Third Party Risk
A. Tokenizer Risk
At Usual, we invest our collateral through tokenizers, which are platforms that convert real-world assets into digital tokens. We conduct thorough due diligence on our partners, ensuring their credibility and adherence to stringent risk management practices. It is essential that the tokenizers are thoroughly vetted to ensure that:
Security: We select only experienced tokenizers whose technology has been thoroughly audited to limit the risk of smart contract exploits.
Regulatory Compliance: It is imperative that tokenizers operate in full compliance with the latest regulations, ensuring legal integrity and operational safety.
Asset Management: The underlying assets must be managed by skilled and compliant asset managers, adhering to strict guidelines that ensure diversification while minimizing counterparty, investment, and operational risks.
Transparency: Full transparency of the underlying assets, which are audited by independent third parties. This approach allows for continuous oversight and adherence to the highest standards of compliance and accountability.
Asset Protection: Assets must be ring-fenced in the event of the tokenizer’s bankruptcy, safeguarding our investment.
Fee Structure: Fees charged by tokenizers must be reasonable, ensuring they do not significantly erode the returns from the underlying assets.
Redemption Processes: We prioritize tokenizers that offer a prompt and straightforward redemption process, enhancing liquidity and access to funds.
Diversification of Exposure: To mitigate risks, we maintain a diversified portfolio in terms of tokenizer exposure, spreading risk across multiple platforms and asset types.
This strategic approach ensures that our investments are secure, compliant, and optimized for best possible returns, reflecting our commitment to rigorous standards in managing our collateral.
Operational Risk
Definition
Usual and tokenizers face several types of operational risks in their day-to-day operations. Some of the key types of operational risk faced include:
Internal Fraud: This refers to fraudulent activities committed by internal employees or individuals, such as misappropriation of funds, unauthorized trading, or insider trading.
External Fraud: External fraud involves fraudulent activities carried out by external parties, such as cyberattacks, identity theft, or unauthorized access to sensitive information. These incidents can lead to financial losses, reputational damage, or regulatory non-compliance.
Business Disruption: Business disruptions can occur due to various reasons, including natural disasters, technology failures, or operational errors. These disruptions can interrupt normal operations, lead to financial losses, and impact client services.
Compliance and Legal Risks: Compliance and legal risks arise from non-compliance with applicable laws, regulations, or industry standards. Failure to adhere to regulatory requirements can result in financial penalties, legal actions, reputational damage, or loss of business licenses.
Data and Information Security: Asset managers handle large volumes of sensitive client data, making them vulnerable to data breaches, unauthorized access, or data loss. Protecting client information and maintaining robust data security measures are critical to mitigating this risk.
Operational Errors: Operational errors can result from human mistakes, system failures, or process deficiencies. These errors can lead to financial losses, incorrect reporting, failed trades, or inaccurate valuations.
Mitigation
To effectively manage operational risks, we expect tokenizers to implement various measures, including internal controls, risk management frameworks, employee training, disaster recovery plans, cybersecurity protocols, and compliance monitoring systems. We expect them to conduct regular risk assessments and audits to identify and mitigate operational risks proactively.
We conduct a thorough qualitative assessment of all approved tokenizers based on
Governance and Organizational Structure: Assessment of the fund manager's governance framework and organizational structure. It needs to define clear lines of responsibility, well-defined roles and responsibilities, and a robust governance framework that promotes accountability and transparency.
Risk Management Policies and Procedures: We expect a comprehensive and well-documented risk management framework that addresses operational risks specifically. This should include risk identification, assessment, mitigation strategies, and monitoring processes.
Compliance and Regulatory Track Record: Review the tokenizer and fund manager's compliance history and regulatory track record. Ensure they have a strong culture of compliance and a history of adhering to relevant regulations and industry best practices. Checks related to any regulatory violations or disciplinary actions.
Operational Controls and Processes: Assessment of the tokenizer and fund manager's operational controls and processes. Look for robust internal controls, segregation of duties, and effective checks and balances. Consider their technology infrastructure, data security measures, and disaster recovery plans.
Talent and Expertise: Evaluate the qualifications, experience, and expertise of their operational risk management team.
Reporting and Transparency: We also consider the fund manager's reporting practices and transparency. Look for regular and comprehensive reporting on operational risk metrics, incidents, and risk mitigation efforts. Transparency in communication with investors is crucial for building trust.
Third-Party Service Providers: Assess how the fund manager selects, monitors, and manages relationships with third-party service providers, such as custodians, administrators, and technology vendors. Evaluate their due diligence processes and ongoing oversight of these providers.
Continuity Planning: Evaluate the tokenizer and fund manager's business continuity and disaster recovery plans. Look for measures in place to ensure uninterrupted operations in the event of disruptions or emergencies.