Institutionalization of cryptoassets - Cryptoassets have arrived. Are you ready for institutionalization?
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Institutionalization of cryptoassets Cryptoassets have arrived. Are you ready for institutionalization? November 2018 kpmg.com
Foreword
Cryptoassets (or crypto) have garnered significant attention from the media, financial
analysts, governments, regulatory institutions, and investors over the last year and a half.
Crypto is defined broadly as digital units of account in which cryptographic techniques
are used to regulate the generation and distribution of units on a blockchain. In
practice, crypto means multiple things to different people: an investment asset class
Kiran Nagaraj like commodities, a store of value like gold, a legitimate medium of exchange, a covert
Managing Director, KPMG method of exchange, an immutable record of rights and ownership, or even an incentive
mechanism like rewards points.
In this paper, we use crypto to refer to all cryptoassets. Cryptocurrencies, security
tokens, and utility coins are different types of cryptoassets. Some of these terms may
be used interchangeably, particularly where concepts are applicable broadly to all types
of assets, tokens, and coins.
Cryptoassets have potential. But for them to realize this potential, institutionalization is
needed. Institutionalization is the at-scale participation in the crypto market of banks,
Constance Hunter broker dealers, exchanges, payment providers, fintechs, and other entities in the global
Chief Economist, KPMG financial services ecosystem. We believe this is a necessary next step for crypto to
create trust and scale.
This paper provides an overview of the crypto market, introduces the emerging
tokenized economy, and identifies the key challenges to the adoption of crypto in the
global financial services ecosystem. We also introduce KPMGs Cryptoasset Framework
to help address these challenges. The framework underpins KPMGs crypto capabilities
that have been developed through our work with crypto exchanges, start-ups, and large
financial services organizations.
Judd Caplain
At KPMG, we are focused on helping organizations build the infrastructure and
Global Banking and
capabilities required to scale crypto.
Capital Markets Leader,
KPMG
Acknowledgements
We would like to thank Coinbase and its leadership team
for contributing to this paper. Their knowledge, expertise,
and efforts in the crypto space are helping to propel the
industry forward.
We would also like to thank Fundstrat Global Advisors and
Morgan Creek Digital for their insights on cryptoassets and
their contributions to this paper.
We look forward to continue working together with our
clients and partners in this exciting space.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
Contents
04 Cryptoassets are
a big deal
12 Key challenges
facing
institutionalization
of crypto
34 Crypto economics
Are cryptoassets
06
truly currencies?
The case for
crypto and
Compliance History of currency
institutionalization
with regulatory innovation
obligations
Examples of crypto
Creative
use cases
Fork management destruction and
and governance the value of
Advancing the
bubbles
tokenized economy
KYC and
cryptoasset
The economic value
Creating an provenance
of cryptoassets
open financial
system and why Securing
institutionalization cryptoassets Becoming a full-
is key fledged asset class
Accounting and
32 38
financial reporting
KPMGs Cryptoasset
Summary
Framework
Tax implications
By KPMG By Coinbase By Coinbase and KPMG
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 3
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
Cryptoassets are worth paying attention to. In 2017, we saw crypto competing against financial products for investment dollars across the traditional asset classes of stocks, bonds, commodities, and derivatives. The parabolic rise in market participants, coins, prices, and market capitalization is still dwarfed by traditional asset markets, however, which are more than $300 trillion globally. Nevertheless, crypto continues to garner both good and bad press, and the debate between supporters and detractors is far from settled. In 2018, we are seeing a wave of new entrants in the market such as security token platforms, stablecoins, and even established financial services institutions that are launching crypto products and services. Cryptoassets are now impossible to ignore. © 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
Bitcoin Market capitalization Retail participation Institutional participation
The largest crypto by The total market Coinbase users grew by Major financial services
market capitalization has capitalization of crypto is 100,000 during the institutions, such as
estimated at $211B. 2017 Thanksgiving
2
experienced an Fidelity, are launching
exponential increase in weekend alone.3 crypto products and
value since 2009, The number of users on services.5
trading around $6,583 crypto exchange platforms
per Bitcoin as of is estimated to be greater
than 30M.4
1
September 30, 2018.
Cryptoassets Fundraising Financing Security tokens
There are now more than Initial coin offerings (ICOs) Venture capitalists have tZero obtains letter of
2,000 cryptoassets,3 have raised $5.4B in already invested $3.9B intent for sale of
which include newer 2017. In 2018, ICOs in blockchain and crypto $160M worth of
types of assets, such as have already raised a companies in 2018.7 tZero security tokens.8
staggering $14.2B
6
stablecoins.
as of August 29, 2018.
1
Source: Coindesk, Bitcoin (USD) Price (September 30, 2018)
2
Source: CoinMarketCap, All Cryptocurrencies (October 17, 2018)
3
Source: CNBC, Coinbase adds 100,000 users after CME announces bitcoin futures (November 3, 2017)
4
Source: KPMG, Cryptoasset Services, Market Research (October 2, 2018)
5
Source: Wall Street Journal, Fidelity Says It Will Trade Bitcoin for Hedge Funds (October 15, 2018)
6
Source: CoinDesk, ICO Tracker (August 29, 2018)
7
Source: Diar, Volume 2, Issue 39, Venture Capital Firms Go Deep and Wide with Blockchain Investments (October 1, 2018)
8
Source: Cointelegraph, Overstocks tZero Signs Letter of Intent for $160 Mln Security Token Investment (June 30, 2018)
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 5
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
Of the more than 2,000 cryptoassets issued or
generated, many, including those with lofty valuations,
do not even have a functional product associated with
them. Further, these are also not yet currencies as we
discuss in the Crypto economics section.
