Vasily Kudrin, Partner, Head of Advisory Department (Risk Management, Control, Corporate Governance) HLB Vneshaudit, Investment Director of Lybrion (a company majoring in digital asset management), presentation on risks in managing digital financial assets at the International Professional Forum “Risk Management – New Challenges”.
Coherent exposition of the presentation
1. Introduction and Expertise. Vasily Kudrin introduces himself as a professional in control, risk management, and internal audit since 2002. His experience includes roles at large oil and trading companies, as well as in consulting, including a top-level position at Ernst & Young. For the past three years, he has been actively engaged in digital financial assets.
2. Definition and Scale of Digital Assets. Digital financial assets (DFAs) aim to be considered as regulated analogues of blockchain-based (crypto) assets. Beyond the well-known Bitcoin and Ethereum, thousands of projects exist, with approximately 2,000 currently active. This sector is gradually encompassing various fields, already accounting for 3-4% of the market with significant growth potential.
3. Transformation of the Financial Sector and Banking. There is a view that within 10 years, technologies related to banks and exchanges will transition to decentralized or hybrid finance. A telling trend is the news about banker Alexander Lebedev, who sold his stake in a traditional bank to invest in a crypto bank, seeing it as an opportunity to bypass the oligopoly of large banks.
4. Current Market State and Prospects. The digital asset market is emerging from a “crypto winter” – a depressive period lasting since 2018. The speaker urges attention to this technology as one of the key waves of change alongside IoT, AI, and open data, which is transforming financial markets.
5. How to Begin Studying the Topic: Classification of Digital Assets. To study the topic, one should first refer to the classification of Digital Financial Assets. When encountering any blockchain project, it is crucial to understand which traditional services (e.g., lending or supply chain financing) it aims to change or “disrupt.”
6. Legislative Regulation. The law on digital financial assets (DFA) came into force on January 1, 2021, after lengthy discussions. Although there are attempts to tighten it, the current version is generally acceptable, as excessive prohibitions would create a competitive disadvantage for the country. Similar laws have long been adopted in many other countries.
7. Key Aspect for Study: Partnerships and Token Nature. Vasily Kudrin says that it is important to analyze the partnerships being built around a token issuer. Most “security tokens” are crypto-analogues of securities (stocks, bonds) or their hybrids, combining, for example, a share and a payment instrument. They are traded on electronic platforms.
8. Hybrid Tokens and the Challenge to Traditional Legislation. Hybrid tokens combine several types of economic relations (credit, finance, money), circumventing unprepared legislation. Laws in this sphere are encoded into the protocol technology itself and are discussed in a decentralized manner, representing a future for which states are not ready.
9. Examples of Successful Projects and Analysis Order. Successful examples already exist, such as Bitcoin, Ethereum, and Polkadot, with multi-billion dollar market capitalization. Vasily Kudrin notes When analyzing a project, one should sequentially examine: 1) its essence and competing services, 2) partnerships, 3) network participants (individuals/legal entities), and only 4) the blockchain technology itself.
10. Areas of Focus for Risk Managers in the Context of Digital Assets. The speaker recommends that risk managers should assess several areas: 1) whether their company is acquiring DFAs and the associated risks; 2) whether the company’s clients have exposure to DFAs, which also creates risks; 3) how DFAs are transforming the company’s industry (especially relevant for banks); 4) the possibility of using blockchain for internal control systems.
11. Impact on Operational Processes, Insurance. Blockchain projects are transforming operational processes, such as insurance. Decentralized mutual insurance networks or platforms where individuals vouch for each other are emerging, taking market share from traditional insurance companies.
12. Risk Assessment Methodology. Banks and financial organizations that do not integrate digital financial assets into their operations are missing opportunities. The speaker developed a project assessment methodology based on three levels: “Goal” (idea), “People” (team), and “Infrastructure” (processes). This serves as the foundation for analysis.
13. External Factors Shaping Market Risks. Market formation is influenced by: 1) The polity’s role (restrictive in large countries, supportive in small ones); 2) the role of major players (whose entry is anticipated or already occurring); 3) human fears and desires (hype, lack of competencies); 4) understanding the economic basis (there is no such thing as free money).
14. Risk Map and Value of of Compliance. Based on this approach, a risk map with four categories was developed by the author of the presentation and related to: idea and strategy, law and transparency (compliance), team and motivation, and processes and operations. Compliance risks are critically important, and rule-making in this area is actively developing globally (example: progressive legislation in Liechtenstein).
15. Mainstream Recognition of the Topic. The topic has become mainstream: in July 2020, the authoritative organization COSO (developer of control standards) issued a 40-page guide on risks and controls in blockchain. The speaker notes that this confirms that the technology has moved beyond “fever” and is being taken seriously by the professional community.
