Evolving Cryptocurrency Framework
Regulatory backdrop, fund manager considerations and accounting lessons learned
The landscape governing cryptocurrency investing continues to evolve from a regulatory, due diligence and accounting perspective. Institutional investors continue to be drawn to the cryptocurrency space at an accelerating pace. In compiling this thought leadership piece, we’ve segmented our discussion topics into three distinct but overlapping topics. First, we provide a brief regulatory backdrop. Second, we provide basic due diligence checklist items for cryptocurrency fund managers to consider that also align with specific focal points from regulators. Finally, we provide lessons learned drawing from direct experiences and discussions with industry participants. Our “lessons learned” are intended to serve as a guide and example to new investment managers entering the cryptocurrency vertical to better prepare them for their audit by addressing potential sticking points in advance.
As a precursor to this discussion, we suggest that readers review our November 2017 piece “Digital Currency Fund Preparation for Initial Year Audit and Tax Compliance”. Also, before commencing our discussion, we note that BDO is not a legal expert in cryptocurrencies and that funds should consult with experienced legal counsel and / or compliance consultants with relevant cryptocurrency expertise.
I. Regulatory Backdrop
Currently, there are many questions regarding a formal regulatory framework governing cryptocurrencies. Theoretically, cryptocurrencies and related products potentially fall under the auspices of nine federal regulatory agencies. For purposes of discussion, we will focus on the two agencies that will most likely regulate funds that invest in cryptocurrencies: the SEC and CFTC. The overarching theme within the regulatory landscape is that the vast majority of industry participants are craving some degree of standardization or clarity and for regulators to strike the appropriate balance between protecting investors and creating transparency while encouraging innovation in a dynamic and new disruptive technology.
- SEC – Clearly, one the SEC’s primary goals is to protect investors and foster a fair, orderly and transparent market. To accomplish this, the SEC is interested in registering certain issuers of cryptocurrencies so that reporting standards are met and safeguards are in place to protect investors. However, determining whether certain classifications of cryptocurrencies meet the definition of a “security” is a different story. Just recently, during a June industry conference in San Francisco, William Hinman, the SEC’s director of corporate finance, said the two top cryptocurrencies, bitcoin and ether, don’t meet the criteria for regulation that the agency typically applies to traditional securities. At the conference, Hinman is quoted as stating that “Based on my understanding of the present state of ether, the Ethereum network and its decentralized structure, current offers and sales of ether are not securities transactions.” Hinman based his conclusion on the fact that bitcoin and ether are developed diffusely, by many unaffiliated people, rather than by a single, centralized entity such as a corporation. Despite this additional SEC clarity for two of the largest publicly traded cryptocurrencies, several distinctions and categories of tokens and cryptocurrencies, most particularly “ICOs,” continue to pose a degree of regulatory uncertainty. On May 2, SEC Commissioner Hester Peirce told the audience at the Medici Conference “My fear that regulators will grab hold of the shovels and buckets is why I am often wary of so-called regulatory sandboxes. I am entirely in favor of finding ways to make appropriate regulatory allowances that clear the way for innovation to flourish. What troubles me about sandboxes, however, is that the regulatory is typically sitting there next to the entrepreneurs.” In contrast to SEC Chairman Jay Clayton’s earlier testimony on regulators’ roles in virtual currencies, Peirce noted “This is not to say that all ICOs must be deemed securities offerings. Given the undeveloped nature of this area, I am wary of any blanket designation for all ICOs. Instead, the best path forward, at least for the time being, is to evaluate the facts and circumstances of each offering.” Peirce also noted “The best path forward is for regulators to approach ICOs and tokens with intense curiosity. We must put in the effort to learn about these new technologies and employ the staff necessary to support our understanding. It is unfortunate that, to date, most of the communications from the SEC on the topic have come from our Division of Enforcement.”
- CFTC – The CFTC also has an important role to play in the regulation of cryptocurrencies. In 2014, the CFTC declared virtual currencies to be a “commodity” subject to oversight under its authority under the Commodity Exchange Act (CEA). Since then, the CFTC has taken action against unregistered Bitcoin futures exchanges (BitFinex), enforced the laws prohibiting wash trading and prearranged trades on a derivatives platform, issued proposed guidance on what is a derivative market and what is a spot market in the virtual currency context, issued warnings about valuations and volatility in spot virtual currency markets, and addressed a virtual currency Ponzi scheme. The CFTC is officially tasked with regulating spot sales. However, it is also unclear how the CFTC and SEC will work together in regulating virtual currencies, their issuers and exchanges.
