Hot and Cold
What thermodynamics can teach us about risk: Crypto Wait-and-See; Bank Intelligence; Becoming a Bank; Fantasy Insurance; Infrastructure Criticism; Supply Chains
Short programming note: This week’s essay isn’t on a book, but rather a topic. I wrote a piece for the wonderful Symposeum Magazine, a project dedicated to rational optimism in the vein of the American Transcendentalists. I have reproduced the first paragraph below in lieu of my usual essay and will link to the rest. Do check out all the other great pieces on the theme of transition in this issue!
Steam navigation... tends to unite the nations of the earth as inhabitants of one country. ...is not this the same as greatly to shorten distances?
- Nicolas Léonard Sadi Carnot
Risk Developments this letter:
Crypto Wait-and-See
Bank Intelligence
Becoming a Bank
Fantasy Insurance
Infrastructure Criticism
Supply Chains
Thermodynamics of Cybersecurity
Outside my apartment window, piles of snow lay coated with an icy sheen formed overnight. Inside, the warm air condenses on the windows. Droplets form and break free, running down the foggy glass in the morning light. I am fortunate to have a job that I can do from home but, like many, the long year of social distancing and working from home has taken its toll on my ability to focus. So I stare off into the distance, half gazing at the rivulets forming on my window. Distraction might not be such a problem, but I work in cybersecurity. While the world grapples with one kind of public health crisis in a physical space, another is taking place online…
Risk Developments
Crypto Wait-and-See
Lots of cryptocurrency news this week. Federal Reserve Chair, Janet Yellen, even got into the frey cautiously warning about an “explosion of risk” while claiming that innovation in cryptocurrencies could reduce inequality fraud, money laundering and data privacy risks. Saying that innovation in a sector could reduce risks is tantamount to saying that the sector currently creates risks, so I’m not sure that it’s as favorable as people seemed to think, but it also does signal that The Fed will likely hold off on tightly regulating the space for now.
Another institutional finance take on cryptocurrencies is Mastercard’s announcement that they will begin to support cryptocurrency on its payments platform… with a few big caveats. They are only planning on supporting those cryptocurrencies that meet stability, privacy and anti-money laundering requirements, which kind of defeats all of the purposes of cryptocurrencies? Most people in cryptocurrencies right now are in it for the volatility. Ideally one way volatility, but volatility nonetheless. The die hard libertarians are in it for the privacy, and the others are in it for the money laundering. So who exactly is going to use the cryptocurrencies accepted on Mastercard’s payment network?
Maybe the answer is the banks? JPMorgan and Morgan Stanely are considering Bitcoin for clients and as an investment, respectively. After BNY Mellon announced custody services for Bitcoin, Blackrock added it to its menu of investment options and Tesla announced investing in the cryptocurrency, it’s not surprising that the banks are taking notice. Deutsche Bank is also piling on to offer trading services to institutional clients. None of the banks, however, appear to be looking at it from a payments angle yet.
Still, this is clearly a big moment for Bitcoin. It passed $50,000 and is being accepted into the mainstream financial system. It’s a good time to dust off your Minsky on innovation. “In financial markets, marked changes at an apparently accelerating pace have occurred in the structure of institutions and relations and the instruments used. These changes, which reflect an innovation process that is not primarily linked to technology, seem to be a major cause of the observed change from tranquility to turbulence.” This is the “hurly burly of innovation” that Shakespeare’s Henry the IV spoke about.
One technology firm conspicuously absent from the Bitcoin conversation is Microsoft. They are notorious late movers and even founded on that premise. Wait until the market exists, then swoop in and capture it, could describe their process with operating systems, word processors, spreadsheet applications, internet browsers and cloud computing. This makes them A) a terrible leading indicator and B) a great judge of hype. It’s no surprise that they weren’t the first to adopt Bitcoin, but that the banks are getting onboard before them is a big signal.
Bank Intelligence
Speaking of banks, two European multinational banks are starting to look more like intelligence agencies than depository institutions. Credit Suisse has been in hot water for years due to internal spying allegations. Now their bid to block auditor appointments to oversee corporate governance and electronic surveillance has been shot down by FINMA, the Swiss financial regulator.
Meanwhile, HSBC is attempting to extricate itself from the extradition case of Meng Wanzhou. Wanzhou, the CFO of Huawei, is being detained in Canada pending extradition to the United States over alleged fraud that violated Iranian sanctions relating to a Huawei subsidiary known as Skycom. She claims that HSBC holds documents that would exonerate her by showing that HSBC knew about the Iranian subsidiary.
There isn’t much for me to say about either of these cases specifically. The facts will bear out what happened, or not. It’s unlikely that the public will ever know the full story in either case, but what we can say for sure is that the boring job of banking, that this work is distant from the old job of taking deposits and making loans. So we have to ask again, is everything national security?
