Digital assets as an asset class has matured with increasing rates of adoption among retail and institutional investors. As custodians engage, they are facing unique complexities across many regulatory bodies, new varieties of audit and controls considerations and evolving risk frameworks. This paper, starting on page 4, explores important considerations for custodians of digital assets as explained from the various leaders within Deloitte’s digital asset practice.
The unique and complex considerations of digital asset custody
1. Journal of Securities Operations & Custody Volume 13 Number 2
Page 150
The unique and complex considerations of
digital asset custody
Received (in revised form): 10th December, 2020
Richard Walker*
Principal, Deloitte Consulting USA
Rob Massey**
Global Tax Leader of Blockchain and Digital Assets, Partner Deloitte Tax USA
Amy Steele***
Partner at National Office, Deloitte & Touche, USA
Tyler Welmans†
UK Blockchain Practice Lead, Deloitte, UK
Michelle Robinson‡
Director of Tax Policy Group, Deloitte, UK
Elana Mourtil§
Managing Director, Northeast Financial Tax Practice of Deloitte Tax USA
Michael Marzelli§§
Audit and Assurance Partner, Deloitte & Touche USA
Linards Strauss||
Managing Director, Deloitte & Touche USA
Pamela Calaquian¶
Senior Manager, Deloitte Transactions Business Analytics, USA
Ken Schulhof#
Partner at Financial Services Group, Deloitte Tax USA
Richard Walker is a consulting principal at
Deloitte. He has been a financial services
consulting principal for over 20 years and
brings deep industry experience and a
background in technology strategy and
business transformation. He has served in
practice and strategic leadership roles, has
international experience leading the financial
services technology consulting practice for
EMEA based in London, and is currently head
of blockchain solutions for financial services.
During his career, he has worked with financial
services executive teams across the globe
for some of the largest and most innovative
financial services companies. He has been
delivering solutions in the blockchain space
since 2015, starting with an Ethereum-
based bank rewards solutions and is leading
the expansion of emerging technologies
and blockchain solutions to simultaneously
transform processes, adopt digital assets and
create new growth models.
Rob Massey is a Partner and Deloitte’s Global
Tax leader of Blockchain and Digital Assets. He
has over 20 years of professional experience in
tax consulting for technology companies. Since
2013, he has focused on blockchain, digital
assets, cryptocurrency and tokenisation. He
serves companies throughout the blockchain
ecosysteminclusiveofminers,stakingproviders,
payment processing, wallet hosting, exchanges,
Journal of Securities Operations
& Custody
Vol.13,No.2,pp.150–162
Henry Stewart Publications,
1753-1802
*Deloitte Consulting LLP
,
30 Rockefeller Plaza, NY,
NY 10112, USA
Tel: +1 212-618-4075;
E-mail: richardwalker@deloitte.com
**Blockchain and Digital Assets,
Partner, DeloitteTax LLP
,
555 Mission Street,
San Francisco, CA 94105,
USA
Tel: +1 415-783-6386;
E-mail: rmassey@deloitte.com
***National Office, Deloitte &
Touche, 695 East Main Street,
Stamford,
CT 06901,
USA
Tel: +1 203-423-4518;
E-mail: asteele@deloitte.com
RichardWalker
Rob Massey
Amy Steele
2. Walker et al.
Page 151
exchange-traded funds (ETFs), hedge funds,
tokenisation and protocol development. Rob
leads Deloitte’s blockchain efforts in tax for
the global firm. His blockchain expertise
includes analysis of the tax considerations of
blockchain-enabled transactions; assisting
internal and external development teams
in the evaluation of blockchain applications
across various industries and the analysis
of the tax impacts of tokenisation and token
launches as developed across various business
models and industries. Rob’s expertise in
digital assets includes tax analysis of revenue
recognition across various models, design and
implementation of international structures,
analysis and implementation of accounting
methods associated with basis tracking and
capitalisation policies, application of indirect
tax to digital assets, reporting requirements
related to use of cryptocurrency and tokens
as compensation and analysis of financial
instruments based on digital assets. Rob also
interfaces with the Internal Revenue Service in
seeking guidance through private letter rulings
on the earlier topics.
