SAB 121 frequently asked questions

Does SAB 121 apply to your entity? If so, how? Crowe professionals offer insights in this FAQ.

In March 2022, the Securities and Exchange Commission staff issued Staff Accounting Bulletin No. 121 (SAB 121), which outlines the staff’s views on how public entities should account for obligations to safeguard the “crypto-assets” of third parties. Given the brevity of SAB 121, many interpretive questions surrounding its scope and the outlined accounting and disclosure guidance have arisen. Additionally, the new SEC guidance prompted the Association of International Certified Professional Accountants to update its Accounting for and Auditing of Digital Assets practice aid in June 2022.

Crowe specialists discussed SAB 121 and to whom it applies in this report, and in this follow-up article, they share insights on some of the more frequently asked questions about SAB 121.

1. SAB 121 applies to the safeguarding of “crypto-assets.” What is included in the definition of “crypto-assets” as used by SAB 121? Does it include non-fungible tokens (NFTs) and stablecoins?

SAB 121 defines a “crypto-asset” broadly as “a digital asset that is issued and/or transferred using distributed ledger or blockchain technology using cryptographic techniques.” Given this broad definition, we believe SAB 121 generally applies broadly to safeguarding arrangements involving (but not limited to) the following types of digital assets:

Crypto assets used as a medium of exchange (for example, bitcoin)
Stablecoins (for example, a digital asset that is backed 1:1 to the U.S. dollar)
NFTs
Utility tokens

An entity should consider the type of blockchain technology being used to safeguard digital assets. A private or permissioned blockchain is one that controls access to the digital assets and provides the administrator the ability to cancel, correct, or override transactions. A private or permissioned blockchain might not contain the same technological, legal, and regulatory risks as a public blockchain. As a result, digital assets operating on a private or permissioned blockchain might be out of the scope of SAB 121.

2. Must an entity operate a platform to be in the scope of SAB 121?

No. While SAB 121 includes an example of an entity that operates a platform for its users, including a service of safeguarding its users’ digital assets, we understand from the SEC staff that the scope of SAB 121 should be viewed broadly and is not limited to platform operators. The focus of SAB 121 is on identifying entities (including consideration of their agents) that have an obligation to safeguard the digital assets of another party. Refer to question five for factors an entity should consider when determining if it has a direct or indirect obligation to safeguard digital assets.

Explore Crowe resources for crypto and digital assets.

Learn more

3. Must a safeguarding obligation be contractual for SAB 121 to apply?

No. Importantly, SAB 121 makes no reference to contractual rights and obligations. Therefore, a safeguarding obligation need not be contractual to require recognition. For example, although an entity might not have a contractual safeguarding arrangement in place, the totality of the facts and circumstances – including consideration of the customer’s perceptions of the entity’s involvement with safeguarding – might give rise to an implicit or constructive safeguarding obligation subject to SAB 121.

Similarly, an entity might have a contract with a customer that indemnifies the entity against any losses resulting from lost digital assets. We understand that the SEC staff does not consider contractual language that either limits the liability of or indemnifies one or more parties in the process of identifying if a safeguarding obligation is present within the context of SAB 121.

4. If an entity determines it controls and is the accounting owner of digital assets, does SAB 121 apply?

No. If an entity determines that it has control over digital assets and recognizes those digital assets as the accounting owner, SAB 121 would not apply because an entity would not record a safeguarding liability for its own digital assets.

5. What factors should an entity consider when determining whether it has a safeguarding obligation subject to SAB 121?

The underlying principle of SAB 121 is that an entity with either an explicit or implicit obligation to safeguard the digital assets of others should recognize a safeguarding liability and accompanying safeguarding asset to reflect the risks inherent in the arrangement. The nature and level of involvement of the entity, including its agents, should be evaluated. To determine if it has an explicit or implicit safeguarding obligation, an entity might consider the following list of factors (not all-inclusive):

Does the entity have a contractual agreement to safeguard the digital assets of another party, either directly with the owner of the digital assets or through third parties acting as the entity’s agent?
Which entity or entities does the customer believe is responsible for providing safeguarding services?
Does the entity hold itself out as providing safeguarding services? For example, does the entity’s website or other marketing materials suggest the entity will safeguard customers’ digital assets?
What type of information does the entity know about the customer’s digital assets? For example, does the entity know the public key, the private key, or customers’ individual digital asset account balances?
Does the entity hold sufficient private key information to unilaterally transact in the safeguarded digital assets or prevent others from transacting in the digital assets?
Does the entity perform recordkeeping services for the digital assets, including providing customer statements that include account details?
Do transactions involving the safeguarded digital assets ever flow through the entity or its agents?
What level of involvement does the entity have in resolving complaints from customers about the safeguarded digital assets?

