Introduction
First Industrial Revolution cultivated mechanization and changed the way we produce goods. The Second Revolution used electric power to create mass production. The third revolution leveraged electronics and information technology to automate production. Building on the Third, the Fourth Industrial Revolution (4IR) brings the cyber-physical systems and digitization of everything (Seow, 2018). Blockchain is one area that is extensively being explored for the digitization of everything. Satoshi Nakamoto developed the revolutionary idea of the Bitcoin in 2008 which is based on blockchain technology (BCT). The core idea of BCT is the decentralization of the database among network users and the consensus of the nodes on the network to approve adding any new block. Supporters of the BCT list inherent limitation in the current centralized financial system including the possibility of hacking personal data stored with financial institutions, billions of unbanked populations are excluded from the global economy and remittance fees to transfer cross-countries reach to 10-20% (Seow, 2018). This article discusses the concepts of the blockchain technology and the crypto-assets including the crypto-currencies and Crypto- securities. More specifically, the article discusses the blockchain technology, the crypto-currencies, the security token offering and initial coin offering as controversial means of finance, the regulatory environments surrounding the blockchain financial products, the International Financial Reporting Standards “IFRS” point of view on accounting and reporting of various topics in the crypto-assets and finally the external auditor challenges in auditing such type of assets.
What is the Blockchain and the Distributed Ledger Technologies?
Blockchain is simply a chain of blocks, each block contains three things, the data, the hash of the current block, and the hash of the previous block. The data in the block depends on the type of the blockchain. For instance, a Bitcoin block contains the sender and the receiver encrypted identifiers. The hash on the other hand is a value generated from a string of text using a mathematical function. Changing something inside the block changes the hash. Adding a new block to the chain requires consensus of the participating nodes (users) which is achieved either by the proof-of-work or the proof-of-stake (discussed later in this section) (Tania, 2018).
Distributed ledger technology (DLT) is a database that is distributed among all participating nodes on the network where each node has an identical copy of the ledger. The underlying assumption is that all nodes on the network are not implicitly trusted and they need a mechanism by which all users on the network can reach a consensus on the status of the ledger (GSMA, 2018). Each participating node has a copy of all the blocks. That is why it is called a distributed ledger versus the centralized ledger. For example, the centralized ledger maintained by a bank maintains all data related to customers and their banking transactions (Tania, 2018).
The consensus is achieved by either the proof-of-work or the proof-of-stake. Proof-of work mechanism means that “the nodes all try to solve the mathematical problem, but it is the first node to solve the problem that gets compensated, (and other users use the solution provided by the first node to verify the problem has been correctly solved), while in the proof-of-stake, the user with the largest stake is nominated to confirm the transaction” (GSMA, 2018: p. 5). Those nodes that try to solve the mathematical problem are called the minors who are those with proper computing power and try to solve a cryptographic puzzle to create a new block on the blockchain (Grant Thornton, 2018). This mechanism is difficult to fraud because one with the intent to perpetrate fraud through, adding a new block, adjusting existing block, or changing the data in the blocks will have to hack the computer of every blockchain participant and slip in the invalid block. However, even if this is possible, none of the nudes would verify the block. (Tania, 2018).
The consensus process is also affected by the type of network. According to Elasrag (2019), BCT has three types: The public type, the private type, and the hybrid. The public type is when the network is open to all users and anybody on the network can download the code and participate in the consensus process and everybody on the network can see and audit a transaction on the public block. No central entities are involved and the identity of the users is anonymous (This is the type used in the Bitcoin currency). The private type (called permissioned) is when a central organization controls the consensus process and the number of nodes participating in the network. The last type is the Hybrid (Federated), It operates under the control of a specific group of organizations that are allowed to perform the role of full nodes. As opposed to the public blockchain, the structure does not give access to all persons to participate in the process of verifying transactions. The consensus process is controlled by a preselected set of nodes in which the protocol defines the minimum number required to sign every block in order for the block to be valid.