Amy Steele is a partner in the National
Office of Deloitte & Touche LLP and serves
as the Global and US Audit and Assurance
methodology leader for blockchain and digital
assets. She leads Deloitte’s audit initiatives
related to emerging technology and expanded
assurance services. Amy plays a key role in
developing and implementing strategies to
enhance quality across the global Deloitte
network. In addition, she leads audits in the
technology industry, including the software
and blockchain sectors. Amy co-chairs the
AICPA’s Digital Assets Working Group and
serves on the Center for Audit Quality’s
Emerging Technologies and Cybersecurity task
forces. She also is a member of the AICPA’s
Assurance Services Executive Committee
(ASEC) and the ASEC’s Strategic Direction
Working Group. Previously, Amy served as
associate chief accountant in the SEC’s Office
of the Chief Accountant where she supported
the office in its role as the principal adviser
to the commissioners on profession-wide
auditing matters and oversight of the Public
Company Account Oversight Board.
Tyler Welmans is the UK Blockchain Practice
lead for Deloitte. Tyler set up Deloitte’s UK
blockchain and digital asset practice in 2015
and continues to lead a specialist team of
analysts and engineers applying distributed
ledger technology to bring new, innovative
and disruptive technology solutions to market
across all industries.
Michelle Robinson is a director in Deloitte
UK’s Tax Policy Group, leads Deloitte’s
private client tax policy team and is the
tax policy subject matter adviser on digital
assets. A chartered tax adviser with over
15 years’ experience, Michelle specialises
in both domestic and international private
client taxation, including the income tax,
capital gains tax and inheritance tax position
of individuals and trusts. She has a keen
interest in digital assets and her work has
included analysing how the UK’s taxation
system should be applied across different
types of digital assets and how individuals and
businesses are taxable on ‘exchange tokens’
such as cryptocurrency. Michelle has been
an active contributor throughout the series of
roundtable meetings on digital assets hosted
by Her Majesty’s Revenue and Customs
(HMRC), which have focused on the application
of the UK’s taxation system to digital assets.
Michelle is a member of the Chartered Institute
of Taxation’s (CIOT’s) UK and International
Private Client Committees and is also
a member of the Institute of Chartered
Accountants of England and Wales’ (ICAEW)
Tax Faculty (private client sub-committee).
Elana Mourtil is a managing director in
the Northeast Financial Tax Practice of
Deloitte Tax LLP and a member of Deloitte’s
Banking and Capital Markets and Blockchain/
Crypto industry groups. Elana has 33 years
†
Deloitte, 2 New Street Square,
London EC4A3BZ,
UK
Tel: +44 20 7303 5653;
E-mail: twelmans@deloitte.co.uk
‡
Tax Policy Group, Deloitte UK,
2 New Street Square, London
EC4A3BZ,
UK
Tel: +44 20 7007 3695;
E-mail: michellerobinson@
deloitte.co.uk
§
Northeast FinancialTax
Practice of DeloitteTax LLP, 30
Rockefeller Plaza,
NewYork, NY 10112,
USA
Tel: +1 212-436-2260;
E-mail: EMourtil@deloitte.com
TylerWelmans
Michelle Robinson
Elana Mourtil
3. The unique and complex considerations of digital asset custody
Page 152
of experience providing tax consulting and
compliances services to some of the largest
international financial institutions operating
within the United States. Her tax experience
encompasses assistance and advice with
respect to tax planning strategies, tax return
compliance and tax examinations with a focus
on taxation of financial products and more
recently on digital assets.
Michael Marzelli is an Audit and Assurance
partner focusing on financial services and a
leader of Deloitte’s Blockchain and Digital
Asset audit practice. He has over 16 years’
experience serving a wide range of clients
from emerging growth companies to large
multinational organisations in New York, Hong
Kong and San Francisco in both an audit and
advisory capacity. Michael has experience
serving clients in the securities, banking,
FinTech and digital asset space, focusing on
audit and assurance methodologies, tools
and technology. He helps clients manage the
complexities faced by companies engaging in
the blockchain and digital asset space, from
start-ups to mature enterprises, and focuses
on bringing the right advice and counsel to
clients when building and scaling blockchain
and digital asset-based businesses.
Linards Strauss is a managing director
in Deloitte’s audit practice with 14 years
of experience serving the investment
management industry. He has served leading
investment management firms in the public
and private fund space and trading firms
with allocations across the spectrum of asset
classes, including dedicated digital assets
strategies. In addition to client service,
Linards serves as the leader for the investment
management industry in Deloitte’s National
Office Audit & Assurance Services group where
he is the subject matter expert for the industry
and provides consultations on matters such as
identifying and addressing audit risks related
to safeguarding, transferring and trading of
digital assets.