As noted above, this is not an all-inclusive list of factors, and no single factor is determinative in concluding whether a safeguarding obligation is present or not.

6. Must an entity use the principal versus agent guidance in ASC Topic 606, “Revenue From Contracts With Customers,” to determine if the entity is the principal to a safeguarding obligation?

No. While an entity might consider the principles within ASC Topic 606 on principal versus agent when determining whether a safeguarding obligation is present, these principles alone would not be sufficient to determine if SAB 121 applies. An entity must consider the totality of facts and circumstances to determine if a safeguarding obligation subject to SAB 121 is present. See question five for factors an entity should consider in its analysis.

7. Does SAB 121 apply to financial statements furnished under Rule 3-05 and Rule 3-09 of Regulation S-X?

Yes. While SAB 121 is silent on whether SAB 121 should be applied to financial statements that are furnished under Rule 3-05 and Rule 3-09 of Regulation S-X, we understand from conversations with the SEC staff that SAB 121 would apply. This conclusion is consistent with the historical application of SABs to such financial statements.

8. Is it possible under SAB 121 for multiple entities to record a safeguarding liability (and accompanying asset) for the same safeguarded assets?

Yes. Based on discussions with the SEC staff, we understand that multiple entities could record a safeguarding liability and accompanying asset for the same safeguarded assets. For example, consider an entity that uses a subcustodian to provide safeguarding services to its customers. In this situation, both the entity and the subcustodian might determine they need to apply SAB 121 to their arrangement, even if the customer might not be aware of the subcustodial relationship.

9. If an entity only provides wallet software tools to a customer whereby the customer generates and maintains its own cryptographic key information, would the provision of those tools cause the entity to be subject to SAB 121?

Typically, no. If an entity (including its agents) solely provides software tools to a customer, who then generates and controls the related private key information, then a safeguarding obligation would likely not be present.

10. How should an entity classify the safeguarding liability and corresponding asset on its balance sheet?

In many cases, customers will have the ability to withdraw safeguarded crypto assets on demand. In such situations, we would expect an entity to classify the safeguarding liability and corresponding asset as a current liability and current asset, respectively. If safeguarded crypto assets are not available on demand, an entity should consider the length of any restrictions on withdrawal to determine proper balance sheet classification.

11. How should changes in the fair value of a safeguarding liability and corresponding safeguarding asset be presented in an entity’s income statement?

Through discussions with the SEC staff, we understand changes in the fair value of the safeguarding liability and corresponding asset can be presented in the same line item in the entity’s income statement. Consequently, there would be no effect on an entity’s earnings when the changes in the fair value of the safeguarding liability and safeguarding asset are the same. In contrast, if an entity incurs a loss on the safeguarding asset in a reporting period (for example, some or all the safeguarded assets are lost), then any difference in the change in fair value of the liability and the asset would affect earnings in the period the loss occurs.

12. How would an entity that records a safeguarding asset and safeguarding liability under SAB 121 present the initial recognition and subsequent changes in the asset and liability in its statement of cash flows?

We anticipate that, in most circumstances, an entity would classify changes in the safeguarding liability and corresponding safeguarding asset as operating in nature (versus investing or financing). Consequently, disclosure of noncash activity related to the safeguarding liability and safeguarding asset would not be required (see ASC 230-10-05-2(c)). Additionally, we believe presentation of the changes in the safeguarding liability and safeguarding asset in a single line item in the operating section of the statement of cash flows (such as the presentation of the net effect in the reconciliation of net income) is acceptable.

13. What accounting model should an entity use to determine if a loss should be recognized on a safeguarding asset?

SAB 121 explains that a safeguarding liability should be accompanied by a corresponding safeguarding asset that is separate and distinct from the safeguarded digital assets. SAB 121 explains the safeguarding asset is similar to an indemnification asset (see ASC Topic 805).

Given the nature of the safeguarding asset, we believe entities should account for losses to safeguarding assets using the loss contingency model outlined in ASC Topic 450-20. Under this model, an entity would record a loss when it is both probable that the asset is impaired (for example, a loss event has occurred) and that the entity can reasonably estimate the amount of the loss. Due to the nature of digital assets, we would expect an entity to record a loss when it becomes aware of a loss event occurring.

14. Should an entity that safeguards assets other than “crypto-assets” analogize to SAB 121 for such safeguarding arrangements?

No. Entities should not analogize to and apply the provisions of SAB 121 to safeguarding arrangements involving assets other than digital assets. The SEC staff believes the provisions of SAB 121 apply to the safeguarding of digital assets due to the “unique risks” arising from digital assets.