[This article originally appeared in CoinDesk. It explores some improvements to stablecoin transparency recently initiated by New York regulators. In my opinion, there are two key changes. Up till now, stablecoin issuers have typically been examined by their auditor at the end of the month. With the new guidance, management's assertions must now be tested not only at the end of the month but also on one randomly selected business day during the month. Secondly, stablecoin issuers will be required to submit their internal controls to audit. Both measures will improve the trustworthiness of attestation reports.]
New York Regulators Have Planted a Seed for Stablecoin Transparency
Good news for stablecoin users: Stablecoin transparency standards are set to improve.
This comes courtesy of the New York Department of Financial Services (NYDFS), which last month issued formal guidance for NYDFS-approved stablecoin issuers, including upgrades to the amount and quality of information that issuers must provide to the public.
Increased transparency is a welcome development. It means users will have a better ability to vet stablecoins, and with more eyeballs on them, stablecoins issuers will be pressured to provide a safer product.
The new regulations will directly apply to gemini dollar (GUSD), issued by Gemini Trust, and binance USD (BUSD) and paxos dollar (USDP), issued by Paxos Trust. Those stablecoins were introduced in 2018 when the NYDFS initiated its regulatory framework for stablecoins.
The NYDFS is one of the most influential financial regulators in the
world. By dint of peer pressure and customer demand, one hopes these
improvements spread to other large, non-NYDFS-regulated stablecoins like
USD coin, tether, trueUSD – and also to stablecoins yet to emerge.
It’s all about the assets
When people debate the intricacies of stablecoins, the most pressing thing they want to know is what backs the stablecoin. There are good reasons for that.
With good old-fashioned bank deposits, a bank's deep layer of capital offers depositors a degree of protection should the bank's investments sour. Stablecoin issuers, however, lack the large amounts of capital that banks possess. Furthermore, unlike with bank deposits – which are insured by the government up to a certain amount – you're on your own if the stablecoin in your wallet fails.
So the safety of a stablecoin is highly dependent on the assets that are backing it. That's why the topic of stablecoin backing attracts so much attention in the press and on social media, and why transparency is so important.
The durability of a stablecoin’s underlying assets is important to more than just the people who own the stablecoin. It's also crucial to the broader crypto economy, because stablecoins act as the plumbing of crypto. If a major issuer like Tether were to fail, it would drive the entire ecosystem into a crisis.
One way for people to gain sufficient confidence in a stablecoin is by getting a peek at its internal workings. A stablecoin issuer accommodates that by providing public information about the assets backing the stablecoin. By doing so, the issuer gives a stablecoin credibility, which may help it grow and earn more profits – but only if the public approves of what it has seen in the sausage-making process.
To ensure the information about its assets can be trusted by the public, stablecoin issuers first pass it through the hands of an independent auditor. The auditor examines the information and offers its opinion on whether the numbers are accurately stated.
The practice of providing the public with independently verified insights into stablecoin assets emerged in 2018 when the issuers of newly created stablecoins USD coin, gemini dollar and paxos dollar began to work with auditors to publish monthly "attestation" reports. Three years later, in 2021, Tether – issuer of the largest stablecoin – began to publish its own attestation reports, albeit quarterly.
This glance behind the curtains through the mediation of an independent auditor ultimately provides users like you and me with useful information.
But the glance that the public is afforded is good only if it is 1) timely, 2) provides a broad amount of useful information and 3) can be trusted.
The NYDFS's new standards address those three issues.
The utility of information degrades as it gets older, especially in the fast-moving crypto economy. The NYDFS new guidance requires attestation reports to be published monthly and no later than 30 days after the end of the month.
Stale attestation reports have been a problem among stablecoins issuers. In 2021, attestations for USDC were arriving 50 days after the attestation date. Tether's latest attestation was published 49 days after its March 31 attestation date. Users of this tardy information were left to speculate how the crypto declines of April, May and June may have affected Tether's finances.
Tether and USD coin aren't NYDFS-regulated coins and thus their issuers aren’t required to conform to the NYDFS’ standards on timeliness. However, given that competitor Paxos is implementing the standards for binance USD, Tether and Circle, the issuer of USD coin, may have no choice but to conform.
A long look behind the curtains is better than a quick glimpse.
The NYDFS will broaden the amount of information available in attestation reports by requiring that stablecoin's assets be reported not only in aggregate, but also by asset class. So a stablecoin issuer would have to list how much commercial paper it owns, its allocation to money-market mutual funds, its deposits, its bonds and its quantity of Treasurys. That is, separately, instead of lumping it all together.
Some stablecoin issuers like Tether already do that. But others don't. The attestations for binance USD, for instance, inform us that Paxos may own deposits at banks, Treasury bills or Treasury bonds, but doesn't reveal what the proportions are.
An auditor's approval isn't worth much if the stablecoin can game the system. Of the updates to NYDFS' guidance, the most important ones will improve the trustworthiness of stablecoin reports. There are two ways it will do that.
First, the NYDFS will require auditors to not only examine a stablecoin’s end-of-the-month asset count, but also run a check on "at least one randomly selected business day during the period." Requiring a random in-between day examination prevents a stablecoin issuer from holding one set of risky assets for most of the month only to switch into safer assets the day before the auditor examines it.
Tether in particular should consider adopting the NYDFS’ random in-between day test as a best practice. Tether's three-month interlude between examinations is much longer than its competitors. By having its auditor test one random day during that period in addition to the end-of-period day, Tether would provide users with much needed assurance.
Second, the NYDFS will require that a stablecoin auditor provide an opinion on the effectiveness of a stablecoin issuer's internal controls. That must occur once a year.
Internal controls are the rules and procedures that companies adopt to prevent mistakes and fraud. They include separation of duties, verification of invoices, reconciliation and controlled access to financial reporting systems. After the Enron and WorldCom scandals of the early 2000s, the Sarbanes-Oxley Act made it necessary for U.S. public companies to undergo regular audits of internal controls.
At the present time, auditors that attest to the investments underlying stablecoins issued don't examine the effectiveness of an issuer's internal controls. An auditor need only acquire whatever "degree of understanding" of an issuer's internal controls that is necessary in order to carry out their assessment of its assets.
That's why all attestation reports contain something to the effect that "we did not test the operating effectiveness of such controls and express no such opinion on such controls." (That's from the attestation for paxos dollar.)
This is a black hole in current attestation practices. If internal controls aren't adequate, the numbers can’t be trusted. By requiring an auditor to examine a stablecoin issuer's internal controls every year to assure those controls are effective at promoting compliance with regulations, the NYDFS addresses this shortcoming.
and Tether should consider voluntarily submitting their internal
controls to annual examination and so reach the standards being met by
their New York competitors. Because an organization's internal controls
offer vital protection against fraud, anyone who owns stablecoins that
conforms to NYDFS standards will be able to sleep soundly at night.