Public companies are increasingly holding or transacting in Bitcoin, Ether, stablecoins, tokenized real‑world assets, and other digital tokens as investment, treasury, strategic, or operating assets, while regulators and standard setters have significantly focused on the accounting, disclosure, and internal controls associated with these holdings.
Many companies are no longer asking, “should we add digital assets,” but rather, “when we add digital assets, will we be ready for this change?” If your company is considering acquiring digital assets, make sure you have addressed the following factors before diving in.
While this article focuses on public companies, many of the concepts and suggestions (e.g., accounting and reporting, controls, governance, risk assessment) are also applicable to private companies.
An Evolving Landscape
The most significant crypto-related development in the U.S. Generally Accepted Accounting Principles (GAAP) was the issuance of FASB Accounting Standards Update (ASU) No. 2023-08, Accounting for and Disclosure of Crypto Assets in December 2023, which addresses the accounting and disclosure requirements for crypto assets that meet the following criteria:
- The asset meets the GAAP definition of an intangible asset.
- The holder does not have “enforceable rights to or claims on underlying goods, services, or other assets.”
- The asset is created or resides on “a distributed ledger based on blockchain or similar technology.”
- The asset is secured by cryptography.
- The asset is fungible.
- The asset is “not created or issued by the reporting entity or its related parties.”
The guidance, effective for fiscal years beginning after Dec. 15, 2024 (including interim periods within those years), was issued partly due to concerns that crypto assets were not being accounted for in a manner that reflected the economic substance of the instrument (i.e., at cost as an intangible asset). It requires entities to measure certain crypto assets at fair value, with changes in fair value recorded in net income in each reporting period. Entities are also required to provide additional disclosures about the holdings of these assets.
Since then, standard setters and regulators have continued to refine the accounting framework for digital assets. In April 2026, the Financial Accounting Standards Board (FASB) discussed expanding the scope of Subtopic 350‑60 to include additional crypto asset structures (e.g., wrapped tokens) and considered guidance clarifying when certain stablecoins may qualify as cash equivalents.
The SEC is also expanding its regulatory framework for digital assets. Throughout 2025, the SEC issued interpretive guidance clarifying disclosure expectations for crypto-related businesses, requiring detailed descriptions of business models, token mechanics, governance structures, and risk factors tailored to digital assets.
In addition, broader regulatory initiatives like the SEC’s Crypto Task Force and a series of no‑action positions and interpretive statements focus on providing greater clarity on federal securities laws.
Additionally, the SEC continues to emphasize transparent business descriptions, risk factors, management discussion and analysis (MD&A), and financial statement disclosures related to digital asset price volatility, liquidity, legal and regulatory uncertainty, cybersecurity and technology risks, custody risks, and concentration risks, including large single‑name or single‑protocol exposures. Public companies should expect ongoing staff focus in comment letters on the consistency of digital asset disclosures across Form 10‑K, 10‑Q, and 8‑K filings, particularly where digital asset activities are material to the business or financial statements.
Companies should expect ongoing changes in accounting treatment and disclosure requirements as the regulatory environment continues to evolve.
Usage by Public Companies
The digital asset ecosystem is expanding for public companies, including sponsorship or exposure to digital asset investment products.
Recent industry surveys indicate accelerating institutional adoption of digital assets. State Street’s 2025 Digital Assets Outlook found that nearly 60% of institutional investors plan to increase their digital asset allocations in the next year, with average exposure expected to double within three years. Additionally, over half of respondents anticipate 10% to 24% of portfolios to be tokenized by 2030,.[1]
In public markets, corporate adoption has also accelerated significantly. By mid‑2025, digital assets held by public companies exceeded $124 billion, representing approximately 3.2% of the total crypto market capitalization, with rapid growth driven in part by increasing adoption of assets beyond Bitcoin (including Ether and other tokens).[2] As of the latest estimates, nearly 200 publicly traded companies globally hold digital assets on their balance sheets.[3]
Institutional accumulation has also expanded within specific networks. For example, corporate treasuries and exchange-traded products together have grown to hold more than 10% of the total Ethereum supply.[4]
Because the landscape is changing quickly and public filings do not always categorize digital assets uniformly, companies planning to enter this space should benchmark their planned disclosures and governance approach against peers in the same industry and market segment, reviewing recent 10‑K and 20‑F filings of digital‑asset‑active public companies and digital asset-linked funds and trusts. Companies should also monitor whether emerging digital asset structures (including tokenized financial assets and stablecoins with redemption rights) qualify for alternative accounting treatment under evolving FASB guidance.
Asset Types and Use Cases
To develop an effective digital asset strategy, management should clarify its objectives, including risk tolerance, liquidity needs, and strategic use cases, because different asset types carry unique risk, accounting, and control profiles.
- Highly liquid and widely traded cryptocurrencies like Bitcoin and Ether are, under ASU 2023‑08, typically measured at fair value with changes in fair value recognized through earnings, but remain subject to extreme price volatility and evolving regulatory treatment. They may be used as alternative stores of value, portfolio diversifiers, or indirect exposure via spot exchange‑traded products.
- Stablecoins pegged to fiat currencies (for example, U.S. dollar-pegged coins) can reduce price volatility and facilitate payments and settlement, yet create unique risks tied to the quality and transparency of reserves, redemption mechanisms, and potential securities or banking law implications.
- Digital tokens — including utility tokens, non‑fungible tokens (NFTs), and tokenized real‑world assets (RWAs) — may provide access to platforms, services, or tokenized financial instruments, but often feature limited liquidity, complex rights structures, and rapidly evolving regulatory frameworks, which can complicate classification, measurement, and disclosure assessments.