Kiran Nagaraj
Managing Director, KPMG
Sal Ternullo
Manager, KPMG
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
So, is crypto a solution looking for a problem? No, there are real problems
in the global financial services ecosystem that cryptoassets are looking to
address. More participation from the broader financial services ecosystem,
will help drive trust and scale for the tokenized economy and help the crypto
market grow and mature.
Examples of crypto use cases
Bitcoin, which is becoming an investible asset class like unallocated
gold, has the potential to become a store of value that is natively digital,
generationally relevant, and an alternative to traditional asset classes.
Ethereum has enabled Initial Coin Offerings (ICOs) as an alternate means
of raising capital. The ICO space suffers from fraudulent activity and a lack
of governance, accountability, and investor protection afforded by regulated
capital markets. But ICOs represent an important innovation, providing
new pathways and more efficient flows for capital from a significantly
wider group of investors.
Litecoin has been used to transfer the equivalent of $99 million for less
than $1 of transaction fees9 within minutes. This transaction could have
been initiated by anyone located anywhere around the world without
the need for any intermediaries or third parties. While transaction times
were still fairly slow compared to a Visa or a MasterCard transaction, this
example represents a significant improvement compared to the speed and
accessibility of existing cross-border payment rails such as wire transfers.
Tokenizationthe creation of natively digital tokenized representations of
traditional (and emerging) assets that are issued, traded, and managed
on a blockchaincan reduce friction and overhead costs associated with
the issuance, transfer, and management of traditional assets such as
securities, commodities, and real estate assets. Cryptoassets that are
tokenized versions of traditional assets could also fit well within existing
regulatory frameworks, which may mitigate some regulatory uncertainty
surrounding newer cryptoassets. Tokenization of traditional assets could
also help increase liquidity, codify rules and regulations, and increase
transparency throughout the asset lifecycle.
The staying power of many cryptoassets will be defined by their ability
to reduce friction and inefficiencies that currently exist within the global
economy. Volatility is widely quoted as a significant limitation for the use of
crypto for any use case. While volatility is certainly a problem, it is important
to recognize that these assets are still fairly immature and will become less
volatile as they mature. There are also significant efforts that are underway
across the industry for the creation of what are called stablecoins to
address the volatility problem.
9
Source: Business Insider, Someone transferred $99 million in litecoin
and it only cost them $0.40 in fees (April 23, 2018)
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 7
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
Advancing the tokenized However, that does not mean that Does this token and the product
economy every token can be trusted to meet associated with it truly meet a
Cryptoassets may change the financial market needs. Trustware will be market need? Is there natural
services landscape significantly with an especially important layer for this demand?
the emergence of the tokenized economy. Unlike traditional financial
Is this better than existing
economy. While it is still early stages assets, trust will be driven not only
technologies, assets, financial
and it is hard to predict how the next by independent organizations like
products, or services?
10 years will play out, the tokenized regulators and auditors, but also by
economy will likely be one of the more technology through innovations such Is this product creating a truly
impactful innovations enabled by crypto. as consensus mechanisms. compelling user experience?
Alongside a wave of interest from Institutional participation is required What are the processes and
institutions in popular cryptoassets, to facilitate scale and increase trust controls for token acquirability,
such as Bitcoin, there has been an for this emerging economy. A single transferability, and redeemability?
increasing market focus on tokenization. institution may take on multiple roles,
As tokens evolve and their respective
Crypto products and services are but there are certain information
use cases achieve adoption, the
already starting to pivot and the global barriers that will need to be maintained.
associated infrastructure will
financial services ecosystem is also For instance, a token issuer cannot also
also improve to enable greater
beginning to retool itself for the play the role of the only trust agent for
institutionalization.
tokenized economy illustrated that issuance. While the industry is
on page 9. building infrastructure in anticipation of Todays internet leaders look different
widespread use of tokens, a greater than they did in the late 1990s or did
Products and services demand for these tokens must be not even exist when the dot-com era
Two types of products and services developed. This will happen only if began. We recognize and expect a
are emerging for this economythe products meet market needs. lot of pivots, mergers, acquisitions,
cryptoassets or tokens represented and failures that will redefine the
by the dotted lines flowing through Product-market fit crypto landscape in a few years.
the various layers in the illustration Achieving product-market fit is a Just as internet protocols like TCP/
and the infrastructure that enables the journey, and cryptoassets are in IP and HTTP enabled the sharing
issuance, facilitation (e.g., exchange promising but mostly early stages of of information in an open way, the
and custody), and utility (e.g., store of this journey. It is important for token blockchain-based tokenized economy
value, ownership, and rights) of these issuers and generators to ask some will enable the digitization, storage,
tokens. Token generation is relatively key questions about product-market fit: and trusted exchange of value.
easy, and more tokens will continue What problem is this cryptoasset or
to proliferate within the ecosystem. token solving?
