Cryptocurrencies: Questions the Board should be asking
Financial services firms are seeing increasing demand from their customers for access to Bitcoin and other cryptocurrency-related products, and the capital markets also are confronting a broad set of crypto-related developments.
Given the dynamic nature of the market, the emerging legal and regulatory climate, and the volatility of crypto assets, it can be a daunting task to define the space or even understand the strategic rationale of introducing a cryptocurrency into an organization.
As the role of the board is to discuss, review, and ultimately approve overall strategy, how can the board engage in constructive dialog about the potential strategic fit of cryptocurrencies?
What are the realistic use cases for our organization?
Any conversation about crypto assets should start by taking this practical approach to understanding the nature of the business opportunities and risks involved rather than seeing it as a technology project for business units to manage. Several brokerage firms now allow clients to trade the Bitcoin futures product, and additional cryptocurrency financial products could emerge. Other offerings, such as institutional trading and cryptocurrency dedicated funds, could also be on the horizon, while areas such as custodial services are greenfield.
Boards of financial services firms should start by asking management if it can harness cryptocurrencies to increase the value of existing products or services.
How will extreme changes in valuations or volumes (5x-10x) impact the strategy?
Cryptocurrencies such as Bitcoin (BTC), Ether (ETH), and Ripple (XRP) have seen significant increases in trading volume and interest from retail and institutional investors. Given the volatility of cryptocurrencies, boards should ask about market sensitivities and scenario assumptions if inputs were to go up or down by a factor of 5x-10x.
Does management have an effective system in place to model, manage, and balance risks?
Financial services firms evaluating whether or not to enter the market should first take a stance on regulatory and reputational risk. Regulatory uncertainty or the inability to accurately calculate the fair value of a cryptocurrency may prove to be a challenge and will influence decisions whether to proceed.
Boards should press management teams to consider whether adjusting existing risk management systems is adequate or whether new frameworks are needed.
Is internal audit equipped to offer independent assurance of the technology, policies, and controls?
Cryptocurrencies will ultimately introduce exposure to distributed ledger technology (DLT), which presents challenges to the traditional audit approach. Regardless of the promise of the technology, internal audit, risk, or legal teams will still need to test and verify the systems and controls to adequately provide confidence to all stakeholders.
Boards should press management not just on policies and controls surrounding the new technology, but also on whether internal audit teams are properly suited and have the right expertise to perform their jobs.
What are the legal and regulatory guidelines, and how will the organization monitor emerging regulatory considerations?
The inconsistency and early stage of regulation in the US and globally is arguably one of the greatest challenges to how a board or management should think about participation in these markets. As regulators begin to find their footing, the basics may matter the most—the crypto product, its use, who is using it, and where—to identify the potential regulatory regime.
Has management given proper consideration to the global nature of cryptocurrencies?
With the decentralized technology underpinnings of cryptocurrencies, there is no centralized or regulated oversight of the currency itself. User identification and verification are not native and, as such, management and the board will need to consider proper know-your-customer and anti-money laundering (KYC/AML) compliance.
Is management aware of the tax framework and implications?
Each organization’s exposure to this new asset class will vary significantly depending on the specific role and use case taken. The complexities of the tax treatment should be considered prior to exposure to ensure that the right processes and reviews are in place for emerging or changing tax considerations.
Has management considered the technology and security concerns for cryptocurrencies?
Boards should ask probing questions about the security of cryptocurrency keys. The storage and retrieval of cryptocurrencies is critical and, much like any cybersecurity role, largely underappreciated work. Boards should ask management teams what role their organizations want to take with formal security programs and secure storage of cryptocurrencies, and to quantify risk-reward. A company’s specific cyber-risk plan should also be updated for cryptocurrency.
The cryptocurrency market will undoubtedly provide new opportunities to financial services organizations of all sizes and types. When it comes to developing a strategy, however, there is no one answer or way to approach all the issues that must be considered.
In the case of cryptocurrencies, the right questions span many parts of the organization.
Ken Owens, Partner, PwC