The use of blockchain technology (BCT) has evolved since Nakamoto in terms of use-cases including the use of BCT in creating financial securities such as the Security Token Offering (STO) and the Initial Coin Offering (ICO), the utilization of the blockchain technology to build business models competing with well-known online e-commerce business such as ArcadeCity (versus Ober) and OpenBazaar (versus Amazon), the role of the BCT in the development of the Web 3.0, insurance claim processing, Internet-of-Things (IoT), Blockchain governments (see Rosic (2018) and Hileman and Rauchs, (2017) for other use-cases).
What are the Crypto-Currencies?
Crypto-currencies include many digital currencies including among others, Bitcoin, Ripple (XRP), Litecoin, and Ether. The common feature of these currencies is that they are based on the blockchain technology. Nevertheless, they have differences. For instance, Ether is based on a decentralized platform that runs smart contracts which are protocols that enforce or negotiate contracts through code, while Bitcoin design is limited to specific logic (peer-to-peer electronic cash system) (Ernst and Young, 2018). This section answers the question about the characteristics of the crypto-currencies by discussing the fiat money and contrasting it to the crypto-currency. Fiat money is the currency units that we deal with every day such as U.S. dollars, the Japanese Yen, or the United Arab Emirates dirham. These currencies have physical substance, deposited in banks, and transferred between banking accounts. The supply of these currencies is controlled by central banks (the Fed in the case of the U.S. dollars). The transfer of funds is monitored and the identities of the transferrer and the beneficiary are maintained within the banking system. The central bank in each country runs the monetary policy wherein the supply of funds into the monetary system is controlled in order to control the macroeconomic variables such as inflation. The fiat currencies are guaranteed by the issuing governments. On the other hand, crypto-currency is generally defined by (Nashirah et al., 2017: p. 20) as “a digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, operating independently of a central bank ……work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency”. Crypto-currencies differ from fiat money in that: First, the identity of the users is anonymous (in the case of public blockchain supporting Bitcoin for instance). Second, digital money is not supported by central banks, rather it is supported by the consensus of all the users on the network who are participating in the crypto-currency transactions and by the strength of the chain link between the blocks of the transactions that are protected by the cryptographic technology. Third, the ledger of all transactions in the crypto-currencies is distributed among the participating network nodes.
Crypto-currencies are traded on crypto-currency exchanges. There are 314 exchanges worldwide. The biggest three exchanges in terms of market capitalization are Binance, Huobi Global and Coinbase Pro.
What are the STO and ICO?
STO stands for Security Token Offering while ICO stands for Initial Coin Offering. These two definitions are used interchangeably since there is no universal generally-accepted definition of what constitutes an STO and an ICO.
Crypto-assets are divided into three archetypes, the payment or exchange token, the security token, and the utility token. All of the tokens share the same feature of being crypto-assets based on the BCT. The payment token is similar to the crypto-currency discussed earlier and used for payment, while the security token is a sort-of investment token that provides the holder, among others, with a share of the underlying asset, right to dividends or right to vote. Utility token on the other hand provides the holder with access to functions provided directly by the token issuer (Deloitte, 2019., Ante and Fiedler, 2019 and PwC, 2019).
STO and ICO have similarities and differences from the IPO. On one hand, the IPO (initial public offering) is the way by which organizations offer debt or equity securities to the public under the rules of the local or foreign security exchange markets. This type of offering is served by intermediaries such as the investment bankers and brokers and is approved by the exchange authorities before publication. The price is determined based on the fundamentals of the issuers and the underlying asset. Some issues might not be eligible for all investors, only those with minimum wealth are allowed in order to protect light capital investors. The prospectus is the document that is used by the issuers to convey to the public the details of the offer and what type of ownership as well as the price and return and risks involved. Once sold to the public, the securities (stocks or bonds for instance) are then publicly traded on the exchange markets and the records of those transactions including the price, the volume, and seller and buyer are stored and controlled by the markets. On the other hand, the STO and ICO offering is digitalized and the technology used to facilitate the offering is the BCT. In general, the issuer prepares a business-case published through a white-paper (similar to the prospectus) which identifies the use case, the capital needed, and defines the selling price (BDO, 2019). The amounts are settled in crypto-currency or fiat money. The security given to the investors is digital and is used by the investor to either utilize the services offered by the business (ICO) or to evidence a share of ownership in the underlying business or asset (STO).