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
The Crypto landscape and token economy
Cryptoasset/Token generation
Mining rewards ICO venues Financial institutions
Airdrops Token issuance platforms Collateralization
Financial instruments
Issuance
Derivatives ETFs Investment trusts Others
(i.e., Supply)
Regulatory classification
Commodity Security Utility Currency Unknown
Trading/Prime services Asset management Retail and payments Services
Crypto exchanges Fund advisers/Managers Payments Coin ranking sites
Decentralized Arbitrage processors Data providers
Exchanges Margin/HFT Depositories Advisory/Consulting
Atomic swaps Tax services
Custody/Administration Lending
Facilitation Liquidity providers Legal
Institutional custody
Broker-dealers Coin ranking sites
Administration
Prime brokerage
Reporting
Clearing/Settlement
Retail wallets
Trust agents
Nonprofit Self-regulatory Academic Auditors
foundations Organizations institutions
Regulators
Industry standards Consortiums/Trade Independent
groups research
Leader based
Distributed consensus (centralized consensus) Hybrid consensus
Trustware
Miners/Mining pools Designated validators Stakers
Domestic payments Ownership and rights Smart contracts/Dapps
Cross-border payments Risk transfer/Hedge Platform incentives
Micropayments Store of value Lending and financing Storage and computing
Utility
(i.e., Demand) Point-of-sale Currency conversions Digital advertising
Collectibles Rewards programs
Use cases of current and emerging cryptoassets/tokens
Incumbent Emergent
Bitcoin An ICO token A stablecoin
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 9
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054
A Coinbase perspective
Creating an
system and why
institutionalization
is key
Cryptoassets create a huge opportunity to potentially
revolutionize the financial sectorto create a truly open
global financial system.
Jeff Horowitz Eric Scro
Chief Compliance Officer, VP, Finance, Coinbase
Coinbase
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054The current global financial system not controlled by a central bank or adoption but rather with retail
faces a number of challenges. For authoritythey are exchanged on trading. Consequently, the platforms
one, access to financial services is a peer-to-peer network that allows and products were largely built and
not guaranteed everywhere. In the anyone to access them, invest in designed with retail customers in
U.S., we have a stable store of value them, and exchange them. In addition, mind. To encourage institutional
in the dollar, banks, and payment rails the open protocol design of crypto adoption, Coinbase is building the
that allow us to purchase goods and will encourage the technological infrastructure required for large
services and the ability to transfer innovation necessary to create a fast, players to enter the space such
funds from our phones. inexpensive payment network that as a high-frequency, low latency
connects anyone, anywhere. matching engine, transparent and
Lets take the example of
efficient price discovery tools and a
Argentina, where they currently see There has also been an explosion in
qualified custodian that allows the
hyperinflation. A globally accessible, cryptoassets with a lot of innovation
safe storage of assets in a compliant
decentralized store of value could have and experimentation happening in this
manner. Institutions have a different
a significantly stabilizing impact on space. Developers continue to flock
set of requirements than retail
the countrys economy. Bitcoin could to the space to build applications and
consumers and need to see a focus
potentially represent such a store services on top of various blockchains.
on compliance, transparency, and
of value in the future. Interestingly, Within the next couple of years,
governance to comfortably use and
even though there are large price Coinbase expects to see the broader
transact with crypto. Institutional
fluctuations with Bitcoin, it is not use cases that will natively use crypto
interest is growing, and many of the
inherently volatile. The supply is in fact to democratize access to services.
worlds largest financial institutions
fixed and algorithmically secured. It Examples of current use cases being
are beginning to actively trade crypto
is the demand that is fluctuating and worked on include tokens being
or at least consider it.
this could eventually stabilize as the used for distributed file storage and
market matures. processing and even reimagining the Regulatory agencies are also
way users pay for generating and beginning to seriously discuss
Another challenge that the financial
consuming online content. cryptoassets, which could help drive
sector faces is in accessibility to
institutional participation, encouraging
payments networks. The current Blockchain technology can do for value
the marketplace to think about how
payments system has a lot of what the internet did for information.
engagement with these assets fits
inefficiencies and intermediaries that To achieve the vision of a truly open
into both existing rules and regulations
make moving money around the global financial system, it is not
and new frameworks that may be
world quite difficult because of the enough for a few hundred, thousand,
needed for crypto. The focus on
use of proprietary, bespoke payment or even million individual consumers
crypto innovation must not come at
networks that do not always interact to adopt this new technology.
the expense of security, compliance,
with one another. Why is it faster to
The path forward and consumer protection. Leaders
take out $10,000 in cash, buy a plane
Coinbase believes crypto will mature in in the crypto space, including crypto
ticket, fly to Australia, and hand the
three stages: investment/speculation entities and industry partners, have
cash to someone than it is to wire
(which the industry is currently in), a responsibility to help influence and
those funds?