The lack of the regulatory alignment and visibility that currently exists between the SEC and CFTC is causing palpitation in furthering industry growth. In fact, in recent written testimony before Congress, Coinbase chief legal and risk officer Mike Lempres explained that his company is currently refraining from supporting ICOs because of the regulatory uncertainty. “We are waiting for the dust to settle between the SEC and CFTC.” In addition, the current regulatory ambiguity and lack of coordination has pushed some current development projects offshore and has caused other industry participants to refrain from participating in unregistered products due to the potential for criminal liability.
II. Crypto Fund Manager Considerations
In spite of this murky regulatory backdrop, the SEC is wasting no time in learning more about what fund participants are investing in with respect to cryptocurrencies. For example, in March, according to the Wall Street Journal, the SEC was preparing to issue subpoenas for over 100 hedge funds currently investing in cryptocurrencies in an effort to gather more information. They have also spoken with auditors, lawyers, and fund administrators working in the space.
The SEC probe provides some useful takeaways and considerations for new entrants who are either forming de novo funds to exclusively invest in cryptocurrencies or existing managers who seek a degree of exposure to cryptocurrencies. By identifying the regulators’ primary considerations in their information gathering exercises, we can drill down into some areas of risk that may be useful as due diligence items for any new industry entrant to consider. By addressing them up front, a fund manager can save considerable time and headache in the long run:
- Fund legal documents and investor disclosures – When forming a fund entity or modifying an existing legal document, we recommend working closely with outside counsel experienced in crypto investing to ensure proper language permitting investment in cryptocurrencies is included in the LPA with the consent of its investors. While new fund managers may consider working with a low-cost provider who creates legal documents with boilerplate language, the complexities of this space really require a seasoned fund attorney with crypto experience.
The extent of cryptocurrency investments by product type is also important to incorporate in legal documents so that all potential investment scenarios are covered as the industry continues to evolve and more products are introduced to the marketplace. Clearly highlighting the risk profile of cryptocurrency investing to investors through additional disclosures to investors is also recommended. These simple disclosures ultimately may help provide a barrier to safeguard against any subsequent reputational risk should portfolio performance go south.
- Structure and liquidity – Taking stock of jurisdiction (onshore or offshore), investor and investment liquidity, frequency of trading, investment strategy and other factors should also be considered when deciding on the appropriate fund structure. For example, hedge fund managers running open-ended vehicles need to consider the use of side-pockets should they decide to invest in illiquid cryptocurrencies and related products. Managers should be aware that the creation of side-pockets takes additional time and would generally cost more when compared to a traditional closed-end fund structure with the same investments. The ability for a fund manager to employ investor lock ups and gates on withdrawals should also be considered which could protect a run on the fund in a liquidity crisis. Fund managers should also carefully consider management and incentive fee terms, two focal points of the SEC.
- Cybersecurity and internal controls – Given the complexities of cryptocurrency investing and the risk focus of the SEC, fund managers should carefully stake out in advance how it will ensure proper internal controls are in place to safeguard investors, minimize the possibility of fraud and conflicts of interest and maintain the safety and integrity of data from breach or unauthorized access. While the alternative investment fund industry has traditionally relied on SOC1, type 2 (financial reporting controls) and SOC2 reports (technology issues) from outside vendors to help identify any gaps or potential exposure, it is extremely important to take a common sense approach to cryptocurrency investing by identifying the key areas of potential risk, such as safeguards and protocols around access to digital passwords, transactions with crypto exchanges and wallet storage. In fact, the fund manager should determine reliance on technology and outside service providers and craft an internal controls policy around the areas of most vulnerability to ensure it has met its fiduciary responsibilities to protect investors.
- Compliance – While compliance may be quite different for an issuer of cryptocurrencies, fund managers should be acutely aware of the implications of cryptocurrencies, ICOs or cryptocurrency derivative products and which regulatory bodies they might be governed by. Also, while there are existing triggers in place that define “registered investment advisor” status and requirements, uncertainty still dominates amongst industry participants. As previously mentioned, clearly spelling out to investors a fund’s investment policy, identifying the high degree of risk associated with these investments and ensuring the investor is aware and consents to the manager’s approach will ensure the fund manager is acting in the shareholders’ best interests.