STO and ICOs are traded on blockchain exchanges. For instance, Global Blockchain Exchange (GBX) is a company registered under Gibraltar laws that list token issued by companies specialized in the blockchain-based security token investments.
ICO offering provides an opportunity for businesses of small and medium-size to obtain financing that is not available to them through traditional IPO. This is due to the fact that ICO does not undergo the same regulatory procedures and does not have the same rules imposed by security exchange markets during the IPO process (OECD, 2019). ICO issuers have legal and regulatory risk due to unclear regulations, risk of fraud, risk of hacking (refer to the DAO case in the regulatory perspective section), the volatility of token prices due to speculation, inadequate Ant—Money laundering and know your customer procedures, data privacy issues and operational risk related for instance to solving coding errors (OECD, 2019). The ICO is not suitable for all businesses because these blockchain-based tokens do not grant any right of ownership or dividends. On the other hand, STO is blockchain tokens that grant these rights to the investor (Ante and Fiedler, 2019).
Although ICO/STO are efficient tools to raise finance for enterprises that would otherwise find it difficult to raise such funding, the investment in these securities is not risk-free. Entities as well as individuals would need to understand the pros and cons of the investment in order to avoid taking an uncalculated risk.
What is the regulatory stance for crypto-assets?
There are certain countries that ban the ICO/STO securities such as China, India, and Pakistan. Other countries have existing regulations or still in the process of development of new ones including among others, the USA, Thailand, Bahrain, and Luxemburg. On the other hand, there are certain countries that have favorite regulatory environments such as Uzbekistan, Taiwan, Japan, Lithuania, Estonia, Slovakia, and Switzerland. In Switzerland for example, the Financial Market Supervisory Authority issued guidelines concerning the regulation of the ICO issuance as a utility, asset, and payment tokens. The authority assesses the issues case-by-case against the securities law for any breach.
As another example, in the U.S.A, the definition of the securities is very wide, however, the U.S. regulator applied the U.S. securities law, in a report, on the DAO case, which is a case of a German origin decentralized entity which sold tokens to individuals in exchange for Ether and then due to hacking of the Ether by an outsider, a hard fork was necessary (refer to IFRS section for more discussion about hard fork). This report clarifies the importance placed on compliance with securities laws for those interested in the offering of securities to the public, it is clear that according to the regulator in the U.S, any issuer of securities in the U.S. whether electronic or not should register with the commission and comply with the security law or file for exemption therefrom.
The contradictions among countries with regards to the legal status of the crypto-assets that raises a red flag regarding the complexity inherent in the investment in crypto-financial securities. Therefore, the decision on investing in the STO and the ICO should not be taken lightly by investors before ensuring that all their rights are properly protected by laws of the relevant jurisdiction.
What are the IFRS requirements for accounting on crypto-assets?
The IFRIC met in London in June 2019 (IFRIC, 2019) and concluded on how to account and disclose the holding of crypto-currencies. The decision was that the holding of crypto-currencies is accounted for as intangible assets under IAS 38 unless the currency is held for resale, then it is accounted for under IAS 2 as inventory at the lower of cost or net realizable value. In addition, the IFRIC decision imposed certain disclosure about the crypto-currencies including the disclosures needed as per the relevant standard IAS 38 and IAS2 based on the case, the IFRS13 fair value disclosures, the judgment used by management, and subsequent even disclosure if those events are significant to the users of the financial statements. The decision of the IFRIC is only discussing the treatment for the holding of the crypto-currencies. However, it does not discuss the holding of crypto-currencies on behalf of others, the issuing and holding of the crypto-assets nor discusses the mining revenues. These three areas are discussed below as follows:
First, regarding the holding of Crypto-currencies on others’ behalf, Ernst and Young (2018) discusses that the Accounting Standards Board of Japan issued an exposure draft in December 2017 for public comment (Practical Solution on the Accounting for Virtual Currencies under the Payment Services Act). The dealer who holds the virtual currency on behalf of a customer, in the case of having a contract with the customer to hold the currencies, will recognize initially an asset and a corresponding liability at the fair value of the currency at the date of deposit. Subsequently, the asset and liability are measured similarly to the first case discussed in the draft. Therefore, the net result is no gain or loss is reported in the profit or loss account. By the same token, PwC (2019) argues that if the entity holding the crypto-asset on behalf of others have the right to borrow the asset and use it for its own benefit, then the crypto-asset can be regarded as an asset, and if the customer for which the asset is being held has the right to recover the asset (the unsecured creditor), then an asset and a liability are to be recognized. Therefore, the treatment is dependent on the circumstances.
