The unique and complex considerations of digital asset custody

1. Journal of Securities Operations & Custody Volume 13 Number 2 Page 150 The unique and complex considerations of digital asset custody Received (in revised form): 10th December, 2020 Richard Walker* Principal, Deloitte Consulting USA Rob Massey** Global Tax Leader of Blockchain and Digital Assets, Partner Deloitte Tax USA Amy Steele*** Partner at National Office, Deloitte & Touche, USA Tyler Welmans† UK Blockchain Practice Lead, Deloitte, UK Michelle Robinson‡ Director of Tax Policy Group, Deloitte, UK Elana Mourtil§ Managing Director, Northeast Financial Tax Practice of Deloitte Tax USA Michael Marzelli§§ Audit and Assurance Partner, Deloitte & Touche USA Linards Strauss|| Managing Director, Deloitte & Touche USA Pamela Calaquian¶ Senior Manager, Deloitte Transactions Business Analytics, USA Ken Schulhof# Partner at Financial Services Group, Deloitte Tax USA Richard Walker is a consulting principal at Deloitte. He has been a financial services consulting principal for over 20 years and brings deep industry experience and a background in technology strategy and business transformation. He has served in practice and strategic leadership roles, has international experience leading the financial services technology consulting practice for EMEA based in London, and is currently head of blockchain solutions for financial services. During his career, he has worked with financial services executive teams across the globe for some of the largest and most innovative financial services companies. He has been delivering solutions in the blockchain space since 2015, starting with an Ethereum- based bank rewards solutions and is leading the expansion of emerging technologies and blockchain solutions to simultaneously transform processes, adopt digital assets and create new growth models. Rob Massey is a Partner and Deloitte’s Global Tax leader of Blockchain and Digital Assets. He has over 20 years of professional experience in tax consulting for technology companies. Since 2013, he has focused on blockchain, digital assets, cryptocurrency and tokenisation. He serves companies throughout the blockchain ecosysteminclusiveofminers,stakingproviders, payment processing, wallet hosting, exchanges, Journal of Securities Operations & Custody Vol.13,No.2,pp.150–162 Henry Stewart Publications, 1753-1802 *Deloitte Consulting LLP , 30 Rockefeller Plaza, NY, NY 10112, USA Tel: +1 212-618-4075; E-mail: richardwalker@deloitte.com **Blockchain and Digital Assets, Partner, DeloitteTax LLP , 555 Mission Street, San Francisco, CA 94105, USA Tel: +1 415-783-6386; E-mail: rmassey@deloitte.com ***National Office, Deloitte & Touche, 695 East Main Street, Stamford, CT 06901, USA Tel: +1 203-423-4518; E-mail: asteele@deloitte.com RichardWalker Rob Massey Amy Steele

