RISK MANAGEMENT

Founder’s Note: “After nearly a decade of daily operations in DeFi—managing both personal and third-party capital—I decided to focus on thoroughly analyzing each transaction from a risk management perspective, with the primary goal of protecting the capital of my trusted friends and, above all, to be able to sleep peacefully at night. My professional background as an executive at the Swiss multinational SGS for over 20 years, allowed me to apply humble knowledge and tools to conduct an in-depth study, the key findings of which I share here in the hope that they may serve finance professionals.

In the end, there is also here an undeniable truth that makes some of our peers in the traditional sector uncomfortable: critical risk disappears when you truly master what you’re doing, not because risk isn’t lurking, but because you set the pace and ensure that every step is firmly grounded. As for moderate and low risks, they depend entirely on the quality of the processes your organization is truly able to adopt — which must be dynamic and adaptable to each new situation, like a sailboat adjusting to changes in the wind direction.

As conclusion, the concept is simple but the implementation is not. The good news is that industries reinvented through blockchain tech enjoy two unprecedented competitive advantages in human history as risk reducer: immutable transparency and the drastic reduction of third-party guarantors enabled by consensus mechanisms.

I am deeply grateful to the YAM & SECUREUM community for its valuable contributions in identifying industry system vulnerabilities, sharing post-mortem analyses, and the implementation of safe practices.”

MG – CEO, OWL Capital

In the innovative evolving crypto and DeFi ecosystem, managing risk is not an afterthought—it's a central element of capital preservation and long-term performance. Our firm applies a comprehensive risk management framework segregated into 3 risk clusters REGULATORY, OPERATIONAL and FINANCIAL, which distinguishes between EXTERNAL (market/institution-related) and INTERNAL (company-level/operational) risks.

EXTERNAL RISKS - INTERNAL RISKS

EXTERNAL RISKS Market and protocol-level exposure

Quick summary of risks derived from the underlying counterparties, 3rd parties, markets, or infrastructure we interact with.

Smart Contract Risk

Smart contracts are self-executing code deployed on blockchain networks. Their immutability and autonomous nature mean that any coding error, logic flaw, or vulnerability can result in irreversible financial loss. Risks include bugs, design flaws, undocumented features, or malicious backdoors that could be exploited. These issues are exacerbated when contracts interact with each other, especially in complex DeFi protocols where dependencies increase systemic exposure.

Taken actions (*)

We strictly work ONLY with protocols/institutions that comply with this standards: extensive multi-audit history through top auditing companies (Pashov, Halborn, ToB, SpearBit, Guardian Audits, Cantina auditors), use OpenZeppelin repos smartcontrcts, we review forks from UNISWAP smartcontracts for assuring integrity. Exposure is capped based on code maturity and TVL robustness.

(*) Insured Risk

Counterparty Risk (Protocol Governance)

Protocols governed by token holders or small founding teams may undergo sudden or biased changes in critical parameters (e.g., interest rates, incentive structures, or smart contract upgrades). If governance power is concentrated in a few wallets or lacks transparency, there’s a heightened risk of collusion, misalignment with community interests, or protocol forks that may disadvantage minority stakeholders.

Taken actions (*)

OWL provides liquidity to entities as Automated Market MAker or Money Markets without actually lending them the funds. This is made possible through blockchain infrastructure, where liquidity is deposited into smart contracts that allow sector companies to access it—yet without taking control over those funds. Ownership and control always remain with the liquidity provider.

(*) Insured Risk

Oracle and Data Feed Risk

Oracles bridge the blockchain with real-world data (e.g., asset prices). If an oracle is manipulated, delayed, or inaccurate, it may trigger faulty liquidations, misprice collateral, or result in wrong execution of smart contracts. This is especially critical in lending protocols, stablecoins, and any system requiring real-time external inputs. Dependency on a single source or insecure data aggregation increases systemic fragility.

Taken actions (*)

Depending on the investment activity, we have a limitation for leverage activities based on MARKET RATE ORACLES (typically provided by Chainlink, Redstone or Pyth Network). As ultrasafe practice, leverage is standarized to work under NAV or EXCHANGE RATE ORACLES, as there is no affection of market effects.

