In collaboration with Forvis Mazars, Cryptio took a closer look at the impact of SAB121 on crypto enterprises, examining its complex reporting requirements and implications for the industry. This in-depth discussion explores how financial institutions navigate SAB121’s unique challenges, from heightened capital reserves to transparency mandates, providing valuable insights for crypto businesses aiming to meet these evolving standards.
Let’s delve deeper into how SAB121 reporting impacts crypto enterprises.
What is a common area of interest for crypto asset enthusiasts and big banks? Both have lobbied for The Securities and Exchange Commission’s (SEC) Staff Accounting Bulletin No. 121 (SAB121) to be repealed.
SAB121 was published on March 31, 2022, and, according to the American Bankers Association, was developed with very little input from regulators before it was released to the public.
Accounting Treatment
According to the accounting bulletin, SEC reporting entities that provide a service “where it will safeguard the platform users’ crypto-assets, including maintaining the cryptographic key information” should “present a liability on its balance sheet to reflect its obligation to safeguard the crypto-assets.” This is a major departure from the traditional off-balance sheet treatment for custodied assets. Under SAB121, institutions must record both a liability for the obligation to safeguard crypto assets and a corresponding asset, both measured at the fair value of the crypto assets. For banks, this on-balance sheet treatment significantly increases the amount of regulatory capital they must hold. These increased capital requirements make it financially burdensome for many SEC reporting banks to provide crypto asset custody services at a meaningful scale.
Disclosures
SAB121 also requests reporting entities to disclose notes to the financial statements that “include clear disclosure of the nature and amount of crypto-assets that [the entity] is responsible for holding for its platform users, with separate disclosure for each significant crypto-asset, and the vulnerabilities [the entity] has due to any concentration in such activities.”
By requiring a liability and corresponding asset to be recorded on a crypto asset custodial provider’s balance sheet, SAB121 creates an “unintended effect of ensuring that such services could be provided only by those firms that are not insured depository institutions or otherwise regulated by the Banking Agencies.”
In other words, due to tier 1 capital ratio requirements and other reserve requirements that traditional banks are subject to, most banks are generally precluded from offering crypto asset custodial services. Non-bank custodians are typically not subject to the same rigorous reserve requirements that banks are subject to.
SAB121 generally goes against commonly accepted practices for other types of assets that banks custody on behalf of customers. For example, a bank generally need not record a liability and corresponding asset on their balance sheet if they custody cash or securities on behalf of their customers. These assets are generally recorded “off balance sheet” as they are not assets of the bank, rather they are assets of their customers.
Banks, such as BNY Melon, argue that SAB121 is “problematic for multiple reasons” including that crypto asset custodians “will not have bank-grade custody solutions” and instead may turn to off-shore options.
BNY Melon provides an example that if they custodied crypto assets at only 1% of their current asset under administration, they would be forced to add $466 billion to their balance sheet which would cause them to “breach various prudential requirements.”
In general, because of the burden that SAB121 poses on banks, most banks have shied away from offering crypto asset custodial services at all.
With the recent Bitcoin and Ethereum spot ETF’s approved in 2024, several banking groups have lobbied on behalf of banks to remove SAB121. Banks could be feeling left out of the significant opportunity these new offerings provide.
The U.S. Government Accountability Office released a report on October 31, 2023 stating that SAB121 is a rule that was not released in accordance with the Congressional Review ACT (CRA). The CRA requires that the SEC should have submitted a report to the House, Senate, and Comptroller General which would have given them the opportunity to disapprove of SAB121 before being published.
In May of 2024, the House and Senate both took up a vote on HJ Resolution 109 to repeal SAB121. The House passed the bill to repeal SAB121 mostly along party lines with Republicans voting in favor of repeal and Democrats against. The final tally in the House was 228-182 in favor of repealing SAB121. The Senate also approved the repeal of SAB121 in a more bipartisan manner with a final vote of 60-38 that included 11 democrats, including a vote in favor from Majority Leader Chuck Schumer.
Despite bi-partisan support for repealing SAB121, President Joe Biden vetoed the bill to overturn SAB121 on May 31, 2024 citing he supported SEC expertise on this decision in protecting the consumer and investors, leaving SAB121 in place for now.
For keeping SAB121:
Repealing SAB121 through the CRA would not only reverse the rule as though it “had never taken effect”, but it would also prevent an agency from issuing the rule in “substantially the same form” in the future unless a subsequent law is passed. This causes some concerns because SAB121 requires certain disclosures that are intended to protect investors.
Others, including SEC Chair Gary Gensler, argue that repealing SAB121 would undermine the SEC’s authority in an industry that is “rife with noncompliance.” President Biden also states that this repeal would “disrupt the SEC’s work to protect investors” and “inappropriately constrain the SEC’s ability to ensure appropriate guardrails and address future issues related to crypto assets.”
Rep. Maxine Waters testified that SAB121 is “critical to providing transparency for investors and the public” and that this “kind of transparency helps prevent the kind of fraud and mishandling of crypto assets that led to the collapse of major crypto companies like FTX.”