2. Walker et al. Page 151 exchange-traded funds (ETFs), hedge funds, tokenisation and protocol development. Rob leads Deloitte’s blockchain efforts in tax for the global firm. His blockchain expertise includes analysis of the tax considerations of blockchain-enabled transactions; assisting internal and external development teams in the evaluation of blockchain applications across various industries and the analysis of the tax impacts of tokenisation and token launches as developed across various business models and industries. Rob’s expertise in digital assets includes tax analysis of revenue recognition across various models, design and implementation of international structures, analysis and implementation of accounting methods associated with basis tracking and capitalisation policies, application of indirect tax to digital assets, reporting requirements related to use of cryptocurrency and tokens as compensation and analysis of financial instruments based on digital assets. Rob also interfaces with the Internal Revenue Service in seeking guidance through private letter rulings on the earlier topics. Amy Steele is a partner in the National Office of Deloitte & Touche LLP and serves as the Global and US Audit and Assurance methodology leader for blockchain and digital assets. She leads Deloitte’s audit initiatives related to emerging technology and expanded assurance services. Amy plays a key role in developing and implementing strategies to enhance quality across the global Deloitte network. In addition, she leads audits in the technology industry, including the software and blockchain sectors. Amy co-chairs the AICPA’s Digital Assets Working Group and serves on the Center for Audit Quality’s Emerging Technologies and Cybersecurity task forces. She also is a member of the AICPA’s Assurance Services Executive Committee (ASEC) and the ASEC’s Strategic Direction Working Group. Previously, Amy served as associate chief accountant in the SEC’s Office of the Chief Accountant where she supported the office in its role as the principal adviser to the commissioners on profession-wide auditing matters and oversight of the Public Company Account Oversight Board. Tyler Welmans is the UK Blockchain Practice lead for Deloitte. Tyler set up Deloitte’s UK blockchain and digital asset practice in 2015 and continues to lead a specialist team of analysts and engineers applying distributed ledger technology to bring new, innovative and disruptive technology solutions to market across all industries. Michelle Robinson is a director in Deloitte UK’s Tax Policy Group, leads Deloitte’s private client tax policy team and is the tax policy subject matter adviser on digital assets. A chartered tax adviser with over 15 years’ experience, Michelle specialises in both domestic and international private client taxation, including the income tax, capital gains tax and inheritance tax position of individuals and trusts. She has a keen interest in digital assets and her work has included analysing how the UK’s taxation system should be applied across different types of digital assets and how individuals and businesses are taxable on ‘exchange tokens’ such as cryptocurrency. Michelle has been an active contributor throughout the series of roundtable meetings on digital assets hosted by Her Majesty’s Revenue and Customs (HMRC), which have focused on the application of the UK’s taxation system to digital assets. Michelle is a member of the Chartered Institute of Taxation’s (CIOT’s) UK and International Private Client Committees and is also a member of the Institute of Chartered Accountants of England and Wales’ (ICAEW) Tax Faculty (private client sub-committee). Elana Mourtil is a managing director in the Northeast Financial Tax Practice of Deloitte Tax LLP and a member of Deloitte’s Banking and Capital Markets and Blockchain/ Crypto industry groups. Elana has 33 years † Deloitte, 2 New Street Square, London EC4A3BZ, UK Tel: +44 20 7303 5653; E-mail: twelmans@deloitte.co.uk ‡ Tax Policy Group, Deloitte UK, 2 New Street Square, London EC4A3BZ, UK Tel: +44 20 7007 3695; E-mail: michellerobinson@ deloitte.co.uk § Northeast FinancialTax Practice of DeloitteTax LLP, 30 Rockefeller Plaza, NewYork, NY 10112, USA Tel: +1 212-436-2260; E-mail: EMourtil@deloitte.com TylerWelmans Michelle Robinson Elana Mourtil

3. The unique and complex considerations of digital asset custody Page 152 of experience providing tax consulting and compliances services to some of the largest international financial institutions operating within the United States. Her tax experience encompasses assistance and advice with respect to tax planning strategies, tax return compliance and tax examinations with a focus on taxation of financial products and more recently on digital assets. Michael Marzelli is an Audit and Assurance partner focusing on financial services and a leader of Deloitte’s Blockchain and Digital Asset audit practice. He has over 16 years’ experience serving a wide range of clients from emerging growth companies to large multinational organisations in New York, Hong Kong and San Francisco in both an audit and advisory capacity. Michael has experience serving clients in the securities, banking, FinTech and digital asset space, focusing on audit and assurance methodologies, tools and technology. He helps clients manage the complexities faced by companies engaging in the blockchain and digital asset space, from start-ups to mature enterprises, and focuses on bringing the right advice and counsel to clients when building and scaling blockchain and digital asset-based businesses. Linards Strauss is a managing director in Deloitte’s audit practice with 14 years of experience serving the investment management industry. He has served leading investment management firms in the public and private fund space and trading firms with allocations across the spectrum of asset classes, including dedicated digital assets strategies. In addition to client service, Linards serves as the leader for the investment management industry in Deloitte’s National Office Audit & Assurance Services group where he is the subject matter expert for the industry and provides consultations on matters such as identifying and addressing audit risks related to safeguarding, transferring and trading of digital assets. Pamela Calaquian is an advisory senior manager at Deloitte. She specialises in anti- money laundering (AML) and has 21 years of experience in the financial services industry within the retail, wholesale and investment banking lines of business. Her expertise is integrating various financial data; building data warehouses, data marts and other central repositories to help the lines of business assess risk, identifying issues and making informed decisions. Her area of specialisation is assisting institutions in enhancing their AML and Office of Foreign Assets and Control (OFAC) programmes, conducting AML and OFAC risk assessments, performing AML independent testing and developing customer risk rating models. Pamela, with her analytics background, focuses on understanding current processes and integrating various customer, account and transaction data to assess risk and identify opportunities for improvement in the AML/OFAC programme. Pamela has worked with several cryptocurrency exchanges and performed Bank Secrecy Act (BSA)/ AML and OFAC programme assessments, model validation and independent testing engagements. She advises clients in developing their Know Your Customer (KYC) on-boarding process and tailor to support her client’s acceptance of virtual asset service providers (VASPs). She is currently assisting the internal audit group of a FinTech company in assessing the risk and controls as it develops and implements a new digital wallet. Pamela is a blockchain fellow and is the digital asset subject matter specialist for the AML practice. Pamela is a certified AML specialist. Ken Schulhof is a partner in the financial services group at Deloitte Tax LLP. Ken has 20 years of experience providing tax compliance and consulting services to some of the largest international financial institutions operating within the United States. His tax experience encompasses assistance and advice with respect to tax planning strategies, tax return compliance, tax examinations, income tax Michael Marzelli Linards Strauss Pamela Calaquian §§ Deloitte &Touche LLP, 555 Mission Street, San Francisco, CA 94105, USA Tel: +1 212-313-1543; E-mail: Mmarzelli@deloitte.com | | Deloitte &Touche LLP, 111 S.Wacker Drive, Chicago, IL 60606, USA Tel: +1 312-486-4532; E-mail: listrauss@deloitte.com ¶ Deloitte Financial Advisory Services LLP , 500 College Road East, Princeton NJ 08540, USA Tel: +1 917-656-4873; E-mail: pcalaquian@deloitte.com

