Original content provided by BDO Global
Bitcoin and other cryptocurrencies grab headlines on a regular basis, but those headlines are not always the type that investors and banks want to read. Sometimes they’re about phenomenal gains in the currencies’ values, like what happened in 2017 with bitcoin. Other times, the headlines are about crashes, fraud and hacker attacks.
If I were writing here in my capacity as a private investor, consumer and citizen, I might focus on what can go right with cryptocurrencies. It’s an exciting field, and one I’m experimenting with. Recently, I bought superfood from the UK using an app on my smartphone. I paid in bitcoin with an easy to use bitcoin payment processer. I must say, I had fun buying that food with a cryptocurrency.
Nonetheless, I’m writing here in my capacity as a risk advisor at BDO, and wearing that hat, I must say that significant risks abound. However, if banks take a step-by-step approach and gain experience with small, low-risk projects involving cryptocurrencies, they can work their way into the industry in a prudent manner.
Before I talk about the way one client did just that, I’d like to share this tidbit from a Reuters article in 2017 that highlights some of the problems with cryptocurrency exchanges, which are a major part of the risk in this emerging industry.
The article said:
“There have been at least three dozen heists of cryptocurrency exchanges since 2011; many of the hacked exchanges later shut down. More than 980,000 bitcoins have been stolen, which today would be worth about $4 billion. Few have been recovered. Burned investors have been left at the mercy of exchanges as to whether they will receive any compensation.”
Because of this bitter reality, I suggest approaching all cryptocurrency projects -- and all those that involve its underlining technology, blockchain -- like you would a startup: Extra due diligence and vigilance is needed when using or investing in a new technology.
Here’s how one European bank I advised gained valuable experience in the market. Last year, the bank began to offer five cryptocurrencies to all its clients, including small retail investors. This is only one of several offerings related to cryptocurrencies. On its customers’ behalf, the bank buys bitcoins and other cryptocurrencies from an exchange and stores them for customers in its so-called “cold wallet,” which is the term used for offline storage for cryptocurrencies that is less susceptible to hacks than online storage.
As part of our audit, we double-checked the bank’s handling of cryptocurrencies from end to end – e.g. from the moment it purchases them for clients until they are liquidated for fiat currency.
Our task was to examine possibilities for and safeguards against internal and external fraud related to the cryptocurrencies. We looked at who had access to accounts in and outside the bank, and if multi-signature processes were in place. We also reviewed the security of the bank’s IT systems and the devices and password processes it uses for offline storage.
For me, the lessons learned are threefold: Take caution when implementing a new technology. Make sure your cryptocurrency project has the commitment of top management. And make sure you really test everything you implement.
In my opinion, my client used a wise approach by getting its security and processes in place and then testing the waters with small projects.