Becoming a Bank
Ikea is getting into the baking business by taking a 49% stake in Ikano Bank, the bank founded by Ingvar Kamprad, Ikea’s founder. Given that U.S. based consumer lender, Affirm’s IPO and Sweden’s Klarna raised money at a $10B+ valuation, it makes sense for Ikea to vertically integrate lending. They have lots of data to use in underwriting and are at risk of losing customers and revenue to new alternatives, but do they really want to be a bank?
Being a bank, as discussed above, may not be as appealing as it sounds. Besides all the human intelligence issues at Credit Suisse and HSBC, you also have the infrastructure problems at financial services providers Citibank and Morningstar. Being an infrastructure provider can be a good business, as Plaid and Datadog have shown. Being an infrastructure consumer, however can be painful and costly.
Still, it’s not all fun and games as an infrastructure provider either. If you’re successful, you become an industry standard and industry standards have to satisfy all sorts of uses and tolerate all sorts of users. Attracting all that attention means your good users demand greater security and your bad users, well they require greater security. Datadog is buying security management platform Sqreen and Plaid is facing several lawsuits claiming they violated consumer privacy laws.
If everything becomes a bank and banks are in the business of national security…
Fantasy Insurance
We talk about the hammering insurance has taken from low interest rates and higher losses due to catastrophes a fair amount around here. One effect this has is to push insurers to innovate and create new products that can generate new sources of revenue and uncorrelated losses. Cyber insurance is the one I focus on most, but another type of insurance has been growing in parallel to cyber and doesn’t get as much attention as it deserves, that is Directors and Officers (D&O) insurance.
D&O insurance is protection for the directors and officers of a company from lawsuits. Now, D&O doesn’t cover fraud, so it’s not a case of “everything is securities fraud,” but it does raise an interesting question about the purpose of board and executive liability. For example, when Yahoo’s board members were hit with the $29M settlement ($10.5M went to lawyers) due to their negligence and cover up of a data breach, insurance covered the payout and legal costs.
So when I saw that the SPAC boom is creating driving up D&O demand, my ears perked up. As Matt Levine puts it, “...the best reason for a private company to go public by merging with a special-purpose acquisition company, instead of doing a traditional initial public offering, is that each SPAC offers a unique opportunity to go public with a close relationship with an experienced sponsor and a world-class board of directors.” If the directors have trouble getting insurance, what kind of message does that send about the SPAC? As Matt points out, does this matter? Does anything matter anymore?
There’s one place where reality does seem to intrude a bit, but it’s a pretty unlikely place. That place is Texas. The state that has believed itself to be an independent republic for most of its statehood is now facing up to reality. One way reality is encroaching is via a court order mandating that insurers cover business interruption losses due to the pandemic.
Infrastructure Criticism
Another way that reality is creeping into Texas is the recent snowstorm and related energy outage. Plenty of news about renewable wind farms freezing, natural gas plants shutting down or lack of grid preparedness are making the rounds, so no matter what your political tribe, there’s a narrative that will satisfy you. The FERC, NERC and ERCOT are all looking into the cause of the critical infrastructure failure, but it will be some time until we hear their conclusion.
Let me shorten the wait for you. The problem is we don’t take care of our critical infrastructure until it breaks. This is a lesson well known from cybersecurity, and now the spend on securing our critical infrastructure is expected to top $105.99 billion this year. In some ways this is just another data point in the long shift towards services and away from production.
As David Graeber pointed out, “But a teacup or a bottle, well you know, you produce a cup once. You wash it like ten thousand times. Most work isn’t actually about producing new things, it’s about maintaining things.”
Supply Chains
So here we are, rehashing the Bloomberg story about Chinese exploitation of computer supply chains. This latest salvo seems to have a bit more muscle behind it. Perhaps intelligence sources, unhappy with skeptical response to the first story, decided it was worth the risk to provide more detail this go round. Whatever the reason, the issue is front and center for the Biden administration, and the semiconductor industry is taking note.
Chip design and manufacturing companies wrote a letter to Biden asking for federal funding for semiconductor manufacturing. The U.S. is in a tough spot, with Chinese subsidies and Taiwanese fabrication dominance pushing American suppliers out of the market. No amount of subsidies is going to bring down American labor costs and the economies of scale that TSMC has been able to create are not likely to be replicated for a long time in the U.S. if ever. Still, it is an issue of… national security, just like everything else.
Not only is chip manufacturing a security risk, but so is software development. Dependencies in software, especially open source, have long been known to be a weakness. This is despite the fact that the United States is the leading supplier of software to the world. Maybe programmers should be banding together to ask for secure software funding? I can just see it now, “(Reuters) - A group of [freelance developers working from coffee shops and coworking spaces] sent a letter to President Joe Biden urging him to provide “substantial funding for incentives for [securing node.js]” as part of his economic recovery and infrastructure plans.”
Gratitude
Big thanks to Kevin LaCroix and Matt Levine for your pieces that explained topics I drew on for this piece far better than I ever could!