4. Walker et al. Page 153 provisions and tax technology solutions. Ken serves as the Deloitte Tax FinTech leader and assists many blockchain/digital asset clients with their unique tax issues including tax structuring, credits and incentives, international tax, state and local tax and information reporting. Ken also serves as the US–Israel member firm combination leader for tax. In this role, Ken assists clients operating in both the Unites States and Israel with the cross-border tax implications and tax strategies. Abstract Digital assets as an asset class has matured with increasing rates of adoption among retail and institutional investors.As custodians engage, they are facing unique complexities across many regulatory bodies, new varieties of audit and controls considerations and evolving risk frameworks. There are also opportunities for custodians to add new services, such as lending, staking and trading. Per Deloitte’s 2020 Blockchain Survey, 94 per cent of banking and capital markets executives said that they believe that digital assets will be at least somewhat important in the next three years.This paper explores various considerations for custodians of digital assets as explained from the various leaders within Deloitte’s digital asset practice. Keywords: digital assets, custody and cryptocurrency A NEW ASSET CLASS, A NEW ECOSYSTEM For most of modern-day business, there have been three primary asset classes: fiat currencies, commodities and securities. We are now witnessing the rapid prolifer- ation of a new asset class — digital assets — among all types of companies, including mature-state enterprises. Digital assets include cryptocurrencies used as a means of exchange and to store value, tokens that allow special features on decentralised plat- forms, digitised securities that offer similar rights — as traditional debt or equity, stablecoins that provide for a digitised money-like experience and even physical assets offered in tokenised form. Along with this new asset class, we have witnessed a new ecosystem, spanning from public and private blockchain protocols, which facilitate the tracking and trading of these assets to an investor base wanting access to digital assets that may appreciate, be lent or offer income in terms of rewards. We see many new entrants that offer custody, trading and staking of these assets. As the industry and the ecosystem evolve, the regulators are watching and engaged. This new asset class presents a unique opportunity to enable or advance commercial activities, particularly in financial services. The role of the custodian of digital assets is critical, being the anchor- trusted service from which trading, lending and staking can occur. As adoption rates of digital assets increase among retail and institutional investors, custodians should be sensitive to not only the level of disruption and complexity but also the opportunity. COMPETITIVE ADVANTAGE Custody strategy has always been anchored in asset accumulation and subsequent servicing of assets. Over the past ten years, the total value of digital assets has not risen to a level that warrants attention due to the low total percentage of digital assets to traditional assets. Traditional assets under custody at the top 15 custody banks globally exceeds US$130tn.1 In comparison, the total value of outstanding digital assets at time of publication is approaching US$1tn, which remains less than 1 per cent of assets held by the top banks. Given this low value, one could understand why digital asset custody has not been more of a focus. On closer examination, the question is likely not answered by total asset value in the market today but by considering # Financial Services Group, DeloitteTax LLP , 30 Rockefeller Plaza, NewYork, NY 10112, USA Tel: +1 212-436-5370; E-mail: kschulhof@deloitte.com Ken Schulhof

