In recent years, the virtual asset industry has experienced exponential growth, bringing about innovations in digital payments, tokenisation and decentralised finance (Defi). While highly innovative, the volatile nature of the virtual asset industry has led to some notable high-profile failures globally, many of which have been either caused or severely exacerbated by deficient governance and internal control practices. While such robust measures are essential for all regulated firms, Virtual Asset Service Providers (VASPs) are particularly vulnerable, given the complexity and often inherent risks of the environment in which they operate.

Major collapses, including the dramatic collapse of the FTX trading platform and associated companies (“FTX”), the de-pegging of Luna coin (the backing asset for the Terra blockchain protocol) (“Terra / Luna”) and bankrupting of Celsius Network (“Celsius”), all clearly underscore the critical importance of VASPs implementing comprehensive and well thought out corporate governance measures. As VASPs continue to grow in number and significance, the need for sound governance frameworks cannot be overstated. In this article, we will explore the key governance lessons drawn from these recent fallouts and outline why strong governance practices are essential for VASPs to thrive in the current regulatory landscape, with particular reference to the requirements placed on VASP operating in or from the Cayman Islands.

By way of reminder, the Cayman Islands introduced the Rule on Corporate Governance for Regulated Entities (the “Rule on Corporate Governance”) and the Rule and Statement of Guidance on Internal Controls for Regulated Entities (the “Rule and SoG on Internal Controls”) in 2023. These both apply to all regulated firms in Cayman including VASPs.

The FTX Collapse: A Governance Catastrophe

FTX was once the world’s most prominent cryptocurrency exchanges until its sensational collapse in 2022 sent shockwaves across the industry. The company and its officers faced accusations of mismanaging billions of dollars in customer assets, leading to its eventual bankruptcy. The fallout revealed major governance failures, such as a lack of segregation between customer and corporate funds, wholly inadequate risk management practices and a culture of poor accountability at the executive level.

FTX’s downfall highlighted the dangers of insufficient internal controls and the absence of proper oversight by its board of directors. A lack of transparency in its financial dealings, along with overreliance on founder-led decision-making, further contributed to its catastrophic demise. This alone underscores the integral importance of VASPs having strong governance practices in place that prioritise transparency, accountability, and robust internal controls to safeguard customer assets.

Terra / Luna and Celsius Network – FTX was by no means an isolated incident

FTX is not alone in exposing the risks of poor corporate governance in the virtual asset industry. The collapse of the Terra / Luna ecosystem in mid-2022 serves as another stark reminder of the industry risks and why strong governance and control measures are so important. Terra’s algorithmic stablecoin (UST) de-pegged from the US dollar in 2022 triggering a cascade of losses for investors and coin holders. The alleged governance deficiencies here stemmed from the inherent design of Terra’s stablecoin model and an apparent the lack of a sound risk management framework. Terra’s collapse showcased the need for VASPs to conduct thorough risk evaluations and stress tests, particularly when dealing with novel financial products or instruments.

Similarly, the bankruptcy of Celsius, a cryptocurrency lending platform was another prime example of alleged governance failure. Celsius froze withdrawals in June 2022, citing extreme market conditions, which led to accusations of mismanagement and lack of transparency about how user funds were being utilised. Purported governance practices, such as an opaque decision-making structure and inadequate capital reserves, compounded Celsius’ problems. The Celsius case demonstrates the necessity of having well-defined financial oversight, especially for VASPs managing customer deposits and lending operations.

Key Takeaways for VASPs

The fallouts from FTX, Terra / Luna and Celsius all reveal a number of key governance lessons for Cayman VASPs (irrespective of the jurisdiction each of them were based) that are crucial to their sustainability and regulatory compliance. Adherence to the Cayman Islands’ Rule on Corporate Governance along with the Rule and SoG on Internal Controls are both major steps towards ensuring sound governance practices for all industry participants in the Cayman Islands.