institutionalization, and utility. The educate key legislators and regulators
Coinbase considers a truly open institutionalization and utility phases to advance the overall governance
global financial system as one that may happen concurrently. But, to move and enforcement framework. In many
is not controlled by any one country from investment/speculation to utility, ways, leading crypto companies
or company. As a result, it drives crypto needs to become more liquid, should aspire to meet the standards
greater economic freedom, innovation, trusted, and accessible. and leading practices established
efficiency, and equality of opportunity by traditional financial services
for the world. Institutionalization of crypto companies. We believe this will help
Unlike most other asset classes promote trust and accelerate the
Crypto may help overcome many
in the modern financial system, adoption of crypto by investors and
of the problems of the existing
crypto did not start with institutional institutional clients.
financial system. They generally are
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 11
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054In the following pages, we examine the
major challenges facing the crypto industry as
organizations look to introduce crypto products and
services and scale their businesses.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054Compliance with regulatory obligations: A patchwork of regulations has emerged and continues
to evolve. Maintaining compliance with laws and regulations related to an array of financial crimes is
already a major challenge. Now, regulators are focusing in on crypto businesses. What are some of
the key regulatory obligations for a crypto business?
Fork management and governance: Forks occur when a single crypto blockchain breaks into
two separate chains. They have a significant impact on crypto businesses. To both decide on fork
acceptance and to continue to run effectively after a fork event, how does a business manage the
technological, operational, financial, accounting, tax, and customer relationship implications of the fork?
KYC and cryptoasset provenance: Crypto owners are identified not by names or account numbers
but by cryptographic addresses that can be created at any time, by anyone, anywhere. This presents
a unique challenge to KYC programs. How does a crypto business determine asset provenance and
build its KYC program?
Securing cryptoassets: Given the potentially high value of cryptoassets and the natively digital
nature, crypto businesses and their customers are prime targets for cyber criminals. How can a
business build a cybersecurity program for securing cryptoassets?
Accounting and financial reporting: Cryptoassets challenge traditional financial reporting
boundaries. The accounting for these assets is an emerging area, with limited industry guidance.
How should a crypto business account for crypto transactions and assets?
Tax implications: Information regarding the tax treatment of crypto remains limited. Crypto
businesses may face sizable tax liabilities incurred on the sale or exchange of crypto and
bear significant tax accounting burdens with respect to their holdings. What are the key tax
implications for a crypto business?
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 13
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054By Coinbase and KPMG
Compliance with
regulatory obligations
Key challenges facing institutionalization of crypto
Financial services institutions are intimately climate for crypto businesses. Here, we
familiar with the challenges the industry faces review some current regulations that apply
in order to efficiently and effectively maintain to crypto businesses:
compliance with laws, rules, and regulations,
The Financial Crimes Enforcement
including those related to investor protection,
Network (FinCEN) considers crypto
market surveillance, antimoney laundering
Jeff Horowitz exchanges money service businesses
(AML), financial crime prevention, and
Chief Compliance (MSB), which means they are subject
fraud. But how does crypto adoption impact
Officer, Coinbase to existing banking regulations like the
regulatory compliance?
AML, Know Your Customer (KYC), and
A U.S. regulatory perspective various financial reporting requirements.11
The explosion of consumer interest and KYC and cryptoasset provenance
investment in cryptoassets, in addition to below covers this in more detail.
increased participation of traditional financial
institutions in this asset class, has U.S. The Securities and Exchange
federal and state regulators keenly focusing Commission (SEC) has concluded
on the regulatory obligations of the crypto that certain cryptoassets, issued as
Tracy Whille part of ICOs, as securities under the
Principal, KPMG businesses. When cryptoassets become
institutionalized, they will likely also be Securities Act of 1933 and the Securities
traded in other markets similar to assets like Exchange Act of 1934, which means
commodities. In many cases, cryptoassets they must be registered with the SEC.
may have different regulators (e.g., SEC, Such cryptoassets will have additional
FINRA, CFTC, etc.) depending on what type requirements detailed in the Security
of specific asset they are considered. tokens section below.
The Commodities Futures Trading
Robert Virgilio Cost of noncompliance Commission (CFTC) has designated
Director, KPMG certain cryptoassets as commodities.
Regulatory authorities have not been shy
about enforcing regulations related to Crypto futures, swaps, options, and other
cryptoassets. A crypto exchange was fined derivative contracts are subject to the
$110 million for failure to detect suspicious same regulatory protocols as physical
transactions and file suspicious activity assets in this class. These regulations
reports (SARs).10 are focused on ensuring orderly
markets and protecting against market
The current patchwork of U.S. federal and manipulation. Exchanges will need to
state regulations governing the crypto continue to enhance their surveillance for
industry has created a challenging regulatory manipulation and fraud and act accordingly
if malfeasance is detected.