5. The unique and complex considerations of digital asset custody Page 154 other dimensions that include digital asset growth and trajectory, customer base and needs and disruptive impact to traditional services for custody banks while creating new opportunities for banking. Digital asset growth and trajectory in 2020 are poised for an exponential knee due to a confluence of factors,2 while the growth of traditional assets under custody at the top 15 banks has fallen in 2020.3 This growth in digital assets is grounded in rising stable pricing of cryptocurrency, increased use of dollar-backed stablecoin, the antici- pation of new assets in the form of central bank digital currencies and a rising trend towards tokenisation of current asset types, such as commodities, real estate, equities and options, among others. The customer base and needs for this new asset class are expected to bring new participants into the market, expanding retail engagement and attracting inflows from institutions. The use of digital assets is growing among retail investors, and this year, we have seen corporates adding bitcoin to their treasury assets. Digital assets could change retail banking, enabling new products and services as retail investors use these assets in lieu of cash deposits (affecting a core banking business and blurring the lines between cash management and custody), for payment (affecting retail and wholesale payments businesses, and pulling custody services into a highly transactional business) and as lending collateral (expanding the role of custody services in collateralised lending). These trends are not happening in iso- lation. Traditional custodians will likely need to evolve their role in digital asset custody as a revenue replacement strategy for the negative growth in traditional assets as well as differentiate on asset servicing innovation to enable a much more dynamic use model. Banks will likely need to expand their services to capture digital assets held by existing customers, offer new services related to digital assets and secure a role in the digital asset value chain as use and propositions mature. Digital asset custody is far stickier than holding fiat currency because of the care required in transferring digital assets (resulting in less movement than fiat currency but much more liquidity than traditional assets). It unexpectedly cre- ates a complement between fiat currency and lending services through digital asset lending and staking services. Through new lending services, banks are able to create an integrated liquidity offering by holding digital assets, lending against the assets and providing working capital in fiat deposit accounts. The complement of banking services and digital asset services stands to create a competitive advantage by attracting new assets, securitising loans at an attractive rate against those assets and providing cash management services. For custody banks, this changing dynamic in the relationship between digital assets and traditional banking services can present new opportunities for synergy as well as a way forward for industry transformation and renewed revenue growth. The path to this future is defined by strategic choices, often resulting in self-disruptive action, but should garner attention now given the current trends and evidence of coming change. CUSTODY OF DIGITAL ASSETS CONSIDERATIONS Custody is an activity of protecting some- one or something. In banking, we generally use this term to refer to custodian banks who specialise in safeguarding financial assets. With digital assets, custody generally refers to safeguarding a private key, or access to, a digital asset. Options for digital asset custody are evolving and expanding. In general, they can be classified in three main categories

6. Walker et al. Page 155 — self-custody; custody at a trading venue, such as digital exchange; and custody at a traditional custodial organisation or bank – see Figure 1. Self-custody. Self-custody takes the form of safekeeping private keys in a hot wallet or cold storage or using a combination of the two. In a hot wallet, the private keys are maintained in an online environment, while with cold storage, the private keys are stored in a secure location either on a device not connected to the internet or on paper.4 Custody at a digital exchange. Cus- tody at a digital exchange typically results in transfer of the possession of the digital assets to the exchange, which man- ages its own private keys in hot and cold storage. In return, a customer’s account is credited for the transferred digital assets (eg cryptocurrency). Most commonly, digital exchanges employ an omnibus model that results in comingling of customer assets across several private keys. Under this model, segregation takes place only within the digital exchange’s ledger rather than on the blockchain itself. The exchange, however, may also offer fully segregated custody, which includes segregation using unique customer addresses on the blockchain. Custody at a traditional custodial organisation or bank. While still evolving and expanding after a recent Inter- pretive Letter issued by the Office of the Comptroller of the Currency (OCC), digital asset custody is also offered by Copyright © 2021 Deloitte Development LLC. All rights reserved. FSI Blockchain and Digital Asset Ecosystem Enablers Miners Node operators Validators Digital Assets Custodian (Bank) Infrastructure Services: Custody, Financial products, dealing, trading, lending, staking Consumers Corporates (Treasury) Asset Managers (funds, family offices, individuals, etc.) Investors (equity holders, founders, VC, PE) Exchanges (e.g., dealing, trading, lending) Staking as a Service Public Protocols (Ethereum, Bitcoin, EOS) Sub-custodians Innovators (protocol launch, applications, equity raise, token sales) Cryptocurrency Equity token Utility token Asset-Backed token Stablecoins CBDC DeFi Envisioned Services:, Asset Servicing, payment rails, Equity / Token raise Figure 1 Ecosystem overview Notes: CBDC, central bank digital currency; PE, private equity; VC, venture capital.