1. Board Oversight and Independence

The collapse of FTX illustrated the danger of boards that are too closely tied to the founders or executives of the company. VASPs must have independent boards with directors who possess the necessary expertise and experience to oversee complex financial operations. Effective board oversight ensures that management actions are scrutinised, risks are properly evaluated, and corporate decisions are made in the best interests of all stakeholders, particularly customers.
A core tenet of the Rule on Corporate Governance is the principle of independence and objectivity at the governing body and senior management level. Governance practices must promote and foster efficient, objective and independent judgement and decision making by the board of directors (referred to as the “Governing Body” for the purposes of the Rule on Corporate Governance) and these practices must be clearly documented.

The Governing Body is expected to review its composition to ensure that all members have adequate skill, commitment and independence to oversee the VASP’s activity. Governing Bodies are also expected to ensure that robust conflicts of interest practices are adopted and a sound code of ethics are implemented.

All such measures would have gone a long way to avoiding, or at least strongly mitigating the severity and overall customer detriment resulting from the FTX fallout.

2. Segregation of Customer Funds

A critical governance failure in the FTX collapse was the co-mingling of customer and corporate funds. This activity intensified customer losses following the collapse and severely hampered accounting procedures and the overall determination of company capital.

All Cayman Islands VASPs are required to ensure that customer and company assets are properly segregated in order to prevent conflicts of interest and misappropriation of funds. In accordance with the Rule and SoG on Internal Controls, all VASPs are required to implement measures to ensure appropriate segregation and safeguarding of all customer assets while ensuring that comprehensive records are maintained at all times.

3. Transparent Risk Management

The Terra / Luna and Celsius failures both underscore the importance of rigorous risk management practices. While Terra / Luna and Celsius were operating in novel and inherently risky business activities, it appears that these innovations did not take into consideration the need for comprehensive risk assessments, stress testing and independent auditing.

Cayman Islands VASPs are required to have clear processes in place to assess, mitigate, and disclose the risks associated with their operations. Governance structures must also include committees or independent advisors responsible for evaluating such risks, especially when launching new products or services.

4. Internal Controls and Compliance

Poor internal control measures such as inadequate financial reporting, poor liquidity management and asset monitoring deficiencies were all significant factors in the downfall of many virtual asset companies including FTX.

The Rule on Corporate Governance and the Rule and SoG on Internal Controls set out minimum requirements for establishing robust internal controls, conducting regular internal and independent audits and for establishing effective financial reporting mechanisms. Such controls help ensure that the company adheres to regulatory standards and mitigates the risk of fraud or financial mismanagement.

VASPs in the Cayman Islands must also implement strict compliance programs that include anti-money laundering, countering of terrorist financing and sanctions protocols under applicable anti-money laundering and sanctions requirements.

5. Crisis Management and Transparency

It is claimed that Celsius’ failure to be transparent about its liquidity issues created panic among users, accelerating its demise. Strong governance ensures that crises are managed effectively with a focus on transparency and protection of stakeholder interests.

VASPs in the Cayman Islands are required to establish governance frameworks that include business continuity management protocols. In the event of financial stress or market disruptions, clear communication with regulators, investors, and customers is vital and the obligation to establish protocols for these matters is clearly set out in the Rule on Corporate Governance.

Conclusion: The Path Forward for VASPs

The fallouts of FTX, Terra / Luna, and Celsius Network each demonstrate that the cost of poor governance can be catastrophic and not just for the companies involved but also for the broader industry, customers and stakeholders. As the virtual asset industry matures, corporate governance will become an even more critical factor in determining the success or failure of VASPs. The Cayman Islands has rightly identified corporate governance as a key regulatory safeguard for all regulated entities including VASPs. All Cayman Islands VASPs are obligated to manage risk, protect customers, and ensure compliance with legal and regulatory obligations.

For VASPs, the lessons from these failures are clear. Strong, transparent, and accountable governance structures are essential. The Cayman Islands has sought to codify these obligations through the issuance of applicable rules. By fostering a culture of ethical leadership, implementing robust internal controls, and prioritising risk management, VASPs can build trust with regulatory authorities, customers, and investors. As the regulatory environment continues to evolve for VASPs, sound governance will not only be a competitive advantage but also a necessity for survival in the fast-evolving virtual asset landscape.

Authors

Stay current with our latest legal insights and subscribe today