This article was originally published by Law360.
Over the last decade, the cryptocurrency industry has grown from a small, experimental market to a trillion-dollar financial ecosystem.
This tremendous growth, however, has been shadowed by a recent series of major failures in the industry, including FTX, Terra/Luna, and BlockFi.
Despite the lack of an industry-specific, comprehensive statutory or regulatory regime, regulators have increased their scrutiny of crypto companies. Most notably, the U.S. Securities and Exchange Commission has launched a barrage of high-profile enforcement actions against crypto's largest platforms.
Even with growing ambition to curtail bad actors, direct enforcement actions have sometimes been hindered by the limitations in existing regulatory tools, which some public officials have sought to address.
For example, in May, the U.S. House of Representatives passed the first major piece of federal legislation seeking to provide regulatory clarity to the cryptocurrency industry.1
At the state level, in May 2023, New York Attorney General Letitia James proposed the Crypto Regulation, Protection, Transparency and Oversight Act to regulate those engaging in a wide variety of crypto-related businesses within New York by imposing sweeping new regulatory requirements.2
New Focus: Gatekeepers
While it remains to be seen whether these attempts to create a regulatory framework will be fruitful, there is evidence that enforcement agencies will not await new statutory authority. Instead, regulators will likely seek to protect investors by enhancing the accountability of so-called gatekeepers — professionals that advise corporate decision-makers concerning compliance with statutory and regulatory requirements. These gatekeepers include accountants, lawyers and compliance officers.
Comments from senior enforcement officials are revealing as to coming trends.
SEC Division of Enforcement Director Gurbir Grewal has described these professionals as "the first lines of defense against misconduct."3 In April, Ryan Wolfe, the chief accountant for the SEC's Enforcement Division, again affirmed that gatekeeper accountability is also an enforcement priority for the SEC. 4
The U.S. Department of Justice has specifically highlighted the importance of gatekeepers in relation to how it will judge a corporation's conduct. Specifically, the DOJ, in multiple policies governing cooperation benefits available for self-reporting, has focused on the role that compliance programs play.5
Notably, Deputy Attorney General Lisa Monaco emphasized the DOJ's commitment to implementing policies aimed at incentivizing "investing in a culture of compliance — before misconduct happens."6
Christy Goldsmith Romero, commissioner of the U.S. Commodity Futures Trading Commission, has squarely placed gatekeepers at the center of recent crypto failures, noting, "The crisis of trust in the unregulated crypto markets also results from an environment where lawyers, accountants, auditors, compliance professionals and other gatekeepers for crypto firms failed customers in their essential duties."7
She narrowed in, emphasizing that "[i]n the aftermath of what started with Terra/Luna and now with FTX's collapse, the role of the gatekeeper in crypto companies should be enhanced."
As regulators intensify their enforcement of the crypto industry, professionals who serve crypto companies as gatekeepers will likely be a new focus of enforcement actions. Although gatekeepers are navigating a relatively new industry like cryptocurrency, they are nonetheless subject to the traditional, professional rules and regulations that prevail in their industries.
As detailed below, recent litigation and enforcement actions signal the beginning of a regulatory shift toward increased scrutiny of crypto gatekeepers. This shift underscores the critical role crypto gatekeepers play in maintaining the integrity and stability of the rapidly evolving crypto sector and the increased need to protect investors.
Accountant Liability
Nonaudit "Proof of Reserves"
In the face of mounting regulatory scrutiny, crypto companies have sought to reassure investors by retaining third parties to review aspects of their business. Publicly traded entities in the U.S. are required to file fully audited financial and accounting statements in compliance with generally accepted accounting principles.
A full-fledged audit, however, is not mandatory for all crypto companies. Consequently, many of these companies have instead opted to retain accounting firms to issue so-called proof of reserves reports to verify their solvency and liquidity.
These reports are not audits, and the procedures used to generate them are neither as rigorous nor as comprehensive. Instead, these reports are just a snapshot of the company's balances intended to demonstrate that the crypto company has enough assets to cover its liabilities and will not face a liquidity crisis.
