The Securities and Exchange Commission (SEC) recently hosted the 2019 FinTech forum at its Washington, D.C. headquarters to discuss the growing industries of digital assets and distributed ledger technology.
One of the forum’s highlights was the Investment Management Concerns panel, which tackled numerous questions pertaining to investing in these assets, potential legal issues, auditing considerations, custody, challenges presented by hard forks and airdrops, and more. Jennifer McHugh, senior special counsel for the SEC’s Division of Investment Management, moderated a panel that included:
- Jay Baris, partner in the investment funds practice at Shearman and Sterling in New York
- Amy Steele, audit and assurance partner serving in the national office of Deloitte and Touche LLP
- John D’Agnostino, managing director at DMS and global head of investor engagement.
Those three minds were brought together to provide three widely differing perspectives to the table, illustrating the numerous challenges the industry faces as it pertains to safeguarding clients and advisers alike within this bold new world of shared data and electronic assets.
But all three panelists agreed upon one thing: Custody of digital assets is a delicate hurdle to be overcome.
Custody
Baris calls custody “probably the most vexing issue that the commission is dealing with right now” for a number of reasons.
“What is a qualified custodian? And then you get into all these different issues about safekeeping because as a fiduciary, an investment advisor is responsible for keeping these assets safe and accountable and verifiable,” says Baris, whoalso the is chair of the task force on blockchains, cryptocurrencies and investment management of the American Bar Association’s subcommittee on investment companies and investment advisors. “Same thing with an investment company, except there you’ve got the overlay of the oversight by a board of directors, which is going to be very interested in how these assets are being protected.
D’Agnostino, whose expertise is in complex strategies and asset classes, including cryptocurrencies, calls custody “the most solvable” of the primary issues facing asset allocators (the other two being evaluation and anti-money laundering).
“It’s solvable because we will eventually come to terms for what best practice for custody is, and also custody to some degree is a balance sheet issue,” he says. “If a large enough firm gets involved in the custody space and decides to produce a solution, and they’re well-recognized and have a credit rating and have everything we think about when we think about who’s safeguarding your assets, that’s quickly going to become the de facto standard.”
“It would be great if this industry, the custodians of these digital assets, embraced SOC reports,” says Steele, who leads Deloitte’s audit initiatives related to the crypto, digital asset and blockchain emerging sectors. “We haven’t seen that yet. Particularly the SOC 1s, which is the service auditor’s report related to ICFR, so internal controls over financial reporting, and that’s the goal. That’s what we all want as auditors. Some of the challenges Steele thinks about in terms of what audit evidence will look like include:
- Existence: “…There isn’t anything physical you can see, so from an audit perspective, how do you prove it actually exists? We can look to the blockchain, and … we would say, OK, how can we get comfortable that the blockchain is sufficient appropriate audit evidence?” The key, Steele says, is “understanding the validation mechanisms and the consensus and how that blockchain is set up.”
- Rights: “… You have to prove that you control the asset in order to have it on your books and say it’s yours. And so some of the challenge here is there’s mechanisms to show that you control it. … There’s also a number of questions around exclusive controls. So if control is defined by having a key, how do I prove that I’m the only one with that key, that John doesn’t also have that key or some help colluding on keys?”
- Valuation: “I think this is quite solvable. We value hard things all the time, but there’s a number of things to think about as far as digital assets that are maybe less frequently traded, are highly volatile, or how often are you valuing these, so how do we get that model set up?”
- Safeguarding of assets: “How do you protect those assets? This becomes very heavy on controls – and it’s not just the cyber controls, but it’s also controls over those keys. How do you protect them? We talked about (multisigs) in the other panels; you have multiple signatures, you have deep cold storage. There’s a lot of mechanisms for how you secure that key if you have it yourself, if you custody it with someone else. … I think it’s important to just understand in this area the unique risks and understanding that unique evidence that you’re going to get in order to respond to those risks.”
Private Funds
While digital assets still are very much a Wild West area of the investment world, D’Agnostino says that private funds and other investing entities are warming to the challenges.
“There seems to be increasing willingness for private fund managers to examine engaging in this asset class, which makes sense,” he says. “We have a dearth of volatility in most other asset classes, we’ve had long periods of underperformance. So you have an interesting new asset class. It’s complex, but complexity can be an advantage for private fund managers – particularly ones who are capacity-constrained and looking for idiosyncratic investments. It’s complexity that can be resolved by hiring good talent internally.
“And even though it’s a new asset class it sort of behaves similar to some complex derivatives that asset managers have become comfortable with over the years. It’s not an insurmountable obstacle from the view of a private fund manager.”
But investing in this area won’t be without its challenges.
“The rub for me is on the AML (anti-money laundering)/KYC (know your customer) side, particularly with the announcement earlier that we’re moving toward more encryption, more anonymity – that by its nature seems to be in conflict the core principles of AML and KYC,” he says. “I struggle with how that’s going to be resolved. I don’t know if that’s going to be a magic technical solution that the industry gives out.
“I think it’s going to have to be a realization by market participants that they’ll have to be in what I call a “lit” market, where identities are known and verified versus a dark market. And I think that will come down to the bifurcation of the folks who want to participate this whether they want to participate in a lit manner vs. a dark manner.”