By John Filar Atwood
The Government Accountability Office (GAO) has determined that Staff Accounting Bulletin No. 121 (SAB 121), which provides guidance on how covered entities should account for and disclose their custodial obligations to safeguard cryptoassets held for their platform users, is a rule for purposes of the Congressional Review Act (CRA). Accordingly, the SEC is required under the CRA to submit a report on the rule to Congress and provide for a review where Congress may disapprove of the rule, the GAO stated.
SAB 121 was issued in March 2022 to provide guidance due to the increase in the number of entities that provide platform users with the ability to transact in crypto-assets, as well as the special risks posed by those assets. At the time of its issuance, Commissioner Hester Peirce objected, stating that the SEC should have used a process that involved a public consultation, not an SAB, to make the accounting adjustment. Based on similar reasoning, the GAO received a Congressional request to review SAB 121 in August 2022.
As part of its review, the GAO reached out to the SEC to seek its reasoning on the matter. In a letter to the GAO, the agency maintained that SAB 121 is not subject to the CRA because it does not meet the Administrative Procedure Act’s (APA) definition of a rule since it is not an “agency statement” of “future effect.” The GAO disagreed.
Definition of a rule. The GAO stated that its first task was to determine whether SAB 121 meets the definition of a rule under the APA. SAB 121 does meet the definition, the GAO stated, because it is an agency statement published on SEC’s official, public-facing website as a representation of the views held by its own employees.
The SEC had argued that SAB 121 is not a rule under the APA because it is not an agency action. The SEC stated that SAB 121 is not an agency statement because it is not binding on the agency and at most indicates how the Office of the Chief Accountant and the Division of Corporation Finance would recommend that the agency act. In addition, the SEC asserted that SAB 121 is not an agency statement because the 1934 Act and SEC’s organizational rules prohibit the Commission from delegating general rulemaking authority to an individual Commissioner or to staff.
The GAO acknowledged that SAB 121 was not held out by SEC as a statement representing the full Commission, but is of the view that a statement issued by a subset of the agency may still constitute an agency statement for CRA purposes.
The GAO noted that SAB 1212 was issued by SEC staff as a representation of how the Division of Corporation Finance and the Office of the Chief Accountant interpret accounting-related disclosure requirements. Since one of the Division’s roles is to monitor companies’ compliance with accounting and disclosure requirements, and, since the Division’s practice is to refer noncompliant companies to SEC’s Division of Enforcement when appropriate, the GAO determined that it is reasonable to believe that companies may change their behavior to comply with the staff interpretations found in SAB 121.
The SEC published SAB 121 on its public-facing website, the GAO continued, and it was issued by agency employees to provide non-binding guidance that covered entities were expected to follow. Accordingly, SAB 121 is an agency statement within the meaning of the APA, the GAO found.
The GAO further determined that SAB 121 is “of future effect” because it explicitly states that it applies to certain entities and contains guidance for the entities to consider when they have obligations to safeguard crypto-assets held for their platform users. As a result, the SEC intended the SAB 121 guidance to apply prospectively to covered entities’ future accounting and disclosure practices, the GAO said. The GAO added that SAB 121 interprets and prescribes policy because it announces a preference for how covered entities should account for and disclose crypto-asset-related custodial obligations.
Any exceptions? The second step in the GAO’s review was to consider whether any of the three exceptions provided in the CRA apply to SAB 121. First, the GAO stated that SAB 121 is a rule of general applicability because it neither identifies specific entities by name nor addresses specific actions for a named entity to take. Second, the GAO determined that SAB 121 concerns actions that covered entities should take, rather than actions that the SEC management or personnel should take, and is, therefore, not a rule of agency management or personnel.
Regarding the third exception—the exception for rules of “agency organization, procedure, or practice that do[] not substantially affect the rights or obligations of non-agency parties”—the GAO concluded that SAB 121 does not qualify because it has a substantial impact on its regulated community.
Specifically, the GAO noted that SAB 121 recommends best practices for how covered entities should account for their obligations to safeguard the crypto-assets they hold for their platform users. It advises the covered entities on how they can fulfill certain financial disclosure obligations to ensure compliance with SEC staff’s interpretations of these obligations. By advising the covered entities in this manner, the GAO said, SAB 121 is encouraging the regulated community to change its internal operations or policies to comply with its guidance.
The GAO determined that because SAB 121 changes covered entities’ expectations of how SEC will evaluate their compliance, and because it encourages these entities to change their internal operations and policies, it has a substantial effect on the financial disclosure obligations of non-agency parties. The GAO was left to conclude, therefore, that SAB 121 does not fall within the CRA’s exception for rules of agency organization, procedure, or practice that do not substantially affect the rights or obligations of non-agency parties.