PCAOB Staff Warns Against Third-Party Crypto Asset Reserve Reports
By Thomas W. White, Retired Partner, WilmerHale
In an unusual action, on March 8, the Public Company Accounting Oversight Board’s Office of the Investor Advocate issued an investor advisory cautioning crypto asset investors against relying on so-called “proof of reserve” (PoRs) reports. According to the advisory, certain crypto entities such as exchanges or stablecoin issuers may engage third-party service providers to issue PoR reports in an attempt to reassure investors about existence and availability for withdrawal of a customer’s digital assets. The Office’s bottom-line, bold-face message: “Proof of reserve reports are inherently limited, and customers should exercise extreme caution when relying on them to conclude that there are sufficient asset to meet customer liabilities.”
The advisory states that PoR reports are not within the PCAOB’s regulatory authority. It emphasizes that PoR reports are not audits and that, “[d]espite any representations to the contrary,” the reports “are not equivalent or more rigorous than an audit, and they are not conducted in accordance with PCAOB auditing standards.” The engagements are not subject to PCAOB inspections.
The advisory also discusses why, in the Office’s view, PoR reports “do not provide any meaningful assurance to investors or the public.” Among other concerns, the PoR reports 1) do not address the crypto entity’s liabilities, the digital asset holders’ rights and obligations, or whether the assets have been borrowed by the crypto entity to make it appear that it has sufficient collateral or “reserves” in excess of customer demands; 2) concern digital assets at a point in time and provide no assurance about their availability after the issuance of the report; 3) provide no assurance regarding the effectiveness of internal controls or governance of the crypto entity; and 4) do not express an opinion on the adequacy of the “reserves,” the financial stability of the crypto entity, or management’s assertions. The advisory also explains that PoR engagements are not subject to uniform standards and, therefore, “yield different results based on the different standards selected by management and PoR service providers.”
Notably, the advisory was issued following criticism of the PCAOB for not having taken regulatory action against registered public accounting firms that audited crypto enterprises or provided PoR reports. The PCAOB’s authority under the Sarbanes-Oxley Act, however, extends only to audits of public companies and broker-dealers, not to non-public crypto entities. Nonetheless, the Office of the Investor Advocate undertook to inform investors and others about the limitations of PoR reports and the fact that investors do not have the protections of PCAOB regulation with respect to these reports.
SEC’s Reliance on the Reves Test in a Recent Enforcement Case Could Signal a Change in the Commission’s Approach to Labeling Crypto Assets as Securities
By Nicholas Martini, J.D. Candidate, Class of 2023, George Mason University - Antonin Scalia Law School
In its complaint alleging that Genesis Global Capital, LLC and Gemini Trust Company, LLC sold unregistered securities, the Securities and Exchange Commission (SEC) took a notably different approach than in previous crypto enforcement actions. Instead of leading with the Howey test, the SEC analysed the subject Gemini Earn Agreements as notes and led with the lesser-known Reves test. In Reves, the Supreme Court created a four-part “family resemblance” test for when a financial instrument constitutes a note under the ’33 Act and thus a security. The family resemblance test looks at (1) the motivation of the parties; (2) the plan of distribution; (3) investor expectations; and (4) alternative protections that render the application of the securities laws unnecessary.
The Commission argued that, under the Gemini Earn program, investors loaned their crypto assets to Genesis in exchange for a return, constituting an unregistered sale of securities. Applying Reves, the SEC alleges that the program was designed to generate a profit for Genesis and pay a return to investors, was publicly advertised across the internet to a broad segment of the investing public, was promoted as an investment by promising high “returns,” and, given the uncertainty surrounding crypto regulations, there is no alternative regulatory regime or risk-reducing factor that exists to protect investors. Consequently, the Gemini Earn program constituted a “note” under Reves and thus a security that had to be registered before being offered or sold.
The Howey test has long been the Commission’s legal-theory-of-choice for labeling crypto assets as securities, and it has been featured prominently in Commission reports, SEC Division Director speeches, and in the high-profile case against Ripple Labs, Inc. But given the Commission’s reliance on Reves in the Gemini/Genesis case, it could be looking to test alternative legal theories in its push to bring crypto assets under the regulation of the federal securities laws.
SEC Proposes Amendments to Regulation S-P
By Melissa Sanders, Fox Rothschild LLP
On March 15, 2023, the SEC proposed amendments to Regulation S-P to enhance protections for customers of certain covered firms with respect to those customers’ information. The current version of Regulation S-P requires broker-dealers, registered investment companies, and investment advisors to have policies in place to protect customer information. However, the current rule does not require that those firms have policies in place covering how they will respond to breaches or to give customers notification of breaches. The proposed regulations will require that covered firms put policies in place covering how they will respond to breaches, and notify customers “as soon as practicable” and no later than thirty days after the firm becomes aware of an incident. Chair Gary Gensler noted that the proposed regulations “would help customers maintain their privacy and protect themselves.” The proposed regulations would also apply to transfer agents, unlike the current version of Regulation S-P.