Authors:
(1) Pietro Saggese, Complexity Science Hub Vienna (CSH);
(2) Esther Segalla, Oesterreichische Nationalbank (OeNB);
(3) Michael Sigmund, Oesterreichische Nationalbank (OeNB);
(4) Burkhard Raunig, Oesterreichische Nationalbank (OeNB);
(5) Felix Zangerl, Austrian Financial Market Authority (FMA);
(6) Bernhard Haslhofer, Complexity Science Hub Vienna (CSH).
Table of Links
- Background and related literature
- VASPs: A Closer Examination
- Measuring VASPs Cryptoasset Holdings
- Closing The Data Gap
- Conclusions, Declaration of Competing Interest, and References
Appendix A. Supplemental material
Abstract
Entities like centralized cryptocurrency exchanges fall under the business category of virtual asset service providers (VASPs). As any other enterprise, they can become insolvent. VASPs enable the exchange, custody, and transfer of cryptoassets organized in wallets across distributed ledger technologies (DLTs). Despite the public availability of DLT transactions, the cryptoasset holdings of VASPs are not yet subject to systematic auditing procedures. In this paper, we propose an approach to assess the solvency of a VASP by cross-referencing data from three distinct sources: cryptoasset wallets, balance sheets from the commercial register, and data from supervisory entities. We investigate 24 VASPs registered with the Financial Market Authority in Austria and provide regulatory data insights such as who are the customers and where do they come from. Their yearly incoming and outgoing transaction volume amount to 2 billion EUR for around 1.8 million users. We describe what financial services they provide and find that they are most similar to traditional intermediaries such as brokers, money exchanges, and funds, rather than banks. Next, we empirically measure DLT transaction flows of four VASPs and compare their cryptoasset holdings to balance sheet entries. Data are consistent for two VASPs only. This enables us to identify gaps in the data collection and propose strategies to address them. We remark that any entity in charge of auditing requires proof that a VASP actually controls the funds associated with its on-chain wallets. It is also important to report fiat and cryptoasset and liability positions broken down by asset types at a reasonable frequency.
JEL Classification: C81, F31, G15, G20, G33, M41, 033
Keywords: Blockchain, Proof of Solvency, Virtual Asset, Cryptoasset, VASP, Accounting, Auditing, Regulation
1. Introduction
In 2022, the cryptoasset sector experienced a crash driven by two major incidents that exposed the repercussions of inadequate regulation and accountability in the industry. In May, Terra’s algorithmic stablecoin protocol experienced a stablecoin run, similar to a bank run, on its associated cryptoassets LUNA and UST (Klages-Mundt & Minca, 2021; Briola et al., 2022). This triggered the bankruptcy of the crypto lenders Celsius and Voyager, and the hedge fund Three Arrows Capital (The Economist, 2022). In November, the crypto trading platform FTX filed for bankruptcy, leading to BlockFi’s downfall and bankruptcy consideration for Aax and Genesis[1]. Even more recently, in June 2023, the U.S. Security and Exchange Commission (SEC) brought forward charges against some of the largest U.S.-based VASPs (SEC, 2023a,b).
These companies, and other centralized cryptoasset exchanges (CEXs) like FTX, fall under the broader definition of virtual asset service providers (VASPs). They facilitate financial activity involving virtual assets (VAs), such as their exchange for other VAs or fiat currencies, their custody and transfer via cryptoasset wallets, and portfolio management services for their customers (FMA, 2021; EC, 2018, 2022; FATF, 2021).
As Figure 1 shows, VASPs lie at the interface of the traditional and the crypto financial ecosystems, respectively called off-chain and on-chain financial activity in jargon. The aforementioned and other (Moore et al., 2018) incidents that affected cryptoasset exchanges highlight a critical aspect of VASPs, i.e., the lack of proper accounting and business continuity concepts (Zetzsche et al., 2023). While their off-chain activities are audited according to generally accepted accounting principles, on-chain assets are held in pseudo-anonymous cryptoasset wallets across multiple, possibly privacy-preserving DLTs (ElBahrawy et al., 2017) and are not yet systematically audited.