16. Evolution of Perception and the Essence of the Technology. Perception of the technology has evolved: from being seen as fraud 7 years ago to understanding its prospects today. It is not an ephemeral phenomenon but a comprehensible technology that provides better control in large systems through decentralization, benefiting both major players and individual participants while increasing system resilience.
17. Compliance Risk Checklist. The speaker notes that for compliance risks, attention should be paid to 4 groups: 1) Investor Classification (many projects illegally attract non-qualified investors); 2) Data (leakage risks); 3) Monetary Operations (money laundering, example BTC-e/WEX); 4) Government Institutions (interaction with regulators). At least 20 questions should be asked about these groups.
18. Risks Associated with to Human Factor and Fraud. When assessing a team, it is important to analyze: discipline, staff retention and recruitment, effectiveness of internal communications, incentive programs. Fraud risks are high, especially in venture projects. It is necessary to check not only the company but also its owners for hidden debts or intent to “raise money and exit.”
19. Risks of Market Speculation and Conflicts of Interest. Market hype can lead to inefficient purchases of assets at peak value followed by a crash (example of one cryptoasset-rating project whose market capitalization fell from $600M to $14M). Conflict of interest is typical for crypto exchanges that combine the functions of underwriter, trading organizer, and consultant, analogous to unregulated practices of the 1980s stock market.
20. Specifics of the Assessment Methodology: Scoring and Background Checks. A specific feature of the Mr. Kudrin‘s methodology is the active use of scoring (point-based assessments) with mandatory linkage to project leaders. It is crucial to evaluate specific individuals: their credit history, real involvement in the project (not just nominal presence) to identify hidden risks, similar to how banks assess borrowers.
21. Managing Financial Risks and Examples of Hybrid Crypto Assets. Financial risks include cash management and asset depreciation risk. Hybrid tokens, tied to physical assets (gold, palladium, real estate, art), allow for combining business growth with asset stability. In digital form, such structuring is done more simply and transparently than in traditional finance.
22. Organizational Process Risks and Audit Methodology. The approach to assessing operational risks in digital financial asset projects is similar to process evaluation in any organization. The speaker also developed a methodology for risk-based auditing of such projects or DFA management systems within companies. It includes model analysis, risk assessment, control diagnostics, substantive testing, and recommendations, applying traditional practices to the new sphere.
23. Initial Recommendations for Risk Managers. Vasily Kudrin offers the following general recommendations that can help risk managers and other professionals better navigate this new mega-area. 1) Monitor trends (e.g., through specialized mass media sections or web sites); 2) Study the work of the relevant department within your company, if it exists (in Russia, this is often R&D, not full-fledged departments); 3) Develop your own methodology based on the presented principles.
24. Developing Competencies. Further steps include: 4) Develop competencies, starting with basic frameworks like the COSO guide on blockchain; 5) Create your own risk map; 6) Study specific digital assets related directly to risk management, which are beginning to emerge.
25. Key Takeaway, Final Recommendations. The main point is that one must always understand and seek out the impact digital assets have on one’s specific company. This influence creates both new risks and opportunities, and the risk manager’s task is to be prepared for it by applying and adapting traditional risk management tools to the new digital reality.
About Vasily Kudrin
Vasily Vladimirovich Kudrin has been associated with AO HLB Vneshaudit since 2014, where he has contributed significantly to the organization. Prior to this role, he served as the solution leader in the business risk services department at Ernst & Young. Additionally, he has held various managerial and executive positions in several leading companies across the real and financial sectors, including investments, mining, and retail. His expertise spans risk management, internal control, compliance, and internal audit. With a distinguished career, Mr. Kudrin has successfully led and supervised more than 200 projects in the domains of internal control, corporate governance, risk and investment mangement, demonstrating a profound depth of knowledge and leadership in these areas.
Vasily Kudrin has experience in internal auditing, corporate governance and internal control in accordance with international and generally accepted standards and recommended practices since 2002. Mr. Kudrin participated in the boards and committees of a number of professional public organizations, such as the Russian Institute of Internal Auditors, Association of Certified Fraud Examiners (ACFE), is a member of organizations in the field of corporate management and organization of work of professional directors (AND, RID), digital finance (Crypto Valley Association, RACIB), participates in the coordinating council of Debates Club, that deals with issues of innovation in corporate governance, risk management and control.
Education: Finance Academy (University) of the Government of Russian Federation – Economist, Finance and Banking, Corprorate Goverance, Invesments, Securities.
Professional designations:
Vasily Kudrin holds active professional international diplomas: CIA (internal audit, since 2004), CFE (investigations and combating corporate fraud, since 2007), CCSA (internal control and risk management, since 2004).
Professional activity:
A.Life 