【WikiEXPO Global Expert Interviews】Geoff McAlister: From Risk to Resilience

As WikiEXPO Dubai concludes successfully, we had the pleasure of interviewing Geoff McAlister, Founder of MiPool and the Crypto Risk Office. Geoff McAlister is a Dubai-based financial-services leader with 25+ years spanning global markets and digital assets. His career includes roles at Goldman Sachs, Credit Suisse, Deutsche Bank, and First Abu Dhabi Bank (FAB). He most recently served as Group Chief Risk Officer at M2 and as Managing Director & Head of Markets at Hex Trust. Geoff combines deep risk, trading, and product expertise across CeFi and Web3 - building institutional crypto trading, stablecoin solutions, and client coverage for 300+ institutions.

Part I: Take the Best

Q1:The Crypto Risk Office is a unique initiative. What inspired you to establish it, and how does it serve the current needs of institutional crypto participants?

Geoff McAlister: 2022 was a watershed year for the Crypto Asset Markets, by anyones standards. The market has lost in excess of $2 trillion of market capital / valuations and basic Financial Risk Management failures have led to tens of billions of dollars lost on counterparty exposures across dozens of firms including Alameda Research, FTX, BlockFi, Genesis, Three Arrows Capital, CoinFLEX, Celsius, Voyager Digital plus of course the catastrophic failed tokenomics / mechanics of the Terra-Luna network, and the associated Anchor DeFi protocol losing in excess of $50Bn in value.

Additionally, about $3Bn worth of Crypto was stolen so far through crypto technical hacks or exploits. Worse still, is the loss suffered to the industry's reputation as a whole, which scarred the industry for years to come.

The industry has largely neglected or been very slow to take onboard the deep and broad risk management experience that exists in the traditional financial markets. We aim to encourage best practice in risk management, the implementation of professional Risk Governance Frameworks across the industry and to develop the first Crypto Risk Professionals Community!

Q2: MiPool also sounds like a unique initiative, what MiPool is doing for crypto with real world assets.

Geoff McAlister: MiPool stands for Mortgage Investment Pools. MiPool reimagines mortgage finance, through CeDeFi / decentralized Mortgage Investment Pools, we are building the rails for Web3 Mortgage Markets.

The Institutional Track - the platform enables banks to re-sell mortgages to investors on-chain, providing a faster more efficient route to recycle mortgage capital, compared to the slow and expensive MBS structures. While the Retail Track (later) will democratise mortgage origination and investment.

MiPool Markets - is a dedicated market to obtain liquidity for secondary trading of Mortgage Investment Tokens and Financing against MITs as collateral. We have a very special Collateral Management System as the foundation for MiPool and a $1T+ Global Tier 1 Asset Manager as a reference client and together we are discussing the pilot.

Q3: As the former Group Chief Risk Officer at M2 and Head of Markets at Hex Trust, youve built risk frameworks for both CeFi and Web3. What are the biggest challenges in bridging these two worlds?

Geoff McAlister: Both institutions are centralised entities providing clients digital asset products and services. Two things: state and settlement. In TradFi/CeFi, state lives in ledgers controlled by known entities; in Web3, state is public, forkable, and composable. That‘s great - but it breaks old assumptions about finality, rehypothecation, and operational recovery. Second, accountability. In banks, three-lines-of-defence are encoded in org charts; in Web3, “who’s the accountable person?” often blurs across protocols, bridges, and DAOs. The bridge is to port proven banking disciplines - risk appetite definition / governance, limits, concentration checks, counterparty tiers, segregation of duties - into crypto-native flows like staking, liquidity provision, tokenised collateral and smart-contract upgrades. At Hex Trust and M2 we built bilingual controls: TradFi-grade Risk Governance frameworks for managing Risk Appetite, Delegated Authorities, approvals and audit trails, but operationalised for on-chain activity and 24/7 venues. That is the model I advocate-take the best of both, not the worst.

Q4: In your view, whats missing today in crypto risk management - is it technology, governance, or market maturity?

Geoff McAlister: Above those, its qualified people. You can look at many major crypto exchanges and trading entities where they don‘t have an experienced CRO with a strong financial risk background. It’s unthinkable in TradFi financial institutions, but in Crypto the industry is still immature – and full of startups, and proper risk departments are still rarely budgeted for. It seems even when an entity makes it big they often still don‘t set up a dedicated Risk department with a CRO on ExCo and reporting to the board. Of course it isn’t just the CRO, there needs to be a budget and a responsible risk function, but if there is a material financial services firm (Crypto or not) without a dedicated Group Chief Risk Officer, people should be asking questions.

Regulations in Crypto typically require a Chief Compliance Officer, but not a CRO. The compliance function will take care the entity meets FATF, AML, KYC, KYT requirements etc… but that doesnt protect the entity (and its clients) from poor risk management practices, Balance sheet management / Liquidity Risk, Credit Risk and Market risks have been much more impactful and devastating on crypto firms and their customers than technical hacks, exploits and money laundering events.

