"Nature abhors a vacuum," Aristotle postulated. It's the last weekend of unofficial summer and as kids return to school, finance professionals return from the Hamptons and tech workers return to the office the fall is gearing up to be a busy season. I, for one, am not looking forward to the increased traffic, packed train cars and long lines. Congestion can discourage travel, and perversely, widening highways can often create worse traffic. Knowing when something is a positive or negative feedback loop is critical to managing risk. This week I cover a number of stories that have unintuitive feedback loops.
The Odd Lots podcast, with Joe Wiesenthal and Tracy Alloway, spoke with Hyun-Song Shin, an economist working at the Bank of International Settlements, about new financial instability risks. In the podcast he uses the phrase "perverse demand response" to describe how a bank like SVB can get caught in a positive (downward) feedback loop where selling bonds that are reduced in price reduces the price of those assets further. Normally supply and demand work to stabilize prices through negative feedback, where lower prices reduce supply and rising prices reduce demand.
There are famous examples on the demand side where raising prices increases demand – luxury goods and Giffen goods. Luxury goods are self explanatory, but Giffen goods are tricky and rare. A Giffen good is a type of inferior good, that is one that buyers demand less of as they get richer. Think of a person getting a raise at work and trading their subway card for Uber rides. This specific type of inferior good has few substitutes at much higher prices, such that a buyer is forced to reallocate their budget towards the inferior good when prices rise. Are bonds now Giffen goods?
One other type of inferior good with few substitutes is early stage investing. As late stage prices increase and record smashing IPOs print paper millionaires overnight, early stage rounds get priced higher and higher. With more money sloshing around and a firms competing to get in earlier and earlier in deals, the rise in prices creates more demand. 2023 has seen a huge drop in angel investing and with prices falling, a normal market would see a flood of buyers jumping in at bargain prices, but angel investing is anything but a normal market. For one thing, you have 5-10 years before selling, so there's plenty of time to weather these positive (downward) feedback loops.
Eventually a good company will IPO at a decent price and then the positive feedback loop will increase prices based on rising prices. My friends over at Attack Capital (disclosure: I'm an investor) wrote a nice piece on Instacart trying to pry open the IPO window and flip the positive feedback loop from a downward spiral to an upward one. One challenge with private equity not marking to market is that institutional investors trying to maintain a balanced portfolio are overweight private equity, causing many of them to maintain or shrink their exposure. When the IPO window opens back up and prices rise, institutions will find themselves underweight and markets will swing wildly.
The Russian ruble has been taking a wild swing lately. Demand for rubles has cratered due to sanctions, sending the ruble into a tailspin and causing the Central Bank of Russia (CBR) to take drastic measures, which I wrote about two weeks ago. Now the CBR is pushing forward with a central bank digital currency pilot. This step comes not long after China and the UAE cooperated on the first cross-border central bank digital currency transaction last year. More recently, Russia and India's relationship has become more strained as billions of Russia's rupees are languishing in Indian banks. So far, sanctions have had little effect on the Russian economy as demand for Russia's oil has remained strong, but the financial system is distinct from the economy.
After a wild ride in international affairs last week the news cycle seems to be tilting more towards domestic politics in the U.S. as primary elections heat up. Here are a few stories about a UN treaty on cybercrime, another coup in Africa, a chip export ban and a quick denial of the ban to keep you entertained.
In technology this week there's plenty of news, however. Starting with this rundown from A16Z on fintech updates. With Russia testing out its CBDC, the US is looking at setting up payment rails in a slightly less authoritarian way with the introduction of FedNow last month. The U.S. Government is often much slower than other countries to step in and set industry standards, which can be a bit of a pain for consumers in the short run, but taking a less heavy handed approach means letting markets play out which has two benefits. First, competition is usually better at sorting out the best solution, and second, it's a long-term signal of commitment to private sector innovation.
One area you definitely don't want players to reap the rewards of their investments, however is cybercrime. The FBI and multinational partners took down the QakBot malware distribution network. This criminally operated piece of ransomware infrastructure became the standard for notorious campaigns such as Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. The customers (ransomware operators) would use QakBot, which was run by a team out of Russia, to spam phishing emails with links or attachments that could infect the target. This standardized botnet provided the rails for criminals to extort companies. Lack of action allows bad actors to get a return on their investment and signals to future bad actors that they can invest more in R&D. This action will help to reset criminal expectations and prevent cybercrime innovation. Do listen to the whole podcast to hear Natasha Eastman (disclosure: we were classmates) of CISA expand on quantum risks.
It happens every year, multiple times a year, but here's a story about the biggest hack of 2023... so far. File transfer software MOVEit, heavily used in the healthcare industry, was breached and lost control of 60 million individuals' information. Notably, the Clop cyber gang put out a notice saying it would delete any government information acquired through the breach. A move, no doubt, attempting to prevent Clop from suffering QakBot's fate.
Finally, here's a report on the state of cyber insurance from Delinea. Cyber insurance is like widening highways in that it subsidizes behavior that is harmful to the system. The more insurance, the more hackers stand to benefit from ransomware payouts and the more defenders stand to benefit from moral hazard. It can be a dangerous positive feedback loop, but if insurers are able to change policy holders' behavior, the feedback loop flips to negative, where every new policy improves the security of each policyholder, dramatically reducing risk across the system.
Delinea is the name TPG Capital chose to rebrand Thycotic and Centrify. Thycotic and Centrify were two privileged access management companies that focused on doing a few things well (automated deployment and hybrid Windows/MacOS environments, respectively). Take this report with a whole shaker of salt, just as you would any vendor, but 67% of survey respondents said premiums were up over 50% since last year with 81% (down from 94%) of buyers able to get budget approval. Unsurprisingly, Delinea found that identity and access management was the top control insurance companies required. Maybe it's too good to be true, but if it is, that might be an unintuitive feedback loop to save cyber insurance.