Background

On March 31, 2022, the US Securities and Exchange Commission (the "SEC") published Staff Accounting Bulletin No. 121 (the "Bulletin"), expressing the views of the staff in the Division of Corporation Finance and the Office of the Chief Accountant (the "Staff") regarding the accounting of, and associated disclosures relating to, an entity's obligation to safeguard crypto-assets an entity holds for platform users. This Legal Update focuses on three key questions in the Bulletin, namely:

1182538a.jpg

Finally, this Legal Update will summarize Commissioner Hester M. Peirce's response to the Bulletin and discuss some practical considerations for affected entities.

Who Is Affected?

The Bulletin applies to "entities that have obligations to safeguard crypto-assets held for their platform users" and that generally are, or are in the process of becoming, public reporting companies. The Bulletin defines a "crypto-asset" as "a digital asset that is issued and/or transferred using distributed ledger or blockchain technology using cryptographic techniques." While this definition includes established cryptocurrencies such as Bitcoin and Ethereum, other digital assets, including the proprietary tokens of a digital asset company, may be captured as well.

More specifically, the Bulletin applies to a company that holds custody of crypto-assets on behalf of its users, including a company that enables its customers to engage in crypto-asset transactions. The Bulletin identified a hypothetical company that the guidance would apply to ("Entity A") with the following characteristics:

  • "Entity A's business includes operating a platform that allows its users to transact in crypto-assets.
  • Entity A also provides a service where it will safeguard the platform users' crypto-assets, including maintaining the cryptographic key information necessary to access the crypto-assets.
  • Entity A also maintains internal recordkeeping of the amount of crypto-assets held for the benefit of each platform user.
  • Entity A secures these crypto-assets and protects them from loss or theft, and any failure to do so exposes Entity A to significant risks, including a risk of financial loss.
  • The platform users have the right to request that Entity A transact in the crypto-asset on the user's behalf (e.g., to sell the crypto-asset and provide the user with the fiat currency (cash) proceeds associated with the sale) or to transfer the crypto-asset to a digital wallet for which Entity A does not maintain the cryptographic key information. However, execution and settlement of transactions involving the platform users' cryptoassets may depend on actions taken by Entity A."

Notably, the SEC stated that references to Entity A would also include "any agent acting on its behalf in safeguarding the platform users' crypto-assets." Companies that use third-party custody providers would thus also be included in the Bulletin's scope.

What Do Affected Entities Need to Do?

ACCOUNT FOR SAFEGUARDING OBLIGATIONS AS LIABILITIES ON BALANCE SHEET.

The Staff explains that the ability of an entity's platform users to obtain benefits from crypto-assets is largely dependent on the entity's actions to safeguard those assets. Those actions, together with technological and legal uncertainties regarding crypto-asset transactions, create significant loss exposure for affected entities. Thus, the Staff believes that an affected entity should account for its safeguarding obligations as a liability on the entity's balance sheet, while simultaneously recognizing an asset related to the liability. This "safeguarding liability" and asset should be measured at the fair value of the related crypto-assets at both initial recognition and at each reporting date but are distinct from the crypto-asset itself, which is not an asset of the custodian.

DISCLOSE THE RISKS AND UNCERTAINTIES ASSOCIATED WITH SAFEGUARDING CRYPTO-ASSETS.

The Staff believes that affected entities should disclose the significant risks and uncertainties related to safeguarding crypto-assets, including the risks of loss associated with maintaining cryptographic key information, in both (a) the notes to the entity's financial statements and (b) outside of the financial statements.

(a) Disclosure in Financial Statements

The Bulletin provides that the notes to an affected entity's financial statements should include:

  • Clear disclosure of the nature and amount of crypto-assets that the entity (or its agents) is responsible for safeguarding;
  • Separate disclosures for each significant crypto-asset;
  • Any vulnerabilities of the entity (or its agents) caused by concentration in such activities;
  • Disclosures regarding fair value measurements; and
  • A description of the accounting for the safeguarding liabilities and corresponding assets.

In addition, the Staff would like affected entities to consider additional disclosure about which party (e.g., the company, its agent or another third party) holds the cryptographic key information, maintains the internal recordkeeping for the crypto-assets and is obligated to secure and protect the assets from loss or theft.

