Lack of crypto audit regulation raises questions about PCAOB Authority

In addition, there is no regulatory framework for audits for many crypto companies.

The SEC, which oversees the PCAOB, is reviewing how crypto companies prepare reports from auditing firms in the wake of the FTX collapse. The supervisory authority is particularly concerned about so-called proof-of-reserve reports, which aim to show sufficient assets to cover customer funds.

“It’s the Wild West in the sense that no one is requiring audits of financial statements, and no one is specifying the standards that should apply to proof-of-reserve reports,” said Douglas Carmichael, an accounting professor at Baruch College and former PCAOB chief auditor. “It’s a big concern when investors get a report from an audit firm that appears to provide assurance when it doesn’t.”

Private crypto exchanges such as Binance Holdings Ltd., Kraken and Crypto.com have moved to strengthen efforts around these reports, which lack a full audit. Additionally, various FTX entities secured full audits from auditors Armanino LLP and Prager Metis CPAs LLC prior to the crypto exchange’s implosion, unlike other privately held exchanges.

The PCAOB lists inspection reports on registered audit firms, including Prager Metis and Armanino, on its website.

The PCAOB — which sets auditing standards, inspects audits and disciplines auditing firms — has said it can only oversee audits of public companies and SEC-registered broker-dealers. However, in 2019 the watchdog set up a team of inspectors focusing on new audit risks, including in the cryptocurrency field.

“The PCAOB prioritizes cryptocurrency-related inspections and is committed to enforcing our standards wherever they apply, including registered broker-dealers,” said spokesman Kent Bonham.

Those efforts are not enough for Sens. Ron Wyden (D., Ore.) and Elizabeth Warren (D., Mass.). In a letter last month to PCAOB Chair Erica Williams, they said the watchdog ignored what they called questionable practices by auditors of crypto companies. The lawmakers cited PCAOB rules that require registered accounting firms to meet the regulator’s standards when preparing for any audit, even if an audited firm falls outside the watchdog’s jurisdiction.

Their view ignores the PCAOB’s statutory authority and has not been used by the regulator, said Coy Garrison, a former adviser to SEC Commissioner Hester Peirce who is now a partner at law firm Steptoe & Johnson LLP focused on crypto regulation.

A Senate aide countered that the PCAOB “has a responsibility to ensure that PCAOB-registered auditors treat crypto companies with the same scrutiny that other companies face, or they will lose their credibility.”

Accountants and academics say there may be ways to strengthen the PCAOB’s crypto oversight.

Some accountants say it’s accurate to classify centralized crypto exchanges as broker-dealers, and the SEC could designate them as such, bringing their audits under the PCAOB’s oversight. That would require the SEC to classify cryptoassets as securities through a rulemaking process, Garrison said.

SEC Chairman Gary Gensler

has said that most crypto tokens are securities that fall under his agency’s jurisdiction and should comply with investor protection laws. But many crypto firms are broker-dealers that have not registered with the SEC, he has said. Mr. Gensler has also said that it is possible that some crypto brokers will need to register with the SEC and the Commodity Futures Trading Commission, as will some mutual funds and brokers. The SEC declined to comment.

The PCAOB’s Mr. Bonham said the authority to register broker-dealers rests with the SEC. “The PCAOB welcomes Chairman Gensler’s comments and stands ready to inspect all newly registered broker-dealers as part of our overall effort to prioritize cryptocurrency oversight,” he said.

The PCAOB in 2011 launched an interim program to inspect audits of broker-dealers after the Dodd-Frank Act expanded its mandate. Mr. Bonham said the program, while still temporary, is working well and is an important part of PCAOB inspections. Deficiencies in broker-dealer audits remained “unacceptably high,” according to an annual PCAOB report released last August.

The audit regulator’s powers could be expanded if Congress amends the 2002 Sarbanes-Oxley Act that created the watchdog, potentially allowing PCAOB-registered audit firms to apply PCAOB standards to audits of nonpublic companies, accounting professors said.

That’s a good idea in principle, but Congress may not want to further expand the PCAOB’s authority, and the regulator probably doesn’t have the resources to handle a related increase in workload, said Vivian Fang, a University of Minnesota accounting professor and chief. advisor for tax, accounting and policy at the crypto software company Ledgible Inc.

The PCAOB is funded by public companies and broker-dealers, and it would receive fees from private companies under an expansion, but “I’m not sure that’s a challenge the PCAOB is ready to take on right now,” she said.

Even potential improvements to crypto-audit regulation may not prevent fraud in the crypto industry, said Andrew Kitto, assistant professor of accounting at the University of Massachusetts Amherst and former PCAOB economics fellow. “If you have auditors that are subject to more stringent audit oversight, you still have a lot of incentives for individuals to try to avoid their auditors,” he said.

Write to Mark Maurer at [email protected]