Standard 9: Counterparty Management

the standard firms must manage counterparty risk this includes thorough due diligence processes for all counterparties and service providers before engagement; diversification across trading venues and counterparty relationships to reduce concentration risk; and ongoing monitoring of counterparty creditworthiness and operational risk firms must document contingency plans for counterparty failures or service disruptions and conduct regular assessment of service provider performance and capabilities introduction counterparty risk in digital assets encompasses operational and technological failures that extend far beyond traditional credit risk many exchanges and service providers operate with varying levels of transparency, leaving them vulnerable to insolvency or internal mismanagement the 2022 collapse of ftx remains a landmark case study, demonstrating the dangers of over reliance on a few dominant entities; such failures can lead to immediate capital loss and years of complex bankruptcy proceedings for exposed firms because the digital asset ecosystem is highly interconnected, a single counterparty default can trigger a chain reaction, impacting custodians, prime brokers, and market makers simultaneously standard 9 mandates a disciplined, proactive approach to managing these exposures for institutional managers today, this involves a "defense in depth" strategy conducting rigorous initial due diligence, enforcing strict exposure limits, and maintaining continuous monitoring stability can shift rapidly in digital markets; therefore, assessments must move beyond static annual reviews toward real time risk tracking this ensures that a counterparty's financial health and security posture are verified against the firm's specific risk tolerances on an ongoing basis managing counterparty risk is a dynamic process that requires accepting certain trade offs to protect client assets, managers must prioritize diversification—spreading exposure across multiple venues and jurisdictions—even if this increases operational costs or reduces execution speed effective oversight includes regular "on site" or virtual audits, tracking aggregate exposure across all relationships, and utilizing third party blockchain analytics to monitor counterparty wallet health institutional grade management values long term stability and capital preservation over the convenience of concentrated relationships or lower trading fees 9 1 counterparty risk management framework rigorous due diligence on all counterparties is the cornerstone of risk management initial assessments must be comprehensive, while ongoing reviews ensure that the counterparty’s financial and operational health remains within acceptable thresholds this process should move beyond surface level reviews to include deep dive assessments of technical, financial, and regulatory maturity 9 1 1 counterparty universe and tiering defining the counterparty universe establishes a complete view of all entities creating risk in digital asset markets, this universe typically includes exchanges centralized venues (e g , coinbase, kraken, binance) and decentralized exchanges (dexs) centralized venues present custodial risk, while decentralized venues present smart contract risk prime brokers entities providing financing, custody, and execution these relationships often create concentrated exposure requiring rigorous oversight otc desks market makers for bilateral trading risks include settlement lag during execution and credit risk if trading on margin custodians third party entities holding firm assets these represent the largest single counterparty exposures and require the most stringent monitoring lending protocols defi platforms for borrowing or lending risks include smart contract vulnerabilities, governance failures, and oracle manipulation service providers administrators, auditors, and technology vendors while not direct financial counterparties, operational dependencies create significant secondary risks counterparty tiering firms should classify entities based on exposure size and operational criticality to determine monitoring frequency tier 1 (critical) largest exposures or essential infrastructure requires comprehensive oversight, including annual on site visits and quarterly monitoring updates tier 2 (important) material exposure or specialized services requires semi annual reviews tier 3 (routine) limited exposure or infrequent usage requires annual documentation refreshes 9 1 2 counterparty risk limits specific, measurable limits for each counterparty and the aggregate portfolio are essential to prevent dangerous concentration individual counterparty limits maximum exposure to a single entity, often expressed as a percentage of net asset value (nav) typical institutional ranges include tier 1 custodians 40–50% (dependent on bankruptcy remote status) exchanges 10–20% otc desks 5–10% aggregate limits total exposure across categories to prevent sector wide failure impact this includes caps on total exchange exposure or total exposure to unregulated entities exposure measurement a standardized methodology must calculate total exposure, including assets held by the counterparty financing/leverage provided unsettled transactions and margin requirements potential future exposure (pfe) from derivatives limit monitoring daily calculation of current exposure versus limits automated alerts should trigger when approaching thresholds, and all breaches must be documented with a clear remediation timeline takeaway message counterparty due diligence performed at onboarding and never revisited loses value over time exchange solvency, protocol security, and lending platform stability change continuously the counterparty approved 18 months ago may have materially different risk characteristics today best practice is establishing a periodic review cycle for all material counterparties, with review