(b) Disclosure Outside Financial Statements

The Bulletin reminds affected entities that existing SEC rules and regulations may also require disclosure outside of an entity's financial statements, including in the business, risk factors and management's discussion and analysis of financial condition and results of operation (MD&A) sections of an entity's SEC filings. To the extent that it would be material to an affected entity, such disclosure could include:

  • The risk of user discontinuation or reduction of use of services, litigation, reputational harm or regulatory enforcement
  • An analysis of the legal ownership of the crypto-assets held for platform users, including whether such assets would be available to satisfy creditor claims in the event of the entity's bankruptcy
  • The potential effect that loss, theft or other unavailability of cryptographic key information could have on the entity's business, financial condition or results of operation

The Staff would also like affected entities to consider additional disclosure, if material, regarding the entity's risk-mitigation steps related to its safeguarding of crypto-assets (such as insurance coverage).

When Does This Guidance Apply?

The final section of the Bulletin addresses how and when the guidance should be applied. Affected entities that file reports under Section 13(a) or Section 15(d) of the Securities Exchange Act of 1934 or pursuant to Rule 257(b) of Regulation A should comply no later than the publication of financial statements covering the first interim or annual period ending after June 15, 2022, with retrospective application as of the beginning of the fiscal year to which such period relates.

All other affected entities should comply beginning with their next submission or filing with the SEC, with retrospective application, at a minimum, as of the beginning of the most recent annual period ending before June 15, 2022, provided that the submission or filing also includes a subsequent interim period reflecting application of the guidance. If the submission or filing does not include such subsequent interim period, the entity should apply the guidance retrospectively to the beginning of the two most recent annual periods ending before June 15, 2022.

In the financial statements reflecting the initial application of the Bulletin, all entities should include clear disclosure and report the effect of such initial application in the carrying amounts of assets and liabilities as of the beginning of the annual period specified.

Commissioner Peirce's Response

In her response to the Bulletin, Commissioner Peirce characterized the guidance as indicative of the SEC's "scattershot and inefficient approach to crypto," identifying four points of criticism.1 First, Commissioner Peirce questioned the timeliness of the Bulletin, stating that the risks relating to custody of crypto-assets are not new, having been identified in public reports since 2018, and that the SEC staff has reviewed financial statements of affected entities since at least fall 2020. Second, Commissioner Peirce stated that the Bulletin does not acknowledge that the SEC's lack of regulatory guidance helped create the legal and regulatory risks cited in the Bulletin as justifying the accounting treatment. Third, Commissioner Peirce asserted that enacting this change through a staff accounting bulletin may not be appropriate. The Bulletin is "unique" among other staff accounting bulletins, including because it provides detailed guidance for disclosure outside of an entity's financial statements and reads as if it were enforceable. Finally, Commissioner Peirce encouraged the SEC to adopt "a more deliberate approach to changing rules," identifying more preferable alternatives such as noticeand-comment rulemaking, standard setting through the Financial Accounting Standards Board or engaging affected entities through the Division of Corporation Finance's filing review program in consultation with the Office of Chief Accountant.

Practical Considerations

While the Bulletin does not provide any comprehensive, industry-wide regulatory framework, it presents the latest in SEC statements regarding the crypto-asset industry. Entities operating in this industry should, thus, consider the SEC's evolving regulatory approach and how further regulations may affect their business and operations. Given the scope of the Bulletin, entities that, for example, maintain a crypto-asset "wallet" on behalf of their customers, maintain a digital asset exchange where customers can trade crypto-assets held by the exchange or provide crypto-asset mining services that hold mined crypto-assets on behalf of their customers should consider whether this guidance applies to their financial statements and other SEC disclosures.

Furthermore, in preparing their financial statements and SEC reports, affected entities should consider the time periods for compliance as stated in the Bulletin and may wish to review their existing accounting policies well in advance of the respective deadlines for compliance, seek external accounting advice and begin drafting additional disclosure that may be included in upcoming filings.

See the full text of the Bulletin on the SEC's website.

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2020. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.