Risk Part 1: Looking at Bitcoin Through the Risk Lens

Learning Outcomes

In this session, you will observe Bitcoin through the risk lens and learn the following:

1. Definitions of risk according to different entities
2. Prevailing risk management techniques and how they may or may not apply to Bitcoin
3. A brief overview of Bitcoin’s systematic and idiosyncratic risks
4. Bitcoin’s risk categories and subsets

Foreword

---

In order to fully understand the risks associated with Bitcoin, we must first understand the concept of risk itself. After understanding traditional definitions of risk and various risk management frameworks, we can see whether these frameworks are relevant or not. As alluded to in several previous Monochrome Research pieces, Bitcoin is an asset like no other, and therefore applying any one specific traditional framework would be inappropriate. However, when many approaches to risk are taken holistically, we can conduct both a thorough risk assessment of Bitcoin, and implement robust risk management practices. In the first of a four-part series on Bitcoin risk, we get definitions out of the way before we delve into Bitcoin’s idiosyncrasies, its uncontrollable risks, and finally, how people are currently using Bitcoin as a risk management tool.

What Does Risk Mean?

---

Risk means different things to different people in different industries. According to the U.S. Securities and Exchange Commission (SEC), risk refers to “the degree of uncertainty and/or potential financial loss inherent in an investment decision.” While this definition applies to finance, others may view risk differently. For example, an engineer’s definition of risk would be “a way to express both the probability of occurrence and the consequences arising from such occurrence.” Bitcoin is unique in that it occupies multiple identities at once - it is a financial asset, software project and social phenomenon. Because of this, it is difficult and incorrect to shoehorn Bitcoin’s risk profile into a traditional definition. Instead, taking a holistic approach and borrowing from multiple frameworks is more useful in evaluating the risks of Bitcoin.

Risk Management Approaches

---

Financial Risk Management

In traditional portfolio management, investors take on risk because they expect to be compensated for it in the form of higher returns. However, the question of how to balance risk and expected returns soon follows. A strategy called risk budgeting has become increasingly popular, which places a larger focus on the total risk of a certain portfolio. It begins with a broad portfolio allocation tailored to the desired risk/return characteristics. A total risk budget is then decided and will be distributed between asset classes. Risk budgeting can also account for external factors contributing to risk such as interest rates, inflation and economic growth.

The risk budgeting method can assist with establishing the allocation of Bitcoin in a portfolio based on the total risk budget. Where it falls short, however, is the external risk component. Unlike traditional economic indicators, it is extremely difficult to quantify the underlying value drivers of Bitcoin - widespread adoption and market sentiment.

Value at Risk

The Value at Risk (VaR) methodology of risk management offers a probability statement about the potential change in the value of a portfolio caused by changes in variables over a period of time. For example, if a 10-day VaR given a 99% confidence level is -4%, then there will be a 1% chance of at least a 4% loss over the next 10 days.

There are several methods to compute the VaR. These are the:

• Historical method (utilises past returns data)
• Variance-covariance method (assumes that gains and losses are normally distributed)
• Monte-carlo simulation (simulates projected returns over infinitely many scenarios).

The VaR methodology can assist with risk management of portfolios containing Bitcoin, where it allows the computation of a “worst-case scenario”. Therefore, this will allow traders and investors to analyse the level of risk in their trades or portfolios and take the necessary precautions.

Standard Risk Measure (APRA)

The Standard Risk Measure (SRM) was developed through the Australian Prudential and Regulation Authority (APRA) as a guide to the likely number of negative annual returns expected over a 20 year period. It allows comparison between various investments most often used in superannuation funds.

Table 1: Standard Risk Measure scoring table.

Bitcoin has traded for 11 years, and has had two negative returning years; 2014 and 2018. From this, we can (naively) extrapolate that Bitcoin will face another 2 or 3 negative years in the next decade, thus classifying it as a Risk Band 6 asset (High), which may be a fair rating until 20 years of data have been observed.

One trend to note from table 2 below is that both negative returning years were preceded with years that experienced extreme periods of growth. 2013 saw a 5474% return followed by a -57% return in 2014, and 2017 saw a 1320% return followed by a -73% return. With this being said, it is impossible to predict the price movement of Bitcoin, especially 10 years in advance.

Table 2: Bitcoin historical prices and returns.

ISO31000 Risk Management

ISO 31000:2018 is a set of generic standards relating to risk management, created by the International Organization for Standardization (ISO). These established standards can be tailored to any organisation and can be applied to any activity. ISO 31000:2018 assesses risks by considering three elements: risk identification, risk analysis and risk evaluation. The process starts with the organisation establishing the amount and type of risk that it deems acceptable. Risk identification aims to find, recognise and describe risks which may either help or hinder an organisation in achieving its objectives. These risks are then analysed, where uncertainties, risk sources, consequences, likelihood, events, scenarios and controls are all evaluated. Lastly, risk evaluation involves comparing the results from the risk analysis against the established criteria to evaluate whether additional action is required.

The ISO31000 risk management process is outlined in Figure 1 below.

Figure 1: Diagram of the ISO:31000 risk management framework.

The ISO:31000 framework can be modified to assist Bitcoin investors in evaluating risk. As an example, we can identify custody as a potential risk that could hinder the objectives of an investor seeking returns. For example, the probability of losing any amount of Bitcoin is low if stored on an exchange whilst using appropriate internet security hygiene (i.e. using unique passwords, 2 or 3 factor authentication, VPN use, etc.). However, even small user errors, very sophisticated attackers or even an inside job, could result in total loss of funds. A potential solution to mitigate this risk could be the use of a multisignature wallet or service, or to invest in Bitcoin via a regulated pathway which utilizes regulated and often-times insured custodians.

Systematic and Idiosyncratic Risk

All investments carry a certain amount of risk, with that of equities being able to be categorized into systematic and idiosyncratic risk. Systematic risk, also referred to as market risk, is the risk inherent to the entire market and difficult to avoid through diversification within the same asset class. These risks include interest rates, inflation and recessions; able to be mitigated through hedging or using correct asset allocation strategies. Idiosyncratic risk on the other hand, is firm-specific and can be managed through holding a diversified portfolio. Some examples of idiosyncratic risks are a company’s management decisions, management’s ability to manage risk (which is oftentimes is largely overestimated), investment strategies and operations.

Bitcoin Risks and Subsets

Bitcoin’s risks can be separated into 4 different categories: Technological, Financial, Regulatory and Social risks. Within each of these categories, there exists both systematic risks, which are undiversifiable, and idiosyncratic risks, which can be mitigated through management and/or diversification. Table 3 provides a high-level breakdown of these categories and subsets of Bitcoin’s risk. More information is provided on these risks later on in this series on risk, namely, parts two and three; “Bitcoin Idiosyncrasies” and “Uncontrollable Risks”.

Table 3: Bitcoin’s risks and subsets.

Over time, as Bitcoin and Bitcoin services mature, there have been some risks which were previously systematic that became idiosyncratic. The largest example of this is with custodial risk. Multisignature security has become the industry standard for safeguarding institutional crypto assets. It requires a quorum of private keys to sign and send a transaction. Prior to multisignature technology, institutions accessing custodial services would run into the question: who would hold the single key? Would it be the custodian or CEO? This meant the risk of losing keys, and ultimately all funds, was high and not diversifiable. Through ever improving technologies, existing risks surrounding Bitcoin may be further mitigated.