Pamela Calaquian is an advisory senior
manager at Deloitte. She specialises in anti-
money laundering (AML) and has 21 years of
experience in the financial services industry
within the retail, wholesale and investment
banking lines of business. Her expertise is
integrating various financial data; building
data warehouses, data marts and other central
repositories to help the lines of business
assess risk, identifying issues and making
informed decisions. Her area of specialisation
is assisting institutions in enhancing their
AML and Office of Foreign Assets and Control
(OFAC) programmes, conducting AML and
OFAC risk assessments, performing AML
independent testing and developing customer
risk rating models. Pamela, with her analytics
background, focuses on understanding current
processes and integrating various customer,
account and transaction data to assess risk
and identify opportunities for improvement
in the AML/OFAC programme. Pamela has
worked with several cryptocurrency exchanges
and performed Bank Secrecy Act (BSA)/
AML and OFAC programme assessments,
model validation and independent testing
engagements. She advises clients in
developing their Know Your Customer (KYC)
on-boarding process and tailor to support her
client’s acceptance of virtual asset service
providers (VASPs). She is currently assisting
the internal audit group of a FinTech company
in assessing the risk and controls as it develops
and implements a new digital wallet. Pamela
is a blockchain fellow and is the digital asset
subject matter specialist for the AML practice.
Pamela is a certified AML specialist.
Ken Schulhof is a partner in the financial
services group at Deloitte Tax LLP. Ken has 20
years of experience providing tax compliance
and consulting services to some of the largest
international financial institutions operating
within the United States. His tax experience
encompasses assistance and advice with
respect to tax planning strategies, tax return
compliance, tax examinations, income tax
Michael Marzelli
Linards Strauss
Pamela Calaquian
§§
Deloitte &Touche LLP,
555 Mission Street, San Francisco,
CA 94105,
USA
Tel: +1 212-313-1543;
E-mail: Mmarzelli@deloitte.com
|
|
Deloitte &Touche LLP,
111 S.Wacker Drive,
Chicago, IL 60606,
USA
Tel: +1 312-486-4532;
E-mail: listrauss@deloitte.com
¶
Deloitte Financial Advisory
Services LLP
, 500 College
Road East,
Princeton NJ 08540,
USA
Tel: +1 917-656-4873;
E-mail: pcalaquian@deloitte.com
4. Walker et al.
Page 153
provisions and tax technology solutions. Ken
serves as the Deloitte Tax FinTech leader and
assists many blockchain/digital asset clients
with their unique tax issues including tax
structuring, credits and incentives, international
tax, state and local tax and information
reporting. Ken also serves as the US–Israel
member firm combination leader for tax. In this
role, Ken assists clients operating in both the
Unites States and Israel with the cross-border
tax implications and tax strategies.
Abstract
Digital assets as an asset class has matured with
increasing rates of adoption among retail and
institutional investors.As custodians engage, they
are facing unique complexities across many reg-
ulatory bodies, new varieties of audit and con-
trols considerations and evolving risk frameworks.
There are also opportunities for custodians to add
new services, such as lending, staking and trading.
Per Deloitte’s 2020 Blockchain Survey, 94 per
cent of banking and capital markets executives
said that they believe that digital assets will be
at least somewhat important in the next three
years.This paper explores various considerations
for custodians of digital assets as explained from
the various leaders within Deloitte’s digital asset
practice.
Keywords: digital assets, custody and
cryptocurrency
A NEW ASSET CLASS, A NEW
ECOSYSTEM
For most of modern-day business, there
have been three primary asset classes: fiat
currencies, commodities and securities.
We are now witnessing the rapid prolifer-
ation of a new asset class — digital assets
— among all types of companies, includ-
ing mature-state enterprises. Digital assets
include cryptocurrencies used as a means
of exchange and to store value, tokens that
allow special features on decentralised plat-
forms, digitised securities that offer similar
rights — as traditional debt or equity, stable-
coins that provide for a digitised money-like
experience and even physical assets offered
in tokenised form.
Along with this new asset class, we have
witnessed a new ecosystem, spanning from
public and private blockchain protocols,
which facilitate the tracking and trading
of these assets to an investor base wanting
access to digital assets that may appreciate,
be lent or offer income in terms of rewards.
