Cryptocurrency companies are disclosing more information about their internal controls and risk management following the collapse of FTX, but a level of transparency in the industry that would make many investors feel comfortable remains far off, the Wall Street Journal reported. Without a federal regulatory regime for the nascent crypto industry in the U.S., risk-management measures vary by firm and it remains difficult for outside observers — including investors and customers — to determine how effective these controls are until things go bad, industry experts say. When a crypto firm is privately held and isn’t subject to the disclosure requirements public companies face, such as third-party auditing, just learning what controls are in place can be a tall order. Although most crypto firms aren’t subject to formal federal regulation, many have adopted the enterprise-risk-management programs that U.S. watchdogs require of mainstream financial institutions in the wake of the 2008 financial crisis. These rules ask companies to identify, monitor and control their risks in both their financials and operations through scenario planning and testing and framework implementation. Among the risks being monitored are cybersecurity risks; legal and compliance risks, such as those arising from financial crimes and sanctions; credit risks that arise when funds are used as collateral; and liquidity risks.