In an investor alert from 2023, the Public Company Accounting Oversight Board has identified some common limitations of these proof of reserves reports.8
First, the reports often do not assess the company's liabilities, the rights and obligations of the digital asset holders, or whether the company has borrowed the assets to make it appear that it has sufficient collateral or "reserves."
Second, the reports provide no guarantee that the assets will not be used, lent or otherwise become unavailable to customers following the issuance of the report. Third, the reports do not opine on the effectiveness of the company's internal controls or governance.
Accountants do not deny these limitations and sometimes include disclaimers stating that the report is not an audit report, does not address the effectiveness of the company's internal financial reporting controls, and does not express an opinion or assurance conclusion. These disclaimers, however, do not always ensure that clients understand the reliability, or lack thereof, of these reports, especially when crypto companies market the reports as audit equivalents to their customers.
Therefore, as SEC Chief Accountant Paul Munter warned, even if an accounting firm does not itself misrepresent the scope of its work, it may incur liability under the anti-fraud provisions of the federal securities laws if it knowingly or recklessly provides substantial assistance to a client who uses its services to mislead customers.9
Auditor Independence and Responsibility
In addition to more informal proof-of-reserve reports, accountants sometimes perform full audits for crypto companies, in which case they are expected to adhere to even higher professional standards.
Perhaps surprisingly, FTX was one of the few crypto companies that had completed a full generally accepted accounting principles audit. The recent collapse of FTX has thus drawn significant attention from both regulators and investors to the integrity of its auditors' practices.
In September 2023, the SEC filed a complaint against FTX's former auditor, Prager Metis — SEC v. Prager Metis CPAs LLC, in the U.S. District Court for the Southern District of Florida — for violating auditor independence rules and for aiding and abetting its clients' violations of the federal securities laws.10
Beyond maintaining independence, auditors have additional responsibilities as gatekeepers. For example, Section 10A of the Exchange Act requires auditors to adopt procedures to detect their clients' illegal acts and to report these acts to the client's management, and if necessary, to the SEC.
Private lawsuits targeting crypto companies' auditors are also emerging. A group of FTX investors have sued Prager Metis and FTX's other audit firm, Armanino — Pierce v. Bankman-Fried in the U.S. District Court for the Northern District of California — alleging that the firms failed their gatekeeping responsibilities and "knew about or were willfully blind" to FTX's rampant "pattern of racketeering."11
As exemplified by FTX's example, accountants are frequently implicated in their crypto clients' fraud because crypto companies' financials are often central to the alleged misconduct. Accountants' gatekeeping responsibilities stem not only from potential civil liability but also from their professional standards.
Lawyer Liability
Like accountants, lawyers have become more involved in the crypto business by opining on critical, yet unsettled, legal issues for their clients or by structuring transactions without triggering regulatory scrutiny.
The line between the provision of legitimate legal services and facilitation of client misconduct — whether inadvertent or purposeful — is sometimes thinner than one may think.
Legal Opinions on Unsettled Questions
Regulations of the crypto industry are constantly evolving, leaving many questions unanswered. As a result, crypto companies have increasingly relied on lawyers to provide opinions on key legal issues — both to address regulatory inquiries and reassure investors.
Lawyers have issued opinions on various topics, such as whether certain crypto tokens qualify as securities under SEC regulations, whether a crypto exchange must register with the SEC, and whether the company is a money services business.
Many of these legal questions remain unsettled, which sometimes exposes law firms to liability for issuing questionable legal opinions.
For example, in February, a class of investors of a failed crypto brokerage Voyager Digital Holdings Inc. sued McCarter & English LLP for providing a "bogus Legal Opinion" that the VGX token was not an unregistered security.12 The complaint alleges that the law firm disregarded existing state and federal regulatory authorities that suggested otherwise and blindly relied on the clients' inaccurate factual representations.
While there has not been any enforcement action against lawyers concerning their issuance of crypto-related legal opinions, lawyers are not immune from liability if these legal opinions directly or indirectly facilitate their clients' fraud.
