Practical Applications of Operational Due Diligence on Cryptocurrency and Digital Asset Funds

Overview

In Operational Due Diligence on Cryptocurrency and Digital Asset Funds, published in the Winter 2022 Due Diligence Special Issue of The Journal of Alternative Investments, Jason Scharfman of Corgentum Consulting outlines key developments in due diligence practices by limited partners investing in digital asset funds. He first highlights risks that are specific to cryptocurrencies as exemplified by certain fraud cases, the use of the dark web, and ransomware attacks. These issues, coupled with the rapid innovation in the crypto space, demand enhanced operational due diligence. Therefore, one important trend is increased specialization with due diligence questionnaires developed specifically for funds dealing with cryptocurrencies. A second key trend is a focus on custody arrangements, with a strong preference for hosted wallets. A third trend is the declining use of third-party background investigation services and instead combining operational due diligence with investigative due diligence.

Practical Applications

• The rigor of operational due diligence on crypto investments and asset managers has increased as more institutional capital has migrated into the crypto space. The rapidly evolving area requires specialization.

• Crypto asset managers are increasingly focused on developing more institutional operational infrastructures, particularly in areas such as custody for DeFi investments. Limited partners and regulators generally prefer the use of hosted wallets in custody arrangements.

• Investors increasingly combine investigative and operational due diligence processes when evaluating crypto asset managers. Historically, alternative asset managers had delegated background checks to third-party service providers.

Key Definitions

DeFi

Decentralized finance (DeFi) offers opportunities to lend and invest using trustless blockchain technology. It is trustless in the sense that participants need not place trust in a centralized authority.

Hosted wallet

A hosted wallet is a storage service for storing the cryptographic private keys used for accessing cryptocurrencies. In using a hosted wallet, the owner of cryptocurrency relies on the competency and trustworthiness of the service provider because the service provider has direct access to the owner’s cryptocurrency holdings.

Discussion

The article focuses on operational risk assessment for crypto-currency manager selection. Although there is some overlap between investment risks and operational risks in practice, alternative investment allocators find it useful to divide risks into these two broad classifications for due diligence purposes, with operational risk consisting of all those risks that are not directly related to investment risk. Operational risks include losses from third-party service providers, key personnel, failed systems, or internal processes and are sometimes termed business risk.

Scharfman discusses the need for enhanced operational due diligence (ODD) in the crypto space and outlines three key trends in this arena.

“As institutional investors continue to embrace crypto-related investments, institutional LPs likely will continue to evolve and refine their operational due diligence procedures to adapt to the evolving series of cryptocurrency operational risks.”

—Operational Due Diligence on Cryptocurrency and Digital Asset Funds

OPERATIONAL DUE DILIGENCE

The main reasons for enhanced operational due diligence in the crypto space are cases of outright fraud and an, albeit overestimated, association with criminal activities. Cryptocurrency’s poor reputation has resulted in skepticism regarding its security.

Some examples of fraud are the $460 million stolen from the Tokyo-based bitcoin exchange Mt. Gox in 2014 and the $500 million from the Japanese firm Coincheck in 2018. Silk Road is an infamous example of using blockchain technologies for criminal activity. Silk Road was the first modern darknet, a website launched in 2011, allowing individuals to trade items anonymously using cryptocurrencies. Purportedly launched with innocent libertarian motives, the anonymous marketplace was soon used for trading illegal items. It was shut down in 2013, and its founder was sentenced to prison for life without parole. A notable recent example of a ransomware attack was on the Colonial Pipeline, disrupting America’s gas supply and resulting in a payment of almost $5 million in cryptocurrency.

Despite these examples, according to Chainalysis (2021), the prevalence of criminal activity involving cryptocurrency transactions has steadily declined from 2019 to 2021 and represents only 0.34% of all transactions. However, regulators remain concerned about security issues in cryptocurrency transactions and ownership. The US Treasury Department and Financial Crimes Enforcement Network have proposed rules for entities dealing with cryptocurrencies focused on compliance with know your customer (KYC) and anti-money laundering (AML) controls.