frequency based on exposure size and counterparty risk characteristics reviews should assess current financial condition, operational changes, regulatory developments, and any incidents since the last review documented procedures ensure reviews happen systematically rather than only when problems emerge 9 2 counterparty due diligence effective counterparty risk management begins with disciplined, risk based due diligence comprehensive review of a counterparty’s financial condition, governance, risk management framework, and operational resilience is essential to informed exposure decisions diligence standards should increase proportionately with counterparty tier and exposure size, requiring deeper verification for tier 1 and tier 2 relationships 9 2 1 due diligence framework a comprehensive due diligence framework systematically examines the critical domains of a counterparty's business this standardized approach allows managers to identify hidden vulnerabilities and ensures that all partners meet the minimum safety requirements for institutional capital table 1 comprehensive assessment framework true 150,169 9899193548387,169 9899193548387,171 02016129032262 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type detailed due diligence pillars business and reputation beyond basic history, this involves reviewing the business model’s sustainability and client concentration background checks on key executives are mandatory to identify legal issues or prior failures that could indicate future governance risks financial condition fiduciaries must analyze capitalization adequacy relative to the counterparty's operational risk this includes assessing liquidity positions, funding sources, and proof of solvency—the verification that on chain assets exceed customer liabilities regulatory and legal verification of registration with relevant authorities and the "bankruptcy remoteness" of client assets is essential this ensures that in the event of insolvency, the fund’s assets are not treated as part of the counterparty's general estate risk management evaluation of internal governance, including limits on their own market and credit risk this pillar also covers the adequacy of their insurance program and the results of recent disaster recovery testing technology and security focuses on the security of the custody stack and key management systems it requires proof of recognized certifications such as soc 2 type ii or iso 27001, alongside a review of system uptime and api scalability 9 2 2 on site visits and ongoing monitoring on site visits (or "virtual deep dives" using live screen sharing for tech audits) are vital for tier 1 counterparties firsthand interaction with senior management allows for a better assessment of their capabilities, while observing operational controls can reveal the reality of their organizational culture observing facility security and interacting with compliance teams provides insights that static documentation cannot capture due diligence is a continuous obligation monitoring frequency is strictly tied to the counterparty’s tier tier 1 (critical) quarterly monitoring updates of financial statements and operational metrics requires an annual comprehensive re assessment including a site visit tier 2 (important) semi annual monitoring reviews with a full due diligence refresh every year site visits are conducted every 2–3 years or upon a "trigger" event tier 3 (routine) annual monitoring review with a refresh of due diligence documents every 2–3 years on site visits are only conducted if material concerns are identified takeaway message exchange selection based primarily on liquidity and fees, without assessment of financial stability and asset protection practices, proved costly during the 2022 exchange failures proof of reserves claims, regulatory status, insurance coverage, and asset segregation practices warrant independent verification rather than reliance on marketing materials best practice is maintaining documented due diligence files for material exchange relationships that include proof of reserves verification (methodology and limitations), regulatory licenses and status, published insurance coverage, and analysis of asset segregation practices exposure limits should reflect assessed counterparty quality, with lower limits for exchanges where verification is limited 9 3 exchange management exchanges are a vital component of the digital asset market infrastructure, yet they represent a significant concentration of counterparty risk unlike traditional finance, where trading venues and custodians are strictly separated, many digital asset exchanges operate as "all in one" platforms this dual role creates an environment where an exchange failure—as demonstrated by the 2022 collapse of ftx—can lead to the immediate loss of all assets held on that platform and result in years of complex, uncertain bankruptcy litigation managing this risk requires a disciplined approach to exchange selection, rigorous exposure limits, and active monitoring of withdrawal functionality 9 3 1 exchange selection and monitoring a formal approval process is required before trading on any venue to ensure the platform meets institutional safety standards investment managers should perform a comprehensive evaluation across several critical domains trading volume and liquidity analyze the average daily volume (adv) and order book depth for the specific assets being traded high headline volume can be misleading; fiduciaries must verify liquidity stability during periods of extreme market stress security and custody evaluate the exchange's custody architecture (e g , percentage of assets in cold storage) and historical security track record the availability of regular proof of reserves or independent attestations is a primary indicator of transparency regulatory status verify licenses and registrations in all relevant jurisdictions (e g , u s bitlicense or