Proof of Reserves for Stablecoin Issuers

What is Proof of Reserves?

Proof of Reserves (PoR) emerged as a response to the collapse of Mt. Gox in 2013, a pivotal moment that highlighted the need for greater transparency in the crypto industry. Initially, this concept was primarily used by cryptocurrency exchanges to verify that they held sufficient assets to back user balances. Over time, however, the scope of PoR has broadened significantly. It is now being applied to a wider range of financial instruments and digital assets, including stablecoins, asset-backed tokens, and exchange-traded funds (ETFs), as a way to enhance trust and accountability.

Why Proof of Reserves Matters

Proof of Reserves (PoR) is essential in situations where individuals or institutions entrust third parties with custody of their assets. This reliance can stem from several factors. Perhaps the custodian offers stronger security measures, the ability to tokenize an asset, or is simply holding the asset as collateral in a broader financial arrangement.

Regardless of the reason, a core challenge arises: how do we know the custodian or stablecoin issuer is still holding the assets they claim to have? This is where Proof of Reserves comes in. It provides a transparent method to confirm that those assets remain safely held by the third party.

Asset/Liability Pairs

When a third party is entrusted with safeguarding someone else's assets, this arrangement inherently gives rise to a paired relationship: an asset held by the custodian (or stablecoin issuer), and a corresponding liability—essentially a promise or an IOU for the right to redeem for the underlying reserve assets.

Take, for instance, a scenario where a user deposits 1 bitcoin into a platform like Coinbase. In this case, Coinbase becomes the custodian of the asset (the bitcoin itself), while simultaneously incurring a liability, an obligation to send the user 1 BTC when the withdraw from the exchange.

In the stablecoin a scenario, a user sends 1 USD in return for 1 StableUSD. In this case, the stablecoin issuer becomes the custodian of the asset (US Dollars), while simultaneously incurring a liability (the StableUSD token), with the obligation to the user to return their dollar upon redemption of 1 StableUSD.

In a healthy system, the total assets in reserve should be equal to or exceed the total liabilities the issuer has issued.

At its core, Proof of Reserves is a mechanism designed to validate that this asset-to-liability ratio is maintained 1:1 (or greater).

Join The Accountant Quits Movement

Upskill, get hired, and connect with a global community of Web3 accountants.

Access courses & community

Join our free class

The Expansion of Proof of Reserves

Entities such as stablecoin issuers, asset-backed token platforms, ETFs, and blockchain bridges all operate on a similar principle: they custody assets on behalf of users and issue corresponding liabilities in return. These IOUs are typically redeemable for the original assets deposited.

This structure makes Proof of Reserves highly relevant across a wide range of use cases. It allows for transparent verification that these platforms, stablecoins and more, are maintaining a one-to-one (or greater) ratio between the assets they hold and the liabilities they've issued. Below are just a few examples where this asset-liability matching principle is critically applied.

How is Proof of Reserves applied to Stablecoins?

Stablecoins come in all shapes and forms. Stablecoins can be backed with fiat currency or US-Treasuries (like USDC), crypto held in a smart contract (like USDS - formerly Dai), or even nothing at all.

For Crypto-collateralized stablecoins, the concept of Proof of Reserves is unique, whereby no 3rd party trust is required to verify the underlying collateral (assets), as they are viewable directly on chain. Users can simply compare the on-chain reserve (assets) to outstanding tokens issued (liabilities) to ensure 100%+ reserve.

However, trust is still required to rely on the stablecoin protocol to maintain a stable value. The protocol needs to have reliable pricing oracles, reliable liquidation mechanisms, and reliable private key management of the underlying keys controlling the smart contracts used to maintain the protocol.

For “fiat-backed” stablecoins, such as USDC, collateral assets are typically held “off-chain,” typically in bank accounts as demand deposits, or as treasury bills at a financial institution. Since this data is natively “off-chain”, trust in the issuer from the public is required to receive transparent and accurate data about the underlying reserve assets to make informed decisions. While the tokens outstanding are usually public on blockchains, the reserves are not, opening a risk for token holders.

To bolster trust in the underlying reserve assets, most fiat-backed stablecoin issuers have opted into provided 3rd-party “Proof of Reserves” reports, attested to by independent public accounting firms, covering both the outstanding tokens issued (liabilities) and underlying reserves (assets).

Attestations over Stablecoins

Attestations, performed by independent public accounting firms, have been the industry standard, adopted in 2018.

Internationally, accounting firms typically issue these attestation reports under the ISAE3000: Assurance Engagements Standard. In the U.S., the AT-C 205: Examination Engagements Standard is the norm.