Furthermore, whilst VASPs share several characteristics with traditional financial intermediaries, they are less regulated and their activities often lack transparency. Whether and how regulating them is an ongoing, highly controversial debate resembling a tug-of-war game; some argue for more VASP regulations (M¨oser & Narayanan, 2019), while others claim it would come at a substantial social cost and could be misunderstood as undeserved legitimacy[2]. A clear understanding of the financial functions VASPs provide, how they operate, and what risks are involved may provide guiding principles for regulators and policymakers.
This paper proposes an approach for determining a virtual asset service provider’s solvency status by measuring their cryptoasset holdings. By solvency, we mean that the total amount of assets held in custody is larger than the total amount of liabilities, whereby the difference is equity. We investigate the VASPs registered with the Financial Market Authority (FMA) in Austria in the context of the Anti-Money Laundering Act. We compare data from three distinct sources: we rely on publicly available DLT transaction records from the Bitcoin and Ethereum DLTs and use established algorithms (Androulaki et al., 2013; Ron & Shamir, 2013; Meiklejohn et al., 2016) to identify and cluster cryptoasset wallets likely controlled by the same entity. Then we reconstruct the VASPs’ cryptoasset flows, compare their net positions to balance sheet data from the commercial register[3], and complement them with supervisory data from FMA.
To the best of our knowledge, our work is the first that combines these distinct sources in a unified framework. Also, to our understanding, a consolidated approach to measuring the types of cryptoassets held by VASPs against their liabilities to customers still does not exist, although their activity is based on DLTs whose transactions are publicly auditable by design.
Moreover, we position VASPs in the landscape of financial intermediaries, by systematically
comparing the services they offer to those of traditional financial service providers. While previous research has compared VASPs to banks (Anderson et al., 2019; Dagher et al., 2015), we discuss why this comparison can be misleading. Our work provides the following contributions:
• We study 24 Austrian VASPs and systematize the services they offer. We find that they are most similar to brokers, money exchanges, and funds, rather than to banks;
• We provide regulatory data insights showing that their yearly incoming and outgoing transaction volume in 2022 amounted to 2 billion EUR for around 1.8 million users;
• We measure on-chain transaction flows for four VASPs and compare their holdings to balance sheet data from the commercial register. Data are consistent for two VASPs only;
• We identify gaps in data collection practices and propose strategies to fill them: any entity in charge of auditing requires proof that a VASP actually controls the funds associated with its on-chain wallets; it is also important to report fiat and crypto asset and liability positions broken down by asset types, and at a reasonable frequency.
Currently, supervisory auditing of VASPs does not fully exploit the public availability of DLT transactions. We believe our work provides valuable insights toward a better and more systematic assessment of their solvency, and might help make the process more effective and less error-prone. By comparing the VASPs cryptoasset holdings to balance sheet data, we show that the major issues are related to the different management of cryptoasset wallets in different DLTs, the lack of wallet addresses attribution data for VASPs, and the absence of breakdowns by cryptoasset types in balance sheets.
The paper is structured as follows. In Section 2, we introduce key background concepts and review the literature. Then we analyze VASPs and their features in Section 3. Section 4 describes the data, our measurement approach, and reports our results. In Section 5 we discuss how the data gap can be reduced, while in Section 6 we draw conclusions. Our study follows an open-source approach and can be replicated on any other entity, provided the data on their cryptoasset wallets.
This paper is available on arxiv under CC BY 4.0 DEED license.
[1] See https://nyti.ms/3WUnEP7, https://bit.ly/3kIjegD, and https://on.ft.com/3XIogs8.
[2] See e.g. https://on.ft.com/3DgFHYD and https://bit.ly/3Y0JqBo.
[3] The commercial register is a central, public directory. It contains important information about numerous companies. The primary purpose of the commercial register is to provide business transactions with the opportunity to obtain relevant information about the registered company.