FirmAdapt
FirmAdapt
LIVE DEMO
Back to Blog
cryptocurrencysec-regulationdigital-assetssec-and-regulatory

How the SEC Treats Crypto Disclosures (and How to Read Them)

By Basel IsmailJuly 10, 2026
How the SEC Treats Crypto Disclosures (and How to Read Them)

If you cover companies for a living, or you're just a serious investor who reads filings, crypto has quietly become a line item you can't skip anymore. A company holds Bitcoin in treasury. Another one accepts stablecoins. A third runs a mining operation or builds on a blockchain protocol. The SEC has been busy in this space for years, and it expects specific disclosures from any of them. The framework is still being written, which makes it more interesting to read, not less.

I want to walk through how the SEC actually thinks about digital-asset disclosure, and then give you a checklist for reading a crypto-exposed company's filings without getting spun. Most of the useful signal is sitting in plain sight in the footnotes. You just have to know where to look.

The framework, as it stands

The SEC's whole approach to digital assets runs through the Howey Test, the Supreme Court standard for deciding whether an arrangement is an investment contract, and therefore a security. Plenty of tokens that launched as "utility tokens" got reclassified as securities under that lens, which drags their issuers into the full weight of SEC registration and disclosure rules. If you're reading a company's crypto disclosures and you don't see the word "security" or any acknowledgment that a token could be treated as one, that's worth a second look.

Accounting has been the other big fault line. For years, a company holding Bitcoin had to treat it as an intangible asset, which meant it could write the value down when prices fell but couldn't write it back up when prices recovered. That produced balance sheets that understated crypto holdings after any rebound. FASB changed this: under ASU 2023-08, in-scope crypto assets are now measured at fair value, with changes running through net income. Practically, that means crypto holdings will now swing earnings in both directions, and you need to separate those mark-to-market moves from the actual operating business when you read the income statement.

Here's why that matters in practice. Say a company reports a big jump in net income for a quarter, and then you dig into the notes and find most of the increase came from an unrealized gain on Bitcoin it just marked up. The operating business may not have grown at all. Under the old intangible-asset rules you'd never have seen an upward mark, so the gain stayed invisible, but now it can inflate a headline number that has nothing to do with how the business actually performed. The reverse is just as true in a down quarter. Whenever crypto is on the balance sheet, ask how much of the earnings move is a mark and how much is real.

The SEC has also spent real energy on crypto lending, staking programs, and DeFi platforms. Anyone offering a yield on crypto deposits invites the question of whether that product is an unregistered securities offering, and several large platforms have been through enforcement over exactly that. So the label a company uses ("rewards," "yield," "staking") matters less than the economics underneath it.

What a company actually has to disclose

Once crypto exposure is material, the obligations show up across several parts of the filing. Here's where they land and what "good" looks like in each.

Risk factors. A company has to spell out the risks tied to its crypto activity: regulatory risk (the rules can move under them), custody risk (crypto can be stolen or lost outright), valuation risk (prices are volatile), and technology risk (protocols have bugs). Boilerplate isn't enough here. The SEC wants company-specific language, so if the risk factors read like they were copied from a template and could apply to any crypto company on earth, treat that as a tell.

Accounting policies. The notes to the financials should explain how the company accounts for its crypto: the valuation method, how it tests for impairment, and where the assets sit on the balance sheet. This is where you confirm whether they've actually adopted fair-value treatment and how they're handling it.

Financial-statement presentation. Crypto holdings and the gains or losses on them should be presented clearly, not buried in a generic "other assets" line. When a company tucks material crypto into a vague catch-all, that's a presentation choice, and usually not an accident.

MD&A. If crypto is material to results, management has to discuss it in the MD&A, including how price swings hit earnings and why the company is in crypto at all. A thin MD&A on a company with meaningful crypto exposure tells you management would rather not talk about it.

A checklist for reading a crypto-exposed company

When you hit a company with crypto on the books, here's the order I work through. All of this comes out of the 10-K, the notes, and the proxy, which you can pull for free on EDGAR.

Size the exposure. How much of the balance sheet is actually crypto? A company with a couple percent of assets in Bitcoin is a very different animal from one sitting at twenty percent. Go to the notes for the dollar figure and work out the percentage of total assets yourself. Say the balance sheet shows five billion in total assets and the crypto footnote lists eight hundred million in Bitcoin. That is sixteen percent, and a thirty-percent drawdown in the token wipes out close to five percent of the company's asset base in a single quarter. Run that math before you decide the exposure is minor, and don't take the narrative's word for whether it's "small."