In both cases, these attestations are not full financial statement audits… nor are they intended to be. A full financial statement audit implies coverage over the company’s full balance sheet, income statement, statement of cash flow, and notes to the financial statements. Unless the issuer is a public company, these financial statements are also not typically made public. Full financial statement audits are typically performed annually, and usually take both the company and the auditor months, quarters, or even the whole year to complete.

A “Proof of Reserves” attestation is different. It’s scope is limited to what stablecoin token holders care about, the tokens outstanding and the underlying reserves. The same level of scrutiny as a financial statement audit is applied, it’s just a reduced scope. This scope reduction enables these reports to be published much more frequently, as the operational burden on the issuer and auditor are greatly reduced, while still providing much needed transparency.

Under both ISAE3000 and AT-C 205 standards, Management is required to “make an assertion,” or a list of statements regarding the stablecoin. Then, the auditor effectively “audits” those assertions and provides an opinion on if Management’s assertions are accurately stated, in all material respects.

An often overlooked element of these attestations, is that Management is required to make an assertion, which actually grants management the flexibility to report on additional characteristics of the stablecoin that are not readily apparent when just presented with outstanding token and reserve amounts. For example, if reserves are held in segregated accounts, in trust, or have insurance, these elements can be presented within Management’s assertions, and thus be included within scope of the attestation and presented to the public.

The auditor can help Management of the issuer to consider which assertions should be within the scope of the engagement, but ultimately it is Management’s role to assume responsibility of all assertions made.

Management’s Assertion and/or Criteria

As noted above, Management is responsible for providing “assertions” or “statements of fact” regarding the stablecoin. Well… what should Management include in their assertions? Here are a few key items to consider when drafting your assertions:

• Tokens Outstanding (obviously): along with circulating tokens, management should consider “non-circulating” or “pre-minted” tokens (if unbacked) for disclosure. Additionally, management should consider disclosing chains of issuance, tokens issued by chain, and smart contract issuer addresses.
• Reserves (obviously): including the composition, maturity dates, CUSIP numbers, and FMV of assets in the reserve basket.
• Financial Institution Details: while the specific names of your custodians are not required (or even advised), other elements, such as geographic location and type of entity could be disclosed.
• Bankruptcy Protections: such as insurance, trust arrangements, and/or segregated accounts could be disclosed for greater transparency.
• Litigation: affecting the tokens or underlying reserves could (and should) be disclosed as well.
• Adherence to Jurisdictional Requirements: assertions regarding regulatory compliance could be included within the scope and be “audited.” For example, NYDFS requires this assertion in their issuer’s attestations within their jurisdiction.

Management can also adopt criteria (basically a template set of assertions), such as those issued by the AICPA.

These assertions are made public within the final attestation report. Therefore, these are mechanisms and disclosures to build trust with your user base.

Aligning with Regulatory Requirements

Many regulatory jurisdictions require attestations by an independent 3rd-party accounting firms on a monthly, such as the newly-established GENUIS act in the United States, regulations in Bermuda, Hong Kong, and more.

Each set of requirements may come with unique elements that must be covered within the Proof of Reserves attestation. For example, the GENUIS act requires disclosure of the geographic location of where custodians are holding reserves, along with average maturity in the reserve basket.

Therefore, when compiling assertions, Management should consider specific regulatory requirements and embed them within Management’s assertions to ensure the regulatory requirements can be fulfilled.

The Future of Stablecoin Attestations

Real-Time Proof of Reserves

Blockchain balances are available in effectively real-time, but as technological advances in banking APIs and settlement , so does the possibility for reporting underlying reserves in “real-time” too.

Crypto-native and tech savvy firms, such as The Network Firm and Moore Hong Kong, with their VeriNumus platform, have already begun to offer real-time, independent attestations in real-time - using real-time bank and on-chain data to perform this “Proof of Reserves” reconciliation as frequently as every 30 seconds.

As banking infrastructure improves, and technological capabilities of accounting firm rises, real-time Proof of Reserves may be the standard for transparency in the immediate future.

‍On Chain Proof of Reserves

In conjunction with Oracle providers, such as Chainlink, independent accounting firms can produce the same attestation information to publish on-chain. Once the validated reserve has been published on chain, this information can be used in insurance protocols or smart contracts functions to inhibit minting unless 100%+ reserves exist.

As the stablecoin ecosystem continues to mature, Proof of Reserves has become a foundational tool for ensuring transparency, trust, and regulatory alignment. With advancements in real-time data and on-chain reporting, the future of stablecoin attestations is poised to become even more dynamic, automated, and accessible.

As always, you can reach out to accounting firms, such as The Network Firm, for more information and guidance. 

Additionally, if you are an accounting firm looking to provide Proof of Reserves services, LedgerLens is a SOC-certified suite of crypto audit tools, purpose-built for auditors auditing digital asset companies.