Yesterday KPMG published a report entitled “Institutionalization of cryptoassets” with extensive contribution from Coinbase. The report explores why cryptoassets are a “big deal”, the challenges it faces for institutionalization, and some analysis of the attributes money.
KPMG uses the term cryptoassets, as opposed to cryptocurrencies or tokens or digital assets. Perhaps one aspect of the institutionalization process is that organizations might agree on terminology. The term cryptoassets is most heavily used by central banks, particularly the Financial Stability Board. Coinbase calls then cryptocurrencies. A quick review shows that incumbents lean towards the term Digital Assets: BAKT, SIX and Fidelity are all using that term.
Back to the report itself. Coinbase expects there will be three adoption stages: the current investment/speculation phase, institutionalization, and utility. The company believes (or hopes) it’s possible that the institutionalization and utility phases could happen in parallel.
The core of the report explores the challenges facing institutionalization. One crucial area isn’t mentioned in the report: insurance. It’s hard if not impossible to get insurance relating to cryptocurrencies and blockchain. Ledger Insights heard of a major broker that went to 60 markets and managed to get only three quotations.
Top of the list of challenges in the report is compliance with regulatory obligations. The consultants provide a quick run-through of the array of regulators that could be relevant to an institutional business in the US. The report refers to regulatory uncertainty: “The lack of clear regulatory guidance in certain areas is impacting the ability of the industry to implement the applicable set of controls and processes.”
There’s also the regulatory area beyond compliance which the report doesn’t mention. Because it could could significantly impact the value of the cryptoassets. For example, there’s a brewing debate about who is liable for smart contracts. If someone writes an open source prediction smart contract, and someone else deploys the smart contract and doesn’t register with the CFTC, should the coder be held responsible?
Other challenges covered by the report include fork management and governance, KYC and cryptoasset provenance, securing cryptoassets, accounting and financial reporting, and tax.
The report lists potential vulnerabilities in securing cyrptoassets. “Attack vectors and root causes span a wide spectrum. Examples include auditor account compromise, server failure due to DDOS, unencrypted data stores, phishing attacks, smart contract bugs, software vulnerabilities, order sequencing issues, security update failures, and poor wallet tiering among others.”