Customer Due Diligence in the Aftermath of FTX

By Alma Angotti, Tracy Angulo, Patrick DellaValle, Gregory Schwarz

Over the past several months, seemingly stable companies in the digital assets space have folded with alarming regularity. From Celsius Network to Alameda Research, from Voyager Digital to FTX, 2022 was a banner year for high-profile digital asset collapse. Those with longer memories will recall the abrupt collapses of digital asset exchanges QuadrigaCX and Mt. Gox in the years prior to the most recent digital asset bull cycle.

Whether due to risky investments or “crypto contagion” or outright (alleged) fraud, the failure of each of these companies caused significant losses to both investors and customers. Despite, or perhaps because of, the current market downturn, investing and partnering with digital asset firms remains on the minds of many traditional financial institutions (FIs) ahead of the next digital asset bull run.

In a January 17, 2023, piece titled, “Joint Statement on Crypto Risk Highlights Need for Strong Governance,” Guidehouse noted that in response to eight risks described by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency, that enhanced due diligence (EDD) is an important measure for FIs planning to do business with digital asset companies. The White House continues to warn of cryptocurrency entities that still ignore applicable financial regulations and basic risk controls. These practices protect consumers, businesses, and the economy, and are of paramount importance.

Expanding on this point, Guidehouse notes that this EDD needs to be more comprehensive than a standard review of the firm’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and sanctions programs. As digital asset companies are currently not overseen by a federally functioning regulator to ensure that they adhere to standards ranging from consumer protection to capital controls, the onus is on potential investors and business partners to perform more extensive due diligence to compensate. Fortunately, banking regulations may be used as benchmarks to enhance existing due diligence measures. Key additional due diligence areas include Treasury Management, Customer Management, and Corporate Structure and Governance.


Evaluate a Cryptocurrency Exchange’s Treasury Management, including Activity with Affiliates and Related Entities

Ensuring that digital asset firms have adequate treasury management is possibly the single largest additional step of due diligence that potential business partners and investors should make. While the collapse of FTX has numerous causes, one of the largest red flags that has been uncovered to date is the firm’s purported lack of adequate treasury management. The firm did not have sufficient reserves to meet customer withdrawals, in part due to risky investments. Unlike banks, which are heavily regulated in their treasury and risk management, other FIs, including digital asset firms, have significantly fewer restrictions.

In the absence of regulatory oversight, potential investors and business partners may use banking regulations as a framework for treasury and risk management standards. For example, in 2013, the Federal Reserve Board finalized requirements for US banks to adhere to the Basel III updated capital control requirements. Digital asset firms may use this framework as a guidance and benchmark for treasury and risk management. Additionally, on December 19, 2022, the CEO of Binance.US outlined several other reasonable benchmarks that FIs may examine when conducting due diligence:

Does the cryptocurrency exchange maintain sufficient reserves on customer deposits?

It was a long-standing requirement for banks and other depository institutions to hold a minimum level of reserves against their liabilities. While regulations have changed more recently due to the COVID crisis, FIs doing business with a cryptocurrency exchange may consider establishing a risk appetite requiring their customers to maintain a certain level of liquidity. Unlike banks, cryptocurrency exchange accounts are not insured by the FDIC. Moreover, while both banks and cryptocurrency exchanges have liabilities (deposits) and assets (lending), crypto exchange assets are highly volatile. As such, when conducting due diligence on a cryptocurrency exchange, banks or other exchanges may want to consider demanding much higher liquidity requirements from their exchange customers.

Does the cryptocurrency exchange offer margin trading?

Tied in to the point above, an exchange that offers margin trading may have more difficulty maintaining sufficient reserves than one that does not.

Does the cryptocurrency exchange hold corporate debt? If so, how much?

FI reserves can consist of various assets. While many digital asset firms do not engage in retail lending, some do hold corporate loans. Firms that hold larger percentages of corporate debt as a backstop for customer deposits are less able to fulfill customer withdrawal requests than those that do not hold corporate debt.

Is the cryptocurrency exchange subject to regular audits by a qualified auditor?

Regular audits by a qualified auditor are essential for any business. Given the nebulous regulatory environment that digital asset firms operate in, regular audits provide insight into the financial position of a firm over time.

Does the cryptocurrency exchange engage in its own proprietary trading, either through the exchange itself or another legal entity?

As evidenced by the previous year, digital asset markets are highly volatile. Firms that engage in a large volume of high-risk proprietary trading are more likely to experience losses. While no reputable exchange would engage in proprietary trading with customer deposits, firms that engage in a large volume of proprietary trading, incurring losses, risk losing their operating capital.


Evaluate the Exchange’s Controls Related to Transfers of Assets as well as the Exchange’s Movement of Funds

Most financial institutions maintain very tight controls on any movements of corporate funds (as well as no commingling), and ensuring that movements of funds are validated, and require multiple approvals and validated counterparties, can help reduce the risk of inappropriate movements to affiliated or non-approved counterparties.