We see many new entrants that offer cus-
tody, trading and staking of these assets. As
the industry and the ecosystem evolve, the
regulators are watching and engaged.
This new asset class presents a unique
opportunity to enable or advance com-
mercial activities, particularly in financial
services. The role of the custodian of
digital assets is critical, being the anchor-
trusted service from which trading, lending
and staking can occur. As adoption rates
of digital assets increase among retail and
institutional investors, custodians should be
sensitive to not only the level of disruption
and complexity but also the opportunity.
COMPETITIVE ADVANTAGE
Custody strategy has always been anchored
in asset accumulation and subsequent servic-
ing of assets. Over the past ten years, the
total value of digital assets has not risen to a
level that warrants attention due to the low
total percentage of digital assets to tradi-
tional assets. Traditional assets under custody
at the top 15 custody banks globally exceeds
US$130tn.1
In comparison, the total value
of outstanding digital assets at time of
publication is approaching US$1tn, which
remains less than 1 per cent of assets held by
the top banks.
Given this low value, one could under-
stand why digital asset custody has not been
more of a focus. On closer examination, the
question is likely not answered by total asset
value in the market today but by considering
#
Financial Services Group,
DeloitteTax LLP
,
30 Rockefeller Plaza,
NewYork, NY 10112,
USA
Tel: +1 212-436-5370;
E-mail: kschulhof@deloitte.com
Ken Schulhof
5. The unique and complex considerations of digital asset custody
Page 154
other dimensions that include digital asset
growth and trajectory, customer base and
needs and disruptive impact to traditional
services for custody banks while creating
new opportunities for banking.
Digital asset growth and trajectory in
2020 are poised for an exponential knee
due to a confluence of factors,2
while the
growth of traditional assets under custody
at the top 15 banks has fallen in 2020.3
This
growth in digital assets is grounded in rising
stable pricing of cryptocurrency, increased
use of dollar-backed stablecoin, the antici-
pation of new assets in the form of central
bank digital currencies and a rising trend
towards tokenisation of current asset types,
such as commodities, real estate, equities
and options, among others.
The customer base and needs for this
new asset class are expected to bring new
participants into the market, expanding
retail engagement and attracting inflows
from institutions. The use of digital assets
is growing among retail investors, and this
year, we have seen corporates adding bitcoin
to their treasury assets. Digital assets could
change retail banking, enabling new prod-
ucts and services as retail investors use these
assets in lieu of cash deposits (affecting a
core banking business and blurring the lines
between cash management and custody),
for payment (affecting retail and wholesale
payments businesses, and pulling custody
services into a highly transactional busi-
ness) and as lending collateral (expanding
the role of custody services in collateralised
lending).
These trends are not happening in iso-
lation. Traditional custodians will likely
need to evolve their role in digital asset
custody as a revenue replacement strat-
egy for the negative growth in traditional
assets as well as differentiate on asset ser-
vicing innovation to enable a much more
dynamic use model. Banks will likely
need to expand their services to capture
digital assets held by existing customers,
offer new services related to digital assets
and secure a role in the digital asset value
chain as use and propositions mature.
Digital asset custody is far stickier than
holding fiat currency because of the care
required in transferring digital assets
(resulting in less movement than fiat
currency but much more liquidity than
traditional assets). It unexpectedly cre-
ates a complement between fiat currency
and lending services through digital asset
lending and staking services. Through
new lending services, banks are able to
create an integrated liquidity offering by
holding digital assets, lending against the
assets and providing working capital in
fiat deposit accounts. The complement of
banking services and digital asset services
stands to create a competitive advantage
by attracting new assets, securitising loans
at an attractive rate against those assets and
providing cash management services.
For custody banks, this changing
dynamic in the relationship between digital
assets and traditional banking services can
present new opportunities for synergy as
well as a way forward for industry transfor-
mation and renewed revenue growth. The
path to this future is defined by strategic
choices, often resulting in self-disruptive
action, but should garner attention now
given the current trends and evidence of
coming change.
CUSTODY OF DIGITAL ASSETS
CONSIDERATIONS
Custody is an activity of protecting some-
one or something. In banking, we generally
use this term to refer to custodian banks
who specialise in safeguarding financial
assets. With digital assets, custody generally
refers to safeguarding a private key, or access
to, a digital asset.
Options for digital asset custody are
evolving and expanding. In general, they
can be classified in three main categories
7. The unique and complex considerations of digital asset custody
Page 156
traditional custodial organisations and
banks. These organisations offer custody
models comparable to those offered by
digital exchanges.
