Thursday, November 24, 2022

Figuring out FTX and SBF (Part 1): The Epic Rise in 5 videos

The recent weeks have seen the fall of crypto-king Sam Bankman-Fried (aka SBF). The epic rise and the spectacular fall of him and his FTX empire has us all asking one question: what happened?

We’ll initially explore this saga over several posts. 

 

In this post, we look at 5 videos that cover the rise of SBF and his FTX crypto-exchange. We’ll start by looking at how he initially got rich through arbitrage trading, look at the FTX “business model”, his connections to the US government, and then close with the celebrity endorsements that helped propel him to stardom.

 

Video #1: The Benevolent Billionaire?

Probably my first encounter with SBF, was in his interview with Nas Daily. We learn how SBF rose to fame in the crypto space by taking advantage of price differences in bitcoin in the US and in Japan. More importantly, the video captures the hope and the hype around the “earn to give” concept that SBF promoted. Turns out it was all hype and no hope. Vox published their twitter DMs with SBF, where he explains “I feel bad for those who get f***** by it…this dumb game we woke westerners play where we say all the right shiboleths [sic] and so everyone likes us” (link).

 



 

Video #2: Did SBF really say that Crypto is a Ponzi Scheme – 7 months ago?

On Bloomberg’s Odd Lot’s podcast aired back in April 2022, SBF seems to admit to Wall Street’s Wiseman Matt Levine that “magic internet money” is a Ponzi scheme. If you don’t have time to listen to the whole podcast, check out Coffeezilla’s quick takes. The technique that SBF discusses appears to  have been used in Celsius, which we discussed previously.  

 



 

Video #3: There are magic boxes, but magic business models?

On a separate but related note, FTX offered high rates of interests to depositors. As shown in Wall Street Millennial’s video, the rates were much higher than the fed rate that was close to zero at the time. This is not so much about the magic money box that SBF referred to in the previous video, but rather pure magic. How else can we explain the sustainability of such a high interest rate on bitcoin/Ethereum deposits? As CPAs know, when expenses exceed revenues – a business failure is inevitable.  (Click here to go to the timestamp where they discuss the issue of interest rate deposits)

 


Video #4: If you’re for regulations, you’re one of the good guys – right?

Stepping back, Cold Fusion’s video gives a good broad understanding of the key events that happened with the rise and sudden fall of FTX. (The previous video is also quite good as well). That being said, this video takes time to highlight SBF’s connection with the government and regulatory bodies.

 

Firstly, his mom is connected to the Democratic party. Secondly, he testified before congress, donated to both parties (not just the Democrats), and met with Gary Gensler from the SEC. If you look carefully at the screen shot where he speaks about the meeting with Gensler, you may recognize IEX’s Brad Katsuyama. (Reuters reported here on this meeting). He’s the protagonist of Michael Lewis’s Flash Boys. And that’s not the only connection to Lewis. Reports have emerged that Lewis had spent 6 months with SBF and is planning to publish a book about him. Lastly, there is an odd connection between FTX’s CEO, Caroline Ellison, and Gary Gensler. As Cold Fusion points out, Caroline’s father, Glenn Ellison, was Gensler’s boss at MIT.



 

Video #5: Is FTX a smart bet, with all these celeb endorsements?

Both Wall Street Millennial and Cold Fusion pointed out the role of influencers played in pumping the FTX/SBF brand name. But we don’t just need to take their word for it. We can see it for ourselves. Some of the promo videos are still live on FTX’s YouTube Channel. This video features Canada’s own Kevin O’Leary:




If you didn’t have a chance to go through the whole video, check out this part where he and the host emphasize the compliance-orientation of SBF and FTX. Now, that definitely didn’t age well. But perhaps what’s more surprising is O’Leary’s comments post-FTX meltdown. Apparently, he would back SBF in another crypto-venture (link).

 

Lastly, if you are interested in seeing the actual adverts aired on TV, check out this one featuring the actor Larry David.

 

In our next post, we’ll look at some more videos that take a closer look at the “Ten Days in November” that broke FTX and could have possibly ushered in the “Crypto Ice Age”.


Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

 

Tuesday, November 1, 2022

Lessons Learned: Flashback to Summer’s Great Rogers Outage (Part 2)

In our last post, we looked at the Great Rogers Outage of 2022.

Millions of Canadians experienced life without mobile and Internet service – a necessity in our pandemic life. The cause was traced back to a system-change gone wrong. It appears that though Rogers had tested some parts of the planned change, it was insufficient to identify all the issues. The result was that the network got flooded with traffic and then the systems went down.

 

What are some lessons we can learn from this outage?

Major Controls Frameworks, like COBIT and ISO27001, and audit standards, like SOC2, require that management implement change management controls. Consequently, the outage presents a unique opportunity to understand what can go wrong when it comes to change management. Moreover, it highlights what types of controls are relevant from a real-live scenario - as Rogers documented in its submission to the CRTC. 


With that in mind, let’s look at four lessons from the Great Rogers Outage of 2022. 