7. The unique and complex considerations of digital asset custody Page 156 traditional custodial organisations and banks. These organisations offer custody models comparable to those offered by digital exchanges. REGULATORY CONSIDERATIONS The existing regulatory frameworks generally did not contemplate this new asset class, which is causing some challenges when working with regulations that may not be directly on point. Adding to the complexity, new business models using digital assets are evolving and changing rapidly, attracting the attention of various regulators who are interested and monitoring such developments. While regulators are engaged and monitoring this ecosystem, there are juris- dictional challenges as multiple regulators regulate different aspects and may have different views as to the nature and extent of regulation of digital assets. It is important for the industry to have regulatory clarity in order to flourish. We have seen new emerging companies test the regulatory environment and challenge the current norms. More established entities may be less open to challenge regulatory norms and may be waiting for the regulatory clarity before making a large-scale move in this ecosystem. It is important for entities entering this ecosystem to have a comprehensive regulatory strategy and expertise in the relevant jurisdictions in which they operate. There is also an opportunity to engage early and often with the regulators on emerging business models and methods. An example is the establishment of the Securities and Exchange Commission (SEC) Strategic Hub for Innovation and Financial Technology (FINHUB), which was established to play an important role in facilitating the SEC’s active engagement with innovators, developers and entrepreneurs, including by presenting staff views and actions in the FinTech space as well as by being a forum for engaging with SEC staff.5 RISKS AND CONTROLS Security and protection of digital assets A key risk related to custody of digital assets undoubtedly lays with safeguarding of private keys, whether from unauthorised access, internally or externally, or loss. In contrast to traditional assets, a loss of private key or unauthorised access (and a resulting transfer) means irrecoverable loss of the digital assets. Despite the severity of the risk, there are steps that can be taken to decrease, if not fully mitigate, the risk. These steps involve careful evaluation of the custody model and design and implementation of a strong control environment. Physical access Physical access to cold storage devices or paper records that are used to maintain private keys should be restricted to authorised personnel only, with periodic review and timely amendment of the authorised personnel listing. Logical access controls, such as multifactor authentication, can be supplemented with additional physical controls, such as requirement for two- person authentication/presence. In essence, while the ultimate purpose is to safeguard digital assets, the required control environment is akin to that for safeguarding of valuable physical assets. This is the case not only for management of access to cold storage but also for the information technology infrastructure supporting the management of private keys and other relevant processes. Key management In an environment that requires active digital asset management, there may be

8. Walker et al. Page 157 several individuals who require access to either private keys (self-custody) or user- names and passwords (third-party custody) to, for example, initiate cryptocurrency transactions. When third-party custody services are used, subaccount infrastructure might be available to allow segregated and appropriately configured access for each individual. If such infrastructure is not supported by the third-party custodian or if digital assets are self-custodied, consideration should be given for internally developed systems. This can enhance controls around access to the username and password for the account at the third-party custodian or private wallet by adding an additional level of individual username/password requirements that are maintained under existing policies and allows to configure user access (or removal). Use of white-listing of accounts, which results in limited number of preauthorised accounts with which account holder can engage in transactions on the blockchain (eg transfer of cryptocurrency from an account on one digital exchange to another), is another solution to enhance segregation of duties and decrease risk of unauthorised transfers even when access to private keys might be compromised. White-listing of accounts can be done (if supported) within an account at the third-party custodian or within internal software layer that sits between the user and the account or at both levels. With additional logical controls around white-listing privileges, an unauthorised user is restricted from being able to enact on-chain transaction to an account that is not preauthorised even if the user has gained access to username/password or private keys. Additional features, such as hold periods and delayed changes to white- listing, can further enhance security. Segregation of duties At all times, the holder of digital assets should have an accurate record of digital assets owned and should not be dependent on such information from the third-party custodian. This entails continuous roll forward of digital asset positions for authorised and confirmed transactions and periodic (as frequent as possible) reconciliation of transactions and positions against the records of the third-party custodian. The reconciliation process should be performed by an individual that is appropriately segregated from effecting transactions (eg from trading function) and it is integral that the data retrieved from third-party custodian used in the reconciliation process is not compromised. Appropriate considerations should also be given to the reliability of the retrieved data, particularly when a less-established third party is used for custody. Bank Secrecy Act/Anti-Money Laundering While digital assets have some competitive advantages as discussed earlier, their distinct characteristics can create opportunities for illicit activities, such as money laundering (ML) and terrorist financing (TF). Inter- pretive letter #11706 issued by the OCC on 22nd July, 2020, states that national banks may provide cryptocurrency custody services so long as they manage risks and comply with applicable laws. From an anti- money laundering (AML) perspective, as with traditional products and services, custodians are to determine the type and level of risk they will assume when it comes to the custody of digital assets. A risk assess- ment should be performed to identify the specific risks associated with this new business model, assessing the ML/TF risks of its customers, products/services (eg type of coin), transactions and geographies (eg jurisdiction of customer and jurisdiction of exchange) that the custodian will be exposed to. For institutions that are regu- lated by the New York State Department of Financial Services, certain coins have been approved for custody and this list should be