10
Source: U.S. Treasury Financial Crimes Enforcement Network (FinCEN), FinCEN Fines BTC e Virtual Currency
Exchanges $110 Million for Facilitating Ransomware, Dark Net Drug Sales (July 27, 2017)
11
Source: FinCEN, Administrative Ruling on the Application of FinCENs Regulations to a Virtual Currency Trading
Platform (October 27, 2014)
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054 Organizations that trade crypto Security tokens bring Information barriers: Organizations
futures will be required to conduct regulatory challenges of operating a broker-dealer business
business through a registered will need to implement proper
futures commission merchants their own information barriers between their
(FCM) or introducing brokers (IB), Cryptoassets deemed securities broker-dealer business and other
which are regulated by the CFTC (also referred to by many as security businesses to ensure nonpublic
and National Futures Association tokens or crypto securities) material information is not
(NFA). Further, organizations are becoming an important part of misused. Additionally, they should
wanting to offer futures trading the emerging tokenized economy. develop surveillance systems to
will themselves be required to Before listing and offering trading of make sure information is not being
register with the CFTC and NFA a cryptoasset, an exchange should used to disadvantage clients or
as an FCM or IB. evaluate whether the asset is a the markets.
security. Those deemed as securities
The New York State Department may require trading to be conducted Clearing/Settlement/Custody:
of Financial Services (NYDFS) has through a registered broker-dealer The lack of a trusted end-to-end
required any entity operating in and elicit an array of securities laws, clearing, settlement, and custody
the crypto business in the state rules, and regulatory requirements. If solution for both crypto and crypto
of New York and/or with New York crypto businesses want to offer these securities is another hurdle with
residents to apply for a BitLicense. products, they will need to address regulatory implications that needs
Other states have required crypto requirements of this new asset class to be overcome. The role of a
businesses to operate under and will likely need to establish a central clearing depository and a
money transmitter laws. broker-dealer business. Below are transfer agent in providing services
some of the key requirements and such as account transfers with
Organizations that provide crypto
challenges that the industry is facing assets, delivery obligations (fail
custody services, perform exchange
related to security tokens: control) for fully paid for securities,
services, or issue crypto (virtual
and limit monitoring will need to be
currency, money transmitter, and Regulatory uncertainty: The lack of addressed for the security tokens.
exchange services) are subject clear regulatory guidance in certain
to state money transmitter areas is impacting the ability of Other regulatory requirements:
obligations, many of which require the industry to implement the Additional requirements will need
compliance with FinCENs KYC and applicable set of controls to be addressed, including client
AML expectations. The NYDFS and processes. confirmations and statements,
BitLicense builds significantly on best execution, regulatory
top of those requirements and Electronic trading of digital securities: reporting, transaction and
includes, for example, significant Security tokens are natively digital trade reporting, and audit trail
cybersecurity requirements. and will likely continue to be traded requirements, among others.
Additionally, exchanges will need to in an electronic environment. As
a result, broker-dealers will need Regulators are working to keep pace
enhance their surveillance practices
to establish electronic trading with crypto innovation while seeking
to detect possible fraud and market
platforms, or alternative trading to protect the investing public. Crypto
manipulation as regulators have
systems (ATSs), for digital securities. businesses will need to clearly
increased their surveillance of
ATSs have additional regulatory define their product offerings in
such activities.
requirements and are subject to rules order to navigate the evolving state
The Internal Revenue Service requiring strong controls and market and federal regulatory landscape.
(IRS) has issued guidance that surveillance over the clients and It is in a crypto organizations best
some cryptoassets are to be securities trading on their platforms. interest to get ahead of the evolving
treated as property and are subject Currently, there is no central regulatory landscape, and we are
to tax upon sale or exchange. repository identifying whether a already seeing organizations take
Crypto business has many tax certain cryptoasset is a security or this proactive approach.
implications to consider. not. As a result, organizations will
need to build robust processes to
determine if an asset is a security
or not (e.g., utilizing the Howey Test).
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 15
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054Fork
Forks are a unique aspect of
cryptoassets that occur when
a single blockchain breaks into
two separate chains. These
breaks can be separated into
management
two categories: soft forks
and hard forks (see sidebar).
Enhancements to underlying
technology, extenuating
circumstances, or even
and
philosophical differences can
lead to a fork event.
Forks have a significant impact on
crypto businesses. To both decide on
fork acceptance and to continue to run
the business effectively after a fork
governance
event, organizations must perform an
end-to-end assessment of the financial,
technological, operational, and customer
relationship implications of the fork.
Key challenges facing institutionalization Soft forks versus hard forks
of crypto Soft forks occur when the majority
of miners agree on a change to the
underlying software of a cryptoasset.
All transactions going forward are
backward compatible with the
existing blockchain, even those that
did not follow the majority. This
backwards compatibility is the key
difference between hard and soft
Adam Hirsh forks and influences the burden
Managing Director, KPMG of their implementation on crypto
businesses.
Hard forks occur when the full
network makes a significant change
to the underlying software of a
cryptoasset. Typically, all transactions
on the existing blockchain will be
recognized as of the hard forked
Agha Khan networks start date. However, any
Manager, KPMG transactions that occur after this
start date will be incompatible and,
therefore, not recognized by the
original blockchain.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054Based on our experience helping organizations manage forks, here are
some key questions to consider:
Tax implication of forks
Which fork will be Both Bitcoin and Ethereum
supported by the current experienced hard forks that
What are the operational
community/network? resulted from a change in the
needs before, during, and
protocol. This led to some difficult
after a fork?
tax-related questions that have not
Will you need to suspend yet been addressed:
operations before and after
First, does any taxable income result
the fork?