(*) Insured Risk

Liquidity and Slippage Risk

Limited liquidity in decentralized exchanges or smart contracts may cause significant slippage when executing large trades or exiting positions quickly. This becomes particularly problematic during market stress or in long-tail assets with shallow markets. Slippage can erode returns or force selling at a loss, while insufficient liquidity can lock positions or delay redemptions.

Taken actions (*)

Our system performs pre-trade analysis includes slippage simulation for expected trade sizes. AMMs and pools are assessed for TVL (normally we set a minimum threshold of USD 500k for initiating research of mentioned pool), spread behavior, and exit scalability. Portfolio construction includes liquid buffers and diversification across protocols and assets to ensure redemptions and rebalancing can occur without market disruption.

In the specific case of providing liquidity where the reward mechanism is based on emissions plus incentives, we prioritize to allocate funds where the deposited liquidity is rewarded for being placed within the active tick, rather than based on fees generated by the pool. Likewise, we prioritize liquidity deposits on Layer 2 networks, as these cannot be front-run. This actions are not deployed to eliminate any inherent risk to funds per se, but rather reflects an ethical approach

(*) Insured Risk

Market Volatility Risk

Assets different to stablecoins, are inherently volatile. Sharp price movements may cause sudden losses, margin calls, or collateral shortfalls. Assets that appear uncorrelated may move in tandem during liquidity crunches. Strategies not dynamically adjusted for volatility may experience amplified drawdowns. Volatility also affects hedging costs and the predictability of yield generation.

Taken actions

As one of our unique competitive advantages, our internal system performs high-sophisticated Hedging techniques that allow us to provide concentrated + leveraged liquidity under Delta and Gamma neutral market exposure for specific bluechips as ETH, BTC and SOL.

Stability Risk

Stablecoins, while designed to offer price stability, are exposed to several critical risks. Collateral risk arises when the assets backing the stablecoin are volatile, insufficient, or poorly managed, especially in algorithmic or crypto-backed models. Counterparty risk affects centralized stablecoins, as users rely on the issuer to hold and manage reserves properly. Regulatory risk can lead to restrictions, asset freezes, or outright bans depending on jurisdictional changes. Technological risk includes vulnerabilities in smart contracts or protocol infrastructure. Liquidity risk emerges during market stress, potentially preventing timely redemptions or causing price slippage. A key concern is the depegging risk, where the stablecoin loses its 1:1 peg to the dollar due to market imbalances or trust erosion. Transparency risk also plays a role, particularly when issuers lack regular, independent audits.

Taken actions

We do not engage with algorithmic stablecoins. Our operations are strictly limited to audited, overcollateralized, and battle-tested stable assets, including USDC, USDT, USDTo, DAI, SUDS, USDe, frxUSD, LUSD, and PYUSD.

Regulatory/Geopolitical Risk

Jurisdictions vary widely in their treatment of digital assets. Regulatory action—including bans, restrictions, or retroactive enforcement—may impact protocol operations or token utility. Tokens or protocols may be delisted, frozen, or face legal scrutiny, making them unviable. This risk is elevated in assets with unclear legal classification or where founders and infrastructure are located in unstable regions.

Taken actions

We use to collab with financially strong countries such as Switzerland, Japan, the UK, Hong Kong, Singapore, and the UAE which have fully regulated digital asset frameworks. Additionally, several smaller jurisdictions have also implemented comprehensive regulatory regimes, including El Salvador, the Cayman Islands, the Bahamas, the British Virgin Islands, Mauritius, Malta, Bermuda, Estonia, and Lithuania. Recently, US is under process of full Digital Asset regulation

Bridge and Cross-Chain Risk

Cross-chain bridges facilitate asset transfers between blockchains but are often the weakest security point in DeFi. They involve multiple validators or relayers and complex verification schemes, which if compromised can lead to total asset loss. Past incidents have shown that even well-known bridges have been vulnerable to sophisticated attacks. Downtime, delays, or misconfiguration can also expose capital.

Taken actions

Our estándar for bridge transactions is Circle CCTP. Spotly, we can use native official blockchain bridges in case cctp does not exist there

INTERNAL RISKS Fund management & operational exposure

Quick summery of risks that arise from the fund’s own structure, custody, processes, and governance.

