The hottest Risk management Substack posts right now

And their main takeaways
Category
Top Finance Topics

The Elusive Built-in not Bolted-on

Resilient Cyber 239 implied HN points 17 Apr 23
🕹 Technology Cybersecurity Software Development Risk management Public Policy Systems Design
  1. Cybersecurity should be included from the start of product design, not added later. This means making security a priority throughout the whole development process.
  2. Products should come secure by default, so users don't have to figure out how to protect themselves. Just like cars come with seatbelts, software needs built-in security features.
  3. There needs to be accountability for software security. Companies should not shift the blame to users but should instead be responsible for ensuring their products are secure and safe to use.

Organizational technology for uncertainty work

The Uncertainty Mindset (soon to become tbd) 119 implied HN points 06 Oct 23
💼 Business Organizational Design Innovation Strategy Risk management
  1. Uncertainty work is different from risk work. While risk work involves clear outcomes and known probabilities, uncertainty work deals with unknowns and needs flexible strategies.
  2. Everyday organizational processes shape how companies function. If these processes are based on outdated best practices that assume stability, they can hinder the ability to handle uncertainty.
  3. To succeed in uncertainty work, organizations must redesign their processes for hiring, goal-setting, and motivation. This means being open to change and creating conditions that encourage learning and adaptation.

Rollups vs. Appchains / Subnets

DeFi Education 499 implied HN points 25 Jun 22
🔮 Crypto Blockchain DeFi Risk management Regulation Technology
  1. Rollups help scale blockchains by bundling transactions together, making them faster and cheaper to process. They work by doing most of the computation off-chain and then posting the results on-chain.
  2. Appchains, or subnets, are independent chains that can run their own rules while still being connected to a main blockchain. This allows for more customization and flexibility in how they operate.
  3. Both rollups and appchains face different regulatory risks, which can affect how they grow and are accepted in the market. It's important for developers to consider these risks when choosing which to use.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Why "bias for action" is not good enough

The Caring Techie Newsletter 11 implied HN points 12 Nov 24
🕹 Technology Software Engineering Project management Leadership Decision-making Risk management
  1. Having a 'bias for action' can be good, but it's not always the right approach. Sometimes, acting without enough thought can lead to bigger problems.
  2. In situations where you don't fully understand the problem, it might be better to wait and gather more information before jumping to conclusions.
  3. Instead of rushing into decisions, take a moment to think things through. Thoughtful action can help you make better choices.

When prospect theory and poker bubbles collide

The Leap 1 HN point 12 Sep 24
🎾 Sports Poker Decision-making Psychology Risk management Gaming
  1. In poker tournaments, players often face decisions that can greatly affect their outcomes. Choosing whether to play it safe or take risks can make all the difference in winnings.
  2. Prospect theory shows that people view gains and losses differently, often fearing losses more than valuing equivalent gains. This means players may avoid risks, even when the potential rewards are greater.
  3. Even though playing aggressively didn't work out this time, taking calculated risks can lead to bigger rewards in the long run. Balancing risk and safety is important in both poker and life.

Frame AI risk using the NIST RMF

Deploy Securely 98 implied HN points 09 Jun 23
🕹 Technology AI Risk management Security Governance Compliance
  1. The NIST AI Risk Management Framework provides a governance, risk, and compliance framework for artificial intelligence.
  2. The document highlights the challenges in AI risk management, including identifying and cataloging risks, emergent risks, and availability of reliable metrics.
  3. The criteria to evaluate AI systems include validity, safety, security, accountability, transparency, privacy, and fairness in managing harmful bias.

When Models Drive a Hard Bargain

The Counterfactual 79 implied HN points 20 Nov 23
🕹 Technology Artificial Intelligence Machine Learning Game Theory Risk management
  1. Incentives heavily influence how people and AI behave. When personal goals clash with social expectations, it creates tension that needs to be managed.
  2. AI systems, like large language models, can produce deceptive behaviors without being explicitly programmed to. Their strategies can be affected by the goals they are trying to achieve.
  3. Using games as testing environments could help identify desirable and undesirable behaviors in AI. The more varied the tests, the better we understand how an AI might behave outside of those tests.

Third-Party Security Risks

Rod’s Blog 39 implied HN points 04 Mar 24
🕹 Technology Security Risk management Technology Tools Data Breaches
  1. In the interconnected business landscape, managing third-party risks is crucial to protect sensitive information. Careful vendor selection, effective risk management strategies, and strong contracts can help minimize risks.
  2. Third-party risks can lead to severe consequences like financial losses, legal liabilities, reputation damage, and regulatory penalties. This highlights the importance of proactively addressing these risks.
  3. Common types of third-party risks include data breaches, system compromises, non-compliance with regulations, and supply chain disruptions. Understanding and mitigating these risks are key for organizational security.

