South Africa’s infamous MTI was crowned as the world’s largest crypto Ponzi scam with a total loss of around $589m which affected hundreds and thousands of investors, according Chainanalysis’ 2020 crypto crime report. MTI’s illicit scheme using cryptocurrencies to commit fraud overshadowed the thriving cryptocurrency industry in South Africa and the rest of the world which gave credible and reputable virtual asset service providers and participants in this alternative financial system yet another hurdle to overcome on the road of mass adoption.
The FSCA and other regulators across the world are constantly warning crypto asset investors to be extremely cautious and vigilant when dealing with or investing in these digital assets. In most circumstances, regulators are issuing these warnings due to a lack of regulations as in the instance of South Africa where cryptocurrencies remain unregulated. This lack of regulations results in investors having to do extensive research before investing in cryptocurrencies, but also allows fraudsters to prey on uninformed investors.
Bitcoin in its nature was designed to facilitate peer-to-peer transactions across the internet without the need for an intermediary or monetary regulations that come with commercial and central banks. This idea of being free from regulations has led people to believe that cryptocurrencies were designed to and needs to operate completely independent from any form of regulation, but they fail to realise that certain regulations are imposed to protect consumers and economic stability. This is exactly why businesses that are publicly accountable are vigorously regulated and required to be audited. These independent audits are conducted to protect the interest of all stakeholders, to ensure that the applicable laws and regulations are adhered to and that the financial statements are free from material misstatement as well as fraud to a certain extent.
Fraud and error can usually be mitigated by prevention, detection and recourse. With the introduction of regulations to govern the industry, it will ensure that there are preventative measures put in place to ensure fraud of this magnitude does occur again and that there is legal recourse for victims. In addition to regulations, the role of the forensic and financial auditor is to detect possible instances of fraud and error and assist with the recourse process.
Looking from a financial audit and Companies Act’s perspective there are various ways that MTI’s fraud could have been prevented or limited with the use of a financial audit and regulations. According to CIPC MTI was registered as a South African company on 30 April 2019 by the sole director, Johannes Steynberg, to commence business on the very same day. The Companies Act required MTI to be audited as a result of them holding customers’ bitcoin and fiat currency in a fiduciary capacity where that value was in excess R5m. Based on the application of relevant accounting frameworks each Rand or bitcoin invested into MTI would have resulted in a corresponding customer liability on the balance sheet. This massive liability would have resulted in a significant public interest score (as calculated by the Co Act) that would have also required the company to be audited and to have a social and ethics committee comprising of various individuals further reducing the possibility of fraud as a result of a single director denominated company. MTI also has a February year-end and in terms of the Companies Act, they were required to have audited financial statements by no later than 31 August 2020, which is 6 months after their financial year-end and if they had been regulated by the FSCA the period may have decreased to 3 months. If one looks at the rate funds were flowing into MTI, but also out of the back door, these losses could have been limited to August or even May of 2020.
The director had however neglected to appoint an auditor and there was no regulating body overseeing or requesting MTI to provide audited financial statements. Several red flags on their extremely complex multiple-level marketing business plan would have been raised by both regulators and auditors. If a company such as MTI made it past the acceptance procedures of an audit firm, the challenge would be to identify the fictitious assets that a Ponzi scheme relies in addition to a certain level of pseudo-anonymity that bitcoin provides. Mazars has developed the required technical expertise on cryptocurrencies and designed specific procedures to audit virtual asset service providers using a combination of ITGC assessments, application control testing and data analytics to obtain the required assurance. In addition to this, we are able to use our available resources and expertise on cryptocurrencies to obtain and analyse information directly from the respective blockchains that mitigate the risk of factious assets and proves the existence of the assets as well as ownership of a specific account, referred to as public-key addresses, which holds the cryptocurrencies.
The evolution of digital assets such as cryptocurrencies brings phenomenal potential to change the financial industry, but with this comes certain challenges and that requires us to adapt and overcome. Fortunately, regulations are there to aid us in this journey by protecting consumers and developing the industry that allows an alternative financial system. You will find it difficult to find a virtual asset service providers operating in this industry that are not pro-regulation, because these service providers know what the benefits are of a regulated industry and the positive impact this could potentially have on a country’s economy.