Digital assets risk management services: PwC

Blockchain technologies and digital assets present opportunities for companies to change the ways in which they are doing business and engaging with their customers. Companies are already implementing these technologies today including tokenization of assets, using crypto for payments and cross-border transactions, creating new products and service offerings, and issuing non-fungible tokens (NFTs) not only as collectibles, but as a driver for increased consumer engagement. The ability to seize a competitive advantage means moving forward with a strategy that includes having the proper risk management and internal controls in place to protect your organization and build trust with your stakeholders. Building trust is about doing the right things the right way, being transparent, and providing assurance to both meet customer demands and manage regulatory and compliance obligations. PwC brings intelligent thinking, a risk and controls mindset, and tech know-how.

In the digital assets space, capabilities, industry standards, customer expectations, regulations and the competitive landscape are evolving quickly. There are also unique risks: from digital asset custody, to wallet and private key management, to dependency on both centralized and decentralized systems and organizations.

PwC’s services span the risk management lifecycle—including advising and evaluating on governance and risk management capabilities, performing initial risk assessments, identifying control gaps and developing risk mitigation strategies, to control advisory and assurance services, including System and Organization Controls (SOC) 1 and SOC 2 services.

Strategic considerations

Robust governance, risk management and internal controls should be designed for both consistent and reliable operation while being flexible enough to adapt to the rapid pace of change.

Questions business leaders are asking

What are the biggest risks associated with engaging in digital assets?
What risk assessments, controls or governance structures are required to support digital asset strategies?
What parts of the risk and control framework will have to be created or enhanced for digital assets?
Who are the right internal stakeholders to be at the table?

What are the biggest risks associated with engaging in digital assets?

When it comes to engaging with digital assets, there are a number of risks including dependencies on new and distributed technologies, a new class of intermediaries and service providers, new and often complicated technologies, market volatility, regulatory complexity, cyber threats, and fraud. The specific types of risks you’ll encounter will depend on how you choose to engage, such as investing in digital assets or trading, accepting crypto payments, managing custody, or creating new products or service offerings. These are just some of the risks to be mindful of, but the methodology on how you identify, assess and manage risks does not change. Starting with a risk framework, policies and procedures are an important part of this process.

What risk assessments, controls or governance structures are required to support digital asset strategies?

Companies should start with a clear strategic objective – and balance both the potential opportunity along with a forward thinking and agile risk management approach. Organizations should be proactive in evolving their risk management frameworks to reflect digital asset specific considerations, which include some novel risks as well as familiar risks that manifest in new ways. Many organizations are also finding that it is important to follow a cross-functional approach, as digital asset risks and risk responses tend to cross traditional organizational boundaries.

What parts of the risk and control framework will have to be created or enhanced for digital assets?

Digital assets will impact many aspects of an organization’s risk management framework, including governance, management, organizational capability and capacity, investment due diligence, business partner and service provider evaluations, product and services strategy, operations, technology, accounting, tax, and regulatory compliance. Specific considerations can include areas such as digital asset custody, wallet management controls, asset valuation, insider threats, physical and personnel safety, blockchain data acquisition and analytics, and reconciliation controls.

Who are the right internal stakeholders to be at the table?

Initial forays into digital assets product and service offerings may be led from the top as part of defined strategy or may bubble up from the bottom as grass roots initiatives. Either way it is important for the right stakeholders to get involved early, not only to set strategic direction but also to ensure that appropriate risk management guardrails are in place. The most successful organizations are drawing on the capabilities from across the organization, so that the drivers of digital asset adoption are appropriately engaged with supporting functions including accounting, risk, legal, operations, technology and compliance.

Digital asset risk management and controls services:

Governance, risk and control frameworks
Valuation and risk management policies and procedures
Control design assessments and testing
Risk assessments
Third party risk management
Service provider due diligence assessments
Complementary User Entity Controls (CUEC) assessments
SOC 1/SOC 2 readiness assessment,
SOC 1/SOC2 assurance
Initial Public Offering (IPO) internal control readiness
Process, risk and internal control design and documentation

PwC’s cross-functional team of specialists in risk and controls , cybersecurity, and digital assets can help you achieve your vision. We combine our business risk management mindset and consulting capabilities with your business strategy to help you build trust while driving your business. For clients whose independence requirements are met, we may be able to provide attestation (i.e., SOC) and controls assurance services. Our deep experience working with a variety of companies in the digital assets space, including banks and crypto native companies, has helped shape our thinking, and we’ll bring this knowledge to help you identify and manage new risks and meet your objectives. Let’s plan your next move.