Look at what kind of crypto activity it is. Simply holding Bitcoin as a treasury asset is one thing. Issuing tokens, running a lending product, or operating something that looks like an exchange is a different level of regulatory exposure, and companies that do several of these at once stack the risk. Map exactly which activities the company is in.

Check custody. How are the assets actually held? Self-custody, a third-party qualified custodian, and leaving assets on an exchange are three very different risk profiles. FTX made the last one painfully concrete: exchange custody carries counterparty risk that can wipe you out overnight. The filing should tell you which model the company uses.

Look for enforcement history. Has the company or an affiliate been the subject of an SEC action? Past enforcement doesn't guarantee future trouble, but it tells you the company has already been on the SEC's radar, and it usually shows up in the legal-proceedings section.

Read the audit opinion. Does the auditor say anything about crypto accounting? When holdings are material, some auditors add an emphasis-of-matter paragraph, which is their way of flagging that the area needs extra attention. That's a signal worth catching.

Mining companies are their own puzzle

Crypto miners come with a specific set of problems. Their revenue rides on hash rate, electricity cost, mining difficulty, and the token price, and all four move at once and feed into each other. The SEC has pushed miners toward clearer disclosure of their unit economics, power consumption, and environmental footprint.

When you read a miner, go looking for power purchase agreements, the depreciation schedule on the mining rigs, and any discussion of how mining difficulty affects profitability. Say a company reports strong revenue but stays quiet about rising power costs and climbing difficulty. That silence is often where deteriorating unit economics are hiding, because those are the two variables that quietly eat a miner's margin.

Stablecoins and reserves

A company that issues or holds stablecoins has to disclose what backs those tokens and whether the backing is enough. The SEC's attention on reserves sharpened after cases where issuers turned out to be holding thin or low-quality assets behind their coins.

The question you're answering is simple to state: are the reserves enough to redeem every outstanding token at face value, and are those reserve assets actually liquid and safe? Reserves parked in US Treasury bills are a different story from reserves sitting in commercial paper or corporate bonds, which carry credit and liquidity risk that can matter exactly when you'd need the reserves most. Read the composition, not just the headline dollar total.

DeFi and smart-contract risk

Companies that touch decentralized finance are dealing with technology risk and regulatory risk at the same time. Smart-contract bugs have cost the DeFi ecosystem billions, so any company that builds on or plugs into these protocols should be disclosing that exposure plainly in its filings.

On the regulatory side, the SEC has signaled that a lot of DeFi protocols may be functioning as unregistered exchanges or broker-dealers. A company earning revenue from DeFi is therefore exposed to a rule change that could reshape its business model. When you read the risk factors, check whether the company addresses that specific uncertainty or waves at it with something generic. The generic version usually means they haven't thought hard about it, or would rather you didn't.

The landscape keeps moving

The rules here are still being written. The SEC, the CFTC, and Congress are all shaping the framework at the same time, and where it lands will matter a lot for anyone with real crypto exposure. For an analyst, that uncertainty is itself a risk factor. A company whose whole model depends on one favorable regulatory interpretation is facing a binary outcome if that reading changes. The steadier businesses tend to be the ones where crypto is part of the story but not the whole story.

At FirmAdapt, our company-analysis reports flag material crypto activity and grade the quality of the related disclosures, so you can see quickly whether a company is being straight about its regulatory risk or papering over it. But you don't need a platform to do the first pass. The checklist above gets you most of the way on your own.

The bottom line

Crypto adds a layer to company analysis that simply didn't exist a decade ago, and the mix of volatile asset values, moving regulation, and new accounting rules creates risks that a plain ratio screen won't catch. The companies handling it well are the ones giving you detailed, specific, honest disclosure. The ones giving you boilerplate are telling you something too. Read the footnotes, size the exposure yourself, and check custody before you trust the narrative up front. That's most of the work, and it's the part most people skip.

Ready to uncover operational inefficiencies and learn how to fix them with AI?
Try FirmAdapt free with 3 analysis credits. No credit card required.
Get Started Free
How the SEC Treats Crypto Disclosures | FirmAdapt