2017 was the year of the ICOs with a record 5.5 Billion USD raised compared to 90 million USD the year before and 2018 has been no different and has already surpassed this figure with 7 billion having been raised to date, according to ICOdata.io. Whilst it sounds like the ICO machine is growing in strength, the trend tells a different story. A dramatic fall in funds raised month on month during 2018, as well as the number of ICO\u2019s reducing suggests that all is not well with the market. A number of high profile incidents regarding outright scams, alongside poor management, overvaluation of ICO\u2019s and the crypto space have had an impact on the market with investors being more careful and more demanding of ICO\u2019s. Additionally, regulators getting stricter and introducing KYC and other requirements for investing in ICO\u2019s means that ICO\u2019s are now facing a tougher time getting off the ground and raising funds. This has created the rise of the STO. The security token offering which is more regulated and a hybrid of IPO\u2019s and ICO\u2019s. It is here that Risk Management can help ICO\u2019s and STO\u2019s gain credibility and stand out from the crowd and gain competitive advantage, adding value by bringing a level of transparency rarely seen in the industry, and ultimately, leading to investor confidence in the token offering and it\u2019s management team. One example that springs to mind was a Nordic property development company who decided to not only introduce risk management within their organization but also communicate it (along with their top risks to the various developments) to potential investors. The results were two fold with sales increasing as a result of increased confidence in the company compared to competitors, as well as better performing projects\/developments. This example highlights the fact that it is not just during the token offering stage that risk management will play a key part. The introduction of risk management to the company will lead to improved performance, resilience, strategy setting and optimisation of said strategy, as well as improved decision making. Consider that yet more competitive advantage! Innovation It has long been said by people who don\u2019t understand risk management, that it is a hinderence to innovation. Quite the opposite is true however. Risk management can help foster a company\u2019s innovation agenda by revealing blind spots and areas of underinvestment. Companies such as Google, who challenge staff to find faults and risks in their projects, are a perfect example of the marrying of risk and innovation. Clearly the blockchain space is all about Innovation which makes risk management all the more important. So what do current organization\u2019s in the space do in terms of risk management? What should ICO\u2019s focus on? Objectives and strategy setting There are a number of articles and courses out there that cover how to set up risk management within an organization and how to identify risks, however some key focus areas for this industry is that ICO\u2019s and STO\u2019s need to be very clear as to their objectives and focus their efforts on Identifying and assessing their risks to these objectives whilst looking at solutions to mitigate them. These companies in particular are covering uncharted territory and at the very least, areas that most investors are not familiar with. This is why having clear objectives that investors can understand is a must. This then sets context when identifying risk. Opportunities need to be considered in this context too, and embedding the risk process within strategy setting or objective setting can add real value to an organization\u2019s success as risk management can often influence the strategy significantly. Innovation, Research and development It\u2019s not just the high level objectives that need to be considered with regards to risk management however. A process needs to be developed that allows risk to be embedded throughout the research and development process. It should be a natural part of idea generation and a tool to enhance all aspects of the project. Risks that are identified when an idea is born on the back of a napkin at a coffee shop, are cheaper and easier to rectify than once infrastructure or software has been built! Having met with a few companies in the space, it is clear that some have decided to focus their approach on getting the fundamentals right. One reason it has taken these specific companies longer for them to achieve their goals is that, they have been determined to get the bigger more complex problems resolved as a priorty before launching anything. This makes managing any unforeseen risks in the future much easier. Many other companies who simply launch their product after ironing out only a few teething problems, then realise they face major difficulties going forward when the larger problems make themselves known and they are forced to resolve themn within the confines or parameters of the design they have already launched. Risk Culture Whilst having a process is important, more important for any organizations looking to implement risk management, is understanding that having a positive risk culture is cruicial. All employees, managers and directors are responsible for managing risk and making risk based decisions. Therefore, aside from having the necessary training, they also need to feel empowered to bring bad news to the table and share concerns. The risk framework needs to ensure that risks can be escalated and not blocked by managers or directors protecting their bonus. Building a strong risk culture isn\u2019t easy but the value it brings is unparalleled. Recently, I sat down with Vibeke of Kontrapro Risk Management to discuss the topic of Risk Culture, what it means and ideas on how to build a positive risk culture. This has been launched as a Video Miniseries that can be found at www.riskguide.wordpress.com. Some aspects to consider in order to build a successful risk culture are: \tEnsuring there is incentive to identify and manage risk \tInvolving everyone in the process and breaking down silo\u2019s. Your people are your experts, use them! \tEngaging people and ensuring that they see the value of risk management \tConsider looking past regular reporting and instead focusing on real time risk sharing and communication \tHaving a communication plan that includes internal and external risk communication (investors, partners and other stakeholders) Risk Communication Communicating risk is a critical part of risk management success. Both internally and externally. Internal risk communication ensures that everyone in the organization is aware of the top risks and can work towards solving or reducing them. It also allows staff to see the results of their input into the process. External risk communication on the other hand ensures that the company can work with partners to understand risks that they may not have been aware of. It also encourages partners to engage in risk management. In the early 2000\u2019s, Dell computers discussed upcoming risks with partners in Asia and one particular risk, the closure of the east coast ports due to strikes, was managed by chartering jumbo jets and ensuring that if the risk occurred, they would be in a position to continue building and delivering computers to customers. The risk did happen and Dell did continue to keep customers happy and it played a major part in propelling Dell to becoming one of the major computer manufacturers. The importance of the Non-Executive Director or ICO Advisor Often, improvement to the process or a better understanding of risk within companies & ICO\u2019s, come from having non-executive directors (NEDS) or ICO advisors who have a wide variety of experience and who can add, for example, to the risk management process. Better still however, is having someone on board with a full understanding of risk management who will ultimately bring the most value as they work towards embedding risk management into the culture and decision making of the organization. Especially in the case of ICO\u2019s, which can make great use of a variety of advisors, it is an opportunity not to be missed. It is therefore important to choose your advisors and NEDS wisely. Companies should look for experienced risk professionals who have worked with boards, had involvement in setting strategy, understand technology companies (and have a grasp of the underlying technology), have strong communication skills (communicating with board members, developers, programmers, marketing people etc.) and understand the need to be flexible and adaptable in their approach. Companies in the space already have an abundance of blockchain and tech expertise and therefore, although it is useful to have a deeper understanding of the technology, it remains low on the list of requirements from a risk expert. At the end of the day, everyone in the organization is responsible for managing their risk.