III. Accounting Considerations – Lessons Learned
While several of the accounting topics discussed below cross over with an investment manager’s due diligence checklist, we have closely monitored and identified a few specific areas and processes that our audit team continues to improve upon to increase the efficiency of our clients’ overall audit engagements. Our “lessons learned” center around three main areas we will address: Internal Controls, Custody & Existence and Valuation.
Internal Controls
In contrast to the traditional internal controls environment, the emerging blockchain crypto token platforms and the underlying “assets” are completely different and, by design, totally independent of the safe and mature internal control and governance check points of traditional investing. Understandably, the focus is on the transactional system and consideration of the over-arching IT governance continuum is new to most entities especially with limited personnel and support systems.
- Lack of internal controls awareness – One primary observation by our team was the education process required with respect to understanding a comprehensive internal controls environment. Specifically, we experienced a narrow focus on the platform with a need for a better understanding of management’s responsibility for core IT General Controls concepts, especially since most utilize third-party processors. Further, there was and continues to be a limited knowledge by fund managers investing in cryptocurrencies of a need for a SOC1, type 2 report to address the internal control environment of the fund. Not all SOC reports and their scope of controls coverage are the same by definition. SOC reports also vary widely on the use, related audience and public accounting firm’s allowable level of reliance on the controls opinion. For financial reporting purposes, the SOC1, type 2 report is the cornerstone to address the internal control environment and lends credence to credibility, particularly because it is generated by a 3rd party accounting firm. In the absence of a SOC1, type 2 report, we found that the majority of managers had not laid out a comprehensive internal controls self-assessment, which would be the next line of inquiry in the absence of a SOC1, type 2 report by their auditor.
- Physical security – A second observation was of the importance of physical security to both premises and personal custody of mobile cold storage devices. Given the negative accounts of theft, the need to more heavily guard the logic and localized ‘access tokens’ (RSA), private key storage (safe deposit box) and custody of cold storage devices, we found, is paramount. Security of the private encryption key, devices holding perhaps millions in logical token value, and personal/premises protections are often not taken but should have been at the forefront of discussion in setting up a cryptocurrency platform. An almost unlimited amount of asset value can be diverted or lost on a physical device hidden in a small pocket. Basically, physical security at a crypto token location should be as sophisticated and strong as a jeweler selling wedding rings where asset value, physically, is wrapped in tiny volume or none at all once access to a victim’s computer if biometrics are not employed.
Custody/Existence Testing
Custodian solutions continue to emerge as institutional investor appetite in the space has continued to increase. While solutions exist for many of the higher volume cryptocurrencies, funds may still be required to use self-custody. We found that not all custodians will return audit confirmations received. Even in situations when confirmations are returned, the auditors will need to determine if they can place reliance upon the confirmation and any other reports received from the custodian after their assessment of the control environment or review of any available SOC report from the custodian. The auditor may have follow up questions for the custodian to better understand the control environment, which should be an important consideration for fund managers. Utilizing blockchain explorers can help to validate balances and activity for many cryptocurrencies. Privacy tokens should be discussed with the auditor well in advance of year-end to determine if there will be issues testing completeness and existence.
Valuation
For all fund managers, all valuation begins with a strong valuation policy. This is particularly true of any emerging asset class with varying levels of liquidity. A few key valuation takeaways we learned were as follows:
- Liquidity/Pricing – We discovered that several managers have relied on various third partner market interfaces/aggregators as their main source of pricing or pricing from their administrator. While market aggregators can be a useful reference point, it should not represent the primary source of pricing for cryptocurrencies, and management should take ultimate responsibility for the fund’s valuation policy. Per the codification, primary markets should be determined and should be representative of a true marketplace where buyers and sellers transact and where quotes are real-time. The potential pitfalls of a secondary pricing source are delays in market quotes or lack of transparency in how the mark is determined. Finally, the cut-off time of when a fund manager will actually take a pricing mark should be clearly stated in their valuation policy since markets are continuously open.
- Derivatives – While the majority of our clients have transacted in brand name cryptocurrencies with a relatively active trading market, the advent of derivative products such as SAFTs (Simple Agreement for Future Tokens) have presented a wrinkle in contrast to the simple application of a price quote for liquidly traded cryptocurrencies. The rub for SAFTs, however, come into play since the coins have yet to be developed, delivered and traded. In contrast to a typical venture investment stake, the company or project developing the future token does not necessarily translate to the value of the token. In short, additional care should be given when evaluating SAFTs for valuation purposes, particularly when benchmarking the progress of the underlying project against the stated future value of the SAFT.
