C.4 Accounting Considerations

C.4.1 Initial and Subsequent Accounting

The interpretive guidance in SAB 121 indicated that an entity that was responsible for safeguarding crypto assets should record a liability on its balance sheet for its obligation to do so (referred to as a “safeguarding liability”). The safeguarding liability should be “measured at initial recognition and each reporting date at the fair value of the crypto-assets.” In determining the fair value of the crypto assets, the entity should apply ASC 820.

An entity should record a corresponding asset at the same time as it records the safeguarding liability. This asset is similar to an indemnification asset as described in ASC 805 (referred to as a “safeguarding asset”) and should be measured at the fair value of the crypto assets held. Recognition of a safeguarding liability and safeguarding asset may give rise to a corresponding DTA and deferred tax liability (DTL) that should be recorded and presented on a gross basis.

Changes in the fair value of the safeguarding liability and safeguarding asset may be recognized within the same line item in the income statement. In a manner similar to that described in the guidance in ASC 805, the measurement of the safeguarding asset would also factor in any potential loss events, which would be reflected in the income statement (see Example C-1). If no potential loss events occur in a given reporting period, there would be no net effect on the income statement (i.e., net zero impact).5

Connecting the Dots

An entity may need to use judgment or may encounter challenges in evaluating the potential loss events when using a third party to provide custodial services or a subcustodian. See Section C.6 for more information.

To illustrate how to apply the guidance, SAB 121 adds the following example to SAB Topic 5.FF:

Facts: Entity A’s business includes operating a platform that allows its users to transact in crypto-assets. Entity A also provides a service where it will safeguard the platform users’ crypto-assets, including maintaining the cryptographic key information necessary to access the crypto-assets. Entity A also maintains internal recordkeeping of the amount of crypto-assets held for the benefit of each platform user. Entity A secures these crypto-assets and protects them from loss or theft, and any failure to do so exposes Entity A to significant risks, including a risk of financial loss. The platform users have the right to request that Entity A transact in the crypto-asset on the user’s behalf (e.g., to sell the crypto-asset and provide the user with the fiat currency (cash) proceeds associated with the sale) or to transfer the crypto-asset to a digital wallet for which Entity A does not maintain the cryptographic key information. However, execution and settlement of transactions involving the platform users’ crypto-assets may depend on actions taken by Entity A.

Question 1: How should Entity A account for its obligations to safeguard crypto-assets held for platform users?

Interpretive Response: The ability of Entity A’s platform users to obtain future benefits from crypto-assets in digital wallets where Entity A holds the cryptographic key information is dependent on the actions of Entity A to safeguard the assets. Those actions include securing the crypto-assets and the associated cryptographic key information and protecting them from loss, theft, or other misuse. The technological mechanisms supporting how crypto-assets are issued, held, or transferred, as well as legal uncertainties regarding holding crypto-assets for others, create significant increased risks to Entity A, including an increased risk of financial loss. Accordingly, as long as Entity A is responsible for safeguarding the crypto-assets held for its platform users, including maintaining the cryptographic key information necessary to access the crypto-assets, the staff believes that Entity A should present a liability on its balance sheet to reflect its obligation to safeguard the crypto-assets held for its platform users.

As Entity A’s loss exposure is based on the significant risks associated with safeguarding the crypto-assets held for its platform users, the staff believes it would be appropriate to measure this safeguarding liability at initial recognition and each reporting date at the fair value of the crypto-assets that Entity A is responsible for holding for its platform users. The staff also believes it would be appropriate for Entity A to recognize an asset at the same time that it recognizes the safeguarding liability, measured at initial recognition and each reporting date at the fair value of the crypto-assets held for its platform users. [Footnotes omitted]

Connecting the Dots

Before SAB 121, an entity did not report the crypto assets of its users on its balance sheet unless the entity had control over those assets.6 The SAB did not remove the requirement related to determining whether an entity has control over the crypto assets. An entity that has control over the crypto assets that are being safeguarded will record them on its balance sheet as an asset with a corresponding obligation to return the crypto assets to the legal owner. This liability should be evaluated to determine whether it contains an embedded derivative under ASC 815. The SAB did not discuss the accounting for these crypto assets since the safeguarding asset addressed in the SAB was not the crypto asset. Rather, the entity recorded the safeguarding asset at the fair value of the crypto assets held, factoring in potential loss events (e.g., theft, loss of the private key, loss of the crypto asset, cybersecurity hacks) that could affect the asset’s measurement. The occurrence of such a loss event resulted in a difference between the safeguarding asset and the safeguarding liability, as illustrated in the example below. If an entity had determined that it had control over the crypto assets, those assets were not within the scope of SAB 121 since they were recognized as crypto assets on the entity’s balance sheet.

Example C-1

Entity A has an obligation to safeguard crypto assets. The fair value of the crypto assets being safeguarded is $100,000. During the second quarter of 20X4, A loses some of the private keys for certain wallets. Entity A has determined that the lost private keys control 10 percent of the customers’ crypto assets and that a loss of 10 percent of the safeguarded crypto assets has therefore occurred. In such circumstances, provided that the fair value of the crypto assets being safeguarded is still $100,000, A would recognize, as of the second quarter of 20X4, a safeguarding liability of $100,000 and a safeguarding asset of $90,000, with the $10,000 loss recorded in the income statement.

C.4.2 Derecognition

Although SAB 121 did not contain explicit derecognition guidance, it indicated that a safeguarding obligation should be reflected in the financial statements “as long as [the entity] is responsible for safeguarding.” The facts and circumstances that led an entity to conclude that it has a safeguarding obligation to a third party may change after the initial recognition of the safeguarding liability and the corresponding safeguarding asset. Accordingly, in the absence of further guidance from the SEC, an entity whose facts and circumstances change should reassess whether it continues to have a safeguarding obligation. In addition to factors that the entity considered in reaching its previous conclusion, the entity should evaluate the factors in Question 7 in Appendix B of the AICPA Practice Aid as well as the facts and circumstances in Section C.6.

If a contractual custodial relationship between the entity and the third party establishes a legal or contractual liability, the entity should consider the liability extinguishment guidance in ASC 405-20. In these cases, it would generally be appropriate to fully or partially derecognize the safeguarding asset when the associated crypto assets are returned to the customer (either for self-custody or for placement with another custodian7). In other cases, it may be difficult to justify applying the liability extinguishment guidance — specifically, when an entity previously recognized a safeguarding obligation even though there was no contractual relationship resulting in a legal or contractual liability (e.g., there is nothing to legally extinguish). It may still be helpful to consider the derecognition guidance in ASC 405-20 in such cases, but we do not believe that the inability to apply that guidance in its entirety would automatically preclude derecognition.

Footnotes

See Question 8 in Appendix B of the AICPA Practice Aid.

See Question 10 in AC Chapter 1 of the AICPA Practice Aid.

When a safeguarding obligation no longer exists because an entity has transferred it to another custodian, the entity may still believe that it is safeguarding the crypto assets. Therefore, the entity must use significant judgment in such situations and may still have to record a safeguarding obligation.

Confidential and Proprietary — for Use Solely by Authorized Personnel

This publication provides comprehensive guidance; however, it does not address all possible fact patterns, and the guidance is subject to change. Consult a Deloitte & Touche LLP professional regarding your specific issues and questions.