👔'Proof of Reserves' Laws & Regulations

Overview:

After FTX, jurisdictions and regulators across the globe scoured to find a way to protect their citizens from "the next FTX." Ultimately, a few crypto-forward jurisdictions have used the "Proof of Reserves" tool to mitigate this risk. To date, multiple US states and global jurisdictions have codified Proof of Reserves scheme as part of their digital asset licensing regime.

In contrast to full financial statement audits, SOC attestations, supervisory examinations, and other vehicles that are used a proxy by regulators to try and answer the key question: "Are the customer assets there?," Proof of reserve attestations can pointedly answer this question and can be used as a tool to mitigate the actual risks that regulators and the public are worried about. Additionally, Proof of Reserves are often less invasive than financial statement auditors or other attestations, because their scope is on only one part of the business (customer digital assets) and not company-wide.

We believe this is the reason why Proof of Reserves has been adopted by forward thinking jurisdictions and will continue to be adopted globally.

Euphemisms for Proof of Reserves

Some regulators have been reticent to use the industry-native term "Proof of Reserves." Instead, they have used euphemisms, such as "Customer Asset Reconciliations" to convey a similar procedure, without using the term specifically. Other jurisdictions actually use the term 'Proof of Reserves" by name.

Active Proof of Reserves Laws or Regulators

Texas, USA

Effective Date: September 30, 2023

Overseeing Body: Texas Department of BankingTexas, USA

PoR Terms Used: "Outstanding Liabilities to Digital Asset Customers, documented using zero-knowledge encryption or similar industry standard.." & "evidence of customer assets..."

Texas House Bill 1666 was the first time the set of procedures colloquially known as “Proof of Reserves” was codified into a US State law. The bill requires certain Digital Asset Service Providers operating in the State of Texas to perform quarterly "self" attestations, and annual CPA-assisted Proof of Reserve attestations.

Wyoming, USA

Effective Date: May 13, 2021

Overseeing Body: Wyoming Department of Banking

PoR Terms Used: "Proof of reserves scheme..."

In Wyoming, digital asset custodians may opt the regime's "Enhanced Digital Asset Custody Framework" by proving their reserves of digital assets under a proof of reserves scheme. Using regular examinations by an independent public accountant, they can cryptographically verify control of the digital assets in custody and demonstrate possession and control over private keys. Digital asset custodians may opt into providing details of customer balances and validate these using a Merkle tree structure, with the root node hash being publicly disclosed by the accountant. The accountant verifies that the total holdings match the verified wallet values, ensuring transparency in reporting.

Dubai

Effective Date: February 7, 2023

Overseeing Body: Virtual Assets Regulatory Authority

PoR Terms Used: "Proof of Reserves"

VASPs (Virtual Asset Service Providers) are obligated to adhere to Reserve Assets requirements specified in the Company Rulebook. Additionally, they must comply with any requirements set by VARA (Virtual Asset Regulatory Authority), which could be revised periodically and might be a part of the licensing procedure for VASPs.

The primary goal of the proof of reserves requirement is to ensure that VASPs have sufficient assets held in reserve to cover all their liabilities in relation to their clients' Virtual Assets (VAs).

VASPs must demonstrate, through compliance with VARA's stipulations, that the reserve assets match or exceed the liabilities owed to clients, hence providing transparency and security for clients' holdings.

Bermuda

Effective Date: April 2022

Overseeing Body: Bermuda Monetary Authority

PoR Terms Used: "Proof of Reserves"

Section 18(3) of the Digital Asset Custody Code of Practice Act requires a Digital Asset Businesses (DAB) that has custody of one or more digital assets for one or more clients must maintain in its custody a sufficient amount of each type of digital asset in order to meet its obligations to clients. To fulfil this requirement, a DAB must maintain adequate accounting and other relevant records, and adequate systems and controls to accurately track ownership and quantity of client digital assets it has taken into custody.

The DAB must have adequate segregation of duties to protect the integrity of the record-keeping process, and appropriate redundancy and business continuity processes, procedures, and controls to be able to access records of client digital assets in custody at all times, including post natural and other disasters.

Canada

Effective Date: March 29, 2021 (Guidance Only)

Overseeing Body: Canada Securities Administrators

PoR Terms Used: "Proof of Reserves"

As part of best practices recommended by the CSA, a Proof of Reserves (proof that e qualifying company maintains a minimum amount of assets) is recommended as a requirement.

Proposed Proof of Reserves Laws

U.S. Federal Government

Lummis Gillibrand Act: Sec. 203 (Proof of Reserves) Requires all crypto asset intermediaries to maintain proof of reserves and undergo an annual verification. Gives the Public Company Accounting Oversight Board authority to enforce these provisions.

Proving Reserves of Others Funds (PROOF) Act: U.S. Senators Thom Tillis (R-NC) and John Hickenlooper (D-CO) introduced the PROOF Act, bipartisan legislation that would:

1. Establish regulatory standards on how digital asset institutions can hold customer assets, including a prohibition of the co-mingling of customer funds

2. Require digital asset exchanges and custodians to submit to a Proof of Reserves inspection by a neutral third-party

Singapore

Under the proposed amendments relating to customers' assets, the Monetary Authority of Singapore would mandate Digital Payment Token Service Providers (DPTSP) to conduct a daily reconciliation of customers' assets. Additionally, the regulation would require licensed DPTSPs to document a distinct book entry for each customer concerning their assets. This entails recording a description and quantity of assets for each transaction, along with the price and fees arising from the transaction, and the name of the customer who engaged in the transaction.