The Potential Pitfalls of Purported Crypto “Assurance” Work
Introduction[1]
Following the recent waves of scandal and insolvency in the crypto industry, there has been a renewed focus on the firms, including accounting firms, that have been retained by companies in the crypto-asset space—in particular, crypto asset trading platforms. Certain crypto asset trading platforms, with others in the crypto industry, have marketed to investors their retention of third parties, sometimes accounting firms, to perform some sort of review of certain parts of their business, often presented as a purported “audit.” As accounting firms increasingly engage in this sort of non-audit work, their clients’ marketing and terminology risks misleadingly suggesting that these alternative, non-audit arrangements are at parity with, or even more “precise” than, a financial statement audit. Such suggestions are false. Non-audit arrangements are neither as rigorous nor as comprehensive as a financial statement audit, and may not provide any reasonable assurance to investors.
The hazards to investors associated with such characterizations have been publicized by the Commission staff,[2] PCAOB staff,[3] and others. This statement is directed primarily to the accounting profession, including new entrants into non-audit service work for crypto asset clients. Accounting firms that choose to perform work in this space must keep several obligations and hazards front of mind.
The Accounting Firm’s Potential Liability for Antifraud Violations
As a threshold matter, an accounting firm should carefully consider the contents of any statements that it or its clients make about the scope of work performed and the nature of the procedures followed because material misstatements regarding those subjects could result in legal liability for the accounting firm. Such statements could implicate the antifraud provisions of the federal securities laws if there has been fraud “in the offer or sale” of a security (for purposes of Section 17(a) of the Securities Act of 1933) or “in connection with” the purchase or sale of a security (for purposes of Section 10(b) of the Securities Exchange Act of 1934), and if certain other requirements for liability are met. In addition, any person that knowingly or recklessly provides substantial assistance to another person in violation of a provision of the Securities Act or the Exchange Act, or of any rule or regulation issued thereunder, shall be deemed to be in violation of such provision to the same extent as the person to whom such assistance is provided.[4]
There could be a variety of facts and circumstances under which an audit firm whose client misrepresents the nature of the firm’s services creates potential liability for antifraud violations. Where an accounting firm becomes aware that a client has made misleading statements to the public about the nature of its non-audit work, OCA staff believe that, as best practice, the accounting firm should consider making a noisy withdrawal, disassociating itself from the client, including by way of its own public statements, or, if that is not sufficient, informing the Commission.[5]
Accounting firms should consider such risks and responsibilities during its client acceptance procedures. Additionally, regarding non-audit clients who are new entrants to the crypto industry with no track record of such misrepresentations, the accounting firm may nonetheless wish to implement certain precautions. These may include, for example, contractual prohibitions on the ways in which the non-audit client can publicly describe a non-audit arrangement with the firm to ensure that investors are not misled into believing that the non-audit work provides assurance when it does not. In a similar vein, the accounting firm may consider including in its client acceptance letters limitations on misleading references to “audit,” “GAAS,” “PCAOB standards,” and “PCAOB inspections.”
Auditor Independence
Particularly with respect to newer market entrants without established operating histories but which may pursue a registered public offering in the near term, we understand that accounting firms at times consider performing only limited, non-audit consultation services with an eye to accepting an audit engagement from such clients later on, after becoming sufficiently comfortable that a given client meets applicable ethical and competency requirements, among other considerations.[6] For any market participant seeking to register with the Commission, any preceding, non-audit engagements, and the accounting firm’s conduct during those engagements require the accounting firm to assess whether it would meet applicable independence requirements if it accepted the audit engagement.[7]
Rule 2-01 of Regulation S-X is designed to ensure that auditors are qualified and independent of their audit clients both in fact and appearance when performing an audit subject to the Commission’s independence requirements. The Commission will consider all relevant facts and circumstances when making this determination, including all relationships between the accountant and the audit client, and not just those relating to reports filed with the Commission. As we have noted elsewhere, the general standard of independence in Rule 2-01(b) is the heart of the Commission’s auditor independence rule.[8] It provides that an accountant is not independent of an audit client if “the accountant is not, or a reasonable investor with knowledge of all relevant facts and circumstances would conclude that the accountant is not, capable of exercising objective and impartial judgment on all issues encompassed within the accountant’s engagement.”[9]
In this regard, the Commission considers, among other things, whether a relationship or service creates a “mutual or conflicting interest between the accountant and the audit client” or “places the accountant in the position of being an advocate for the audit client.”[10] Audit Firms and their associated entities must consider the effects that their non-audit services and relationships have on their ability to maintain independence, both in fact and appearance, when performing audits for audit clients and their affiliates.
