Blogs from December, 2022

FTX's Auditors and Proof of Reserves

R Tamara de Silva

What do the financial fraud cases of Wirecard, Parmalat, Sanford, Enron and Madoff have in common with the alleged fraud by FTX Exchange Founder Sam Bankman-Fried (SBF) and his co-defendants, Caroline Ellison and Gary Wang? One or more accounting firms had performed an audit and found nothing wrong.  In all of the cases, investors and customers relied on auditors and in such reliance made investments or deposited funds because after all, the firms in question were audited.  And though intuitively the auditors would have liability for their reassuring role while things were going terribly wrong, they typically escape having any obligation to a bankruptcy estate in the law. In all the aforementioned cases, there were red flags.

The bankruptcy proceedings of FTX revealed large transfers of funds from FTX Exchange to its affiliate hedge fund, Alameda Research along with substantial irregularities and non-business expenses. Under Caroline Ellison’s helm, Alameda Research is said to have used FTX funds to make billions of dollars in venture investments in Sequoia Capital and Elon Musk’s SpaceX. Yet somehow, the two accounting firms that audited FTX in 2020 and 2021, gave unqualified opinions about FTX’s operations.

FTX’s Financials Audited in 2020 and 2021

On July 31, 2021, Sam Bankman-Fried proudly Tweeted that FTX was the first cryptocurrency exchange to pass a GAAP audit.

In 2020 and 2021, the accounting firm Armanino audited FTX’s financial statements from FTX US. FTX US was the branch of FTX that offered trading to residents of the United States. Its auditor, Armanino is one of the 20 largest accounting firms with over 2000 employees and multiple accounting awards. Armanino also markets itself as being an industry leader in proof of reserves and accounting services for the crypto and digital asset space, “Armanino blockchain leaders are featured in a Real Vision [not sure what this means] series addressing how Armanino bridges the trust gap and solves for custodial issues of digital assets.”[1]

It is difficult to understand how an outside auditor would not look at a company’s internal controls before offering an unqualified opinion of financial robustness. This would relegate the level of scrutiny a certified audit to far less than a quarterly due diligence questionnaire. It also implies that the accounting firms gave little to no thought of the possibility of any malfeasance or fraud-because they deliberately did not look.

A second accounting firm audited FTX Trading Ltd., in 2021, Prager Metis, and issued an unqualified opinion. Prager Metis, also markets itself to the cryptocurrency and digital asset world boasting,

Prager Metis offers a full range of services including audit, tax, consulting, business management, and international services that are critical to the metaverse world. In addition, our metaverse office serves as a resource for individuals and businesses in the metaverse looking for accounting and financial advisory services.

Our team of experts focuses on industries spanning in digital assets, sports, entertainment, music, healthcare, fashion, hospitality, real estate, banking and financial institutions, investment companies and more. The rules of complex accounting and tax regulations apply to both businesses and individuals conducting transactions in the metaverse.[2]

Prager Metis also states it is the first CPA firm to establish itself in the Metaverse (please see endnotes lest at this point the reader begins to suspect things are simply being made up). Prager Metis is an international accounting firm with 100 partners-certainly not Bernie Madoff’s obscure secondary accounting firm, Friehling & Horowitz. It has a poor track record with the Public Company Accounting Oversight Board (PCAOB).[3]

When asked about Armanino’s financial audits of FTX in an interview with the Financial Times, the Chief Operating Officer, Chris Carlberg said he was proud of the firm’s work in the crypto space, “We definitely stand by the FTX US work…A few industry voices have said that we should have done a better job auditing internal controls, but we were never engaged to audit internal controls. That happens with public companies. It’s not required by the standards for US private company audits.”[4]

Carlsberg goes on to say that they are so proud of the firm’s work in the crypto space that they are divesting themselves of the practice area entirely and will not be doing more audits of the crypto space-citing changing market conditions.

Armanino also has a poor track record with The PCAOB and performed an audit for a company Lottery.com that was later found to have overstated its earnings by $30 million.[5] So does Prager Metis.[6] Both firms were reviewed by the overseeing board and found to have deficiencies in their auditing.

The Audits that Weren’t

Based on statements by people who have seen both FTX entities’ audits, Armanino’s audit was an audit of the firm’s financial statements but not of its internal controls that would have affected the information within the financial statements and how it was derived. What is more, Armanino made no inquiry whatsoever into Alameda Research despite what would have been substantial and repeated transactions between the two related entities. Even though neither entity was presumably hired to audit Alameda Research, would all the activity between the two entities not have warranted an inquiry or even an annotation to the audit?

