We’ve seen a lot of mess in the cryptocurrency world lately. Last week a leading voice on the Commodity Futures and Trading Commission called for one specific group to step up and do better with this bedraggled bit of the finance industry: gatekeepers.
CFTC commissioner Christy Goldsmith Romero, a Democratic appointee and head of the agency’s technology advisory committee, delivered a speech at the University of Pennsylvania during a symposium to explore the implosion of crypto trading platform FTX. Romero covered a wide range of issues, but ethics and compliance professionals will want to focus on one particular section.
Its title: “Gatekeepers failed customers in the unregulated crypto market.” And Romero had plenty to say on the subject.
“The crisis of trust in the unregulated crypto markets also results from an environment where lawyers, accountants, auditors, compliance professionals and other gatekeepers for crypto firms failed customers in their essential duties,” she said. “The role of the gatekeeper is to promote good corporate governance, instill operational discipline, ensure compliance with required standards and the law, and prevent and detect fraud and other unlawful activity.”
Clearly that is not happening in the crypto world. The most glaring example is FTX, likely to go down as one of the largest and most brazen frauds in U.S. history; but we have plenty of smaller examples too. Many of those lesser examples seem rooted in poor management, so obsessed with rapid growth that they forgot about prudent risk management and compliance altogether.
For example, we recently had a $100 million sanction against Coinbase for relying on antiquated and outgunned anti-money laundering compliance procedures. Just this weekend came news that a pension fund for Fairfax County, Virginia, has at least $35 million locked up in the bankruptcy of Genesis, another crypto firm.
A public-employee pension fund, where low investment risk is paramount, pouring money into crypto assets. Let that sink in.
No wonder Romero devoted so much of her speech to gatekeepers, and the need for them to do better.
‘Gatekeepers Speaking Truth to Power’
Romero began with a rousing call for gatekeepers to understand their roles as counselors, warning management when it makes unwise decisions based on misplaced priorities:
Gatekeepers themselves also need to step up and call for compliance, controls, and other governance, without allowing the promise of riches and the company’s marketing pitch to silence their objections to obvious deficiencies. It will take gatekeepers speaking truth to power, or choosing to leave firms that do not take their responsibilities to customers seriously — something that as a former inspector general, I know takes a lot of courage. But it is necessary if the industry (and their gatekeepers) wish to restore any semblance of trust. Most importantly, it is necessary to protect customers and promote market integrity.
She then took on FTX directly, saying, “FTX operated in a manner that simply should not be possible in the presence of appropriate independent governance and gatekeepers, even in an unregulated environment.”
Romero raises an important point here: even when gatekeepers don’t have a body of laws and regulations to support some argument for good governance that they’re making, they still must make those arguments — because good governance is an ethical imperative, before it’s a legal one.
What should gatekeepers at FTX have done? They should have “seriously questioned the operational environment at FTX in the lead-up to its meltdown,” Romero said. They should have ensured that transactions involving insiders were promptly reported, independently reviewed and approved, and accurately recorded.
None of that happened at FTX, but it seems that FTX had no real governance function at all; there wasn’t even a gate for people to keep. But Romero also cast these shortcomings as larger than FTX. Given all the other meltdowns we’re seeing in the sector, I suspect she’s right.
“That is a failure of a crypto industry that has not sufficiently recognized its responsibilities associated with holding customer funds,” she said. “It is a failure of an industry that has not empowered gatekeepers. In some cases, it is a failure of the gatekeepers themselves.”
For the Rest of Us
Some of you might be thinking, “I agree with all this in principle, but in practice I don’t work at a crypto firm. What does this have to do with me?” A few thoughts come to mind.
First, let’s remember that almost all these crypto meltdowns involve a reckless crypto business acting in concert with other businesses — banks lending money, venture capital funds making investments, pension funds puting their contributors’ money into crypto, and so forth. We all know that regulators and plaintiff lawyers will start asking about those other firms’ decisions, too. So what were the gatekeepers at those other firms saying? Were they speaking up, like Romero says they should have?
“Questions arise whether these investors turned a blind eye when conducting due diligence to facts that would normally serve as flashing red lights because of the promise of innovation, hype surrounding FTX, and what is now understood to be misplaced trust in FTX and its founder,” Romero said. “There may be incentives to turn a blind eye in a competitive market where there is abundant capital to deploy. Also, in a highly connected industry, there may be conflicts in a firm fulfilling its fiduciary duties — conflicts that must be resolved.”
If your firm is somehow snared in this FTX disaster, did you identify and document any potential conflicts? Did you have written policies about how to resolve them? Did you disclose them as necessary? Did you reconsider any incentive compensation structures that might exacerbate those conflicts? Because whether it’s the CFTC, the Securities and Exchange Commission, FINRA, state attorneys general, or some other regulator, they are going to ask those questions.
More broadly, Romero’s speech is just the latest in a series of statements from regulators about the duty of gatekeepers to act. It’s a message we’re hearing from regulators generally, across many industries; so even auditors and compliance professionals far removed from the crypto sector should take note.
The chief accountant of the SEC published a statement last fall urging auditors to do better at assessing fraud risk; “auditors are gatekeepers,” he said, and the importance of their responsibilities to identify fraud risk “cannot be underestimated.” When the SEC fined Ernst & Young $100 million for cheating on CPA exams and then failing to be forthcoming about that misconduct, the word “gatekeepers” was all over the enforcement action.
The Justice Department’s guidance for effective compliance programs calls out gatekeepers, too. “Do they know what misconduct to look for? Do they know when and how to escalate concerns?”
Regulators want gatekeepers to do better. Gatekeepers, in crypto or any other industry, should consider how well they can do that.