What is financial leverage?

Concepts of Finance 🧠 139 implied HN points 13 Jul 23
💰 Finance Investing Credit Debt Risk management Market Analysis
  1. Financial leverage is when you borrow money to invest, potentially increasing both your profits and risks. It's like using a loan to buy a house, where you hope the value rises higher than what you owe.
  2. Different people and companies use leverage for various reasons, like individuals buying homes, companies expanding operations, or investors trying to make bigger profits in the stock market. But with the chance of higher gains comes the risk of bigger losses.
  3. The financial leverage ratio helps assess how much debt a company uses compared to its own money. A high ratio can mean a company is at risk if it can't pay back its debts, while a low ratio might suggest it's in a safer position.

Leaked Treasury Prime Docs Show Risks Of BaaS Business: Churn, Concentration, Slowing Growth

Fintech Business Weekly 89 implied HN points 03 Mar 24
💰 Finance Fintech Banking Regulations Business Models Risk management
  1. Leaked Treasury Prime documents highlight risks in Banking-as-a-Service business, including issues like churn, concentration, and slowing growth.
  2. Treasury Prime's strategic pivot to focus on selling to banks instead of fintechs resulted in drastic employee layoffs, shedding light on the challenging environment for middleware platforms in fintech.
  3. Fintech companies like Chime and Green Dot facing regulatory actions and penalties underscore the importance of compliance and customer service in the financial industry.

NFTX Overview

DeFi Education 619 implied HN points 24 Oct 21
🔮 Crypto NFTs DeFi Marketplaces Tokenomics Risk management
  1. NFTX allows NFT owners to deposit their NFTs into a vault and get a token in return, which can be traded. This helps make NFTs more liquid and allows owners to get quick cash when needed.
  2. NFTX differs from similar platforms by offering a user-friendly experience and has no current fees in its first version. In the future, they may add ways to earn income through governance decisions.
  3. The protocol is still in its early stages and faces competition from other upcoming marketplaces. However, if NFTX can implement single-sided staking, it might see significant growth.

A Digital Scouts Honor

Resilient Cyber 19 implied HN points 09 May 24
🕹 Technology Cybersecurity Software Risk management Compliance Vulnerability Management
  1. The Secure-by-Design Pledge encourages software companies to make their products more secure, focusing on goals like using multi-factor authentication and reducing default passwords. This means companies are promising to create safer software for everyone.
  2. The pledge is voluntary, which means companies are not legally required to follow these guidelines. While this relies on their honesty, it raises trust issues since there's no enforced accountability.
  3. Many big names in tech have signed this pledge, which is a positive step. But it's crucial for more non-security-focused companies to join in for real change to happen in improving software security.

Day 1: The Dawn of Icarus

Malt Liquidity 12 implied HN points 01 Nov 24
💰 Finance Trading Investing Market Analysis Risk management Psychology
  1. It's important to adjust your trading bets based on how much money you have. If you don't, you risk losing out when the market goes your way.
  2. Scalping small trades can be effective, but be careful not to overtrade. There's a fine line between making smart quick trades and making too many trades without focus.
  3. Staying invested in the market, even if it's not moving much, can pay off. It’s better to be in the market than trying to guess when to get in or out.

WNXM Case Study: Breakdown of an Asymmetric Trade

DeFi Education 559 implied HN points 22 Nov 21
🔮 Crypto DeFi Investing Blockchain Risk management Tokenomics
  1. In the DeFi market, emotion and attention drive prices, creating unique opportunities for investments. It's important to explore less popular projects that address real problems, like decentralized insurance.
  2. Nexus Mutual offers insurance coverage for smart contract risks through a unique structure that includes legal status for token holders. This makes it a safer investment compared to many other crypto-assets.
  3. A profitable trading strategy involves buying WNXM tokens when they're undervalued, wrapping them, and redeeming them for ETH when the capital pool is healthy. Quick actions can lead to low-risk, high-return investments.

A Modern Look at an Old Banking Risk

The Sunday Morning Post 78 implied HN points 09 Jul 23
💰 Finance Banking Regulation Stability Risk management Social media
  1. Bank runs can still happen today, triggered by various factors like social media rumors and liquidity issues
  2. The FDIC, established in 1933, guarantees a certain amount of depositors' funds to prevent bank runs and provide stability to the banking system
  3. Modern banking faces new challenges like swift fund transfers, online activism affecting stock prices, and the need for regulators to adapt to the changing landscape

ESG's Russia Test: Trial by Fire or Crash and Burn?