Where an audit firm engages in advocacy or lobbying efforts on behalf of an audit client in the course of an audit subject to Commission or PCAOB rules, for example, a firm should consider its public statements or assertions to determine whether they could create a perception that there is a possible mutual interest between the audit firm, its audit client, and entities under common control or significant influence of the audit client, or whether the audit firm may be acting as an advocate for its audit client, such that a reasonable investor with knowledge of all relevant circumstances would conclude that the firm is not independent and capable of exercising objective and impartial judgment during an audit engagement.[11]
Potential Liability Pursuant to Rule 102(e) of the Commission’s Rules of Practice
An accounting firm’s violation of the antifraud provisions of the federal securities laws or applicable independence requirements could result in the censure or suspension of the firm, or its accountants, from the privilege of appearing or practicing before the Commission as an accountant under Rule 102(e) of the Commission’s Rules of Practice. Rule 102(e) was adopted as a means to ensure that those professionals, on whom the Commission relies heavily in the performance of its statutory duties,[12] perform their tasks diligently and with a reasonable degree of competence.[13] Pursuant to Rule 102(e)(1), the Commission may censure or deny the privilege of appearing or practicing before it any person who is found, among other reasons, “[t]o be lacking in character or integrity or to have engaged in unethical or improper professional conduct,” or “[t]o have willfully violated, or willfully aided and abetted the violation of any provision of the Federal securities laws or the rules and regulations thereunder.”
As explained at Rule 102(e)(1)(iv), with respect to persons licensed to practice as accountants, “improper professional conduct” includes not only knowing or reckless conduct that violates applicable professional standards, including auditor independence standards, but also certain types of negligent conduct:
- a single instance of highly unreasonable conduct that results in a violation of applicable professional standards in circumstances in which an accountant knows, or should know, that heightened scrutiny is warranted, or
- repeated instances of unreasonable conduct, each resulting in a violation of applicable professional standards, that indicate a lack of competence to practice before the Commission.
Because of the importance of an accountant's independence to the integrity of the financial reporting system, the Commission has concluded that circumstances that raise questions about an accountant's independence always merit heightened scrutiny, and so a single instance may merit sanctions under the rule.[14] And improper professional conduct by an accountant may create liability for the entire audit firm, which serves a critical gatekeeper function with respect to investor protection in the public interest.[15] No audit firm is too small, or too big, to be suspended from appearing or practicing before the Commission.
Conclusion
We have emphasized on many occasions that accounting firms play a vital gatekeeper role.[16] Clients and the investing public rely upon accountants to act as trusted third parties not only when conducting financial statement audits but also when providing other types of services. Maintaining the public’s confidence is a serious responsibility, and it requires accountants to exercise integrity in their actions and activities. This includes ensuring that the accountants’ names or services are not being used to convey a false sense of legitimacy or to mislead investors. It is difficult, if not impossible, to regain the public trust once it has been eroded, and therefore we are reminding accountants of their ongoing obligation to conduct their activities in a way that maintains, and ideally increases, public trust and confidence in the accounting profession.
[1] This statement is provided in the author’s official capacity as the Commission’s Chief Accountant but does not necessarily reflect the views of the Commission, Commissioners, or other members of the staff. This statement is not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved its content. This statement, like all staff statements, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person. “Our” and “we” are used throughout this statement to refer to the staff of the Office of the Chief Accountant (“OCA”).
[2] E.g., SEC Office of Investor Education and Advocacy, Exercise Caution with Crypto Asset Securities: Investor Alert (Mar. 23, 2023), https://www.sec.gov/oiea/investor-alerts-and-bulletins/exercise-caution-crypto-asset-securities-investor-alert; Jean Eaglesham, SEC Heightening Scrutiny of Auditors’ Crypto Work, Wall St. J. (Dec. 22, 2022), available at https://www.wsj.com/articles/sec-heightening-scrutiny-of-auditors-crypto-work-11671681693 (quoting SEC Chief Accountant Paul Munter).