THREE KEY TRENDS

Specialized Operational Due Diligence. Rapid financial innovation within the crypto space requires increasingly specialized operational due diligence. While bitcoin and ethereum remain the dominant cryptocurrencies, there are thousands of others. Continual creation and modification of new cryptocurrencies, digital assets, and decentralized applications necessitate constant learning and specialization for appropriate vetting. A recent survey of limited partner allocators to cryptocurrencies indicated that 84% of them have developed new crypto-specific due diligence questionnaires. Meanwhile, they continue to struggle with understanding what constitutes best practices, particularly in operations and compliance.

Crypto Custody Arrangements. Crypto fund managers have choices regarding how they store digital assets. Two main types of wallets used to store digital assets are cold wallets and hot wallets. Wallets are software programs that allow users to access their keys to transfer asset ownership and interact with decentralized apps. Two types of cold wallets are hardware wallets and paper wallets, where keys are written on a piece of paper. Cold wallets are considered the most secure type of wallet because they are seldom connected to the internet, unlike hot wallets. However, mobile devices and pieces of paper can be lost or stolen. Hot wallets are convenient but are susceptible to hackers.

Most hot and cold wallets are unhosted wallets where the owner or manager has custody and complete control of assets. They have the potential to be used for concealing tax liability or illicit activity. In contrast, hosted wallets allow others access to the funds such that third parties can offer KYC and AML solutions. Regulators and allocators, therefore, prefer the use of hosted wallets. A wallet accessed through an exchange is an example of a hosted wallet. For some DeFi applications, unhosted wallets are necessary and require enhanced compliance measures.

Investigative Due Diligence. Also called a background investigation, investigative due diligence is focused on the fund manager and key personnel. It includes criminal checks, litigation searches, regulatory research, factual information review and confirmations (e.g., of previous employment and educational background), and news and social media reviews. Historically, these activities have been outsourced to a third party and focused primarily on background investigations. In contrast, the recent trend at private equity and hedge fund firms is to combine investigative with operational due diligence. Due in part to the reputational risks and concern about security, this trend has been adopted in the cryptocurrency area even more quickly.

In summary, increased specialization, a focus on custody arrangements, and investigative due diligence are three important trends within cryptocurrency operational due diligence.

“By combining the ODD and investigative due diligence procedures, LPs in the crypto space are finding they are better suited to evaluate the often enhanced operational complexities and reputational risks associated with investing in the crypto space.”

—Operational Due Diligence on Cryptocurrency and Digital Asset Funds

Reference

Chainalysis. 2021. “Crypto Crime Summarized: Scams and Darknet Markets Dominated 2020 by Revenue, but Ransomware Is the Bigger Story.” January 19. https://blog.chainalysis.com/reports/2021-crypto-crime-report-intro-ransomware-scams-darknet-markets/.

Jason Scharfman

scharfman{at}corgentum.com

Jason Scharfman is recognized as a leading expert in the fields of fund cryptocurrency operations, compliance, and operational due diligence. Mr. Scharfman has over 20 years of industry experience performing roles primarily focused on due diligence and operations management and compliance support at firms including Morgan Stanley, Lazard Asset Management, SPARX Investment & Research, and Thomson Reuters. For the last 14 years he has managed Corgentum Consulting, a specialty consulting practice focused on providing institutional clients with outsourced operational and investigative due diligence on global third-party fund managers, including hedge funds, private equity, crypto funds, and traditional investment strategies. He is also the author of several seminal publications including Alternative Investment Operations: Hedge Funds, Private Equity and Fund of Funds (Palgrave Macmillan, 2020), Hedge Fund Compliance: Risks, Regulation and Management (Wiley Finance, December 2016), and Crytpocurrency Compliance and Operations: Digital Assets, Blockchain and DeFi (Palgrave Macmillan, 2021).