Second, regarding the issuance of the digital securities, Ernst and Young (2018) clarifies that a pre-sale of the ICO token is considered as a forward contract under the US securities law wherein one party agree to buy a token from another party in the future and that financial reporting should follow this lead. PwC (2019) discusses the accounting treatment of the holder and issuer of the crypto-assets. More specifically, the accounting treatment of the holder and issuer of the STOs and ICOs. The main idea is that one should inspect the facts and circumstances related to the issue to identify the proper treatment. First, as far as the issuer is concerned, if the token provides the contractual right to the holder to recover the money invested at some point in time, such token would be accounted for under IFRS 9. If the token provides for a share in residual interest in the issuing entity, then the token is an equity instrument under IAS 32. PwC (2019) argues that these two cases are not likely. On the other hand, if the token issued is in exchange for future services at a discounted price as is the case of the utility token, IFRS 15 can be applied as if the amount received was a prepayment from a customer for unearned revenue. Second, with regards to the holder of the token, if the token provides right to the underlying asset wherein the holder can trade the asset at a minimal cost without physically holding it (asset-backed token), the relevant standard related to the accounting of the underlying asset can be used. If the token provides the right to the holder to utilize future services when available at discounted prices, the token can be treated as a prepayment unless it meets the definition of an intangible asset and If the token provides the right to the net asset of the issuer, a financial asset is considered under IFRS 9.
Third, regarding the mining activities accounting, Grant Thornton (2018) analyses the accounting treatment of the transaction fees that the minors and validators earn while solving the computational problem (see Blockchain and Distributed ledger technologies paragraph). The study suggests three things for minors. First, minors who are eligible for a share of the new block to record a revenue equal to the transaction fee based on the fact that there exists a customer contract with clear performance obligation and price as per IFRS 15. Second, minors with block reward i.e. are rewarded a new block, not a share of, to recognize other income because a contract with the whole community of minors does not exist. Therefore, revenue cannot be recognized as per IFRS 15. Third, for a pool of minors, the contract is either among the minors as a joint arrangement or between the minors and the pool operator. The transaction price in the latter is variable because the share of computing power contributed by the minor to the pool is not known until the block computational problem is solved. Therefore, the variable fee determination steps in IFRS 15 are to be followed. Moreover, the study discusses the internally generated intangible assets under IAS 38 and concludes that the generated crypto-asset is not recognized until sold and that the cost is to be expensed as incurred because it cannot be measured reliably.
In addition to the above, Ernst and Young (2018) discusses the special case of hard and soft fork ( the hard fork is when the blockchain protocol software is changed and a new crypto-currency is added besides the original one, while the soft fork is when the protocol software is only updated) and concluded that the hard fork results in new asset granted to the owner besides the previous asset and that this new asset should be accounted for with corresponding income statement effect, but the study did not identify what type of income. In the case of the short-selling position of crypto-currency while the hard fork is taking place. This is discussed in the paper to resample the case of an equity short-seller who receives dividends and eventually owes these dividends to the owner.
There is no IFRS that governs the accounting and disclosure of all types of crypto-assets. As discussed in this Section, IFRIC committee decision in 2019 concerned only the crypto-currencies and did not cover the STO and ICOs for example. Therefore, interested users and preparers of financial statements according to IFRS would need to follow relevant IFRS guidance and make sure to be consistent in the logic used until the IASB finally issues a related IFRS standard.
What are the suggested external audit procedures?