9. The unique and complex considerations of digital asset custody Page 158 referenced.7 Institutions should also have adequate systems in place to identify, mea- sure, monitor and control the risks of these digital asset custody customers. The Finan- cial Action Task Force recently published a report8 highlighting red flags, which indicate suspicious digital asset activity. As digital assets are a new type of asset class, policies and procedures should be updated to reflect changes in handling digital assets. In addition, formalised training should be conducted for the appropriate personnel so they can be familiar with the associated risks and changes in policies and procedures. Finally, independent testing shall be conducted to assess the adequacy of the Bank Secrecy Act (BSA)/AML programme and the unique risks associated with the custody of digital assets. Know Your Customer Certain know your customer (KYC) processes should be conducted at on-boarding and customer periodic refresh to build a customer profile and better understand the customer’s use of digital assets. Infor- mation should be identified and verified to understand the client’s profile (eg address, legal name and expected activity), including source of funds to identify digital asset origination. For legal entity customers, custodians should identify the Ultimate Beneficial Owners of the account and take into consideration this information as part of on-boarding.9 Collecting this information can help mitigate risk throughout the customer life cycle management process, which includes screening for negative news, sanctions violations and monitoring for suspicious activity. In addition, certain customers, such as politically exposed per- sons, can pose a risk and should be vetted accordingly. Ongoing monitoring Ongoing monitoring of accounts should take place regularly. Effective on-boarding, transaction monitoring and screening systems should be implemented for the custodian to identify any potentially illicit activities related to the use of these digital assets. Real-time investigation via blockchain screening and analysis tools should be used to monitor digital asset movement. Third-party assurance When outsourcing digital asset custody solutions to service providers, it is important to understand the controls and security established by the service provider. This can typically be communicated in the form of third-party assurance reports, such as Service and Organization Control (SOC) reports. These reports can take the form of SOC 1 reports (focuses the controls at a service organisation relevant to user entities’ internal control over financial reporting) or SOC 2 reports (focuses on controls at a service organisation relevant to security, availability, processing integrity, confidentiality and privacy). The availability, relevance and reliability of these reports helps users identify the risks and controls associated with transactions processed by, and/or assets held by, service providers. AUDITABILITY This new asset class presents interesting challenges as it relates to companies supporting their books and records and auditors auditing such records. Many of these challenges could be due to the fundamental nature of the blockchain technology used to trans- act these assets. While there may be many helpful aspects of blockchain technology to audit, including the history of transactions and consistency in application of the con- sensus rules, the fundamental nature of the blockchain changes the way we generally think of audit evidence. It is generally acknowledged that blockchain technology is not designed to be inherently self-auditing or test all of the

10. Walker et al. Page 159 controls or logic in the system. So, while blockchain technology does have logs of transactions, the reliability of evidence from this technology lies in the system being set up correctly and operating as intended, as well as the information reporting to the general ledger books and records appropriately. Blockchain may actually make the role of an auditor even more challenging because it forces us to assess the reliability of the particular blockchain used in processing the digital assets transactions, which can be a challenging exercise particularly for certain blockchains. Additionally, auditors need to have appropriate skillsets to be able to really understand the vulnerabilities with a particular blockchain. Auditors will assess if management has appropriate controls in relevant areas to respond to risks and they also need to determine substan- tive audit responses to risks not traditionally applicable. It is also important for companies to engage with their auditors early on in the process to discuss the types of evidence that may exist to respond to a financial statement risk and the sufficiency of such evidence. Oftentimes, the traditional forms of evidence (eg physical evidence, signed contracts and shipping records) will not apply in this ecosystem. For example, auditors may need to validate that a company continues to own a digital asset that is held in cold storage and for which there does not exist evidence of their current control via movements or other physical evidence. This may present challenges with obtaining evidence of control of a digital asset and auditors may need to consider innovative procedures to gain such evidence. We also see companies transacting digital assets off-chain, which puts pressure on management to maintain appropriate controls to track and reconcile those digital assets. Processes and controls will likely be a big area of focus for audits in the digital assets space given the critical role of controls in transacting and safeguarding digital assets. In cases where third parties are involved in a transaction (eg custodians and exchanges), use of these services may require management to understand and potentially rely on controls at the third party. As stated earlier, it is important for management and their auditors to understand if their SOC reports are available for service organisations used and controls that management has to evaluate whether information obtained from service organisations is suf- ficient for the purposes of their books and records. In the event that an SOC report is not available, management would evaluate alternative methods of evaluating the reliability of the information they receive from service organisations to the extent relevant to their books and records. Related issues of pressing concern often include areas such as cybersecurity, global digital identity, compliance with established accounting, audit, internal control, tax and financial reporting frameworks, governance and the full implications of an everincreasing environment. As more companies start pursuing digital assets, starting with cryptocurrencies, bitcoin and others, it is very important for these companies to focus on internal controls and their processes to protect their books and records. Auditors with relevant skillsets in this area could be invaluable to help in designing quality internal controls. TAX US taxation Whether digital assets are held for investment, trading or dealing, the classification of such assets either as money, foreign currency, commodities or some other form of property will impact the tax consequences of such transactions.

