Just as an earthquake reveals structural problems in buildings, so the news of the Bitfinex probe has laid bare two fundamental weaknesses in crypto infrastructure as a whole. While one is fairly public and much talked about, the other is more surprising and stems from trends developing far beyond the emergence of a new asset class.
Some background if you haven’t been following the news: Last week the New York Attorney General announced an initial probe into (among other things) a cover-up to hide the loss of $850 million of comingled client and corporate funds. Hong Kong-based Bitfinex is one of the sector’s leading cryptocurrency exchanges in terms of overall trading volume, and shares ownership structure with US$-backed tether, which accounts for over 90 percent of the global stablecoin market. Apparently, its payment processor Crypto Capital “lost” $850 million of Bitfinex funds some time in 2018; to cover the shortfall and meet user withdrawals, Bitfinex drew on Tether funds without disclosing the arrangement.
Obviously, many market participants run above-board operations and are continually working to improve their compliance with shifting regulations. But for large swathes of the sector, that is economically, strategically or perhaps even philosophically out of the question.
And even though the sector’s troubles may seem offshore, both literally and figuratively, the fallout has broad implications. For while stronger buildings can withstand tremors, the collateral damage from the collapse of weak structures erected during a growth-fueled rapid build-up can impact both public perception and policy, with lasting consequences.
These consequences are generally constructive, however, as people learn what to look out for, building codes become more rigorous and fault lines are worked around.
In the crypto sector, these fault lines are: 1) the lack of high-level banking services; and, 2) the somewhat overlooked lack of auditing standards.
Lack of banking
While some exchanges have managed to open and keep accounts at large and reputable banks, all will confirm that it was not easy and that it cannot be taken for granted – accounts can be closed at a moment’s notice.
Many have not been able to progress that far, either for jurisdictional issues, concerns over procedures or even the slightest whiff of potential proceeds from money laundering.
Smaller financial operations have emerged to fill the gap, but they tend to lack correspondent networks, payment processing and the reassurance of large balance sheets. Some, as we have seen, even lack any sort of oversight.
Bitfinex has had a long history of banking troubles, which on several occasions has fuelled rumors of insolvency as users struggled to withdraw funds. A report last year indicated that it had procured the services of European bank ING, but it is as yet unclear why, if that relationship was still ongoing, it would need to use the services of an offshore payment processor such as Crypto Capital.
What’s more, the lack of reliable banking enhances the demand for a solution like tether, which enables clients and exchanges to transfer value without the need for payment processors. Better banking will reduce the dependence on stablecoins with unverified backing.
The issue is starting to attract the attention of regulators who realise that investors are more likely to suffer where there is no strong banking support. Last week France announced a possible solution: bank accounts in exchange for regulation. Hopefully this initiative will spread to other jurisdictions, as confidence in cash flows will benefit not only potential users and investors but also the entrepreneurs and developers working to push adoption forward.
Lack of auditing standards
Tether has also had its share of troubles, stemming largely from lack of confidence in the amount of fiat currency allegedly backing the stablecoin. While Bitfinex often assured the public that tethers were fully backed by US dollars, it now turns out those assurances were misleading.
Amid repeated calls for an audit of Tether’s reserves, the company’s relationship with one auditor dissolved in early 2018. A letter produced by the Bahamas-based bank Deltec, which confirmed existence of a funded account, was met with scorn and skepticism.
Why is getting an audit so complicated?
Part of the problem is vocabulary. We say “audit” when we mean “attestation,” and they are not the same thing at all.
An “attestation” can confirm an assertion (such as “there is x amount in this bank account”) at a specific point in time.
But an audited confirmation would require much more detail, such as is this account used to back said stablecoin? Who has access? How are issuance and redemptions handled? Does the company comply with KYC/AML regulations? An “audit” is technically an assurance that a statement is presented according to established standards. These do not yet cover reserve backing of stablecoins.
Even when auditors have “confirmed” stablecoin backing, such as Grant Thornton did for Circle earlier this year, it has been in the form of an attestation. Stablecoin issuer TrueUSD has gone a step further, partnering with a San Francisco-based accounting firm to offer real-time confirmation of reserves, or a “continuous attest.”
Attestations do not give the comfort of audits, though. They are snapshots, not deep dives of due diligence. And while we may soon see standards evolve that encourage official validation of stablecoin processes, for now, auditors seem to be playing it safe.
Why, when there is obviously an increasingly urgent need for the service?
Part of the answer can be seen in another piece of news from last week: crypto custodian BitGo was granted the SOC 2 Type 2 certification, which confirms that it passed a security audit performed by an external monitor. This was performed by one of the Big Four auditing companies (Deloitte, KPMG, PwC and EY) – but BitGo didn’t want to say which one.
It’s possible that the auditor in question wanted to keep a low profile. While all Big Four firms have considerable blockchain teams, one thing is understanding and helping to build applications for a technology – resting your reputation on a public statement, especially when the processes and risks to be validated are notoriously complex, is another thing altogether.
Especially these days, when the accounting profession as a whole is coming under increased scrutiny for quality and trust issues. The role of accountants in the crash of 2008 is still a bone of contention, and the emergence of conflicts of interest has prompted European regulators to call for a break-up of the Big Four. It is understandable that – with some exceptions – they are reluctant to be publicly associated with assets that regulators have not yet fully embraced.
A new skyline
But the Bitfinex mess highlights the need for greater quality control. The sector’s lack of authoritative support from reputable accounting firms can potentially do as much damage as the lack of high-level banking, in that it undermines confidence which in turn will slow down adoption and investment.
The efforts of BitGo and others in getting certifications, and those of the firms supporting them, is appreciated. The sector needs more examples of rigor and compliance if it is to attract the attention of large institutions.
Yet it also needs public support from banks and auditors, not just quiet contracts. It needs more reputable names to be willing to acknowledge relationships. This will boost the confidence of investors – both retail and institutional – in demanding demonstrations of operational quality, which will in turn make the sector more resilient to quakes like the Bitfinex news, and to the aftershocks as more revelations come to light.
As weak structures tumble, more solid edifices will emerge out of the rubble. And around them will spring new ecosystems and networks that encourage more discovery and development, supported by institutions that have already stood the test of time.