Governance is key. Position management tools can certainly be better, especially to help incorporate off-chain / OTC trades, but we have decent primitives - MPC custody, policy engines, on-chain analytics and improving portfolio management systems - yet incidents still escalate because firms haven‘t hard-wired who can pause, unwind, or communicate under stress, who is at the table on ExCo to enforce stop-losses and focus on Capital Preservation when needed. There are literally hundreds / thousands of parameters that can be tracked to monitor your risk posture against appetite, liquidity ladders by venue, smart-contract change calendars, token unlock/event heatmaps, cross-venue position/netting views, and custody entitlements drift – when firms become significant to the market, there needs to be dedicated risk teams and appropriate leadership. Finally, we need routine stress drills. Run “table-top” simulations quarterly - bridge outage, oracle drift, stablecoin de-peg-then memorialize lessons into policy and code. Repeated Stress testing for ’what can break you is apparently underrated.

Q5: Having operated in both Western and Middle Eastern markets, how do you see the GCC region positioning itself in the global digital asset landscape?

Geoff McAlister: The GCC - especially Dubai and Abu Dhabi - has moved from experimentation to industrial policy: clear licensing pathways, supervisory engagement, and a bias for real-world finance use-cases. The opportunity is to lead in institutional rails: tokenisation, high-assurance custody and settlement, and cross-border payments on compliant stablecoin corridors. The regions comparative advantages - capital formation, infrastructure speed, and regulator-industry access - map perfectly to RWA tokenization and bank-grade crypto services.

MiPool (https://mipool.finance/) reflects that, we are working to create Web3 mortgage markets on-chain in a regulated wrapper. The GCC can be the “Basel of Web3 rails” - not just permissive, but predictable and exportable. The UAE particularly has regulators that are literally leading the world, its a privilege to be able to operate in this ecosystem, however there is one significant miss.

The local banks really should seize this big opportunity, they have the regulatory rails / clarity and the industry is on their doorstep - but I fear they are being slow, how many UAE banks have a dedicated role on their Executive Committee for Chief Digital Asset Architect or similar, or a dedicated and focused Web3 banking team / entity, BNY Melons Head of Digital is on their ExCo reporting to both the CEO and Chairman. Citi have a very public Future of Finance team within the Citi Institute and JPMorgan launched a dedicated Web3 entity, Kinexys (formerly Onyx).

UAE banks have a real head start and regulatory advantage compared to banks in the rest of the world. They are dipping their toes in, but its very clear to me, they should be building a comprehensive Web3 banking offering – they have the opportunity gifted to them, to literally lead the world in offering Web3 Banking models and services, I look forward to UAE banks taking a lead and building the future of banking with Web3 rails.

Part II: Make trust tangible

Q1: WikiEXPO has become one of the leading global networking platforms for fintech and forex professionals. How important are such forums in building trust and regulatory dialogue across traditional and digital markets?

Geoff McAlister: Markets run on shared context. Conferences compress a year of emails into face-to-face alignment among banks, exchanges, custodians, fintechs, and regulators. The best forums create trackable outcomes: common terminology, draft standards, pilot consortia, and escalation routes. For digital assets to integrate with FX, payments, and securities markets, we need pragmatic bridges: how to KYC across chains, how to settle DvP with custody segregation, how to evidence controls to auditors. Events like WikiEXPO make those conversations bilateral and solution-focused.

Q2: In an industry often clouded by misinformation, what role do you think platforms like WikiFX can play in strengthening market integrity and cross-border accountability?

Geoff McAlister: Platforms like WikiFX can play a role to increase industry transparency.

Make trust tangible: Use the conference traction to turn talk into artifacts, tangible, reusable outputs - checklists, playbooks, templates, and reference designs - that turn panel talk into Monday-morning execution.

Create accountable dialogue: Run regulator-industry roundtables with clear “on-record” outcomes (FAQs, guidance summaries).

Q3: If you could share one piece of advice with emerging fintechs and digital-asset firms attending WikiEXPO, what would it be - particularly regarding risk governance and long-term sustainability?

Geoff McAlister: Prepare for stressed operating environments i.e. “what can break you”. Governance you can execute under pressure - named approvers, key ceremony playbooks, incident comms templates; Build a “minimum viable risk stack”: segregated wallets/custody, change-control with dual approvals, venue/counterparty tiers and limits, automated reconciliations, and a standing incident-response team you can engage in minutes.

About WikiEXPO Global Expert Interview

As the organizer of WikiEXPO, WikiGlobal is committed to fostering international dialogue and cooperation through offline exhibitions. By engaging with global experts on financial regulation, technology, and governance, WikiGlobal aims to enhance the integration of fintech and regtech, improve regulatory efficiency and accuracy, and promote industry self-discipline. Through these efforts, we encourage financial institutions to adopt best practices, build a more transparent and resilient ecosystem, and ultimately create a safer trading environment for investors worldwide.