Custody and Key Management

Improper storage or management of private keys can result in permanent loss of access to assets. Risks include phishing, hardware failure, human error, or unauthorized access. In institutional environments, poor key governance can lead to theft or mismanagement. Multisig setups reduce single points of failure but must be implemented with operational discipline and secure backups.

Taken actions

At OWL Capital, we follow simple but strict rules for the management of private keys and wallet usage: Redundancy in physical storage of private keys with internal obfuscation mechanisms. Use of professional self-custody wallets with high industry reputation (Rabby, Phantom, Unisat). Implementation of on-chain multisignature systems when required, following the SAFE Wallet standard. Blockchain access through dedicated computing devices (not smartphones), with reliable internet access and official RPCs, used exclusively for executing blockchain transactions (this prohibits devices with access to email, social media, or unapproved websites, except for DeFi dApps). In regulated environments, the use of custodial wallets must undergo a Due Diligence process to approve Custodians.

Redemption and Liquidity Management

Redemption pressure can exceed the liquid capacity of the underlying assets, especially in stressed markets. If investors request redemptions faster than assets can be unwound, forced liquidation at unfavorable prices or redemption delays may occur. Maturity mismatches between fund structure and asset profiles amplify this risk.

Taken actions

By deliberately choosing to operate exclusively in hyper-liquid markets, we have effectively eradicated this category of risk from the outset.

Valuation and NAV Risk

Accurately pricing digital assets—especially those in illiquid, off-chain, or long-tail segments—can be difficult. Using outdated, manipulated, or limited price data can distort NAV calculations, misinform investors, and impair decision-making. Illiquid holdings present a particular challenge, often requiring model-based assumptions that may not reflect true market value.

Taken actions

NAV is calculated continuously on-chain, block by block, leveraging decentralized price oracles through our wallet system. This means that unit prices and cuantities are effectively immutable and 100% based on blockchain activity. Illiquid assets are excluded from our portfolio services — we exclusively operate with leading blue-chip and stablecoin assets.

Fee Transparency and Performance Accounting

Lack of clarity in fee calculation—especially for performance-based incentives—can misalign manager and investor interests, erode trust, and lead to disputes. Ambiguities in High Water Marks, Hurdle Rates, or performance benchmarks can skew reported results or incentivize excessive risk-taking.

Taken actions

Fees are calculated and reported systematically. All fee structures, including High Water Mark and Hurdle Rate mechanics, are pre-disclosed and verifiable. Independent reconciliation of fees and fund performance can be conducted by external auditors any time.

Internal Compliance and Policy Risk

Inadequate internal controls may lead to breaches of the fund's investment mandate, overexposure to specific assets, or deviation from strategic goals. Lack of oversight, unclear approval procedures, or conflicts of interest may compromise the integrity of portfolio management.

Taken actions

Investment decisions follow a tiered approval structure involving strategy leads, risk officer, and compliance officer. A pre-trade checklist ensures mandate alignment. Allocations that exceed preset limits trigger mandatory risk reviews. All actions are logged and auditable.

Human Error and Insider Risk

Manual actions, lack of process standardization, or key-person dependencies can result in execution mistakes or oversights. Additionally, unauthorized internal activity—such as data leakage, collusion, or fraud—poses a risk if not mitigated by appropriate governance structures and access controls.

Taken actions

All our processes are standardized workflows. For regulated framework, no individual has unilateral signing or deployment authority. Staff roles are segregated between research, execution, and custody. Multisig system monitoring mitigates effectively insider risk.

Business Continuity and Infrastructure Risk

Technical failure, cyberattacks, or catastrophic events (e.g., power outages, data center failure) may interrupt fund operations. A lack of redundancy in systems or secure off-site backups increases the risk of irreversible data loss or prolonged downtime during crises

Taken actions

One of the key advantages of blockchain-based investing is that all information is recorded in a decentralized, immutable, and globally distributed ledger across thousands of validator nodes. Since 100% of our operations are conducted through the wallet system, data recovery in cases of force majeure requires only access to the corresponding private keys