european mica compliant status) compliance with aml/kyc requirements and the clarity of legal protections in the exchange’s terms of service are essential financial condition assess the sustainability of the exchange's business model and the quality of its financial backing transparency regarding proprietary trading activities or affiliated market makers is critical to identifying potential conflicts of interest operational capabilities monitor system uptime history and api reliability the exchange must demonstrate high capacity transaction processing and responsive technical support for institutional clients 9 3 2 exposure management active management of exchange balances is the most effective defense against platform failure spreading risk across multiple venues ensures that no single collapse can jeopardize the entire portfolio minimize exchange balances firms should treat exchanges as "trading venues" rather than "storage venues " excess balances should be "swept" back to cold or warm custody daily or whenever they exceed a defined threshold target combined exchange exposure should typically remain under 10% of nav limit no single exchange should hold more than 5% of nav at any given time diversification of venues trading activity must be distributed across a minimum of 3–5 approved exchanges this prevents dependency on a single provider and ensures that if one venue experiences downtime or a security event, the firm can continue to execute its strategy on alternative platforms withdrawal testing operational readiness is verified through regular withdrawal tests managers should perform small, automated withdrawals monthly and larger, manual withdrawals quarterly any delay, restriction, or "system maintenance" that impacts withdrawal functionality must be immediately escalated as a high priority risk event real time monitoring and alerts firms should implement real time balance tracking with automated alerts for any unusual exchange activity daily reconciliations between exchange reporting and internal ledgers are mandatory to ensure that the firm's view of its assets matches the exchange’s records 9 4 legal and contractual protections robust legal agreements are a critical tool for mitigating counterparty risk by clearly defining rights, obligations, and remedies given the unique technological nature of digital assets and the evolving regulatory landscape should be negotiated with specialized legal counsel rather than accepting standardized "terms of service " 9 4 1 key contractual provisions important parts of a contract include key terms and conditions that must be agreed upon by all parties involved these provisions ensure that the rights and responsibilities of each party are clear and legally binding collateral requirements agreements must specify the types of digital assets accepted as collateral (e g , btc, eth, or regulated stablecoins like usdc) crucially, they should define valuation methodologies using multiple independent pricing sources to avoid "oracle" manipulation, and set clear haircuts (valuation discounts) based on asset volatility events of default beyond traditional insolvency, digital asset defaults should include specific technical and regulatory triggers these may include exchange hacks, prolonged blockchain network failures, or regulatory actions that prohibit the counterparty from handling specific digital commodities termination and liquidation rights contracts must establish the right to terminate and liquidate collateral immediately upon default this includes defining the "grace period" for margin calls—which is typically much shorter in digital markets (minutes to hours) than in traditional finance asset segregation and bankruptcy remoteness a primary goal is ensuring client assets are held in segregated accounts and are legally isolated from the counterparty's general estate this "bankruptcy remote" status prevents clients from being treated as unsecured creditors if the counterparty fails governing law and jurisdiction managers must specify the governing law (e g , new york or english law) and the jurisdiction for dispute resolution this is vital for cross border transactions where legal treatment of "controllable electronic records" can vary significantly 9 4 2 netting and set off where feasible, agreements should include netting and set off provisions to reduce gross counterparty exposure these provisions are essential for capital efficiency and risk reduction in high volume trading environments bilateral netting allows a firm to offset its obligations across multiple products and transactions with a single counterparty, resulting in a single "net" exposure close out netting upon a default event, this enables the firm to terminate all outstanding trades and offset gains against losses to determine a single net payment amount this significantly reduces the risk of "cherry picking" by a bankruptcy trustee set off rights these provisions allow the firm to apply any collateral or other obligations against amounts owed by the defaulting counterparty, further mitigating potential losses note netting enforceability varies by jurisdiction legal counsel must verify that netting provisions are upheld under local insolvency laws, as some regions do not honor these clauses without specific structural documentation allocator due diligence considerations institutional allocators evaluate counterparty management through diversification discipline, exposure monitoring rigor, and contingency planning adequacy inability to demonstrate systematic due diligence, produce real time exposure monitoring, or explain counterparty failure response procedures reveals inadequate counterparty risk management counterparty framework and due diligence walk through your counterparty risk management framework including classification system and tier assignment criteria what is your process for conducting due diligence on new counterparties? provide