Additionally, a unique aspect of digital assets allows FIs to independently audit a prospective client’s transactions and reserves. This is due to the public nature of blockchains and the prevalence of commercially available blockchain analytics tools, such as Chainalysis’s Reactor tool. As part of an EDD process, potential partner FIs could investigate the total inflow and outflow of a digital asset firm to better understand its business and identify potential discrepancies in stated flows of funds. Further, a potential partner FI could ask for a listing of internal wallets to evaluate a firm’s reserves. Through blockchain analysis, potential investors and business partners can do more than take a digital asset firm at their word regarding treasury management.


Evaluate the Exchange’s Customer Management and Protections

Customer management and protections flow in part from proper treasury management. Understandably, a key point of customer protection for a FI is properly managing deposited funds. Customer management, however, incorporates more than just prudent management of customer funds. It also covers disclosures, anti-fraud measures, and complaints procedures, for example. There are numerous banking regulations that address these, and other related issues, including the Unfair, Deceptive, or Abusive Acts or Practices framework and Regulation E. These regulations may serve as a baseline for EDD of digital asset firms.

Additionally, given their size and rapid growth rates, digital asset firms tend to outsource most of their consumer protection activities, such as customer service, to third-party vendors. This is normal practice for FIs generally, but it requires firms to have a structured and compliant vendor management program in place. Among digital asset firms, third-party vendor management teams are often under-resourced and rely heavily on vendors to ensure appropriate measures are taken to secure data and review, assess, onboard, and monitor vendors for consumer protection activities. This is another aspect of customer management that FIs may consider as part of EDD of digital asset firms.


Evaluate the Firm’s Corporate Structure

Some notable firms in the digital asset industry are known for their byzantine corporate structures. Frequently registered in jurisdictions of convenience and privately held, the corporate structure of digital asset firms is often difficult to understand. While not illustrative of all companies in the digital asset space, it is notable that FTX was a privately held corporation with a main registration in the Bahamas. In its bankruptcy filing, FTX listed 134 affiliated companies.

While complex corporate structures are not necessarily a red flag, they can warrant closer investigation. After all, one of the most stunning aspects of FTX’s business was the functionally unlimited line of credit it granted to its sister company, digital asset hedge fund Alameda Research. Knowing the extent of this relationship may have given pause to potential FTX business partners. Additionally, business partners and investors should consider the jurisdiction in which a digital asset firm operates and is incorporated. For example, digital asset firms that are incorporated in the US and/or are licensed to operate in US states will likely have stricter regulatory requirements (although not as strict as what is required of banks) than firms without a US presence.


Evaluate the Firm’s Board of Directors…or Lack Thereof

Ensuring that a cryptocurrency exchange has adequate and effective oversight of the firm’s operations, as well as a strong culture of compliance, is paramount. FTX, for example, reportedly operated without a real board, and its senior leadership did not have a strong track record of running multibillion-dollar companies. It is advisable during a due diligence exercise that firms not only identify a cryptocurrency exchange’s leadership, but also, evaluate their experience. If the company has a board of directors (board), firms should assess their supervisory role. In evaluating the suitability of a cryptocurrency exchange’s leadership, potential partner FIs should consider:

  1. Senior management’s independence
  2. Legal, Compliance, and Risk’s proximity to senior management
  3. The company’s business environment
  4. Senior management’s educational and professional background
  5. Senior management’s diversity and longevity of experience

Additionally, a board can only provide appropriate oversight and governance if they are provided with relevant and robust reporting. Evaluating the type of reporting and visibility that the board has on key issues, such as escalated compliance, operations, and financial concerns, will be central to understanding the governance being utilized.

Recently, as part of our numerous client engagements related to due diligence of digital asset counterparties, we have been asked to incorporate enhanced governance standards and the potential for transition planning, in the event of an exchange failure, into our engagements to meet requests from both corporate stakeholders and regulatory authorities.


How Guidehouse Can Help

Guidehouse has extensive experience advising traditional FIs, venture capital firms, investment advisors, and digital asset firms on a wide variety of regulatory issues, ranging from BSA/AML compliance and due diligence to risk management. Guidehouse has a deep understanding of banking regulations, digital asset firms, and how digital asset firms can adopt traditional finance best practices. Guidehouse has relevant experience in numerous areas, including the following: 

  • Enhanced due diligence
  • Financial assessments
  • Compliance evaluations
  • Operations assessments
  • Managed services
  • Blockchain analytics, risk analysis, and tracing
  • Strategic planning
  • Risk management
  • Vendor sourcing and governance
  • BSA/AML advisory
  • Executive training

Guidehouse is well-equipped to make an individualized assessment of your unique circumstances and offer innovative advice and solutions for responding to potential heightened regulatory requirements.

Special thanks to Nicholas Bohmann and Andrew Hobensack for contributing to this article.

Alma Angotti, Partner

Tracy Angulo, Director

Patrick DellaValle

Gregory Schwarz, Associate Director

Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.