from the duplication of the Bitcoin
What will happen to existing protocol? Immediately before the
How do you handle address assets in a fork scenario? hard fork, the taxpayer owned
management for two forks? one Bitcoin. Immediately after the
hard fork, the taxpayer owned one
Bitcoin and one Bitcoin Cash. The
Bitcoin Cash has value and can be
What are the What to How do we How sold for dollars. While not addressed
operational do if a soft address important is in the limited IRS guidance on
challenges of fork fails? replay it to ensure crypto, a number of practitioners
transferring assets protection? backwards believe that a hard fork is a taxable
from hot storage to compatibility event to the holder under general
warm/cold storage? of the tax principles. However, what is the
ledger? nature of that income? Is it akin to a
dividend? Does it occur at the time
of the hard fork or later when the
Successful and efficient handling of Technology and security impacts crypto is claimed?
forks requires a consistent framework Second, what is the taxpayers tax
Operational impacts
and strong governance from all basis in the forked coin? Consider,
stakeholders of a crypto business, Market risk for example, the Ethereum fork.
including front office, customer A taxpayer owning Ethereum on
Liquidity demands.
sales and trading, legal, credit and the date of the Ethereum fork
market risk, compliance, finance, tax, It is also important to note that received new Ethereum (ETH) at
strategy, operations, technology, and organizations may choose to retain the time of the fork and continued
cybersecurity. the right to determine which fork will to own Ethereum (now referenced
be used as the reference currency for as Ethereum Classic (ETC)). If
Organizations can charter a governance
portfolio pricing and valuationrights the amount paid for the original
committee to evaluate strategic and
that can be enforced on customers Ethereum remained with the ETC,
risk concerns and enable a decision
through legal agreements. In several the taxpayer would be treated as
structure for forks that will impact both
instances, crypto entities and having paid nothing for the ETH,
the cryptoasset and related products
exchanges have chosen not to support unless the taxpayer recognized
and services. To ensure consistency
trading in certain forked currencies. some gain at the time of the fork
in decision making around whether
For example, in October of 2017, or when the taxpayer claimed the
to participate and where to invest
Bitcoin Gold was created as a result ETH. As a practical matter, ETH is
to support the fork, the governance
of a hard fork from Bitcoin. There was considered the true Ethereum. If
committee should follow clear and
general disagreement and concern no tax basis is allocated to ETH in
documented policies that address:
about the technology behind Bitcoin connection with the fork, a taxpayer
Criteria for participating in a Gold and potential vulnerabilities. using ETH may have significantly
fork event As a result, the cryptoasset was not more gain than what seems
recognized or listed by many major appropriate and would not have a
Time to adoption
cryptoasset exchanges. way to recover what the taxpayer
Product and service impacts originally paid for Ethereum prior to
the fork.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 17
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054KYC and Establishing a Know your
customer (KYC) program
A KYC program focuses on verifying
the identity of customers and sufficiently
cryptoasset
understanding their background and
risk profile.
FinCEN considers crypto exchanges to
be MSBs, subjecting them to existing
banking regulations related to AML,
Customer Identification (CIP), KYC,
provenance
transaction monitoring, and various
financial reporting requirements.12
Crypto businesses should look to
establish AML programs similar to
those of traditional financial institutions
and MSBs, including but not limited
to Customer Onboarding and KYC
processes, transaction monitoring for
suspicious activity, and OFAC/Sanctions
Key challenges facing institutionalization screening capabilities.
of crypto AML Compliance programs, including
KYC programs for the crypto business
customer base, are being tailored to
address the unique risks and challenges
of the crypto market. This will be
essential to detect real suspicious
activity while avoiding inefficiencies
and compliance fatigue.
The major crypto providers are actively
John Caruso looking to strengthen their AML
Principal, KPMG programs, including KYC and transaction
monitoringand if not, they should be.
This could include, for example, requiring
information about expected transactions
and counterparties, or source of wealth
analysis and enhanced due diligence
for high-risk customers. Transaction
monitoring systems should also not
Michael Pavlick
Director, KPMG
12
Source: FinCEN, Administrative Ruling on the
Application of FinCENs Regulations to a Virtual
Currency Trading Platform (October 27, 2014)31 CFR
1022.210 (Anti-Money Laundering Programs for
Money Services Businesses) (July 29, 2011); 31 CFR
1022.320 (Reports by Money Services Businesses of
Suspicious Transactions) November 4, 2016; 31 CFR
1022.210 (d)(3) (July 29, 2011); BSA/AML Examination
Ladi Ajayi
Manual for Money Service Businesses (December
Manager, KPMG 2008); See also NYDFS Part 504 (New York Banking
Division Transaction Monitoring and Filtering Program
Requirements and Certifications) (January 1, 2017).
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054be limited to solely monitoring fiat
transactions of crypto customers, but Counterparties in a crypto
be designed to address the unique transaction are identified not by There are still a number of open
risks of their crypto transaction activity names or account numbers but questions about how institutions
as well. by cryptographic addresses that should apply existing regulations
can be created at any time, by to crypto transactions:
Determining cryptoasset anyone, anywhere.