But it gets worse. Despite the disclaimer Carlsberg makes to the Financial Times, there is no proof at the time and nothing on its website explaining that audits of a custodial firm through proof of reserves should not be confused with an audit that actually takes into account a firm’s liabilities. Or that his firm’s audit did not look at the internal controls of FTX? Or that it only looked at proof of reserves. Armanino did not think it was significant that FTX US had not paid any U.S. income taxes despite having profits in both audited years.

Armanino and Prager Metis may have relied on proof of reserves in their audit which is different from a regular audit. They admit that there is great confusion on the matter. But why call it an audit knowing the investing public would have assumed it was an audit. Perhaps the conflict of interest in getting large fees and having FTX as a customer outweighed thought about their position of trust to the public.

FTX’s new CEO John J. Ray III in FTX’s bankruptcy filing specifically called out the auditors making reference to “substantial concerns as to the information presented in these audited financial statements… As a practical matter, I do not believe it appropriate for stakeholders or the court to rely on the audited financial statements.”

Centralized Cryptocurrency Exchanges

Assets on a blockchain are auditable and tamper resistant. A blockchain is decentralized with no single point of failure. This is not the case with digital asset platforms that are centralized as in the case of FTX, and many other cryptocurrency exchanges.

FTX held customer assets “off the chain” and recorded transactions between customer accounts using internal and proprietary databases (or perhaps in the case of FTX as alleged by its new CEO QuickBooks…or discarded napkins). As is commonplace in many crypto asset platforms, assets appear to be commingled in common wallets and omnibus accounts.

A contrast to this would be the futures market where brokerage firms hold customer assets segregated and apart from each other and firm funds. While the total balances of a firm’s holdings of customer accounts will be reported at the end of each day as an omnibus account to the clearing firm, the omnibus account is comprised of subaccounts that are individual customer accounts identified by account numbers with a value that is known at all times as it is marked to the market.

So while digital assets on a blockchain are known to be secure and accessible at all time, especially if held by their owner in their own wallet-what is called a self-custody wallet, this is not the case when these same digital assets are transferred to many cryptocurrency exchanges and platforms as these entities are centralized.

The industry is still relatively new and in time there may likely be solutions to this opacity problem and its attendant risks. 

Among the largest risks are conflicts of interest. An exchange custodian of your digital assets may use it for their own proprietary firm trading, or it may be in a commingled account with the custodian’s funds. There is no check or balance against the conflicts of interest (no regulatory regime in place and no taxonomy), and the resulting opacity necessitates trust in the same manner the hens would have to trust the fox that houses them.  

Proof of Reserves

Proof of reserves is a way for a cryptocurrency exchange to demonstrate that it holds sufficient reserves to back all customer balances. It is a means to assess a firm’s solvency. This is ideally performed by a third party (audit) and provides a snapshot in time of customer balances. It is done by use of a data structure called a Merkle tree which aggregates the total value of all customer account balances without disclosing the account balance of any individual customers. But the problem is, especially as it pertains to an audit, this is snapshot of the reserves at a particular time.

After the fall of FTX was announced, several of its rivals made a point of stating that they would offer proof of reserves. The CEO and Founder of Binance, the world’s largest crypto exchange, Changpeng Zhao (CZ), Tweeted that Binance would offer audited proof of reserves, and also allow its customers to perform proof of assets using Merkle trees.

The accounting firm, Mazurs released a Proof of Reserves report it did on Binance showing that the firms reserve to customer balance ratio was 101% .[7]  

CZ also stated that customer accounts are segregated from the firm’s funds. However, CZ would not answer any questions about the firm’s liabilities-or where the company is domiciled or discuss its internal controls. Without disclosing the firm’s liabilities, the proof of reserves information is not enough to gauge a firm’s complete financial stability.

Unsurprisingly, Armanino and Prager Metis are being sued in a class action that is written based on information available in the press and the bankruptcy filings. But given that a certified financial audit is a significant signal of stability to the investing public, where are the regulators on this? What is likely is that accounting firms, like regulatory regimes based on a court case concerning orange groves, need to catch up to advances in technology.  The investing public will suffer in the interim.

R Tamara de Silva