- Investments in other investment funds – Managers who choose to obtain exposure in cryptocurrency by investing in other investment funds that hold cryptocurrency should consider a few items. Generally, these fund of funds investments will be held at the practical expedient, which will be their ownership percentage of the audited total partners’ capital balance per the financial statements. When deriving this valuation, a manager should consider if the audit opinion is an unqualified opinion, if the financial statements are presented on a GAAP basis, and if the auditor issuing the report is qualified and experienced in the crypto space. Any issues with these items could result in the fund manager’s own auditor possibly then having problems issuing an unqualified opinion for their fund.
Tax Lessons Learned
BDO’s dedicated Asset Management tax team continues to refine its internal processes to more succinctly address the tax ramifications of cryptocurrency investments by our fund clients. As part of an evolving exercise, our experiences and lessons learned have centered around four primary areas—cost recovery, “Forks” and derivatives, side-pocketed investments and application of IRC 864(b). Below we discuss each of these in more detail:
- Cost Recovery – What is unique with crypto currency exchanges vs. traditional securities exchanges is that in contrast to traditional brokerage firm members of an exchange, the exchanges are, in effect, the custodian and exchange wrapped into one. Unlike brokerage firms, these crypto exchanges continue to evolve and currently do not possess the same level of investor reporting and investment tracking that a traditional brokerage firm provides. This is particularly acute in the realm of tracking gains and losses on the disposition of cryptocurrencies and related assets.
With funds that trade traditional securities, we are accustomed to dealing with clean books and records from an administrator which, in turn, receives trade reports from prime brokers. With the advent of various types and forms of cryptocurrency investing, more involved discussions have been required with our clientele and their administrators in the set up of specific methodologies in order to price assets upon disposition and to establish fair market value if the client is simultaneously trading into another cryptocurrency. Establishing these methodologies is crucial in determining taxable gain / loss up disposition of these assets
- Cryptocurrency Forks – A “Fork” denotes a change and permanent divergence in the blockchain. This form of crypto investment has forced us to delve deeply into the peculiarities of property tax rules so that we can properly track and account for the tax effects of an asset when a Fork occurs. In short, we have found there is a necessity to assess the nature of the Fork or division and work with clients to determine and apply the most reasonable methodology for tax purposes.
- Side-pockets – Most often seen with open-ended hedge funds, when cryptocurrency investments are placed in a side-pocket, we have learned that an emphasis on maintaining good tax records will save a tremendous amount of time and frustration on the back end. Specifically, ensuring that tax and book records are in alignment so that the appropriate cost basis is established is paramount. This is particularly important as investors exit the fund, cash out of the liquid portion of their investments but are potentially left with a pro-rata side-pocketed cryptocurrency stake. Maintaining appropriate tax records to determine how to allocate cost and tax basis across side-pockets is pivotal to a smooth and successful tax engagement, particularly for open-ended hedge funds investing in cryptocurrency assets.
- Application of IRC 864(b) – For foreign investors in cryptocurrency there is uncertainty whether the safe harbor from US taxation on gains from stocks, securities or commodities applies. Structuring a fund offshore could mitigate this risk.
In summary, as the cryptocurrency framework continues to evolve, unique regulatory, due diligence and accounting challenges will continue to emerge for investors and their service providers. Without clear guidance from key regulators, industry innovation may get delayed. We do see signs of hope regarding regulatory alignment. In fact, according to Coindesk, on May 2nd at the FIA Law and Compliance Conference in Washington, D.C., Commissioner Brian Quintez spoke about “an effort that is underway at the SEC and CFTC to coordinate and harmonize regulatory oversight.”
However, as we have all learned in the past, as markets continue to innovate, often regulators are playing catch-up. New financial products are already in the marketplace and on the near horizon. Equally important, mainstream industry acceptance continues to accelerate. According to Bloomberg , the Cboe, one of the largest exchanges for Bitcoin futures already has big plans to expand its cryptocurrencies. Cboe President Chris Concannon stated “The vision is to have a crypto complex” further stating that “Digital currencies are here to stay” at a recent Futures Industry Association conference in Boca Raton. In addition, mainstream financial service industry players including the Nasdaq and NYSE have shown an openness to either becoming a cryptocurrency exchange or at least allowing its customers to purchase Bitcoin.
While the industry continues to expand and innovate, service providers such as BDO must stay on the cutting edge of regulatory pronouncements and rules governing the industry and work with the regulators to adequately serve our fund clients who are investing in this disruptive vertical.
SHARE