How to Manage Cryptoasset Credit Risk

Although rarely considered in the same context, the cryptoasset industry is not immune to credit and counterparty risk. Part 1 of this blog looks at the significance of credit risk associated with exchanges, custody and prime brokerage services.
6 Jun, 2019

The Global Financial Crisis (GFC) of 2008 underscored the importance of credit risk in the financial markets. Since 2008, regulatory reform has been introduced to restore stability and confidence in the banking industry. An exciting technological advancement that is set to transform the financial sector is the development of the cryptoasset industry. Although rarely considered in the same context, the cryptoasset industry is not immune to credit and counterparty risk.

Part 1 of this blog looks at the significance of credit risk associated with exchanges, custody and prime brokerage services. Part 2 explores counterparty risk in a traditional financial institutional setting and provides insights on how to extend the traditional credit risk framework to the cryptoasset industry.

Credit Risk for Cryptoassets

The biggest banking failures during the 2008 GFC were a result of insufficient handling of credit risk. Credit risk represents the risk that a debtor may be unable or unwilling to make a payment on or fulfil contractual obligations. In some instances, this can result in default risk which is a subpart of credit risk. In other instances, it can cause a deterioration in credit quality. From a trading workflow perspective, credit risk is viewed as pre-settlement risk.

The frequency of failures along with the increasing numbers of out of pocket deposit-holders and creditors in the cryptoasset space is a growing concern for market participants. A large proportion of these failures can be attributed to outright theft. According to CryptoAware [1], 2018 was the worst year on record for cryptoasset losses in terms of assets stolen. From 2011 to the first half of 2018, approximately $2.3bn worth of cryptoassets were lost due to scams and cyber hacks, representing 1.7mn BTC (Bitcoin) and 4.56mn ETH (Ethereum). In the first half of 2018 alone, the reported loss had grown to over $1.73bn.


Historically, approximately 60% of the losses have been associated with exchanges, specifically centralised exchanges (CEXs), where trades are done in an IOU format. Since there is no single point of failure in decentralised changes (DEXs), the credit risk consideration is minimal by design.

Centralised Exchanges (CEXs)

Cryptoassets have been stolen from CEXs along with associated private key data that enables the transfer of the cryptoassets anywhere globally. The CEXs nominally cover the resulting credit loss, but in many cases the financial institutions and retail account holders bear the residual and ultimate losses. End users, including institutions, of the CEXs have no recourse if, or when, something goes wrong. They, therefore, need to be aware of the credit risk manifested through cyber security and fraud risk on exchanges.

Cyber attacks on exchanges are a serious problem that lead to loss of funds for exchange users regardless of whether the exchange survives the attack. Here we highlight some notable exchange failures. In 2014, Mt. Gox, which at the time handled 70% of all bitcoin transactions, was hacked and lost $473mn. This subsequently led to its demise. In 2016, Bitfinex suffered a cyber attack and lost 120,000 BTC. In January 2018, Coincheck defaulted after more than a half-billion dollars was stolen. In all these cases, the end-user lost funds.

Moore, Christin and Szurdi investigated 80 cryptoasset CEXs established between 2010 and 2015 and found that nearly half have since closed, wiping out customer account balances in some cases [2]. As shown in Diagram 1, the overall failure rate of CEXs is 48%, and the median lifetime of exchanges is 451 days.

Diagram 1: Survival Probability for Exchanges

The solid red line in Diagram 1 shows the overall survival probability of exchanges using data from all exchanges, along with a 95% confidence interval (blue dashed lines). Only 70% survive more than one year.

Since the GFC, governments, through ‘quantitative easing’, have introduced new money into the money supply via central banks, without producing any inflationary effects. The role of the central bank is to preside over a legal order that effectively grants banks the exclusive right to create IOUs of a certain kind: ones that the government will recognise as legal tender by its willingness to accept them in payment of taxes. The credit risk of such IOUs is associated with the sovereignty of the country.

Given that many CEXs are unregulated and privately owned, customers holding funds with CEXs are exposed to credit risk of a private non-rated institution, as opposed to a government. Specifically, if CEXs refuse to allow users to withdraw assets for an extended period of time, they have effectively failed to honour an IOU obligation. Compounded by the high volatility of the cryptoasset market price, any delays of withdrawal and redemption of funds will lead to economic loss or additional replacement cost.

Unlike the current financial industry, the use and extent of insurance for holding, exchanging or transacting in cryptoassets is not well understood. Such industry standards have yet to be developed in terms of what assets should be insured, against what risk and at what price. The delegation of trust to CEXs is a major obstacle preventing institutional investors from penetrating this burgeoning space.

Exchange-Traded Futures

The cryptoasset market has shifted towards cleared contracts to mitigate counterparty risk, a trend that is very likely poised to accelerate in the current environment. Credit risk of exchange-traded futures is mitigated through the application of margining rules and central counterparty clearing houses (CCPs). Exchange-traded futures have no counterparty risk (except for CCP default) since the exchange or a third party typically guarantees the contract, which is the clearing function associated with CCPs. In Diagram 2, for cleared contracts, the clearing house acts as a counterparty to both sides of the contract, which reduces default risk in standard bilateral agreements.

