Cryptocurrency businesses that need their financial statements audited are probably going to have to pay more for it, and they have Sam Bankman-Fried to thank.
The collapse of Bankman-Fried’s crypto empire, and the spotlight it put on the auditors that signed off on his books, has prompted small audit firms to re-examine their work for businesses in the nascent industry.
Several US firms told the Financial Times that they had elevated some or all of their crypto-related clients to the status of “high risk”, triggering a more thorough audit that will take longer and lead to higher bills. Some clients could ultimately be dropped altogether.
The re-examination comes just weeks ahead of the financial year-end in the US, where auditors are struggling to apply accounting rules for digital assets that are still only half formed and regulators are watching closely for slip-ups.
“Your antennas have to be up at this point,” said Jeffrey Weiner, chief executive of Marcum, whose audit clients include bitcoin miners and digital asset investment groups. The firm has designated crypto clients across the board as high risk in the wake of FTX’s collapse and the fallout in cryptocurrency markets.
“When a client is high risk, you significantly expand the scope of the audit, and that translates into needing more resources and more time,” Weiner said. Extra work will be required to check a company’s “systems, controls, the existence of assets, segregation of funds and, of course given FTX, there will be extra scrutiny of related-party transactions”.
FTX bankruptcy filings described a chaotic operation where the crypto exchange was deeply intertwined with Bankman-Fried’s personal trading business, and billions of dollars of customer money is unaccounted for. John Ray III, the insolvency expert newly installed as chief executive, said he had never seen “such a complete failure of corporate controls and such a complete absence of trustworthy financial information”.
The filings raised the question of how Prager Metis — a US firm with just $139mn in annual revenue — was able to issue an unqualified audit opinion for the 2021 financial statements from FTX’s sprawling international operations. Industry standards require auditors to understand a private company’s internal controls and design an audit accordingly, even though they are not required to attest that the controls are strong.
Armanino, a California-based firm with $458mn in annual revenue, issued a similarly unqualified opinion for financial statements from FTX’s US exchange business.
The two firms have put out statements standing by their work for FTX, which both said did not continue beyond last year’s audit.
Given the breadth of businesses with exposure to FTX and crashing markets for digital assets, “we are checking in with our clients and we have had some where we have had to adjust risk ratings”, said a partner at another firm that audits crypto businesses. “We are closing in on the end of the year, so if we are going to continue and finish up the audit, we have to ask if we have all the procedures we need, or new resources we need to bring to bear.”
The partner added that smaller audit firms are likely to become pickier about taking on crypto clients. “We aren’t in the business of working for people that might fail. When a company fails there is a lot of work: you are going to get subpoenaed, deposed, people are going to want to look at your work papers to see if you missed anything. It’s involved.”
Two weeks before the FTX collapse, the Big Four audit firm EY parted company with Core Scientific, a Texas bitcoin miner that warned it could run out of cash by the end of this year. EY said it found insufficient record-keeping and poor internal controls, according to a regulatory filing. Core Scientific said it would instead use Marcum as its auditor.
The Big Four — PwC, Deloitte and KPMG, along with EY — argue they can bring more resources to bear on work for crypto clients than smaller auditors. The large auditors typically charge more than smaller firms.
The PCAOB, which regulates audits of US public companies, issued a bulletin in August telling companies they should check whether their auditors had the right skills.
“What is the auditor’s understanding of the financial reporting implications of the company’s activities related to digital assets?” it asked. “What policies and procedures does the audit firm have regarding conducting and monitoring audit engagements involving digital assets, including considering the risks associated with performing such audits?”
Answering the first question is no easy matter, auditors say, as innovations in digital assets have come faster than accounting standards can be set. The AICPA, a professional body which sets standards for audits of private companies, has written only some chapters of a guide for audit practices, with more still in the works.
“Our guidance is always informed by current events and real-world scenarios and any additional potential risks they may surface,” said Susan Coffey, AICPA chief executive of public accounting.
Armanino, the auditor of FTX US, said it had “invested significant time and intellectual capital as an active participant in multiple accounting industry groups” to help develop standards.
Other audit firms are just pleased not have become embroiled in crypto.
“Like I would hope every audit firm, after the FTX collapse we went back to look through our portfolio of clients,” said Charly Weinstein, chief executive of EisnerAmper. For those that have digital assets or cryptocurrency exposure, it amounted to only a small fraction of the business, he said.
“We haven’t done [audit] work around cryptocurrency,” he said. “Out of an abundance of caution.”