Because classification drives accounting, tax, and regulatory outcomes, companies should involve accounting, tax, legal, and compliance specialists early to determine how holdings within the scope of ASU 2023‑08 should be treated.
Custody, Safeguarding, and Internal Control Considerations
Custody of private keys — is tightly linked to both financial reporting and Sarbanes‑Oxley Act Section 404 (SOX 404) internal control requirements.
Self‑custody arrangements, where the issuer directly controls wallets and keys, provide maximum control but demand mature information security practices, including hardware security modules (HSMs) or cold‑storage devices, multi‑signature configurations, strict key management procedures, segregation of duties, and incident response plans tailored to blockchain‑based operations. Third‑party custodians can offer institutional‑grade security, insurance coverage, and operational efficiencies, but they introduce counterparty risk and require thorough due diligence, including review of SOC reports, legal terms, sub‑custodian arrangements, and business‑continuity capabilities.
Internal controls over financial reporting (ICFR) should specifically address:
- Wallet and key governance (creation, backup, rotation, access approval, and revocation).
- Transaction initiation, approval, and settlement workflows, including multi‑factor approvals and spending limits.
- Reconciliation of on‑chain balances to the general ledger, including independent verification of wallet ownership and completeness of transaction capture.
- Monitoring controls over protocol changes (for example, hard forks, network upgrades), counterparty risks (exchanges, custodians, DeFi protocols) and compliance with relevant laws and sanctions regimes.[5]
SOX 404 Focus Areas
SOX 404 requires management to assess — and for accelerated and large accelerated filers, auditors to attest to — the effectiveness of ICFR over all material accounts and disclosures, including those affected by digital assets.
Because digital asset activities are often technology‑intensive, cross‑functional, and high‑risk, they require focused SOX 404 planning and governance. Management should explicitly consider digital assets when performing ICFR scoping, risk assessment, and documentation, including identifying significant accounts and relevant assertions for digital asset balances, revenue streams, expenses, and gains or losses. Control design should reflect the end‑to‑end digital asset lifecycle — onboarding, acquisition, conversion, transfer, staking or other use, impairment or fair value measurement, disposal — and should incorporate both IT general controls (change management, access, and operations) and application and process controls.
For companies with significant digital asset activities, this means integrating blockchain‑specific risks into the annual ICFR scoping, designing and testing key controls over digital asset recognition, valuation, safeguarding and disclosure, and ensuring that control deficiencies in these areas are evaluated for potential significant deficiency or material weakness reporting.
For accelerated and large accelerated filers subject to Section 404(b), the external auditor will need sufficient evidence over these controls, which may require examination of custodian SOC reports, blockchain analytics, on‑chain reconciliations and testing of novel technology components, such as smart contracts or proprietary trading or treasury systems. Smaller reporting companies that are exempt from 404(b) attestation should still ensure their internal evaluation under 404(a) appropriately addresses digital asset‑related risks.
Financial Reporting, Disclosures, and Presentation
Digital assets create complex recognition, measurement, and disclosure questions, and public companies should ensure their policies are updated for recent standard-setting and SEC developments.
For crypto assets within ASU 2023‑08, entities must:
- Measure eligible crypto assets at fair value each reporting period using an appropriate valuation methodology, incorporate observable market data where available, and classify fair value measurements within the ASC 820 hierarchy.
- Present in‑scope crypto assets measured at fair value separately from other intangible assets on the balance sheet, and separately present gains and losses from fair value remeasurement in the income statement.
- Provide enhanced footnote disclosures on the nature of the assets, restrictions on use or transfer, significant concentrations, valuation policies, fair value hierarchy, sensitivity to valuation inputs and significant events after the balance sheet date.
Entities safeguarding digital assets for others must reassess whether they control those assets under existing GAAP and, if so, recognize both the digital assets and associated obligations and provide transparent disclosures regarding their custodial activities and related risks. Public companies should also align risk factor, MD&A, and financial statement disclosures so that descriptions of market, credit, liquidity, technology, legal and regulatory risks around digital assets are consistent and tailored rather than boilerplate.
Tax, regulatory capital, and cross‑border considerations should be addressed in the accounting policy disclosures where material, including jurisdictional differences in the treatment of staking, lending, yield‑generating strategies, and tokenized securities. Given the rapid pace of change, audit committees should request periodic updates from management and external advisers on new SEC rulemaking, enforcement actions and standard‑setting activity affecting digital assets.
An Integrated Roadmap
Ultimately, a successful digital asset strategy for a public company requires a multi-phase roadmap: assess strategic use cases and risk appetite, pilot with tightly scoped assets and partners, strengthen custody and internal controls, and then scale exposure as governance, technology and regulatory clarity mature. Whether the focus is Bitcoin and Ether as treasury assets, stablecoins for payments, or tokenized RWAs as part of capital markets and product innovation, each use case must be consistent with clear business objectives, documented policies, transparent disclosures and SOX 404‑ready control environments that can withstand investor, auditor, and regulator scrutiny.
To learn more, speak with our crypto practice leaders, or the author.
Footnotes
[1] State Street, accessed May 18, 2026.
[2] CEX-IO, July 31, 2025, accessed May 18, 2026
[3] The “200 companies” figure is an approximation derived by synthesizing multiple sources. Most public companies with digital assets (approximately 1500 hold Bitcoin).
[4] The Block, October 7, 2025, accessed May 18, 2026
[5] CBIZ, “The Sarbanes-Oxley Act: Navigating Compliance for Digital Currency Companies”, accessed February 3, 2026
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.