Lesson #1: The Importance of Redundancy

When commenting on the impact of the outage on governments within Canada, Rogers noted: “It is important to note that in most of the cases, we provide a portion of the telecommunications solution, but not all underlying services. Many institutional customers have redundant services” [emphasis added].


Also, as previously noted that they had “established reciprocal agreements between Rogers and Bell, and between Rogers and TELUS, to exchange alternate carrier SIM cards in support of Business Continuity.”


The implication of this lesson is that we should try to diversify the telecom providers within our professional and personal lives. For example, my personal device is provisioned through Fido (a Rogers sub-brand), while my work cell is provisioned through Bell.  


Lesson #2: Test, Test, Test

They say in real-estate it’s about location, location, location. In change management it’s test, test, test. In the aftermath of the outage, Rogers doesn’t deny that they need to review their change implementation process:

“Most importantly, Rogers is examining its “change, planning and implementation” process to identify improvements to eliminate risk of further service interruptions.”


To be fair, it’s not like there was no testing done. Instead, Rogers had used a phased approach to rolling out the change:

Concerning the July 8th outage, the proposed activities were very carefully reviewed, as we normally do with all network changes. We validated all aspects of this change.  In fact, we had begun introducing this change weeks ago, on February 8th and had already implemented successfully the first five (5) phases in our core network.” [emphasis added]


It’s a good reminder that in the world of IT General Controls, and IT Risk Management more broadly, it’s not about what goes right but what goes wrong. Consequently, companies should ensure that the scenarios tested are comprehensive enough to identify hidden assumptions or dependencies. For example, Rogers had a procedure that relied on “alternate carrier SIM Cards”. Hypothetically, testing whether this worked ahead of time could help identify whether the employee could find their SIM cards or how they activated such SIM cards when they have no Internet.


Lesson #3: Planning Crisis Communications from Content to Channels

According to the Rogers submission, the company conducted the following communications:

“During the outage, Rogers communicated with customers across several different channels, including social media, media outlets, Rogers Sports & Media properties, website banners, virtual assistants, interactive voice responses (“IVR”), public service announcements and community forums. In addition, Rogers’ CEO conducted broadcast interviews with CP24, Global News, CTV News, BNN, and CityNews. Rogers SVP of Access Networks & Operations also conducted broadcast interviews on CBC and CityNews.”


The following CBC news clip illustrates what was communicated and how:



As can be seen, the reporter was a little surprised that they got message from the IT team – instead of Rogers themselves. However, Rogers did admit that they “will be updating [their] plans and procedures”. Specifically, they plan to:

  • Equip the communications team with “back-up devices on [an] alternate network”
  • Be more timely “in posting details to customer care channels, web properties, social media, as well as public service announcements (“PSAs”) across media properties”
  • Provide more frequent updates “even if there is limited or no additional information to share”
  • Determine an alternative way for the communications team to authenticate themselves, when the second-factor registered with the social media service is reliant on “a device on the Rogers network”
  • Provide specific “status of critical services (such as 9-1-1), how they may be impacted by the outage, and advice for customers”


The outage is a good illustration of how critical crisis communications can be. Maintaining effective communications with customers or other stakeholders is key to minimizing the reputational damage that such incidents can potentially have.


Lesson #4: Monitoring

The final takeaway is the importance of having resources and tools to monitor the restoration efforts. That is, the fixes deployed may not resolve all the issues. Rogers reported the following results with respect to bringing things back online:

“Once the technology team confirmed stability of our core network, and that traffic volumes were returning to normal level across the network, we proceeded to inform customers that our network and systems were returning to fully operational service for the vast majority of our customers. We also notified them that some customers may experience intermittent issues, and that our technology teams are monitoring and would work to resolve any issue as quickly as possible.” [emphasis added]


As can be seen, Rogers was able to restore the service for the vast majority of customers. However, there were a few that still experienced lingering issues. Consequently, it’s important to have continuous monitoring in place to ensure that the service is restored fully before returning to business as usual.

 

Closing thoughts

The incident highlights how dependent society has become on the wireless carriers for the day-to-day transactions and functioning of society. Vass Bednar (also interviewed in the above CBC newsclip) summarized the situation in an op-ed in the Globe and Mail as follows: 


“Enormous advances in mobile tech have made Canada's telecoms enormously powerful, and that power has consolidated in just five major players. That number threatens to get smaller, too, with the proposed Rogers-Shaw merger currently under review by Canada's Competition Bureau. If the deal goes through, the company that caused so many Canadians to lose connection with each other would serve roughly 40 per cent of all households in English Canada… it reinforced the idea that our telecommunication networks are vital public infrastructure that is controlled by private corporations. We've lost sight of that balance, despite the ways we rely on those networks.”


As discussed in the first takeaway, the issue of redundancy is paramount when it comes to ensuring ongoing access. Ironically, the lack of sufficient alternatives in the mobile carrier space amplifies the availability risk for us all.


Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.