Crypto Tax Software Developers Get Serious About System Standards

A growing number of crypto tax software developers are trying to bolster their products’ technical credibility with the Certified Public Accountant's (CPA) stamp of attestation.

Attestation is an independent review conducted by a CPA, whose report includes conclusions about the reliability of data, statements – or systems, in the case of software services.

Lukka and Verady, two competing developers, both announced on Jan. 21 their tax software solutions have received System and Organization Control (SOC) attestation reports from independent auditors. In doing so, the companies’ respective executives told CoinDesk, they are providing services that clients can trust.

“There have been too many instances where crypto enterprises have failed because they utilize systems to provide service that are suspect and become compromised,” said Lukka CEO Jake Benson.

Lukka and Verady both addressed others’ failures by turning to SOC. It’s a set of standards developed by the American Institute of Certified Professional Accountants (AICPA) to assist auditors and users in evaluating a system’s trustworthiness, said Mimi Blanco-Best, CPA, a senior manager at the AICPA and lead developer of its SOC services.

SOC 1 reports on a system’s reporting controls and SOC 2 reports on its handling of user data and data privacy. Within both levels, Type 1 reports evaluate that system’s control design (does it work properly in the moment) and the Type 2 reports evaluate operational efficacy (does it work properly over time).

Lukka received SOC 1 Type 2 and SOC 2 Type 2 attestation reports from Friedman LLP (who was once Tether’s auditor) on Jan 21. Verady’s “Legible” tax platform received SOC 1 Type 1 from Cohen and Company.

Blanco-Best, the AICPA product manager, said SOC attestation reports help a business, and its clients and partners, judge a system and manage risk.

“If I get an SOC report – let's say an SOC 2 report – that gives me some comfort in the service provided by an organization, that the organization using my data is handling my data properly,” she said.

Comfort leads to trust, and trust builds relationships with otherwise skittish clientele, Verady CEO Kell Canty said. He added that Verady is continuing to work with Cohen and Company to secure the Type 2 report.

Lukka’s Benson said SOC attestation reports help companies break into wider markets, especially with institutions: “They won’t even do business with a software company if they don’t have one.”