sample due diligence report for key counterparty how do you determine and enforce exposure limits across different counterparty types? what operational testing protocols apply before allocating to new counterparties? show real time monitoring systems and alert escalation procedures exchange and prime broker management what is your current exposure to your top five counterparties? how do you mitigate risks of holding assets on exchanges? walk through withdrawal testing protocols including frequency and documentation what tier classification methodology applies? explain multi prime architecture and activity allocation how do you prevent concentration creep? show historical decisions where you reduced or eliminated exchange or prime broker relationships walk through primary counterparty failure response procedures banking and settlement risk how do you manage bilateral settlement risk across otc relationships? what banking redundancy exists with geographic distribution? how many active banking relationships do you maintain? what triggers banking relationship changes or terminations? how are 90 day operating expenses distributed across banks? documentary evidence requirements counterparty risk management policy sample due diligence reports for key counterparties comprehensive counterparty exposure reports with limits and utilization operational testing documentation with withdrawal success rates real time monitoring dashboards displaying health metrics sample legal agreements with key counterparties performance scorecards and relationship review documentation banking relationship matrix showing institutions, jurisdictions, and balances counterparty failure scenario response procedures common pitfalls and remediation counterparty exposure concentrated for convenience majority of trading, custody, or financing through single provider because it's operationally simpler concentration risk unrecognized until counterparty failure makes it unavoidable—as ftx demonstrated definitively remediation enforce diversification limits no single exchange exceeding 20 30% of trading volume, no single custodian exceeding 30 40% of assets maintain active backup relationships, not just identified alternatives test contingency access before it's needed due diligence performed once and filed counterparty assessed at onboarding but never revisited financial condition, control environment, and regulatory status change—the counterparty approved two years ago may have materially different risk characteristics today remediation implement tiered ongoing monitoring annual comprehensive review for material counterparties, trigger based review for adverse events (regulatory action, security incident, key personnel departure) update risk ratings based on findings excessive balances left on exchanges assets remain on exchanges beyond immediate trading needs for convenience, creating uncompensated counterparty exposure exchange balances are unsecured creditor claims in insolvency remediation implement daily sweeps to custody, keeping exchange exposure below 10% of nav or immediate trading requirements conduct periodic withdrawal tests confirming ability to move assets promptly—exchanges that delay withdrawals warrant reduced exposure due diligence relies on counterparty representations risk assessment based on what counterparties claim about themselves—proof of reserves, security practices, regulatory status—without independent verification self reported information proved unreliable repeatedly in 2022 remediation verify key claims independently regulatory licenses through regulator databases, proof of reserves through on chain verification where possible, security practices through soc reports or audit attestations for material relationships, consider on site visits exposure limits breached without consequence limits exist but breaches routinely accepted with informal approval or after the fact ratification limits that flex on demand provide no actual risk control remediation implement automated monitoring with immediate alerts at threshold levels (e g , 80% of limit) require written justification and senior approval for any breach track breach frequency and duration—repeated breaches indicate limits miscalibrated or trading behavior that needs correction standard counterparty agreements accepted without negotiation exchange and custodian terms signed as presented without legal review unfavorable provisions—broad rehypothecation rights, weak segregation, disadvantageous default terms—discovered only during counterparty stress remediation engage counsel experienced in digital asset agreements to review material relationships negotiate key terms asset segregation, rehypothecation limitations, termination rights, and recovery priority document negotiation outcomes and accepted residual risks no contingency plan for counterparty failure assumption that key counterparties will remain operational when failure occurs, scrambling for alternatives under time pressure and market stress remediation document contingency plans for each material counterparty pre identified alternatives, estimated transition timeline, required actions, and communication protocols test plans periodically—a contingency that hasn't been exercised may not work when needed counterparty exposure tracked in silos trading desk tracks exchange exposure, treasury tracks banking relationships, operations tracks custody—no aggregated view of total counterparty risk across the firm concentration discovered only after problems emerge remediation centralize counterparty exposure in unified dashboard covering trading, custody, financing, and banking relationships implement automated alerts when aggregate exposure approaches limits review consolidated exposure regularly at risk committee level key controls and documentation true 165,199,148 05135951661632,148 94864048338368 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type