Every crypto-project must have a risk mitigation plan prior to launch

Risk mitigation planning is lacking in crypto-space

If you saw my previous posts Criteria for determining fair distribution in an ICO - the importance of vesting to align incentives"Insider" ICOs are now becoming a trend... are VCs becoming "first class investors"?,Why we need to end the practice of ICOs. Why the "ICO" model is stupid and the ICD is better, and is Ethereum a scam and are Ethers unregistered securities? Fiduciary duty attorney Jason Seibert weighs-in, the main conclusion I have reached is that projects need to take risk mitigation seriously. In specific, regulatory risks are being under-estimated in some instances and over-estimated in other instances, and the methods of reducing or mitigating these risks are not currently being circulated widely as best practices.

Developers are not lawyers and interests may not be aligned

The interest of a developer is to develop the platform and provide functioning code. A developer would be in their best interest to seek to do this in a way which provides the most benefit to users with the least costs. The regulatory risks are possible costs and any ICD/ICO or fundraising must as a best practice set aside some funding for situations where there might be regulatory attack. In many cases developers consider all sorts of technical attacks, social engineering attacks, and more, but almost no developers in the space consider legal and regulatory attacks. Developers will have to adopt more sophisticated risk mitigation strategies going into the future and there may be a need to form a political action committee as part of that.

Risk mitigation must be part of the design

If we look at Steemit then we can see it is a well designed platform. If there are regulatory risks, it is designed in such a way that funds can be raised to pay for legal fees and media attention can be had. Steemit itself is a media platform, which in turn has an influence on public opinion. At the same time Steem was very carefully launched so as to not take on unnecessary risk. When launching platforms there are risks just as there are risks running the platform, and the ability to manage risk is important for success in any platform. Developers and participants in this space have a higher than usual risk tolerance, but if the same or greater gains can be had with less risk then why take unnecessary risk for the same gain?

What is risk, how is it assessed, and why is it important?

In information security, or any security related field, risk assessment and mitigation are critical subjects. First the risks have to be accurately identified and understood. By understanding the nature of the risks then it becomes possible to develop strategies to mitigate those risks. Very very few developers in crypto-space are also lawyers and because of this it is very difficult to accurately determine the level of regulatory risk and legal risk. Once these risks are determined and the nature of these risks are known then mitigation strategies become possible, but lawyers likely will not be creative when it comes to mitigation strategies and because most lawyers are not developers the legal expert will not understand what is technically plausible in terms of risk mitigation. Legal experts typically will focus on what is legally possible, and typically come up with legal solutions to legal risks, while developers will be more likely to consider technical solutions to legal risks. In my opinion, solutions and approaches must be considered on merit and not based on technique. If the solutions are legal or technical isn't as important as the question of whether the mitigation strategy is effective or whether the control measures are likely to contain the risks.

References

Web:

1. https://en.wikipedia.org/wiki/Risk_management
2. https://www.mha-it.com/2013/05/four-types-of-risk-mitigation/