Blog Post
Q&A: The Importance of Due Diligence in Digital Assets Investing
Jessica de Brignac is a Managing Director in the Blockchain and Digital Assets practice, with more than 20 years of experience in emerging technology, digital risk management, data governance and e-discovery. Having led teams supporting high-profile crypto industry bankruptcies, due diligence assessments for acquisitions involving crypto companies, landmark NFT IP litigation and investigations of digital assets, Jessica has deep expertise at the intersection of blockchain innovation and legal and regulatory risk. In this Q&A, she shares her perspectives on due diligence in blockchain and digital assets, including lessons learned from previous industry problems and areas organizations need to focus on in the diligence process.
Jessica, you’ve had hands-on exposure to some of the most important legal and regulatory matters in the blockchain and digital assets industry. From all that experience, what are the top issues you advise clients to watch for when considering new investments in this space?
The volatility and collapses that the industry experienced over the last several years rang alarm bells for many organizations. As is often the case in young, fast-moving industries, investments and growth were chased with feverish excitement by many. That momentum sped ahead of proper governance controls, risk assessments and regulation.
The primary takeaway from the eventual downfall of that cycle is that attention to governance controls ahead of and throughout investments must be prioritized. This is standard practice in established industries and those same foundational principles must be brought into the digital assets industry — even more so given the regulatory uncertainty and history of misuse that surrounds this space. Moreover, the digital asset industry also presents unique challenges and technologies that require additional validation and scrutiny.
With the crypto winter thaw, what changes have you seen in the industry?
There’s been an increase in institutional investment, including the ETF approval and Bitcoin hitting its all-time high this spring. Those are strong indications that traditional financial services institutions are gaining confidence in engaging with digital assets and that mainstream investors are ready to engage again.
In addition to renewed interest overall, we have seen a shift in terms of attention to improving risk management practices. Organizations seem to be more attentive to fraud and regulatory scrutiny than they were two years ago.
Even if most parties in the ecosystem are progressing with an increased sense of caution, there’s still a need for formal due diligence in many instances, correct? To that end, who should be engaging in the diligence process?
Yes, the unique nature of cryptocurrency compared to traditional investments, such as the involvement of exchanges, the use of digital wallets and a complex network of service providers (governed by varying regulations and data protection requirements), can bring added risks that must be thoroughly evaluated. I would categorize three distinct groups that should implement at least some form of diligence. These include retail and high-net-worth individual investors, financial institutions like investment banks, hedge funds, asset managers and businesses that accept cryptocurrency as payment.
So, what are the key areas to look at in due diligence?
There are four primary areas that apply to most institutions and investors. These include:
- Assessing whether there is an overall risk management framework in place already, and how extensive it is in the context of applicable legal and regulatory obligations.
- The state of compliance with KYC and AML policies and controls and how those are monitored and managed. Similarly, whether trade surveillance procedures are in place to identify and prevent market manipulation.
- Data protection measures in place for the platform and digital asset custody (e.g., wallets should be multi-signature) including privacy and information security policies of the cryptocurrency project, company or platform.
- Evaluation of asset custody operations is also critical. Organizations must understand the nuances, definitions and technical infrastructure surrounding asset custody. For example, it’s essential to ensure customer assets are properly segregated for protection and have multi-party key management. Additionally, firms should also examine the status of digital asset insurance, review SOC 1 and SOC 2 reports to evaluate internal controls and verify proof of reserves.
When you’re walking clients through due diligence, do you typically evaluate any additional areas beyond those four core elements?
Yes, as applicable. In certain situations, third-party risk will be another important area. This includes assessing risks associated with service providers and partners connected to the cryptocurrency platform. Regulatory issues may also apply. Depending on the jurisdiction and industry, there may be specific regulations to comply with or a lack of regulatory clarity that can also be a risk factor.
Technical considerations may also apply, as the underlying technology infrastructure of cryptocurrency and digital asset platforms is extremely complex. Organizations should assess potential risks and opportunities related to the type of blockchain, consensus mechanism and other technical factors in place.
Crucially, due diligence should not be perceived as a one-time task. . Organizations operating in this space must establish procedures to continually monitor and manage across the risk management framework. This is to ensure that problems are not only identified but also prevented from emerging and expanding unnoticed.
Related topics:
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.