On Friday February 26th the SEC released a Digital Asset Risk Alert providing observations made by the division of examinations’ staff. This included investment advisers, broker-dealers and transfer agents. The risk alert aims to assist firms dealing with digital asset securities in developing and enhancing their compliance practices.
Digital asset securities are defined as:
“The term “digital asset,” as used herein, refers to an asset that is issued and/or transferred using distributed ledger or blockchain technology (“distributed ledger technology”), including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.” A particular digital asset may or may not meet the definition of “security” under the federal securities laws.”
In this article we will only focus on the recommendations for investment advisers managing Digital Asset Securities, as well as other digital assets and derivative products, for their clients either directly or indirectly through pooled vehicles (e.g., private funds).
Areas of focus
The alert identified 6 areas of focus where investment managers need to ensure they are compliant:
- Portfolio management
- Books and records
- Pricing client portfolios
- Registrations issues
1. Portfolio management
Examinations will focus on the policies, procedures, and practices of investment advisers investing client assets in Digital Asset Securities and other digital assets with a focus on the following areas:
Classification of assets
Does management perform an assessment for all investments to identify whether they should be classified as securities. This will likely include having a documented policy in place of the procedures followed or third parties appointed to perform such an assessment.
Due diligence on digital assets
Can the manager show that they understand the digital asset, wallets, or any other devices or software used to interact with the relevant digital asset network or application, and the relevant liquidity and volatility of the digital asset.
Based on our experience most managers perform thorough due diligence on all assets, however, these procedures are not always well documented.
This is why we created our “Project Assessments” which cover all of the above as well as a review of:
- The team,
- Milestone analysis,
- Community and
- Code review of open-source repositories.
Risks regarding trading venues and execution
According to the alert management need to consider the risks around security breaches, fraud, insolvency, market manipulation, the quality of market surveillance, KYC/AML procedures, and compliance with applicable rules and regulations.
Based on industry practices we have seen, managers will have to show that they have a documented process for assessing these risks on an ongoing basis and have put in place mitigating actions where risks are identified. The above falls in line with our Vendor due diligence assessment over exchanges and custodians.
Risks and complexities associated with “forked” and “airdropped” digital asset
Investment managers need to ensure they remain aware of all forks and airdrops for a specific asset that they are invested in. They should also ensure that vendors such as fund administrators have sufficient procedures in place to identify these events and account for them correctly in the books and records.
Fulfillment of their fiduciary duty
Managers have to ensure they fulfill their fiduciary duties with respect to investment advice to all client types.
One of the easiest ways for management to show they have put in place sufficient corporate governance and oversight to ensure they full fil their duties is through the appointment of independent directors with relevant industry experience.
2. Books and records
The investment manager should ensure they have sufficient measure in place to keeping accurate books and records, including recording trading activity. Where a fund administrator is used sufficient procedures should be in place to check the fund administrator records and reconcile any differences in order execution, settlement methods, and post-trade recordation and notification.
Based on our experience this is a critical step for any digital assets fund as all fund administrators are facing similar difficulties in dealing with digital asset data and investment managers need to ensure records are accurate and complete.
Examinations will assess whether an advisor is complying with the custody rule where required. However, regardless whether assets are held in self custody or with a custodian the following will be assessed:
- Occurrences of unauthorized transactions, including theft of digital assets,
- Controls around safekeeping of digital assets (e.g., employee access to private keys and trading platform accounts),
- Business continuity plans where key personnel have exclusive access to private keys,
- How the adviser evaluates harm due to the loss of private keys,
- Reliability of software used to interact with relevant digital asset networks,
- Storage of digital assets on trading platform accounts and with third party custodians and
- Security procedures related to software and hardware wallets.
Based on our experience in the industry having worked with some of the largest funds and custodians the above can be addressed through a detailed custody policy which is based on an industry standard such as the Crypto Currency Security Standard. The policy and day to day operating procedures also need to take in to account the size of the team, technologies used and fund requirements regarding liquidity of assets.
Examinations will consider disclosures in solicitations, marketing materials, regulatory brochures and supplements, and fund documents including the complexities of the products and technology underlying such assets, technical, legal, market, and operational risks (including custody and cybersecurity), price volatility, illiquidity, valuation methodology, related-party transactions, and conflicts of interest.
Once again this is where an experienced independent director can add significant value to a fund in reviewing disclosures in line with industry practices.
5. Pricing client portfolios
Based on the alert examinations will focus on the valuation methodologies utilized, including those used to determine principal markets, fair value, valuation after significant events, and recognition of forked and airdropped digital assets.
Performing a principal market assessment is a complex process which our staff have dealt with previous in the performance of digital asset audits. Additionally, for tokens that have not yet launched a detailed assessment must be performed to show why assets are held at cost and should not be impaired.
The investment manager will have to develop a detailed policy and procedures to perform the principal market assessment on a regular basis to ensure assets are fairly valued. For assets where tokens have not yet been issued any significant event should be assessed which may include the following procedures:
- Review of changes in the team,
- Changes in the tokenomics/staking,
- Governance changes,
- A milestone analysis,
- The activity of the community and
- Activity on open-source repositories.
6. Registration issues
Examinations will review how funds determine applicable exemptions from registration as investment companies including how the investment adviser calculates its regulatory assets under management, and characterizes the digital assets in the pooled vehicles it manages and the status of clients.
The fact that the SEC has released this risk alert is very encouraging as it gives investments managers a great indication of what areas of the business they should focus on in their fund.
If you want to discuss any of these areas please feel free to contact us. Out staff have over 5 years’ experience having previously audited some of the largest funds in the digital asset space.