FROM AN ACCOUNTING AND AUDITING PERSPECTIVE
Since inception, cryptocurrencies have been described as everything from the future of money to elaborate Ponzi schemes. Regardless of the diverse opinions, it is undeniable that cryptocurrencies are the “in” thing right now, and it is crucial for us to understand them in order to account for and audit them in this digital age.
WHAT IS CRYPTOCURRENCY?
Cryptocurrency is a virtual currency that is not linked to any currency backed by any government, central bank or legal entity, and does not have any underlying asset or commodity. Transactions rely on a key technology called blockchain technology (see AUDIT RISKS AND CONSIDERATIONS section).
TIMELINE OF KEY EVENTS
The birth of Bitcoin in 2009 sparked the development of cryptocurrencies in the decade that followed, and here are some of the notable milestones:
The first Bitcoin transaction occurs when Satoshi Nakamoto, the supposed creator of Bitcoin, sends computer programmer Hal Finney 10 Bitcoins.
A Bitcoin user pays 10,000 Bitcoins (worth roughly US$41 at the time) for two large pizzas, attaching a monetary value to cryptocurrency for the first time. At the current transaction price of Bitcoins (approximately US$6,500 per Bitcoin), these are currently the most expensive pizzas in history
Bitcoin is reportedly used on Silk Road, an online black market known as a platform for selling illegal drugs. Cryptocurrencies gain notoriety from their association with illicit activities.
Bitcoin experiences its first big bubble, surpassing US$1,200 on one exchange. Meanwhile, various countries attempt to work out the best approach towards cryptocurrencies – at the extreme end, China bans financial companies from Bitcoin transactions, while Vancouver, Canada launches the first Bitcoin ATM.
Tokyo-based Mt Gox, the largest Bitcoin trading exchange at the time, files for bankruptcy after losing US$470 million in a hack. Bitcoins continue to grow in popularity, with big companies such as Microsoft and Expedia accepting Bitcoin payments.
New cryptocurrencies emerge including Ethereum, which is slated to be Bitcoin’s main rival. San Francisco-headquartered digital currency exchange Coinbase raises US$75 million in a funding round, the largest amount for a Bitcoin company.
The DAO, a stateless venture capital fund on the Ethereum blockchain, raises $150 million in crowdfunding, only to be hacked a month after its launch with a third of its assets siphoned off.
Initial Coin Offerings (ICOs) and token sales take off at sky-high amounts. On December 17, the price of one Bitcoin reached a record high of US$19,783. Countries continue to diverge in their approaches towards cryptocurrencies – both China and South Korea ban ICOs, while Japan legalises Bitcoin as a payment method.
On local shores, the Monetary Authority of Singapore (MAS) does not regulate cryptocurrencies but monitors the activities surrounding them that may require regulatory response as a financial regulator, such as fundraising through Initial Coin Offerings.
To date, it is estimated that there are more than 1,500 different cryptocurrencies in circulation. The meteoric growth of cryptocurrencies is problematic for accountants and auditors, with existing accounting and auditing frameworks seemingly insufficient to deal with them. In this article, we explore some of the challenges faced.
AN ACCOUNTING PREDICAMENT
As there are no specific financial reporting standards on cryptocurrencies, the accountant can draw guidance from existing standards with a scope that includes items with similar characteristics as cryptocurrencies. We consider whether it is plausible for an entity reporting under Financial Reporting Standards in Singapore (FRSs)1 to account for the holdings of cryptocurrencies under the following FRSs:
As cash and cash equivalents in accordance with FRS 7: Statement of Cash Flows
FRS 7.6 states that cash comprises cash on hand and demand deposits, and defines cash equivalents as short-term, highly-liquid investments that are readily convertible to known amounts of cash and which are subject to an insignificant risk of change in value.
Although fiat currencies are accounted for as cash as suggested by FRS 32: Financial Instruments: Presentation AG3, cryptocurrencies are not entirely comparable to traditional fiat currencies due to their relatively limited acceptance and usage commercially as a currency of exchange. They also may not meet the definition of cash equivalents as price volatilities may result in significant risk of changes in value and consequently, entities may not hold them for purposes of meeting short-term cash commitments.
As a financial asset in accordance with FRS 39: Financial Instruments: Recognition and Measurement
If cryptocurrencies are not cash, depending on the facts and circumstances, another possible approach may be to account for them as financial assets at fair value through profit or loss (P&L). However, cryptocurrencies do not meet the relevant definition of a financial asset under FRS 32.11(c), as it does not give the holder any contractual right to receive cash or another financial asset.
As an intangible asset in accordance with FRS 38: Intangible Assets
FRS 38.8 defines an intangible asset as an identifiable non-monetary asset without physical substance. Cryptocurrencies appear to meet this definition as they can be traded or transferred individually (identifiable), are neither money held nor assets to be received in fixed or determinable amounts of money (non-monetary) and are in virtual form (without physical substance)2.
Cryptocurrencies that fall within the scope of FRS 38 can be accounted for using the cost or revaluation method.
Since cryptocurrencies may be considered to have an indefinite useful life in the context of FRS 38, such cryptocurrencies accounted for under the cost method would be subjected to annual impairment assessment as required by FRS 36: Impairment of Assets, with impairment charges recorded in P&L.
The revaluation method can be used only if there is an active market in which the cryptocurrency is traded. An active market is defined in Appendix A of FRS 113: Fair Value Measurement as a market in which transactions for the asset or liability take place with sufficient frequency and volume to provide pricing information on an ongoing basis.
