WOLF & CO Insights Mitigating Risk in the Crypto Sector

Mitigating Risk in the Crypto Sector

Earlier this year, CipherTrace released its 2019 Cryptocurrency Anti-Money Laundering Report, revealing the staggering statistic that $4.26 billion in investment losses were recorded in the crypto sector due to thefts, scams, and fraud. As we discussed last month, many of these losses were suffered by buyers investing in Initial Coin Offerings (ICOs) and cryptocurrencies, a sector that’s largely unregulated environment has made it a high-risk field to navigate. Although the “Wild, Wild West” of ICOs seems untamable, governmental bodies are focusing intense efforts on determining protections from the inevitable threats lurking in this industry.

How ICOs are Monitored by the SEC

The Office of Compliance Inspections and Examinations (OCIE) is the program utilized by the SEC to monitor and identify risk, inform rule-making initiatives, and pursue misconduct in the fields of ICOs (that are considered securities) and digital asset transactions. They are focusing on monitoring and examining firms (broker-dealers, trading platforms, and investment advisors) that are actively engaged in the digital asset market.

The OCIE program prioritizes cybersecurity in each of its examinations. Examinations focus on proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.

If the token offered in an ICO meets the definition of a security and becomes subject to the regulations stipulated by the SEC, then the OCIE program will monitor assets, the sale of assets, internal controls, pricing, compliance, and safety of the exchanges on which these assets are traded. They will also review for regulatory compliance of the sanctioned anti-money laundering (AML) and Know Your Customer (KYC) laws.

Issues in AML and KYC

To operate as an issuer of digital assets under the regulations of the SEC, companies must abide by the existing AML and KYC standards.

KYCFinancial institutions must verify customer identity before allowing customers to transact in the crypto space.

AMLThe source of crypto funds needs to be identifiable.

Many entrepreneurs and investors are interested in the cryptocurrency space due to the opportunity for unbanked community. However, needing to abide by these rules can be a bit of a hurdle for entrepreneurs looking to get into the space. It is difficult for these virtual currencies to comply with KYC and AML rules due to the decentralized nature of the blockchain technology utilized in the creation of digital assets.

Broker-Dealer Involvement

Currently, there is not a broker-dealer involved in many digital asset transactions, but the SEC is hopeful that a broker-dealer will be involved in all digital asset issuances in the future.

Many transactions involving digital assets are reliant on one-to-one, individual agreements, which leaves room for a lot of unregulated proceedings. If SEC registered broker-dealers were to get involved, their presence would act as a middle-man, lending a bit more regulatory oversight to the transactions.

Broker-Dealer Compliance

The extremely unregulated nature of digital asset transactions is worrisome to the SEC, as it leaves investors vulnerable. The Commission has expressed its wish to see SEC registered broker-dealers become involved in ICOs in order to mitigate some of the risks presented in the sector.

Custodial Maintenance Requirements

First, all broker-dealers must comply with aspects of the Customer Protection Rule (Rule 15c3-3), which safeguards customer securities and funds held by a broker-dealer to prevent loss or harm in the event of a broker-dealer failure. However, these laws may not be available or effective in the case of certain digital assets that are not considered to be regulated by the SEC, ultimately affecting the broker-dealer’s ability to comply with Rule 15c3-3.

Also, due to the lack of security surrounding many digital asset exchange platforms, broker-dealers need to create security measures to ensure that the tokens are not lost or inadvertently transferred to unknown addresses. This makes it more difficult for broker-dealers to comply with 15c3-3 without putting significant investments of their own into unique digital asset security measures in order to protect their client’s investments.

Evidence of Existence

Broker-dealers are required to prepare financial statements to be audited in accordance with Public Company Accounting Oversight Board (PCAOB) standards. It is up to the broker-dealer to prove the existence of its assets to its independent auditors, and because a digital asset cannot be confirmed by a bank and is not held in a typical brokerage account, it can be difficult to prove the existence of the digital asset to the auditors and for them to verify that existence.

Investor Protections

There is a misconception among ICO buyers that their investments will assuredly be protected by the Securities Investor Protection Act (SIPA). The SIPA protects investors in the event of a broker-dealer liquidation of up to $500,000. However, once again, if a digital asset does not meet the definition of a security, SIPA rules will not apply and the investors will not be protected under the SIPA (e.g. if the digital tokens are lost or stolen due to broker-dealer negligence, there will be no recourse).


The unregulated nature of investing in digital assets can leave investors vulnerable and exposed. The SEC has recognized the issues at hand and is steadily working to enact structures and introduce new disciplines into the field in order to mitigate these risks.