REGULATORY CONSIDERATIONS
The existing regulatory frameworks gen-
erally did not contemplate this new asset
class, which is causing some challenges
when working with regulations that may
not be directly on point. Adding to the
complexity, new business models using
digital assets are evolving and changing
rapidly, attracting the attention of various
regulators who are interested and monitor-
ing such developments.
While regulators are engaged and
monitoring this ecosystem, there are juris-
dictional challenges as multiple regulators
regulate different aspects and may have
different views as to the nature and extent
of regulation of digital assets.
It is important for the industry to have
regulatory clarity in order to flourish. We
have seen new emerging companies test the
regulatory environment and challenge the
current norms. More established entities
may be less open to challenge regulatory
norms and may be waiting for the regu-
latory clarity before making a large-scale
move in this ecosystem.
It is important for entities entering this
ecosystem to have a comprehensive reg-
ulatory strategy and expertise in the
relevant jurisdictions in which they
operate. There is also an opportunity to
engage early and often with the regulators
on emerging business models and meth-
ods. An example is the establishment of
the Securities and Exchange Commission
(SEC) Strategic Hub for Innovation and
Financial Technology (FINHUB), which
was established to play an important role
in facilitating the SEC’s active engage-
ment with innovators, developers and
entrepreneurs, including by presenting
staff views and actions in the FinTech
space as well as by being a forum for
engaging with SEC staff.5
RISKS AND CONTROLS
Security and protection of digital
assets
A key risk related to custody of digital
assets undoubtedly lays with safeguarding
of private keys, whether from unauthorised
access, internally or externally, or loss.
In contrast to traditional assets, a loss of
private key or unauthorised access (and a
resulting transfer) means irrecoverable loss
of the digital assets. Despite the severity of
the risk, there are steps that can be taken
to decrease, if not fully mitigate, the risk.
These steps involve careful evaluation of
the custody model and design and imple-
mentation of a strong control environment.
Physical access
Physical access to cold storage devices or
paper records that are used to maintain
private keys should be restricted to autho-
rised personnel only, with periodic review
and timely amendment of the authorised
personnel listing. Logical access controls,
such as multifactor authentication, can
be supplemented with additional physical
controls, such as requirement for two-
person authentication/presence. In essence,
while the ultimate purpose is to safeguard
digital assets, the required control envi-
ronment is akin to that for safeguarding
of valuable physical assets. This is the
case not only for management of access
to cold storage but also for the informa-
tion technology infrastructure supporting
the management of private keys and other
relevant processes.
Key management
In an environment that requires active
digital asset management, there may be
8. Walker et al.
Page 157
several individuals who require access to
either private keys (self-custody) or user-
names and passwords (third-party custody)
to, for example, initiate cryptocurrency
transactions.
When third-party custody services are
used, subaccount infrastructure might be
available to allow segregated and appropri-
ately configured access for each individual.
If such infrastructure is not supported by
the third-party custodian or if digital assets
are self-custodied, consideration should be
given for internally developed systems. This
can enhance controls around access to the
username and password for the account at
the third-party custodian or private wallet
by adding an additional level of individ-
ual username/password requirements that
are maintained under existing policies and
allows to configure user access (or removal).
Use of white-listing of accounts, which
results in limited number of preauthorised
accounts with which account holder can
engage in transactions on the blockchain (eg
transfer of cryptocurrency from an account
on one digital exchange to another), is
another solution to enhance segregation
of duties and decrease risk of unauthorised
transfers even when access to private keys
might be compromised. White-listing of
accounts can be done (if supported) within
an account at the third-party custodian
or within internal software layer that sits
between the user and the account or at
both levels. With additional logical con-
trols around white-listing privileges, an
unauthorised user is restricted from being
able to enact on-chain transaction to an
account that is not preauthorised even if the
user has gained access to username/password
or private keys. Additional features, such as
hold periods and delayed changes to white-
listing, can further enhance security.
Segregation of duties
At all times, the holder of digital assets
should have an accurate record of digital
assets owned and should not be dependent
on such information from the third-party
custodian. This entails continuous roll for-
ward of digital asset positions for authorised
and confirmed transactions and periodic (as
frequent as possible) reconciliation of trans-
actions and positions against the records of
the third-party custodian. The reconcil-
iation process should be performed by an
individual that is appropriately segregated
from effecting transactions (eg from trad-
ing function) and it is integral that the data
retrieved from third-party custodian used
in the reconciliation process is not compro-
mised. Appropriate considerations should
also be given to the reliability of the retrieved
data, particularly when a less-established
third party is used for custody.