For example, the SEC has previously charged lawyers who fraudulently authored baseless legal opinion letters for stocks without adequately researching and evaluating the individual stock offerings under securities law.13
Advice Used in Fraud
In addition to issuing legal opinions, lawyers also deal with crypto clients in more traditional transaction structuring.
Due to the often opaque nature of many crypto companies' operations, lawyers who believe they are providing routine transactional advice can sometimes find themselves defendants in high-profile lawsuits.
For instance, a group of FTX investors sued Fenwick & West LLP, in In re: FTX Cryptocurrency Exchange Collapse Litigation, in the Southern District of Florida, for allegedly helping FTX set up entities used to misappropriate customer funds, structure transactions to evade regulatory scrutiny, and establish entities that Sam Bankman-Fried and other FTX executives used to commit fraud.14
Fenwick moved to dismiss the complaint, arguing, inter alia, that a lawyer cannot be held liable for conspiracy or aiding and abetting a client's wrongdoing as long as the lawyer's "conduct falls within the scope of the representation of the client."15
Similarly, Sullivan & Cromwell LLP was sued in February this year, in Garrison v. Sullivan & Cromwell LLP in the Southern District of Florida, for allegedly crafting "not only creative, but misleading strategies that furthered FTX's misconduct" for its own benefits. 16
For example, instead of advising FTX to apply for licenses through regulatory agencies, where FTX would face "uncomfortable questions and robust vetting," Sullivan & Cromwell allegedly advised FTX entities to purchase other companies that already held the licenses they needed. The firm purportedly knew the true inner workings of FTX's fraudulent enterprise early on, including the connection between FTX and Alameda.
While it remains to be seen if these private actions against law firms will ultimately prevail, they are unlikely to be the last of their kind. Lawyers may continue to find themselves the target of crypto-related lawsuits if their clients prove to have relied on their services in carrying out misconduct or illegal schemes.
Compliance Officers
Finally, as a critical check on corporate governance, compliance officers also have distinct responsibilities in serving crypto companies.17 Most importantly, while many crypto companies are run by a handle of senior principals, compliance officers owe duty to the company, not the individuals.
Last year, FTX sued its former chief compliance officer and general counsel for enabling a scheme in which senior executives raided customer deposits for their own benefit.
Among others, the complaint alleges that the chief compliance officer failed his "duty to place the interests of Alameda, FTX ... above the interests of himself and the other FTX insiders who were indiscriminately siphoning funds from those entities."
Going Forward
In summary, professionals that serve crypto companies are uniquely positioned to safeguard against their clients' wrongdoings.
To navigate the complexities of the crypto industry while fulfilling their ethical and legal obligations, gatekeepers should consider taking additional measures.
First, because crypto gatekeepers cannot rely on existing regulatory frameworks to filter out client misconduct, as is the case with traditional institutions such as chartered banks or SEC-registered securities exchanges, they should consider implementing a robust vetting or know-your-customer mechanism when representing crypto clients. That includes identifying common pitfalls related to crypto businesses and providing systematic staff training on how to detect these pitfalls.
Second, to prevent their crypto clients from leveraging their services to mislead investors, professionals should consider — in addition to providing disclaimers — including contractual restrictions on how a client may use their work product, especially in communicating to investors. If the client continues to misrepresent the nature of their work, executing a noisy withdrawal or publicly disassociating from the client might be necessary.18
Third, since accountants, lawyers and compliance officers are usually at the forefront of the inner working of their clients' business, they are more likely to detect suspicious insider transactions or other misconduct by their clients. In some circumstances, gatekeepers face an affirmative duty to report these wrongdoings, including to an external agency.19
Footnotes
1 H.R. 4763, 18th Cong. (2023).
2 Legislative Bill Drafting Commission 10985-06-3, available at https://ag.ny.gov/sites/default/files/2023-05/Crypto%20Bill%2010985-06-3.PDF.