[3] E.g., PCAOB Office of the Investor Advocate, Investor Advisory: Exercise Caution With Third-Party Verification/Proof of Reserve Reports (Mar. 8, 2023), https://pcaobus.org/resources/information-for-investors/investor-advisories/investor-advisory-exercise-caution-with-third-party-verification-proof-of-reserve-reports.
[4] See Section 15(b) of the Securities Act, 15 U.S.C. § 77o; Section 20(e) of the Exchange Act, 15 U.S.C. § 78t.
[5] We believe that continuing to accept engagements while knowing the client is using the accounting firm to perpetrate a fraud is itself inherently misleading. An investor might reasonably assume, for instance, that an accounting firm would not permit a proof-of-reserves report that it prepared to be equated with a financial statement “audit” in its clients’ marketing materials, and that such a firm should let it be known, if discovered, that such representations were incorrect or otherwise take adequate steps to disassociate itself from that client. We believe that it is not unreasonable to expect an accountant, who stands in a special relationship of public trust, and whose duty is to safeguard the public interest, to disclose such misrepresentations, particularly where the accountant’s information is obviously superior to that of the investor, the cost to the accountant of revealing the information is minimal, and the cost to investors of the information remaining secret is potentially significant. See, e.g., AICPA Code of Professional Conduct 0.300.020 (noting accountants’ continuing responsibility to exercise moral judgments and maintain the public’s confidence), 0.300.030 (noting the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism), 0.300.040 (noting that accountants should perform all professional responsibilities with the highest sense of integrity, which includes being honest and candid). A majority of state boards of accountancy have adopted the AICPA Code of Professional Conduct within their state accountancy laws. AICPA & CIMA, 2022 State regulatory and legislative outlook, https://us.aicpa.org/content/dam/aicpa/advocacy/state/downloadabledocuments/56175896-state-reg-leg-outlook-for-2022.pdf.
[6] E.g., PCAOB AS 2101: Audit Planning.
[7] See, e.g., 17 C.F.R. § 210.2-01; PCAOB AS 1005: Independence. The authority and jurisdiction of the Commission and the PCAOB is prescribed by statute, and such jurisdiction may not extend to all aspects of the crypto asset markets. For instance, the PCAOB’s jurisdiction generally extends to audits (and related engagements) of issuers and certain broker-dealers registered with the Commission, and certain provisions of the federal securities laws over which the Commission has enforcement authority may be limited in their applicability to public companies or registered broker-dealers.
[8] See, e.g., Paul Munter, The Critical Importance of the General Standard of Auditor Independence and an Ethical Culture for the Accounting Profession (June 8, 2022).
[9] See 17 C.F.R. § 210.2-01(b).
[10] 17 C.F.R. § 210.2-01.
[11] Moreover, in the event the audit firm accepts the audit engagement, it should also keep front of mind its legal obligations under Section 10A of the Exchange Act, which requires audit firms to adopt procedures to detect illegal acts, among other things, in connection with their audits, and report to the issuer and if necessary to the Commission the illegal acts that the issuer committed.
[12] See Final Rule: Amendment to Rule 102(e) of the Commission’s Rules of Practice, Release No. 33-7593 (Oct. 26, 1998), available at https://www.sec.gov/rules/final/33-7593.htm (“Investors have come to rely on the accuracy of the financial statements of public companies when making investment decisions. Because the Commission has limited resources, it cannot closely scrutinize every financial statement.[] Consequently, the Commission must rely on the competence and independence of the auditors who certify, and the accountants who prepare, financial statements. In short, both the Commission and the investing public rely heavily on accountants to assure corporate compliance with federal securities law requirements and disclosure of accurate and reliable financial information.”).
[13] The rule addresses the conduct not only of accountants, but also of attorneys, engineers, and other professionals or experts who appear or practice before the Commission. 17 C.F.R. § 201.102(e)(2) and (f)(2).
[14] See Final Rule, supra note 12 (“Because of the importance of an accountant’s independence to the integrity of the financial reporting system, the Commission has concluded that circumstances that raise questions about an accountant’s independence always merit heightened scrutiny.”).
[15] See, e.g., In re Lester Witte & Co., Release No. 34-17423 (Jan. 7, 1981) (finding both partner and firm responsible for a deficient audit where they failed to meet professional standards).
[16] See, e.g., Paul Munter, The Auditor’s Responsibility for Fraud Detection (Oct. 11, 2022).
Last Reviewed or Updated: Jan. 19, 2024