Against keeping SAB121 (for Repeal):
According to Coinbase, Inc’s, CEO Brian Armstrong, Coinbase is a nonbank custodian for 8 of the 11 approved Bitcoin spot ETFs and this accounts for approximately 90% of the $37+ billion in Bitcoin spot ETF assets. This concentration of custodial assets at one firm creates risk. For example, this concentration could make Coinbase a target for cybersecurity attacks and also puts the ETF issuers at the mercy of one institution instead of spreading the custodial assets among different institutions to reduce risk. Repealing SAB121 could create more market participants, including traditional banks. This leads to better investor protection.
SAB 121 defines “crypto-asset” very broadly, as “a digital asset that is issued and / or transferred using distributed ledger or blockchain technology using cryptographic techniques”. This definition arguably could scope in any activity that uses blockchain technology or cryptographic techniques such as the safeguarding of tokenized assets (e.g., versions of traditional securities) section. Tokenized assets are generally more secure with respect to technological risks because permissioned blockchain networks incorporate strict governance and control mechanisms that effectively address the information technology (“IT”) concerns identified in SAB 121, particularly the ability to cancel, reconstruct and/or reissue the tokenized asset in the event of loss, theft or other instance of misuse. This would cause operational and capital related challenges.
In addition to concentration risk, there could be an instance where multiple entities record a safeguarding liability for the same assets, therefore inflating the balance sheet. For example, in an instance where an entity that uses a sub-custodian to safeguard crypto assets both the entity and its sub-custodian could report the same assets and liabilities on their balance sheet.
Rep. Wiley Nickel argues that SAB121 does not protect investors by “preventing highlight regulated American banks from placing digital assets in their custody at scale.”
Since SAB121 was issued with limited input from other regulators or without any public comment period, SEC Commissioner Hester Peirce suggests that the SEC “ought to embrace a more deliberate approach to changing rules – one that involves consulting with affected parties.”
Congress must now take up another vote on repealing SAB121 and this time would need a super majority in both the House and Senate to override President Biden’s veto. Note, this was attempted in July of 2024 by the House and failed to meet the super majority.
SEC Chief Accountant, Paul Munter, is recently on the record saying that the SEC is working with certain custodians to provide exceptions to SAB121.
Munter provided certain facts that may need to be in place for the SEC to issue a No Action Letter recognizing that the custodian does not have to recognize a liability on its balance sheet in accordance with SAB121.
According to the American Bankers Association, the facts for one specific instance where the SEC did not object included:
“The bank obtained written approval from its prudential regulator at the state level for its proposed cryptoasset safeguarding activities. It also engaged with its primary federal prudential regulator.
The bank will hold its institutional customers’ cryptoassets in a bankruptcy-remote manner. Each customer’s cryptoassets will be held in a blockchain wallet for which the customer is the beneficial owner. This wallet is segregated from wallets that hold cryptoassets for other customers or the entity, and from other assets.
The bank obtained a legal opinion from outside counsel supporting its “bankruptcy-remote” conclusion that, in the event of insolvency, the cryptoassets should not be the property of the bank receivership estate and should not be available for distribution by the FDIC as receiver to the bank’s creditors.
The bank negotiated with its institutional customers the contractual terms and conditions to be included in its cryptoasset safeguarding agreements that set forth the standard of care for which the bank will be responsible for exercising and the scope of its liability.
The entity stated that it has a robust process for assessing regulatory, legal and technological risks and uncertainties on an ongoing basis specific to each particular cryptoasset.”
Additional Regulatory Requirements
Despite the burden on banks that SAB121 may create, it’s important to note that banks should consider the other stringent regulatory requirements before considering offering crypto asset custodial services.
For example, banks chartered under the OCC generally must notify its supervisory office of its intent to engage in crypto asset activities, and after the bank receives a non-objection letter from the OCC can they engage in these activities.
Banks may rely on third parties to outsource certain technology tools, risk management tools, etc. Reliance on these third parties reduces a bank’s direct operational control over these outsourced activities. This creates risk. In order to mitigate this risk, banks are subject to certain Third Party Risk Management reporting requirements and in essence must perform a risk analysis of the third party as if they were a part of the bank themselves.
Capital Requirements
The Basel Committee has the authority to set international standards for bank regulation. Basel rules, which were first implemented in 1988 and have been iterated on multiple times, look to implement certain minimum capital requirements for banks. This helps to reduce the risk that an unexpected loss would significantly hurt a bank and thereby its customers.
By developing a comprehensive framework for crypto asset custody, it could create a globally consistent approach, unlike the U.S.- centric SAB 121, which puts the US at a disadvantage globally.
The Basel Committee published a proposed standard for banks' exposures to cryptoassets (the "Crypto Standard") in December 2022 and is set to be implemented by January 1, 2026.
The Basel Committee has published guidance that certain cryptocurrency exposures are limited to 1% of Tier 1 capital.
Basel can impose an infrastructure risk add-on of 2.5% for digital securities and stablecoins.
Despite the SEC’s recent shift in tone by creating one-off exceptions to SAB121, this accounting bulleting continues to be a key issue for digital asset custodians and the SEC’s view on SAB121 remains largely unchanged.
To learn more about how Cryptio can help you with SAB 121 compliance - check out our reconciliation product suite. Or request a consultation with our team.