11. The unique and complex considerations of digital asset custody Page 160 For the entity that owns the digital asset as a beneficial owner, the nature of the digital asset will dictate the timing of when gains/losses are recognised for tax purposes and whether such gains or losses will be treated as ordinary or capital. For example, whether the digital asset will be subject to mark-to-market tax accounting (MTM), will depend, in part, on whether the digital asset meets the definition of the term security or commodity under Inter- nal Revenue Code (IRC) Section 475. Whether the digital assets meet the definition of the term security or commodity under IRC Section 475 can also impact the treatment of gains/losses as ordinary or capital. Taxpayers who do not use the MTM accounting method should consider tracking basis and activities by segregated tranches or use a first-in, first-out approach to determine gains and losses. For investors that have different tranches of digital assets with varied basis, they may have the opportunity to track their basis and specifically identify which digital asset they choose to sell, thus influencing the amount of gain or loss recognised for tax purposes. This may require a level of segregation of the assets and documentation to satisfy the tax rules. Custodians should be aware of the requests of customers to segregate different tranches of their digital assets, which are otherwise fungible, into separate iden- tifiable addresses that correlate to customer accounts or subaccounts. For an entity that holds the digital asset as a custodian for the benefit of others, the nature of the digital asset will be relevant if the custodian facilitates an exchange that may necessitate information reporting, or if the custodian, as an intermediary, distrib- utes staking income to its staking customers, which may be subject to withholding and reporting. The revenue generated in trading, lending and staking results from technological as well as human actions, which has interesting implications when it comes to sourcing the revenue for tax purposes. Further, the safe harbours that have been established around securities and commodities with regard to income effectively connected with a US trade or business may not be available for digital assets. Careful study of these areas and the facts specific to each business model can be critically important. So what is a digital asset for tax purposes? The answer is not very simple and is contin- ually evolving given the rapid development of new digital assets. Internal Revenue Ser- vice Notice 2014–2021 held that convertible virtual currencies are treated as property rather than money or foreign currency. The IRC defines ‘security’ and ‘commodity’ in many ways depending on the particular provision and sometimes references levels of trading activity and approvals by the Commodity Futures Trading Commission, among other items. Taxpayers should be aware that a digital asset may be referenced as a certain type of property for securities law or accounting purposes and yet something different for tax purposes. Digital assets held by a custodian outside the United States may require reporting by US taxpayers. The location of the digital asset may not be entirely clear, but taxpayers may consider the primary jurisdiction that directly interfaces with customers, or the location that provides levels of care, control or access of the assets. Custodi- ans should be aware of these requirements to avoid confusion as it pertains to compliance efforts of their customers. Other jurisdictions around the world have similar informational reporting rules, which may apply to digital assets. Lastly, custodians that decide to engage in cryptocurrency lending should carefully structure the lending agreements to mitigate the risk that such transactions will result in a taxable event, which may have unintended consequences to both the bor- rower and lender.

