding about the technology and significant variability in global regulations make it difficult to gauge and enforce compliance for organizations across the globe.
Applying Lessons Learned
The question now is how to utilize the case of FTX to ensure strong risk management practices and internal controls for organizations within the emerging technology sector moving forward?
We must first embrace internal control fundamentals, ensuring the organization has strong controls in place to assess and manage risk across critical areas including security, compliance, consumer protection, conflict of interest, and financial reporting.
However, as with any rapidly evolving or new industry, these principles must be underpinned by an approach that prioritizes intellectual curiosity and an appetite for continuous learning.
Embracing a Curiosity Mindset
Blockchain and digital assets are evolving incredibly fast and there is still much for consumers, regulators, engineers, and investors alike to learn. As a relatively young industry in which regulations are still developing, there is no clearly established roadmap for governance. As such, it is critical that internal audit practitioners learn from other subject matter experts and utilize the breadth of resources available.
Attending industry conferences and networking events is an incredibly valuable way to learn from and engage with experts around the world and to establish a deeper understanding of the potential risks organizations face. As regulatory frameworks continue to develop, it is also crucial to identify valuable information sources — for example, commentary from the SEC and FDIC or trusted industry podcasts and newsletters — to establish a system for keeping pace with regulatory updates.
Within the internal audit function itself, engaging subject matter experts is key — for instance, speaking with legal counsel to make sure proper controls are in place to ensure compliance with changing regulations, or meeting with consumer protection experts to understand which laws the company is subject to and assessing the efficacy of compliance processes.
As every internal auditor knows, staying curious, embracing a mindset of continuous learning, and being resourceful are key to the profession’s success. The fall of FTX and the rapid evolution of emerging technology within the blockchain and digital asset sectors has underscored the importance of this curiosity mindset, now more than ever.
Dana Lawrence will present “Crypto Hacks, Headlines & Scandals: Governance in Emerging Technology” at The IIA’s Financial Services Exchange, which takes place in Washington, D.C., Sept. 23-24.