Bank Secrecy Act/Anti-Money
Laundering
While digital assets have some competitive
advantages as discussed earlier, their distinct
characteristics can create opportunities for
illicit activities, such as money laundering
(ML) and terrorist financing (TF). Inter-
pretive letter #11706
issued by the OCC on
22nd July, 2020, states that national banks
may provide cryptocurrency custody ser-
vices so long as they manage risks and
comply with applicable laws. From an anti-
money laundering (AML) perspective, as
with traditional products and services, cus-
todians are to determine the type and level
of risk they will assume when it comes to
the custody of digital assets. A risk assess-
ment should be performed to identify the
specific risks associated with this new busi-
ness model, assessing the ML/TF risks of
its customers, products/services (eg type
of coin), transactions and geographies (eg
jurisdiction of customer and jurisdiction
of exchange) that the custodian will be
exposed to. For institutions that are regu-
lated by the New York State Department of
Financial Services, certain coins have been
approved for custody and this list should be
9. The unique and complex considerations of digital asset custody
Page 158
referenced.7
Institutions should also have
adequate systems in place to identify, mea-
sure, monitor and control the risks of these
digital asset custody customers. The Finan-
cial Action Task Force recently published
a report8
highlighting red flags, which
indicate suspicious digital asset activity. As
digital assets are a new type of asset class,
policies and procedures should be updated
to reflect changes in handling digital assets.
In addition, formalised training should be
conducted for the appropriate personnel
so they can be familiar with the associated
risks and changes in policies and proce-
dures. Finally, independent testing shall
be conducted to assess the adequacy of
the Bank Secrecy Act (BSA)/AML pro-
gramme and the unique risks associated
with the custody of digital assets.
Know Your Customer
Certain know your customer (KYC) pro-
cesses should be conducted at on-boarding
and customer periodic refresh to build a
customer profile and better understand
the customer’s use of digital assets. Infor-
mation should be identified and verified to
understand the client’s profile (eg address,
legal name and expected activity), includ-
ing source of funds to identify digital asset
origination. For legal entity customers,
custodians should identify the Ultimate
Beneficial Owners of the account and take
into consideration this information as part
of on-boarding.9
Collecting this infor-
mation can help mitigate risk throughout
the customer life cycle management pro-
cess, which includes screening for negative
news, sanctions violations and monitoring
for suspicious activity. In addition, certain
customers, such as politically exposed per-
sons, can pose a risk and should be vetted
accordingly.
Ongoing monitoring
Ongoing monitoring of accounts should
take place regularly. Effective on-boarding,
transaction monitoring and screening
systems should be implemented for the
custodian to identify any potentially illicit
activities related to the use of these digital
assets. Real-time investigation via block-
chain screening and analysis tools should be
used to monitor digital asset movement.
Third-party assurance
When outsourcing digital asset custody
solutions to service providers, it is import-
ant to understand the controls and security
established by the service provider. This
can typically be communicated in the
form of third-party assurance reports,
such as Service and Organization Control
(SOC) reports. These reports can take the
form of SOC 1 reports (focuses the con-
trols at a service organisation relevant to
user entities’ internal control over financial
reporting) or SOC 2 reports (focuses on
controls at a service organisation relevant to
security, availability, processing integrity,
confidentiality and privacy). The availabil-
ity, relevance and reliability of these reports
helps users identify the risks and controls
associated with transactions processed by,
and/or assets held by, service providers.
AUDITABILITY
This new asset class presents interesting chal-
lenges as it relates to companies supporting
their books and records and auditors audit-
ing such records. Many of these challenges
could be due to the fundamental nature of
the blockchain technology used to trans-
act these assets. While there may be many
helpful aspects of blockchain technology to
audit, including the history of transactions
and consistency in application of the con-
sensus rules, the fundamental nature of the
blockchain changes the way we generally
think of audit evidence.
It is generally acknowledged that block-
chain technology is not designed to be
inherently self-auditing or test all of the
10. Walker et al.
Page 159
controls or logic in the system. So, while
blockchain technology does have logs of
transactions, the reliability of evidence
from this technology lies in the system
being set up correctly and operating as
intended, as well as the information report-
ing to the general ledger books and records
appropriately.