The topic of auditing blockchain-based transactions and assets is an important topic as it is new to the audit profession and requires that the auditor to possess the necessary understanding of the blockchain ecosystem and mechanism to be able to address the different risk of material statements with proper audit procedures. Canadian Public Accountancy Board (CPAB) in 2018 published an article regarding auditing in the crypto-asset sector. The discussion to follow is derived from that paper unless otherwise stated.
As far as the crypto-assets audit is concerned, the auditors’ areas of interest are the existence, ownership, and rights of the crypto-assets, the occurrence of crypto transactions, revenue from mining activities, impairment of mining assets, related party transactions, valuation of crypto-assets and subsequent events.
Existence of the crypto-assets and occurrence of the crypto transactions
Generally, auditors are required to obtain an understanding of the underlying blockchain technology supporting the crypto transactions and should involve experts to check the reliability of the protocols and cryptography associated with the blockchain transactions before relying on the blockchain ledgers. Further, the auditor should identify the controls relevant to the completeness, occurrence, and subsequent modification of transactions on the blockchain ledger by looking into mitigating controls including validation algorithms and consensus mechanism, and test whether these controls are operating as intended. In addition, auditors are expected to use block explorer tools to review the information recorded on the block ledgers. As far as the rights to the crypto-asset are concerned, a risk of fraud exists in the sense that the entity claims a right to the asset through the control of the private key, while others also have the same private key and control the same asset. Suggested audit procedures in this area include: First requesting the entity to use its private key to transfer part of the asset between different wallets controlled by the entity. Second, the auditor will need to test the controls specifically designed to mitigate the fraud risk by looking for instance whether the key generation is done through a cryptographically controlled manner, whether the multi-signature protocol is performed before a transaction is executed and whether effective ITGC is designed over digital wallets. Finally, when a client keeps the private key custody with the crypto exchanges which might not have a service auditor report on internal controls at the service organization, the auditor will need to test the controls at the service organization directly.
Revenue from mining activities
In the case of the mining pool discussed earlier under the IFRS perspective section, the auditor will need to understand the pooling agreement and the fee allocation mechanism to the pool participant. Thereafter, the auditor should design audit procedures that address the risks associated with revenue recognition of the transaction fees including risk related to occurrence, completeness, and accuracy. Vouching of cash receipts is not enough.
Impairment of mining assets
In the price-declining environment of the crypto-assets, mining companies should be skeptical of the value of their mining assets. Auditors should be skeptical too by verifying if an impairment is required.
Related party transactions
Public address in the blockchain consists of alphanumeric strings and cannot be associated with specific identities which makes it difficult for auditors to check related party transactions in the crypto assets. Therefore, auditors should assess this area as a significant risk and design procedures to assess the business purpose of the transactions and if these transactions are held in the arm’s length.
Valuation of crypto-assets
The valuation of crypto-assets is a significant risk for auditors. If the asset is traded in multiple active markets, the auditor should identify the principle market. If no active market exists, the auditor will require the help of a valuation specialist.
Subsequent events
Due to significant risk inherent in existence and ownership of the crypto-assets, the auditor should perform subsequent event test to ensure that the asset still exists and owned by the entity after reporting date and before the audit report date.
Concluding remarks
Blockchain technology has brought a lot of challenges to the audit and finance professionals as well as to regulators. These challenges stem from the fast advances in the technology that do not have a corresponding reaction from financial and audit standard setters as well as the regulators. At the same time, this technology provided an investment opportunity for retail investors and efficient and timely funding opportunities for small and medium-sized enterprises. In this continually developing environment, one would need to obtain proper education with regards to the basics of the blockchain and distributed ledger and prepare for the vast expansion of the use-cases of the technology as discussed earlier in this article. This article sheds light on the technology basics, the use-cases including the digital currencies, the STO, and ICO. In addition, the article discussed the regulatory environment surrounding the STO and ICO and discussed the recent announcements in the IFRS and in the audit with regards to the crypto-assets. It is recommended that further research is conducted to explore in more depth each area of the BCT including those topics discussed in this article in order to enrich the literature for those interested in investing and researching in the crypto-asset domain. Moreover, it is important to note that this article is not intended to draw conclusions on the suitability of the STO or the ICO to any investor as an investment vehicle; such decisions should be taken in consultation with experienced financial and legal advisors.