Last week the American Institute of CPAs (AICPA) published proposed criteria for stablecoin issuers when they disclose their proof of reserves. It asks for more details than any stablecoin issuers currently provide in their disclosures. Feedback is requested by January 29, 2024.
Following the collapse of FTX and some dubious reports, a raft of accountants abandoned cryptocurrency proof of reserve work in late 2022. However, the AICPA proposal only covers fiat-backed stablecoin issuers.
The paper outlines ‘criteria’ rather than standards. Criteria are considered more like benchmarks, whereas standards are requirements.
It doesn’t mention any particular issuers, but both Circle and Paxos have published pretty detailed monthly attestations for a while. In contrast, Tether, with its market capitalization of almost $90 billion, only publishes a quarterly summary. Given its audits are performed by BDO Italy, they may choose not to adopt these higher disclosure benchmarks.
However, these criteria could impact Tether if it fails to adopt them. For example, the Basel Committee on Banking Supervision could use these criteria as a benchmark for US dollar stablecoins to be considered lower risk. Likewise, other bodies could choose to adopt them.
Stablecoins: reserve disclosures
Details of each security and jurisdiction
Starting with the glaring omissions by Tether, AICPA asked for details of each investment held as part of reserve assets. Tether notoriously provides a summary of its reserve assets. This lack of transparency led to considerable speculation in the past about its exposure to the Chinese real estate market. In contrast, Circle and Paxos disclose the Cusip identifier for each security held. AICPA is setting that as the benchmark. Additionally, a report should include the jurisdiction of both the securities and the custodian or trustee safeguarding it.
Amount of reserves held at each bank
While Circle and Paxos tick far more of the boxes, there are some areas they would need to expand. For example, they don’t disclose at which banks they hold cash. AICPA wants that clarified.
This proposed benchmark around bank balances has pros and cons. For example, when there was a run on Silicon Valley Bank, Circle had to disclose its $3.3 billion balance. Arguably, the earlier the knowledge is available, if the bank suffers a run, the earlier the run on the stablecoin. On the other hand, if the details are opaque, people might run on a stablecoin when any bank gets into trouble.
Other stablecoins disclosures
Other stablecoin risks – private keys, smart contracts
Attestations aren’t just about assets and liabilities. They cover a wide array of risks, such as the security of the private keys behind the smart contract. It also includes the smart contract itself- whether it was audited or there are known issues – as well as any risks of each blockchain. On the point of the security of the keys, while the issuer might be able to attest to it, it could be tricky to audit. For example, how will the auditor know whether the issuer stored the private keys insecurely in the past?
How much is on each blockchain?
Stablecoin issuers would have to disclose the amount of redeemable stablecoins on each blockchain. Plus, the report needs to include details about tokens that are not redeemable, either temporarily or permanently. For example, that includes pre-minted or blacklisted tokens.
Wrapped stablecoins
One area that might need more clarification is wrapped or bridged stablecoins. Particularly because this is a controversial area. The paper mentions disclosure but there’s not much detail. Arguably, one of the reasons the New York State Department for Financial Services (NYDFS) pulled the Binance USD stablecoin was that Binance issued pegged tokens on blockchains other than Ethereum. These were pegged to the Paxos issued tokens on Ethereum.
How can users redeem directly?
One of the current gray areas is around redemption. In many cases, end users can’t demand redemption directly from the issuer. Proof of reserves needs to disclose what conditions the issuer requires to redeem the stablecoin directly. Plus, the issuer should clarify the timeframe for redemption.
The benchmark demands details in many areas, so we just picked a few highlights.