SEC Provides Interpretive Guidance on Disclosure Requirements for Entities that Safeguard Crypto Assets

The growth of cryptocurrency theft triggered the Securities and Exchange Commission (SEC) to take action...

The growth of cryptocurrency theft triggered the Securities and Exchange Commission (SEC) to take action. On April 11, 2022, the Division of Corporation Finance’s Office of the Chief Accountant issued Staff Accounting Bulletin. No. 121, Release No. SAB 121 (“SAB”) providing interpretive guidance for entities to consider when they have obligations to safeguard crypto-assets held for their platform users.

The new guidance follows another high-profile hack involving digital currency. On March 23, 2022, cybercriminals stole 173,600 ether (ETH) and 25.5M of the stable coin USD coin (USDC) worth more than $615 million from Ronin Network, a sidechain of the Ethereum blockchain. Ronin Network is the payment system behind the popular play-to-earn game, Axie Infinity. According to Ronin, the attacker used hacked private keys in order to forge fake withdrawals. Unfortunately, large-scale crypto thefts are not isolated events. Last year, a similar hack of the DeFi protocol Poly Network resulted in losses of $611 million.

SEC Interpretations on Accounting for Obligations to Safeguard Crypto Assets

The SEC’s bulletin is directed to defined entities and/or their agents that provide platform users with the ability to transact in crypto-assets and, in doing so, may safeguard the platform user’s crypto-assets and maintain the cryptographic key information necessary to access the crypto-asset. As the SEC highlights, the nature of digital assets makes it more challenging to protect than traditional financial assets.

“The obligations associated with these arrangements involve unique risks and uncertainties not present in arrangements to safeguard assets that are not crypto-assets, including technological, legal, and regulatory risks and uncertainties.”

The SAB specifically highlights the following three unique risks that can significantly impact the entity’s operations and financial condition:

• Technological risks: There are risks with respect to both safeguarding of assets and rapidly-changing crypto-assets in the market that are not present with other arrangements to safeguard assets for third parties;
• Legal risks: Due to the unique characteristics of the assets and the lack of legal precedent, there are significant legal questions surrounding how such arrangements would be treated in a court proceeding arising from an adverse event (e.g., fraud, loss, theft, or bankruptcy); and
• Regulatory risks: As compared to many common arrangements to safeguard assets for third parties, there are significantly fewer regulatory requirements for holding crypto-assets for platform users or entities not complying with regulatory requirements that do apply, which results in increased risks to investors in these entities.

The SAB offers guidance on how entities (and agents) should enhance risk disclosures received by investors and other users of financial statements. To start, the SEC advises that an exchange or other entity holding cryptographic key information for a user or users’ crypto assets in digital wallets should account for those as a liability at fair value of the crypto assets on their balance sheet. The entity should recognize an asset at the same time that it recognizes the safeguarding liability.[1]  

The SEC bulletin states:  “… the staff believes notes to the financial statements should include clear disclosure of the nature and amount of crypto-assets that [the entity] is responsible for holding for its platform users, with separate disclosure for each significant crypto-asset, and the vulnerabilities [the entity] has due to any concentration in such activities.”

Because the crypto-asset safeguarding liabilities and the corresponding assets are measured at the fair value of the crypto-assets held for its platform users, entities must also include disclosures regarding fair value measurements. According to the SEC, the accounting for the liabilities and corresponding assets should be described in the footnotes to the financial statements, and, in providing these disclosures, [the entity] should consider disclosure about who (e.g., the company, its agent, or another third party) holds the cryptographic key information, maintains the internal recordkeeping of those assets, and is obligated to secure the assets and protect them from loss or theft.

The SAB also notes that disclosures regarding the significant risks and uncertainties associated with the entity holding crypto-assets for its platform users may also be required outside the financial statements under existing SEC rules, such as in the description of business, risk factors, or management’s discussion and analysis of financial condition and results of operation.

“To the extent it is material [a company] may need to provide disclosure describing the types of loss or additional obligations that could occur, including customer or user discontinuation or reduction of use of services, litigation, reputational harm, and regulatory enforcement actions and additional restrictions. A discussion of the analysis of the legal ownership of the crypto-assets held for platform users, including whether they would be available to satisfy general creditor claims in the event of a bankruptcy should be considered. Further, [a company] may need to provide disclosure of the potential impact that the destruction, loss, theft, or compromise or unavailability of the cryptographic key information would have to the ongoing business, financial condition, operating results, and cash flows of the entity,” the SAB states. “[A company] should also consider including, to the extent material, information about risk-mitigation steps the entity has put in place (e.g., insurance coverage directly related to the crypto-assets held for platform users).”

Utilizing the Guidance in Reports is a Starting Point

SAB 121 states that the SEC expects an entity that files reports pursuant to Section 13(a) or Section 15(d) of the Exchange Act, or an entity required to file periodic and current reports pursuant to Rule 257(b) of Regulation A, to apply retroactively the new guidance no later than its financial statements covering the first interim or the two most recent annual periods before June 15, 2022, with retrospective application as of the beginning of the fiscal year to which the interim or annual period relates. However, as the SEC acknowledges, its accounting bulletins don’t create new enforceable law, rules or guidance, but rather convey the views of the SEC’s accounting staff.

While the SAB provides useful interpretative guidance to businesses (and agents of businesses) holding crypto assets, the Chamber of Digital Commerce called for the SEC to go further by updating its custody rules to clarify how they apply to digital assets. Accordingly, we expect this issue to evolve, along with the overall regulation of digital assets.

Conclusion

Entities that safeguard crypto assets need to analyze the nature and extent of the risks assumed and be able to assure accurate disclosures regarding these risks and safeguarding obligations in their financial statements and filed periodic reports.  

If you have questions, please contact us

If you have any questions or if you would like to discuss these issues further, please contact Paul A. Lieberman or the Scarinci Hollenbeck attorney with whom you work, at (201) 896-4100.

---

[1] See SAB footnote 9 referencing FASB ASC 805 and IFRS 3.