Are cryptoassets physical? Financial
provenance institutions are required to file a
The underlying encryption features organizations to maintain the ability currency transaction report (CTR) for
of blockchain technology can allow to identify and monitor the provenance physical cash transactions of more
for higher degrees of privacy and of customers cryptoassets, the than $10,000. Crypto by definition is
anonymity for certain cryptoassets. parties they are transacting with, and not physical, but it is still treated and
On one hand, counterparties in a their overall crypto transaction activity. used as cash by some.
crypto transaction are identified Crypto businesses can take advantage Do cryptoassets travel? The Travel
not by names or account numbers, of the underlying blockchain technology Rulepredominantly designed
but by cryptographic addresses to analyze and determine the for wire transactionsrequires
that can be created at any time, by provenance of customers financial institutions to provide
anyone, anywhere. The contrary cryptoassets. Such analysis is not certain information to the institution
to that perception, however, is in easy but can be aided by the use of accepting the transaction, but the
the blockchain itself, wherein all third-party data providers. The analysis decentralization and anonymity
addresses and their transactions can enable traceability of cryptoassets of cryptoassets may impede
involved are preserved and and identify if given crypto address compliance with the rule.
accessible by anyone, anywhere. may have been involved in foul play.
While there are ways a fraudster What about Office of Foreign
Many major exchanges have
can intentionally distort or confuse Assets Control (OFAC) and
undertaken the collection of KYC
the history of the assets (e.g., using Sanctions obligations? The OFAC is
information and are now an important
services such as tumblers or considering adding crypto addresses
source of data for the identification
mixers13), sophisticated data to its list of persons or entities that
of a large percentage of addresses
analytics could identify instances in are sanctioned or blocked from
for certain cryptoassets. However,
which these programs were used financial activity.
there will continue to remain a sizable
percentage of addresses that are and can assign an appropriate risk Do crypto trading platforms need
not exchange customers or have no rating for transactions. Using these a license? New York State requires
available KYC information. Further, data providers and other blockchain virtual currency businesses to obtain
emerging cryptographic mechanisms features, crypto businesses can start a BitLicense that set extensive
including zero-knowledge proofs to build a view of the provenance of AML, cybersecurity, and fraud rules.
(ZKP), ring signatures, and other customers cryptoassets over time. Other states have similar but less
privacy-centric approaches may impact This will also have to be balanced extensive licensing requirements. It
an organizations ability to determine with a crypto businesss need for remains to be seen if this idea will
cryptoasset provenance. protecting competitive intelligence. be adopted federally.
Standard practices around
It is important to acknowledge that a determining cryptoasset provenance
degree of anonymity does not mean (e.g., number of hops to look back
that transactions are inherently illegal within the blockchain) are yet to be
or malicious. Anonymity presents a established, and organizations will
unique challenge to KYC programs, need to consider this risk as part of
specifically the requirement for the buildout of their KYC.
13
Source: Bitcoin.com, Deep Web Roundup: Dream Adds Monero and Bitcoin Tumbler Chip Mixer
Launches (January 30, 2018)
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 19
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054Securing Security is front and
center for cryptoassets,
given the heightened
cyber risk associated
cryptoassets with them.
Since cryptoassets are natively
digital and often have high value,
crypto businesses that transact with
these assets are prime targets for
cyber criminals. If hackers breach an
organizations crypto infrastructure,
Key challenges facing institutionalization they can transfer crypto out to external
of crypto addresses, leaving the organization
with little or no recourse. Crypto
transactions also occur over the open
internet, which makes both the tokens
and any associated services vulnerable
to a variety of traditional cyberattacks,
such as a phishing or malware attack.
Further, even organizations that do not
have any crypto operations are now
Kiran Nagaraj
targets for hackers who are looking to
Managing Director, KPMG
steal computing power that they can
use for crypto mining.
As part of our crypto research work,
we have analyzed many cybersecurity
incidents that have impacted crypto
exchanges in the past few years. The
attack vectors and root causes span
a wide spectrum. Examples include
Sam Wyner auditor account compromise, server
Manager, KPMG failure due to DDOS, unencrypted data
stores, phishing attacks, smart contract
bugs, software vulnerabilities, order
sequencing issues, security update
failures, and poor wallet tiering among
others. Most, if not all of these, are not
new and unique for the crypto space.
It is clear from these that lessons
learned from decades of security and
Anderson Salinas risk management experience with other
Manager, KPMG traditional and emerging technologies
are still applicable.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054In addition, a number of leading crypto Blockchain threat monitoring Blockchain monitoring should also
security practices have emerged in Many cryptoassets rely on public include the use of geographically
the last two to three years including decentralized blockchain networks, dispersed nodes. These nodes can not
crypto address whitelisting for warm which are not directly under the only enable monitoring of the status of
storage, geographic distribution of control of a single organization. Miners the network globally, but also provide
Hardware Security Module (HSM) or groups of miners (mining pools) the ability to better monitor the source
keys, sharding, and many others. typically provide the hashing power that of transactions being submitted to the
There is a need for crypto-specific collectively control these networks. network.
security standards that complement This makes blockchains vulnerable to Organizations will also need processes
existing security frameworks such a bad actor that gains majority control for actively responding to the threat
as those published by NIST and ISO. of mining nodes, since the majority information collected by these
While some efforts are now underway determines which transactions are blockchain-monitoring capabilities.
across the industry to develop these, valid. As of August 2018, the top four They should consider which threat
crypto businesses should look to Bitcoin mining pools control around metrics should be integrated into
build their cybersecurity programs by 54 percent of the total hash power of their existing risk reporting processes
starting with a baseline from existing the network.14 There was even a period to drive faster decision making. This
industry practices and then add-in of time in 2018 when a single mining information could also help drive
crypto-specific security practices to pool represented more than 25 percent business decisions around which
provide a layered defense model. of the hashing power for Bitcoin. This cryptoassets to continue supporting.