Diagram 2: Central Counterparty Clearing

A clearing house like Chicago Mercantile Exchange (CME) or the Options Clearing Corporation (OCC) can set initial margins that are proportionate with the risk. The initial margin periodically changes given the prevailing market volatility. The initial margin requirement for CME bitcoin futures traders is 47% and the maintenance margin is 43%. These margins are roughly 10 times larger than the amount needed for trading corn futures for example. The large margins are commensurate with the higher volatility associated with bitcoin prices. Furthermore, CME and CBOE futures are cash-settled futures and do not involve exchange and delivery of ‘physical’ cryptoassets, eliminating the risk of theft and loss of private keys.

Decentralised Exchanges (DEXs)

Currently, no DEXs pool user funds in a single wallet or central server. Rather, users are in possession of their own funds and grant permission to the DEX smart contracts to access their funds to facilitate trading. This eliminates the security risk of holding customer assets in a single wallet. Funds are settled in a peer-to-peer manner, which limits large institutional participation. However, this approach merely shifts total credit risk from the exchange to individual users since users’ wallets and private keys can be hacked by malicious attackers, which could lead to failure to deliver upon trade settlement.

Custody Services

As previously mentioned, CEXs and wallets represent a single point of failure and most cryptoassets function as cryptographic bearer instruments, the keys to which, once lost or stolen, render the asset inaccessible and unrecoverable to its rightful owner. For institutions, self-custody is a nonstarter as state and federal ‘custody rules’ require that certain financial institutions utilise a qualified custodian, which must comply with stringent procedures to safeguard customer funds to satisfy their fiduciary responsibilities.

Many firms are working on qualified custodial solutions for cryptoassets and their unique technological challenges. 2018 was marked by a custody services arms race. In July 2018, Northern Trust started developing a strategy to secure custody-held digital assets such as cryptoassets. In August 2018, Intercontinental Exchange (ICE) announced the formation of Bakkt, a global platform and ecosystem for digital assets. Bank of America filed a patent to offer crypto custody solutions catering to large-scale institutional investors and retail traders. In September, BitGo received the stamp of approval as the first qualified crypto-enabled custodian in the US. In October, Coinbase Custody obtained a license under New York State Banking Law to operate as an independent Qualified Custodian; it will operate as a Limited Purpose Trust Company chartered by the New York Department of Financial Services (NYDFS). In the same month, Fidelity announced the launch of a new company, Fidelity Digital Asset Services, providing cryptoasset custody and trade execution for institutional investors.

Assets held with a qualified custodian are not the custodian’s assets. Consequently, the failure of a custodian does not directly imply the loss of the underlying cryptoasset. Although there could be delays while clients move the safekeeping of their investment assets to an alternative custody service (or a bridge entity in the event of insolvency), the beneficial owner’s ownership interest in the underlying securities would be unaffected.

The cryptoassets in qualified custodians are mainly exposed to operational risk, including cyber-security risk. Due to the limited availability of insurance products in the cryptoasset space, the physical assets are not insured at the amount required by institutional market participants. Cold wallet solution companies, such as BitGo and Xapo are working with custodians to develop solutions to ensure safety of cryptoassets. Furthermore, clients of a custodian that lends cryptoassets through lending programs also have a credit exposure. This is because the custodian has agreed to indemnify the lender in the event that the borrower fails to provide sufficient collateral to fully secure its obligation to return the borrowed cryptoassets. Overall, the lending marketplace for cryptoassets has not yet been developed completely and is also limited to Bitcoin and Ethereum. Yet, we do see pioneers facilitating the market development. For instance, Genesis Global Trading launched the industry’s first institutional lending business, Genesis, on March 1, 2018 to complement the existing OTC (Over The Counter) business. According to its Q4 Insights [4], it originated over $1.1bn by year-end 2018.

Prime Brokerage Services

As qualified custodian services mature, prime brokerage will accelerate the development of the cryptoasset market structure. For instance in December 2017, ED&F Man Capital Markets, a $14.2bn company, signed agreements with 35 hedge funds, family offices and proprietary-trading firms to help them buy and sell bitcoin futures. On December 17th, 2018 Tagomi Holdings Inc., the first live electronic brokerage-offering prime services for sophisticated investors of Bitcoin, Ether and other cryptoassets, started to execute client trades with the backing of several notable investors. A prime broker provides the customer with optionality for managing the counterparty risk by moving credit exposure to a more established institution. Potentially, the prime brokerage model allows the customer to cross-margin open positions and centralise trade reconciliation.

Re-hypothecation is when financial institutions or brokers use assets held as collateral for one client in transactions for another. Clients who authorise re-hypothecation of their collateral are typically compensated either through a lower cost of borrowing or a rebate on fees. Re-hypothecation includes the usage of client assets to allow other clients to short them. Cryptoasset lending and borrowing programs are an example of re-hypothecation activities. However, re-hypothecation exacerbates the risk of insolvency by increasing the likelihood that the broker will have insufficient assets to satisfy customers’ claims if it defaults. Exposures are generally a function of the number of assets held, and available, for re-hypothecation by the broker.

As a direct result of the collapse of Bear Stearns, Lehman Brothers and MF Global, institutional clients have re-evaluated the re-hypothecation of collateral and require collateral to be held under tri-party arrangements. Under these arrangements collateral and assets are held by a highly creditworthy third-party custodian rather than by the prime broker.

Read Part 2: Extending the Traditional Credit Risk Framework to the Cryptoasset Industry

Let's talk!

Speak with one of our solution experts