Understanding different levels of assurance, examples from the stable coin sector
Many of the participants in the cryptocurrency space have been more than generous and patient with their knowledge and time in working with me to understand multiple aspects of blockchain technology. I appreciate the willingness of many to clarify my confusion, grasp concepts, and keep pace with semantics.
In turn, I hope to add some clarity to the use of the word audit in a financial statement context. This is not intended to be a comprehensive and detailed explanation of independent financial statement audits. Rather, to give those unfamiliar with the accounting and audit field a sense of the decision makers, why we don’t see many in the cryptocurrency space at this time, and the level of assurance (reliance) currently available.
Independent auditors are hired by management of the company to provide assurance that the financial statements are not materially misleading. Independent auditors are not hired to find or seek out fraud. While auditors do consider the risk of fraud in their analysis and procedures, the engagement is not intended to be adversarial in nature. Those with limited experience in the field of finance and business often use forensic audits or IRS examinations as a frame of reference to define the expectation. This is understandable given that we are most familiar with these types through media coverage after a fraud has been suspected or our own individual experiences with Federal tax compliance.
The stable coin sector is useful for specific examples, as we have seen varying levels of assurance. A stable coin is intended to be a tool used in trading on many of the cryptocurrency exchanges as entering, participating, and exiting with fiat proves to be a challenge. There are various types emerging, including some backed by other assets or a basket of metals. Below I focus on those that are intended to be backed and pegged by the US Dollar (USD). These all rely on trust in a counter-party. Independent auditors are asked to express an opinion, providing assurance as to whether the third party’s statements or accounts can be relied upon for decision making.
Why should you care about the level of assurance? If there is a claim, assertion, or if individuals are led to believe that a coin is backed by an asset and subsequently may be redeemed for that asset, one should conclude sufficient assets are available should all holders decide to redeem. On a global scale, while the price may be rising as individuals move from one coin to BTC, the price may fall when there is an increase in demand for redemption. This would occur when the issuer of the coin does not have the cash reserves to meet the redemption, then the issuer will need to sell BTC or other assets to meet these demands.
The level of assurance an independent accountant provides depends on the type of engagement. Three examples that we have seen or heard mentioned include: consulting agreements, agreed upon procedures, and financial statement audits.
Consulting Agreements: These do not provide any assurance. The accounting firm does not express an opinion on the statements or report. It can be considered an advisory role. And while accountants do follow standards and procedures outlined by the American Institute of Certified Public Accountants (AICPA), the tests and process are limited in scope. For example, in September, 2017, Tether (USDT) engaged Friedman LLP, to perform a consulting service regarding their cash and token positions.
Below in the excerpt of the memo, I’ve highlighted a couple of these items. As accountants, we want to believe that our clients are doing the right thing and want to help them succeed to the degree the engagement and our standards permit, while considering the best interest of stakeholders (users of the information). In this case, this engagement did not require inquiry as to the nature of the banking relationships nor the origin of the funds. Cash could come from illicit sources, related parties, or accounting maneuvers to increase cash flows. Additionally, these funds could be pledged to an obligation.
This engagement agreed cash balances, stated by the client on their trial balance (their accounting software/ledger) with the bank. It also confirmed that the balances on their website agreed with the public ledger for Tether.
Tether and Friedman LLP severed ties after this engagement, and Tether has not engaged any additional accounting firms since. Subsequent efforts such as memos from attorneys or blog posts identifying wallet addresses of related party exchanges from an accountant’s perspective do not constitute any type of independent assurance.
While I am not privy to the details, as an auditor, I would surmise that Friedman LLP was initially engaged to perform an attestation or audit and the client did not like the tests, procedures, and questions that come along with such an engagement.
Agreed-Upon Procedures: These are known as attestation engagements. An attestation engagement is an agreed-upon procedure where the client and accounting firm agree on the scope and procedures. It follows many of the same procedures as an audit, but typically will only focus on select accounts, in this case, the Escrow Holdings Accounts. It provides assurance, not on the entire set of financial statements, but on the defined account(s).
TrueUSD provides a working example of this type of engagement. Monthly, TrueUSD engages Cohen & Co. to express an opinion on the Escrow Holdings Report and related disclosures. In the October 1, 2018, report2, this is what is known as a “clean” or “unqualified” opinion.
This type of engagement expresses an opinion, in this case, Cohen & Co. are providing assurance that the information TrueCoin LLC is providing to token holders about their reserves are free from material misstatement and are not misleading.
Additional stable coins set to enter the market also appear to be engaging their respective accounting firms to perform agreed-upon procedures, providing assurance on their reserve balances. These include: Circle USDC, Gemini, and Paxos (See References 3, 4, and 5).
As the industry grows, we as accountants look for standards to evolve to meet the needs of stakeholders. It will be useful to have multiple, high caliber accounting firm Independent Auditor reports to forward this effort. As outlined above, even the nature of these engagements require auditor judgment.
Given that most cryptocurrencies to date do not represent equity ownership, and are unregulated as securities, having assurance on the reserve accounts appears sufficient. In the stable coin sector, sufficient and unencumbered funds underlying the token this is the primary interest of the token holder. However, questions remain 1) How are regulated tokens or those proactively engaging accounting firms to provide assurance able to compete in the presence of questionable tools? and 2) How stable can a coin be that is trading on unregulated, related-party, unaudited exchanges? The music will continue as long as individuals, entities, and exchanges benefit from the use of questionable, competitive products until one, big player stops the music after they’ve had a seat in the last chair.
I know that the cryptocurrency community cringes at regulation, but sadly to date, regulation is what has driven audit to date. It is difficult to convince people to care proactively. Generally people take issue retrospectively, once they’ve been harmed. One of my dreams for this technology is to have token holders actively interested and involved in the audit selection process.
Cost is a significant differentiating factor between consulting, agreed-upon procedures, and financial statement audits. Obviously, the cost increases with the level of assurance and scope of the engagement.
Many projects and companies that are not publicly traded or currently fall under SEC jurisdiction do require audited financial statements for users other than general, token holders. Examples may include: obtaining a license, regulatory requirements, or to seek equity or debt funding.
Audits and auditors are not infallible, and we continue to learn from prior frauds. However, it seems as though many stakeholders are ignoring lessons of prior frauds, while letting bad actors continue as the A students. In future posts I will look at some of the recent developments in the historical context of infamous frauds. Until then, if you are looking for additional reads, I recommend: Bitfinex’ed and Eric Spano, who perhaps two of the only early reads I recall correctly noting that the “Tether Audit” was not “an audit at all.” And Cas Piancey who highlights some valuable lessons from the MCIWorldCom collapse.
This post is intended to be informational and should not be taken as legal or investment advice. All opinions are my own. I do hold bitcoin and other cryptocurrencies, mainly acquired in the process of learning a platform or project, but do not engage in short-term trading. I have never received, purchased, held, or traded any stable coins referenced in this article (with the exception of bitcoin).