While specific crypto security practices represents a concentration risk.
are confidential and vary greatly Businesses, therefore, need to build
Key management and
from one crypto business to another, sufficient blockchain monitoring tiered storage
some leading industry approaches are capabilities to proactively identify Cryptoassets are typically stored in
emerging. We discuss some of them such threats that could impact hot and cold storage facilities. Hot
in this section. their operations and client assets. storage facilities afford more liquidity
14
Source: BTC.com, Pool Distribution (August 2018)
Multi-signature mechanisms
can be significantly different
across cryptoassets. Ethereum,
for example, has a notably
different and more complex
default implementation of multi-
signature mechanisms than
bitcoin does.
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved. Institutionalization of cryptoassets 21
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054but are also more susceptible to hacking. Cold storage that the key recovery features do differ across the
facilitieswhich are physically offline and disconnected various cryptoassets and the underlying protocols. These
from the internetare the least liquid but more secure. differences will also need to be factored in part of an
In some cases, warm storage facilities are used to organizations key recovery strategies.
provide temporary storage of assets as an additional
layer of security before assets are moved to cold storage. Wallet code review
In an incident last year, a vulnerability found in the Parity
To protect client assets, organizations should keep only wallet for Ethereum allowed remote ownership of the
enough crypto in hot storage to facilitate daily business multisig function of the wallet, giving full control of funds
operations. The majority of crypto should be kept in to the hacker that led to the loss of $300 million equivalent
cold storage. In addition, organizations should develop of Ether.15 Today, many crypto businesses use open-source
specific operational procedures to facilitate the movement code, allowing extensive code review by the community
of crypto between cold and hot storage and mitigate the and increasing trust in systems, but vulnerabilities are still
risk of collusion. constantly being discovered. Organizations that choose to
Organizations should also create a crypto-specific use open-source software for their crypto infrastructure
team staffed with personnel who have been trained on should look to further independently review the source code
how to deal with this specialized asset, including with to identify risks relevant to them. They can also consider
respect to internal policies for managing the storage and customized implementations of the base software for certain
the processing of crypto transactions. This team should components of their crypto infrastructure such as wallets.
also verify and confirm clients on-chain transactions by
Protecting competitive intelligence
comparing internal transaction details with the clients
Asset provenance presents an interesting two-sided
blockchain records and wallet details.
challenge for cryptoassets. On the one side, crypto
Resiliency and recovery of keys businesses have a need for KYC and cryptoasset
Cryptoassets typically utilize Public Key Infrastructure (PKI). provenance. On the other side, crypto businesses also
PKI has always presented challenges for resiliency and have a need to safeguard competitive intelligence data
disaster recovery, but those challenges are magnified for that may be leaked through the blockchain.
crypto operations, which are thoroughly dependent on the In traditional asset classes, market activity and
availability of public and private keys to transfer assets. transactions are by and large not publicly available. This
Organizations managing key pairs will need to develop information, if publicly available, could be used by market
resiliency and disaster recovery plans for securing private participants and competitors for a variety of purposes
keys within each storage tier and for each type of crypto. including, arguably, market manipulation. But with
However, traditional techniques, such as the use of HSM, cryptoassets, all transactions are posted to a publicly
may fall short, given the physical dependence on the accessible, immutable ledger. With the use of advanced
HSM. A destroyed or unavailable HSM could mean lost data analytics and asset provenance capabilities, a third
or unavailable cryptoassets. In addition, other traditional party may now be able to monitor the blockchain, attribute
resiliency techniques, such as high availability, either transaction activity to a crypto business, and gain important
compromise security or are simply not technically possible competitive intelligence about that business. The third party
for an air-gapped cold wallet. may also use this data for various other purposes including
market manipulation.
Multisignature systems and third-party wallets enable
organizations to secure private keys while enabling Despite the benefits provided by being a public
resilience across storage tiers. Using a multisignature immutable ledger, blockchains also create this risk for
system can allow organizations to split up keys or require crypto businesses by allowing competitors or third-party
multiple signatures from separate keys to complete a observers to track some of their business activity. Crypto
single transaction. This also helps drive segregation of businesses may therefore need to have a clear strategy
duties and limit potential collusion. to obfuscate their own activity that is posted to the
blockchain while, at the same time, providing the ability for
Organizations managing their own private keys should themselves (and their competitors) to be able to determine
also expand their existing business continuity and asset provenance. It is also important to regularly review
disaster recovery plans to include their cryptoassets and update this strategy to keep up with bad actors and
and related systems. It is also important to recognize technology advances.
15
Source: CoinTelegraph, Parity Multisig Wallet Hacked, or How Come? (November 13, 2017)
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent
member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 775054You can also read