Blockchain may actually make the role of
an auditor even more challenging because
it forces us to assess the reliability of the
particular blockchain used in processing
the digital assets transactions, which can
be a challenging exercise particularly for
certain blockchains. Additionally, audi-
tors need to have appropriate skillsets to be
able to really understand the vulnerabilities
with a particular blockchain. Auditors will
assess if management has appropriate con-
trols in relevant areas to respond to risks
and they also need to determine substan-
tive audit responses to risks not traditionally
applicable.
It is also important for companies to
engage with their auditors early on in the
process to discuss the types of evidence
that may exist to respond to a financial
statement risk and the sufficiency of such
evidence. Oftentimes, the traditional
forms of evidence (eg physical evidence,
signed contracts and shipping records) will
not apply in this ecosystem. For example,
auditors may need to validate that a com-
pany continues to own a digital asset that
is held in cold storage and for which there
does not exist evidence of their current
control via movements or other physical
evidence. This may present challenges
with obtaining evidence of control of a
digital asset and auditors may need to con-
sider innovative procedures to gain such
evidence. We also see companies trans-
acting digital assets off-chain, which puts
pressure on management to maintain
appropriate controls to track and reconcile
those digital assets. Processes and controls
will likely be a big area of focus for audits
in the digital assets space given the critical
role of controls in transacting and safe-
guarding digital assets.
In cases where third parties are involved
in a transaction (eg custodians and
exchanges), use of these services may require
management to understand and potentially
rely on controls at the third party. As stated
earlier, it is important for management and
their auditors to understand if their SOC
reports are available for service organisa-
tions used and controls that management
has to evaluate whether information
obtained from service organisations is suf-
ficient for the purposes of their books and
records. In the event that an SOC report
is not available, management would eval-
uate alternative methods of evaluating the
reliability of the information they receive
from service organisations to the extent
relevant to their books and records.
Related issues of pressing concern often
include areas such as cybersecurity, global
digital identity, compliance with estab-
lished accounting, audit, internal control,
tax and financial reporting frameworks,
governance and the full implications of an
everincreasing environment.
As more companies start pursuing dig-
ital assets, starting with cryptocurrencies,
bitcoin and others, it is very important for
these companies to focus on internal con-
trols and their processes to protect their
books and records. Auditors with relevant
skillsets in this area could be invaluable
to help in designing quality internal
controls.
TAX
US taxation
Whether digital assets are held for invest-
ment, trading or dealing, the classification
of such assets either as money, foreign cur-
rency, commodities or some other form of
property will impact the tax consequences
of such transactions.
11. The unique and complex considerations of digital asset custody
Page 160
For the entity that owns the digital
asset as a beneficial owner, the nature of
the digital asset will dictate the timing of
when gains/losses are recognised for tax
purposes and whether such gains or losses
will be treated as ordinary or capital. For
example, whether the digital asset will be
subject to mark-to-market tax accounting
(MTM), will depend, in part, on whether
the digital asset meets the definition of the
term security or commodity under Inter-
nal Revenue Code (IRC) Section 475.
Whether the digital assets meet the defi-
nition of the term security or commodity
under IRC Section 475 can also impact
the treatment of gains/losses as ordinary
or capital. Taxpayers who do not use the
MTM accounting method should consider
tracking basis and activities by segregated
tranches or use a first-in, first-out approach
to determine gains and losses.
For investors that have different tranches
of digital assets with varied basis, they may
have the opportunity to track their basis and
specifically identify which digital asset they
choose to sell, thus influencing the amount
of gain or loss recognised for tax purposes.
This may require a level of segregation of
the assets and documentation to satisfy the
tax rules. Custodians should be aware of
the requests of customers to segregate dif-
ferent tranches of their digital assets, which
are otherwise fungible, into separate iden-
tifiable addresses that correlate to customer
accounts or subaccounts.
For an entity that holds the digital asset
as a custodian for the benefit of others, the
nature of the digital asset will be relevant
if the custodian facilitates an exchange that
may necessitate information reporting, or if
the custodian, as an intermediary, distrib-
utes staking income to its staking customers,
which may be subject to withholding and
reporting.
The revenue generated in trading, lend-
ing and staking results from technological as
well as human actions, which has interesting
implications when it comes to sourcing the
revenue for tax purposes. Further, the safe
harbours that have been established around
securities and commodities with regard to
income effectively connected with a US
trade or business may not be available for
digital assets. Careful study of these areas
and the facts specific to each business model
can be critically important.