12. Walker et al. Page 161 UK taxation The United Kingdom has not intro- duced specific tax rules that apply to digital assets. Instead, existing tax laws are applied based on the substance of activities undertaken. Her Majesty’s Revenue and Customs (HMRC) have published guidance on how they intend to tax transactions involving cryptoasset exchange tokens (ie cryptocurrency).10 HMRC do not consider cryptocurrency to be currency or money, and so tax provisions that apply to money do not apply to cryptocurrency. A high-level overview of UK taxation as it applies to companies dealing in digital assets is as follows. Broadly, companies are within the scope of UK corporation tax if they are UK resident or if they have a UK perma- nent establishment. The way in which tax is applied depends on what the company is doing. HMRC have published guidance for businesses in which they comment on the ways in which companies are most likely to be taxable on returns from exchange tokens, which includes cryptocurrencies, such as bitcoin. These are as follows: 1. Trading income. This requires consideration of factors referred to as the ‘badges of trade’, which include degree and frequency of activity, the level of organisation and the intention behind the activities (taking account of both risk and commercial intentions). 2. As returns from intangible fixed assets. This may apply if the asset is both an intangible asset for accounting purposes and created or acquired by a company for its own use on a continuing basis. 3. Where neither of the above-mentioned apply, the exchange tokens are likely to be treated as an investment,and so capital gains rules would apply. HMRC also comment that they do not consider loans of cryptocurrency to be within the scope of the loan relationship rules as these rules only apply to loans of money. The loan relationship rules may, however, apply where cryptocurrency is used as collateral for a monetary loan. The rate of corporation tax is the same regardless of which of the earlier ways in which the returns from the exchange tokens are taxed (19 per cent for the current financial year started 1st April, 2020). The methods of calculating the amount subject to tax and ways in which losses can be used can, however, vary depending on the way in which returns are subject to taxation. CONCLUSIONS Digital assets are an increasingly popu- lar asset class among investors. Custodians are expected to fit a key role as this space matures with investors demanding a full suite of offerings inclusive of trading, lending and staking. As discussed previously, there are important considerations for custodians of digital assets that vary from other asset classes. It is important to provide careful study of these requirements in operational- ising custody as well as other services. One should also monitor the changing business trends, new types of assets and the regulatory environment, all of which continue to shift and evolve real time. DISCLAIMER This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the ‘Deloitte Network’) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect one’s finances or business, one should consult a quali- fied professional adviser. No entity in the Deloitte Network shall be responsible for any

13. The unique and complex considerations of digital asset custody Page 162 loss whatsoever sustained by any person who relies on this communication. © 2020 Deloitte Development LLC, 2021 References (1) Institutional Investor,‘The world’s largest custodians’ [Internet], available at: https://www.institutionalinvestor.com/ research/6565/The-World-s-Largest- Custodians#:~:text=1%20spot%20in%20 Institutional%20Investor’s,%2424.31%20 trillion%20the%20previous%20year (accessed 7th December, 2020). (2) Rathi, K. and Boggiano, K. (2020, June 8) ‘A tipping point for digital assets’, Traders Magazine [Internet], available at: https:// www.tradersmagazine.com/am/a-tipping- point-for-digital-assets/ (accessed 7th December, 2020). (3) Institutional Investor, ref. 1 above. (4) Bhutoria, R. (2020, January 21) ‘The omnibus model for custody’, Fidelity Digital Assets [Internet], available at: https://www.fidelitydigitalassets.com/ articles/the-omnibus-model-for-custody; https://gemini.com/custody# (accessed 7th December, 2020). (5) US Securities and Exchange Commission, ‘Strategic hub for innovation and financial technology’ [Internet], available at: https:// www.sec.gov/finhub (accessed 7th December, 2020). (6) Office of the Comptroller of the Currency. (2020, July 22) ‘Interpretive Letter #1170’ [Internet], available at: https://www.occ.gov/topics/charters- and-licensing/interpretations-and- actions/2020/int1170.pdf (accessed 7th December, 2020). (7) NewYork State Department of Financial Services,‘Virtual currency businesses’ [Internet], available at: https://www. dfs.ny.gov/apps_and_licensing/virtual_ currency_businesses/virtual_currencies (accessed 7th December, 2020). (8) FATF (2020) ‘Money laundering and terrorist financing red flag indicators associated with virtual assets’, FATF, Paris, France, available at: www.fatf-gafi. org/publications/fatfrecommendations/ documents/Virtual-Assets-Red-Flag- Indicators.html (accessed 7th December, 2020). (9) USTreasury Financial Crimes Enforcement Network [Internet],‘Information on complying with the Customer Due Diligence (CDD) Final Rule’, available at: https://www.fincen.gov/resources/statutes- and-regulations/cdd-final-rule (accessed 7th December, 2020). (10) ‘HM revenue and customs’ [Internet], Policy paper. Cryptoassets: tax for businesses. Updated 20th December, 2019, available at: https://www. gov.uk/government/publications/ tax-on-cryptoassets/cryptoassets-tax-for- businesses (accessed 7th December, 2020).

The unique and complex considerations of digital asset custody

Estás leyendo una previsualización.

Eche un vistazo a continuación

The unique and complex considerations of digital asset custody

Más Contenido Relacionado

Presentaciones para usted (6)

Similares a The unique and complex considerations of digital asset custody (20)

Más de Deloitte United States (20)

Más reciente (20)