3 Gurbir S. Grewal, Director, Division of Enforcement, SEC, Remarks at SEC Speaks 2021 (Oct. 13, 2021), https://www.sec.gov/news/speech/grewal-sec-speaks-101321.
4 Jonathan H. Hecht, Anne E. Railton, Anna Wittman, The Big Lessons from the SEC Speaks Conference 2024, The CLS Blue Sky Blog (Apr. 26, 2024), available at https://clsbluesky.law.columbia.edu/2024/04/26/the-big-lessons-from-the-sec-speaks-conference-2024/.
5 See, e.g., Voluntary Self Disclosure and Monitor Selection Policies, Dep't of Just. (Mar. 8, 2024), available at https://www.justice.gov/corporate-crime/voluntary-self-disclosure-and-monitor-selection-policies.
6 Lisa Monaco, Deputy Attorney General, Dep't of Just. Off. of Pub. Affs. (Mar. 7, 2024), available at https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-monaco-delivers-keynote-remarks-american-bar-associations.
7 Christy Goldsmith Romero, Commissioner, SEC, Keynote Address at the Wharton School and University of Pennsylvania Carey Law School (Jan. 18, 2023), available at https://www.cftc.gov/PressRoom/SpeechesTestimony/oparomero5.
8 Investor Advisory – Exercise Caution with Third-Party Verification/Proof of Reserve Reports, PCAOB (Mar. 8, 2023), available at https://pcaobus.org/resources/information-for-investors/investor-advisories/investor-advisory-exercise-caution-with-third-party-verification-proof-of-reserve-reports.
9 Paul Munter, The Potential Pitfalls of Purported Crypto "Assurance" Work, SEC (July 27, 2023), available at https://www.sec.gov/news/statement/munter-statement-crypto-072723. Any person that knowingly or recklessly provides substantial assistance to another person in violation of a provision of the Securities Act or the Exchange Act, or of any rule or regulation issued thereunder, shall be deemed to be in violation of such provision to the same extent as the person to whom such assistance is provided. See Section 15(b) of the Securities Act, 15 U.S.C. § 77o; Section 20(e) of the Exchange Act, 15 U.S.C. § 78t.
10 Complaint, Sec. & Exch.Comm'n v. Prager Metis CPAs LLC, No. 23-23723-CIV (S.D. Fla. Sept. 29, 2023).
11 Complaint, Pierce v. Bankman-Fried et al., 22-cv-07444 (N.D. Cal. Nov. 23, 2022). The case was later transferred to the Southern District of Florida and stayed pending the FTX bankruptcy proceeding.
12 Complaint, Pierce v. Bankman-Fried et al., 22-cv-07444 (N.D. Cal. Nov. 23, 2022). The case was later transferred to the Southern District of Florida and stayed pending the FTX bankruptcy proceeding.
13 Press Release, SEC Charges California-Based Lawyer with Issuing Fraudulent Legal Opinion Letters, SEC (Mar. 7, 2013), available at https://www.sec.gov/news/press-release/2013-2013-34htm.
14 Complaint (Dkt. 153), In re: FTX Cryptocurrency Exchange Collapse Litigation, 23-md-03076 (S.D. Fla. Aug. 7, 2023).
15 Motion to Dismiss (Dkt. 276), In re: FTX Cryptocurrency Exchange Collapse Litigation, 23-md-03076 (S.D. Fla. Sept. 21, 2023).
16 Complaint, Garrison et al. v. Sullivan & Cromwell LLP, 24-cv-20630 (S.D. Fla. Feb. 16, 2024).
17 Complaint (Dkt. 1727), Alameda Research LLC et al. v. Daniel Friedberg, 22-11068 (Bankr. D. Del. June 27, 2023).
18 See Munter, supra note 12.
19 "Financial institutions" — as defined under the Bank Secrecy Act ("BSA")—are obligated to report even suspicions of money laundering activities. See Stavros Gadinis & Colby Mangels, Collaborative Gatekeepers, 73 Wash. & Lee L. Rev. 797 (2016).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.