So what is a digital asset for tax purposes?
The answer is not very simple and is contin-
ually evolving given the rapid development
of new digital assets. Internal Revenue Ser-
vice Notice 2014–2021 held that convertible
virtual currencies are treated as property
rather than money or foreign currency. The
IRC defines ‘security’ and ‘commodity’
in many ways depending on the particular
provision and sometimes references lev-
els of trading activity and approvals by the
Commodity Futures Trading Commission,
among other items. Taxpayers should be
aware that a digital asset may be referenced
as a certain type of property for securities
law or accounting purposes and yet some-
thing different for tax purposes.
Digital assets held by a custodian outside
the United States may require reporting by
US taxpayers. The location of the digital
asset may not be entirely clear, but taxpay-
ers may consider the primary jurisdiction
that directly interfaces with customers, or
the location that provides levels of care,
control or access of the assets. Custodi-
ans should be aware of these requirements
to avoid confusion as it pertains to com-
pliance efforts of their customers. Other
jurisdictions around the world have similar
informational reporting rules, which may
apply to digital assets.
Lastly, custodians that decide to engage
in cryptocurrency lending should carefully
structure the lending agreements to mit-
igate the risk that such transactions will
result in a taxable event, which may have
unintended consequences to both the bor-
rower and lender.
12. Walker et al.
Page 161
UK taxation
The United Kingdom has not intro-
duced specific tax rules that apply to
digital assets. Instead, existing tax laws are
applied based on the substance of activities
undertaken. Her Majesty’s Revenue and
Customs (HMRC) have published guid-
ance on how they intend to tax transactions
involving cryptoasset exchange tokens (ie
cryptocurrency).10
HMRC do not consider cryptocurrency
to be currency or money, and so tax provi-
sions that apply to money do not apply to
cryptocurrency. A high-level overview of
UK taxation as it applies to companies deal-
ing in digital assets is as follows.
Broadly, companies are within the
scope of UK corporation tax if they are
UK resident or if they have a UK perma-
nent establishment. The way in which tax
is applied depends on what the company is
doing. HMRC have published guidance for
businesses in which they comment on the
ways in which companies are most likely
to be taxable on returns from exchange
tokens, which includes cryptocurrencies,
such as bitcoin. These are as follows:
1. Trading income. This requires consider-
ation of factors referred to as the ‘badges
of trade’, which include degree and
frequency of activity, the level of organis-
ation and the intention behind the activ-
ities (taking account of both risk and
commercial intentions).
2. As returns from intangible fixed assets.
This may apply if the asset is both an
intangible asset for accounting purposes
and created or acquired by a company for
its own use on a continuing basis.
3. Where neither of the above-mentioned
apply, the exchange tokens are likely to
be treated as an investment,and so capital
gains rules would apply.
HMRC also comment that they do not con-
sider loans of cryptocurrency to be within
the scope of the loan relationship rules as
these rules only apply to loans of money.
The loan relationship rules may, however,
apply where cryptocurrency is used as col-
lateral for a monetary loan.
The rate of corporation tax is the same
regardless of which of the earlier ways
in which the returns from the exchange
tokens are taxed (19 per cent for the cur-
rent financial year started 1st April, 2020).
The methods of calculating the amount
subject to tax and ways in which losses
can be used can, however, vary depending
on the way in which returns are subject to
taxation.
CONCLUSIONS
Digital assets are an increasingly popu-
lar asset class among investors. Custodians
are expected to fit a key role as this space
matures with investors demanding a full
suite of offerings inclusive of trading, lend-
ing and staking. As discussed previously,
there are important considerations for cus-
todians of digital assets that vary from other
asset classes. It is important to provide careful
study of these requirements in operational-
ising custody as well as other services. One
should also monitor the changing business
trends, new types of assets and the regula-
tory environment, all of which continue to
shift and evolve real time.
DISCLAIMER
This communication contains general infor-
mation only, and none of Deloitte Touche
Tohmatsu Limited, its member firms, or their
related entities (collectively, the ‘Deloitte
Network’) is, by means of this communi-
cation, rendering professional advice or
services. Before making any decision or tak-
ing any action that may affect one’s finances
or business, one should consult a quali-
fied professional adviser. No entity in the
Deloitte Network shall be responsible for any