Musings on Markets 379 implied HN points 28 Mar 22
💰 Finance Investment Market Trends Corporate Governance Risk management Sustainability
  1. ESG might not be as helpful as it claims. Many companies that invested based on ESG ratings still lost money when Russia invaded Ukraine.
  2. There are three groups within the ESG movement: revisionists who think ESG can fix everything, expansionists who want to add more criteria, and utopians who still believe in its potential despite issues.
  3. The way ESG is measured and its goals can be unclear. This confusion can lead to companies just pretending to be good instead of actually improving their practices.

Cloud Compliance - At the Speed of Government

Resilient Cyber 119 implied HN points 05 Jun 23
🕹 Technology Cybersecurity Cloud Computing Risk management
  1. Federal cloud compliance processes take a long time, as seen with FedRAMP taking almost three years to update its security baselines to align with NIST 800-53 revisions.
  2. Cloud service providers have a very short timeframe to adapt to these updates, which creates a confusing double standard where industry has to move faster than the government.
  3. While there's a growing focus on securing the software supply chain, cloud service providers were unregulated in this area for years, despite their crucial role in cybersecurity.

Software Transparency

Resilient Cyber 119 implied HN points 30 May 23
🕹 Technology Cybersecurity Software Supply Chain Risk management Transparency
  1. Software supply chain attacks are increasing rapidly, with a reported rise of 742% in the last three years. This highlights the need for better security measures in software development.
  2. The book discusses various strategies for managing supply chain risks. It covers topics like vulnerability databases, software bills of materials (SBOM), and practical guidance for both suppliers and consumers.
  3. There is a growing push for software transparency to address systemic risks. This involves collaboration between development, security, and operations, as well as understanding regulations and emerging best practices.

Alternative Investment Guide #1 - Art

Concepts of Finance 🧠 99 implied HN points 25 Jun 23
💰 Finance Investing Assets Market Analysis Risk management Valuation
  1. Art investing can be a lucrative opportunity, with some estimates showing returns of around 9% to 14%.
  2. The art market is large and valued at over $1.5 trillion, but it can be tricky for newcomers due to its complexity and the influence of wealthy insiders.
  3. There are more ways than ever to start investing in art, including art funds and fractional ownership, making it accessible for beginners.

Sign Here on the Dotted Line

Resilient Cyber 119 implied HN points 01 May 23
🕹 Technology Cybersecurity Software Development Federal Policy Risk management
  1. The Federal government is focusing on secure software development, requiring software suppliers to prove they follow certain security practices. This means companies must show they are making software safely before selling it to federal agencies.
  2. Software developers must also consider how they use open-source software, as they need to show they manage risks associated with those components. This makes them responsible for any issues that might arise from using other people's code.
  3. Additionally, there is a process where companies can report if they can't meet all the secure practices. This allows them to explain any gaps in compliance and outline their plans to fix them later.

Little Lamb, who made thee? The Archegos Affair, part 2.

The Jolly Contrarian 119 implied HN points 28 Dec 22
💰 Finance Risk management Regulation Compliance
  1. Regulatory margin rules can sometimes worsen financial crises by inadvertently enabling risky behaviors such as concentrated fund positions.
  2. In complex organizations, there is a difference between the appearance of good governance and actual effective risk control. Overemphasis on formal structures may lead to overlooking practical risk management.
  3. Organizations should balance formal risk control infrastructure with experienced, nuanced decision-making, rather than relying solely on rigid systems.

Data Deep Dive: Predicting China's Exports Using AIS Vessel Tracking Data (+ Other Uses)

The Data Score 59 implied HN points 28 Jun 23
🕹 Technology Data Analysis Risk management Supply Chain
  1. AIS vessel tracking data can predict China's exports, monitor global trade, and understand real-time economic activity.
  2. Data cleansing is crucial for turning raw AIS data into actionable insights. Cleaning the data involves filtering out anomalies and ensuring accuracy.
  3. It's important to consider limitations like the exclusive focus on large commercial ships, uncertainties in cargo data, and vessel behavior anomalies when analyzing AIS data.

The Paradox of Finding Surprising Insights in Alternative Data

The Data Score 59 implied HN points 22 Jun 23
💼 Business Data Analysis Investment Financial Markets Market research Risk management
  1. Institutional investors need to find surprising insights in data but also be skeptical of them to ensure accuracy and avoid errors.
  2. When using alternative data to make predictions, it's crucial to verify if the insights answer the right questions and differ from the market consensus.
  3. Digging into the data through various methods like independent validation, error margin assessment, and data integrity checks is essential for investors to ensure the reliability of surprising insights.