ATV - Auditor's Transformation Venture

Introduction

The rising presence of crypto assets on corporate balance sheets has been a significant issue lately. Corporations, investment funds, and financial intermediaries now hold cryptocurrencies and tokenized assets as investments, payment instruments, or emergency funds. While this trend reflects financial innovation and digitalization, it also challenges traditional audit practice. Crypto assets differ fundamentally from conventional financial assets due to their decentralized nature, reliance on private key control, price volatility, and operation on distributed ledgers. These features complicate core audit assertions, including existence, rights and obligations, and valuation, increasing inherent and control risks. Against this backdrop, recent U.S. regulatory changes have materially transformed the recognition and reporting of crypto assets under US GAAP, with direct implications for entities’ risk profiles and the scope, focus, and intensity of audit responses.

U.S. Regulatory Shifts

In 2022, the U.S. Securities and Exchange Commission (SEC) issued Staff Accounting Bulletin No. 121 (SAB 121), which required entities safeguarding crypto assets for customers to recognize a corresponding asset and liability on their balance sheets. This requirement reflected regulatory concern over the unique risks of crypto custody, including technological vulnerabilities, legal uncertainty, and potential loss of private keys. SAB 121 effectively forced balance-sheet recognition regardless of whether a loss event was likely to happen. Under SAB 121, there is no explicit requirement to apply a specific accounting framework, as the associated liability and corresponding asset are required to be recognized and measured at fair value. This approach effectively treated custody risk as a balance-sheet obligation, significantly affecting leverage, capital ratios, and reported financial position.

In early 2025, the SEC revoked SAB 121 and replaced it with SAB 122. Under SAB 122, entities are no longer required to automatically recognize custody-related assets and liabilities. Instead, they must assess their obligations using existing accounting standards, such as ASC 450 for contingencies or IAS 37 equivalents, recognizing liabilities only when a loss contingency is probable and reasonably estimable. This shift marks a transition from rule-based recognition to a judgement-based framework. It increases reliance on management judgment, particularly in assessing legal exposure, operational risk, and control effectiveness.

Auditor Impact

Under SAB 121, entities were required to comply with a uniform and prescriptive rule mandating that all cryptocurrency held in a custodial capacity be recognized on the balance sheet as both an asset and a corresponding liability. As a result, the auditor’s focus was predominantly rule-based, emphasizing explicit compliance with SAB 121. Audit procedures were largely procedural and mechanical, as the standard allowed no exceptions: all relevant digital assets were required to be recognized in the financial position, regardless of the underlying risk profile.

In contrast, SAB 122 introduces a framework that necessitates substantially greater auditor judgment in assessing the appropriate accounting treatment of cryptocurrency. Auditors must now evaluate whether crypto-related obligations meet the criteria for recognition based on the probability of loss, the reliability of loss estimation, and the extent of legal and operational exposure. Consequently, not all cryptocurrency values are automatically classified as liabilities, which may result in a balance sheet that more closely reflects the entity’s underlying economic reality. This regulatory shift reorients audit practice from a rule-based approach toward a judgment-based assessment.

However, the increased reliance on auditor and management judgment under SAB 122 also introduces heightened audit risk. These risks include management bias in assessing probability and measurement of losses, the potential understatement of liabilities, and the possibility of misleading or insufficient disclosures. Accordingly, auditors are required to exercise enhanced professional skepticism and place greater emphasis on evaluating the robustness of management’s risk assessments, internal controls, and disclosure practices to mitigate the risk of material misstatement.

How Regulatory Change Alters Risk of Material Misstatement (RMM)

Rights and obligations. With SAB 122 removing automatic recognition of custody liabilities, the assessment of whether an obligation exists depends heavily on contractual terms, custody arrangements, and legal enforceability. Misinterpretation of custody responsibilities or inadequate understanding of private key control creates heightened risk of understatement of liabilities or inadequate disclosure.

Valuation. Mandatory fair value measurement under ASU 2023-08 heightens valuation risk by exposing financial reporting to highly volatile crypto markets characterized by fragmented pricing, continuous trading, and uneven liquidity. Reliance on inappropriate principal markets, thinly traded exchanges, or third-party custodians and complex wallet infrastructures further increases susceptibility to material misstatement and elevates inherent and control risks that challenge effective audit evaluation.

Existence and completeness. Ownership of crypto assets is evidenced by control over private keys rather than legal title. Weak key-management controls, reliance on third-party custodians, or deficiencies in wallet reconciliation increase the risk that recorded assets do not exist or are incomplete.

Presentation and disclosure. Reduced prescriptive guidance heightens disclosure risk. Management may under-disclose custody risks, valuation methodologies, or concentration exposures, particularly where liabilities are no longer recognized on the balance sheet.

Conclusion

The post-2025 U.S. regulatory shift does not simplify the audit of digital assets; it redistributes risk and increases reliance on professional judgment. By reshaping recognition rules and reinforcing fair value measurement, regulators have elevated the importance of audit responses that focus on valuation, custody, controls, and disclosure. In this environment, audit quality depends less on compliance with prescriptive rules and more on robust risk assessment, skepticism, and technologically informed assurance.

References

Cryptoworth. (2025). How to Audit Crypto Assets: A Step-by-Step Guide. Accessed from: https://www.cryptoworth.com/blog/how-to-audit-crypto-assets
Gillison, D. (2025). Wall Street regulator revokes accounting guidance on crypto assets. Reuters. Accessed from: https://www.reuters.com/technology/wall-street-regulator-revokes-accounting-guidance-crypto-assets-2025-01-24/
Herbert, M. (2025). Auditing digital assets. Accounting and Business. Accessed from: https://abmagazine.accaglobal.com/global/articles/2025/apr/practice/auditing-digital-assets.html
Hester, M. (2025). Blockchain Association. Accessed from: https://www.sec.gov/file/ctf-blockchain-association-062625
Muir, S., Tricarichi, N., Ahuja, K. (2024). Digital assets under IFRS Accounting Standards vs US GAAP: the basics. KPMG. Accessed from: https://kpmg.com/us/en/articles/2024/digital-assets-under-ifrs-accounting-standards.html
Park, A. & Theisen. (2025). The SEC changes accounting rules for safeguarding crypto assets with its SAB 121 repeal. Deloitte. Accessed from: https://www.deloitte.com/us/en/services/audit-assurance/blogs/accounting-finance/sab-121-repeal.html
Park, A. & Theisen. (2025). SAB 121 and Done: SEC Issues SAB 122 to Rescind Guidance on Safeguarding Crypto Assets. Deloitte. Accessed from: https://dart.deloitte.com/USDART/home/publications/deloitte/heads-up/2025/sec-rescinds-sab-121-issues-sab-122-crypto-cryptocurrency
Schroeder, P. (2025). US regulator clears path for banks to engage in some crypto activities. Reuters. Accessed from: https://www.reuters.com/business/finance/us-bank-regulator-reaffirms-banks-can-engage-some-crypto-activities-2025-03-07/