Crimes against people’s information and nest eggs are real and abundant. The CuBitREvolution™ takes risk management very seriously. We have invested significant time and energy identifying risks and implementing comprehensive measures to manage them. Some of the risks tracked are: business, cryptocurrency, privacy, financial, operational, regulatory, real estate risk, and miscellaneous risks that can be everything from marketing and brand management to system outages.
This article does not address all the risks and risk management efforts we employ. Rather, it 1) discusses general risk concepts, 2) how we apply those concepts in our risk management approach, and 3) provides a couple of examples of our risk management efforts for specific risks.
Essential Risk Concepts
Collectively, our team has more than 90 years of experience in risk management (see CuBit™ Roots). We are experienced in identifying and successfully managing a wide range of risks.
To facilitate an appreciation of the extent of our risk management efforts it is helpful if we establish a common understanding of certain elements and terms associated with risk management.
Risk Measurements
Every risk can be evaluated in terms of two factors: Probability and Impact.
Probability refers to the likelihood that the risk will become a reality. Mathematically, this ranges from zero to 100%. Qualitatively, we often measure risks as Low, Medium, and High. The qualitative measures may be translated into numeric ranges. However, a truly mathematical risk assessment usually involves measuring things like mean time to fail, mean time to repair, and other quantifiable risk factors. This allows a greater level of certainty than a qualitative analysis. Unfortunately, determining the mathematical certainty of some risk events requires a level of data collection and analysis that is often unavailable or impractical.
Impact is an estimate of the cost associated when a risk becomes an issue. Cost can be in financial terms, reputational, or scope of the impact. For instance, a problem that costs one million people one penny each has a wide scope, but a small scale. However, if that same penny-per-person turns into a lawsuit, it would immediately become a class-action lawsuit. Whereas, if it were restricted to one person, it could still be a lawsuit, but not a class-action lawsuit.
Risks and Issues
Every issue is the realization of a risk. While a risk is something that might happen, an issue is something that has occurred. The issue is when the risk changes from a possibility into a reality.
Resolving issues does not usually resolve, eliminate, or close, a risk. The possibility of another issue associated with that same risk still exists as long as we are engaging in the activity associated with that risk.
Inherent and Residual Risk Levels
Inherent risk is the probability and impact associated with any risk.
Residual risk is the probability and impact associated with any risk after applying risk management strategies.
Risk Management Strategies
The “elimination” of risk is not possible. Risk is an integral part of every aspect of our lives, both personally and professionally. Anyone who tells you that something is “risk-free” is not being truthful. It is because of this reality that the US Government is especially aggressive in prosecuting investments which tout “guaranteed” returns. A guarantee implies that the risk of losses has been eliminated.
In truth, there are only four ways to manage risk.
- Avoidance: The risks associated with a given activity can be avoided by not engaging in certain activities
- Transfer: The costs associated with the risks of a given activity can be transferred to another party. This is the basis for the entire insurance industry.
- Mitigation: The probability or impact, or both associated with given risk can often be reduced by taking proactive measures to prevent or through countermeasures.
- Acceptance: For all risks which cannot be avoided, acceptance is the ultimate strategy. In cases where the inherent risk isn’t sufficiently consequential to warrant the costs of mitigation or transfer, acceptance may be of the inherent risk. The strategies of transferring and mitigating risks have their own costs and ultimately reduce inherent risk to the level of residual risk. Residual risk always represents accepted risk.
Risk Assessments
Our Risk Log identifies 87 distinct risks. Each risk is grouped into an appropriate category and sub-category. We assess the probability and impact of the inherent risk. Then, we apply our risk management strategies and assess the probability and impact of the residual risk.
Of the 91+ risks currently identified in our risk log, our strategies break out as follows:
- Avoid: At present we have identified 4 risks we are avoiding.
- Transfer: 5 risks we have identified can be mitigated by transferring most of the risk and accepting the remaining risk.
- Mitigate: We have engineered into our infrastructure efforts to mitigate 67 of the identified risks.
- Accept: We have identified 11 risks which we deem necessary, and which cannot be mitigated.
Exemplar #1
Cryptocurrency has enough distinct risks (we have identified 10) that it constitutes its own risk category with several sub-categories. One, particularly important sub-category of cryptocurrency risk is called “Smart Contract Risk.”
All cryptocurrency endeavors are built on computer programs. Most rely heavily on a type of computer program called a smart contract. The CuBitREvolution™ is no exception in this regard. Smart contracts are inherently vulnerable to hackers. Hackers exploit errors in the code, program logic, related management, or all three to their advantage.
A common risk mitigation tactic is to have outside auditors examine the smart contracts and point out their code, logic, and related management errors and vulnerabilities. All our smart contracts are fully audited as soon as they reach the stage where that is possible. As part of our commitment to transparency, the results of those audits are generally available to the public. The exception would be if an audit revealed a specific vulnerability which can be corrected in code. We resolve such a vulnerability and then have the contract reaudited.
Exemplar #2
We have identified 7 distinct regulatory risks, affording it a distinct category of risk. Two of these relate to securities registration and commodities regulations.
Securities registration directly affects the CuBitDAO™ (the DAO), UREWPS, and the Distributed Regional Affiliates (DRA).
The CuBitDAO™, and UREWPS are both registered under the laws of the State of Wyoming as limited liability corporations. In the case of the DAO it is registered under a subsection of the laws which are written specifically for distributed autonomous organizations (DAO).
The DRAs are registered as LLCs in the respective states where they operate. Offers to sell shares in each DRA are only presented in accordance with state and federal laws within the context and content of a private placement memorandum (PPM).
Commodities regulations apply to CuBit™. The currency was specifically designed to qualify as a commodity, rather than a security. We conducted a “Howey Analysis” (see our analysis) to evaluate our effectiveness in this regard.
Once we were satisfied that CuBit™ is a commodity, we simply have to refrain from offering derivatives contracts to avoid conflicting with commodities regulations.
Conclusion
Our team has applied our extensive experience with successful risk management to every aspect of the CuBitREvolution™. Our commitment to minimizing and managing risk applies to every aspect of this work. When you acquire CuBit™ as part of your efforts to protect your wealth from inflation and volatility, you benefit directly from our ability to effectively identify and manage risk.