Under the revaluation method, increases in fair value are recorded in other comprehensive income (OCI), while decreases are taken to P&L. However, to the extent that an increase in fair value reverses a previous decrease in fair value that has been recorded in P&L, that gain is recycled to P&L. Similarly, a decrease in fair value that reverses a previous increase is recorded in OCI.
Until standard-setters provide further clarity on the appropriate accounting treatment for cryptocurrencies, more rigorous disclosures may be necessary to alert users.
Disclosure in financial statements
Given the complexities surrounding cryptocurrencies, entities with material amounts of cryptocurrencies should consider additional disclosures to enhance the understanding of users, which may include but are not limited to:
- Description of the characteristics of the cryptocurrency, the purpose of holding it and how doing so fits into the entity’s business model;
- Considering the price volatility, it may be informative to disclose historical prices of the cryptocurrency and price changes after financial year end, and
- How technology risks surrounding the cryptocurrency (such as cybersecurity risks) are mitigated.
AUDIT RISKS AND CONSIDERATIONS
Like accountants, auditors also have to grapple with the uncertainties surrounding cryptocurrencies. Before we delve into the auditing concerns, it is essential to understand how the technology behind cryptocurrencies work.
A digital wallet is an application that stores cryptocurrency. It contains a public and private key – the former being the digital address of the wallet and the latter being the password/digital signature used to access the wallet and authenticate transactions. A blockchain, in its simplest form, is a distributed ledger which contains the relevant details for every transaction that has ever been processed.
Figure 1 is a simplified pictorial flow of how cryptocurrency is transferred between digital wallets through the blockchain.
Figure 1 How cryptocurrency is transferred between digital wallets through blockchain
Existence/Rights & obligations, and completeness of transactions
While cryptocurrency protocols are designed such that they can be used anonymously in principle, most businesses providing related custodian, trading or wallet storage services require proof of identification to comply with anti-money laundering/counter-terrorism financing regulations. As such, we would expect entities holding cryptocurrencies with legitimate service providers to be identifiable, but auditors need to verify that.
For cryptocurrencies held by custodians or exchanges, the auditor can request a confirmation in accordance with SSA 505: External Confirmations, similar to that of a bank confirmation when auditing cash balances held at banks. However, the auditor has to assess the reliability of the response and in the event of non-responses, perform alternative procedures to obtain relevant and reliable audit evidence. For cryptocurrencies that are stored in a digital wallet, ownership of the private key to access the cryptocurrency is critical and the auditor will have to verify this aspect.
A critical concern relating to cryptocurrencies is cybersecurity risk surrounding private keys. When private keys are lost (example, due to system failure, a private key that is stored in a computer is inadvertently erased), the related cryptocurrency can no longer be accessible to anyone in the cryptocurrency network and will effectively be out of circulation. Another risk is the private keys being stolen by hackers and the genuine holders of the cryptocurrency lose their right to the digital currency. As such, audit processes should incorporate an understanding of the cyber environment as part of risk assessment, with considerations such as whether the entity has effective IT backup and restoration procedures, and IT security processes in place to mitigate risks of external attacks. In addition, the auditor has to consider if there are adequate controls in place to safeguard and prevent unauthorised access to the private keys to prevent misappropriation of the cryptocurrency.
For cryptocurrencies held by custodians or exchanges where private keys are safeguarded by these external parties, auditors may need to consider the custodian or exchange’s IT controls under SSA 402: Audit Considerations Relating to an Entity Using a Service Organisation.
To verify the occurrence and completeness of cryptocurrency transactions, a logical approach would be to rely on the blockchain, since it stores information on all the transactions that have been processed since day one. A stumbling block is that the cryptocurrency blockchain itself is not audited. While proponents of blockchain argue that it provides irrefutable history and integrity, can we trust the blockchain simply based on the technology behind it? Or does the blockchain need to be audited?
Arising from the IT complexities surrounding cryptocurrencies, the engagement partner should also consider if team members possess the relevant IT knowledge to perform the audit engagement in accordance with professional standards and if there is a need to engage IT experts in accordance with SSA 620: Using the Work of an Auditor’s Expert.
What price is right?
Although the intuitive approach to the fair value of a cryptocurrency (assuming that it is actively traded) would be the trading price on an exchange, varying prices across exchanges is an issue. For instance, take the prices of Bitcoin from the top 10 exchanges (in terms of volume) as of 6.33am, Singapore time, on 10 September 2018, where the difference between the highest and lowest price was about 11% (Figure 2).
Figure 2 Bitcoin prices from 10 top exchanges (by volume)
As prices can be volatile and driven by speculation instead of economic factors, fair value measurement is a key audit risk area. When auditing fair value, the auditor should consider if the accounting policy has incorporated data from different sources of exchanges to address such price differences.
For cryptocurrencies that are not actively traded, fair value measurement may not be so straightforward. As much as possible, an entity should maximise the use of relevant observable inputs, such as prices of buy or sell offers on peer-to-peer exchanges, which are more reliable.
Currently, we are seeing global efforts working towards unified cryptocurrency regulations, such as the G20 calling for international standard-setting bodies to assess multilateral responses during their meeting in March this year. While we await more clarity from standard-setters, we will have to work within the boundaries of the existing standards in the meantime to find the most appropriate approach so as to ensure that the financial statements for companies with cryptocurrency holdings are as reliable and relevant as possible.
Wang Zhumei is Manager, Audit Quality & Standards Development, ISCA.
1 Entities can also consider alternative financial reporting frameworks such as Singapore Financial Reporting Standards (International) (SFRS(I)s).
2 Notwithstanding this, broker-traders who trade cryptocurrencies as commodities should consider FRS 2: Inventories, paragraph 3(b), which states that commodity broker-traders should measure their inventories at fair value through P&L.