Home
Insights
Commentary
Tokenized Assets Are Redefining Audits and Compliance in New Ways

Tokenized Assets Are Redefining Audits and Compliance in New Ways

Key Takeaways

Tokenized assets introduce unique risks for audits and compliance, including AML and sanctions failures.
Audit readiness requires verifying ownership, measuring volatility, and ensuring proper disclosures for blockchain assets.
Regulators are imposing stricter standards on digital assets, with noncompliance leading to significant penalties.
Strong AML programs and blockchain monitoring tools are essential to address financial and legal risks.
Trust in tokenized assets depends on rigorous assurance processes and proactive compliance efforts.

BY Fotis Konstantinidis

May 15, 2025

Tokenized assets, including stablecoins and digital representations of real-world assets, are increasingly entering corporate balance sheets, posing new risks for audit and compliance professionals. Blockchain’s promise of efficiency and transparency is complicated by its inherent pseudo-anonymity and decentralized infrastructure.

For firms and their auditors, two areas are emerging as particularly critical: preparing for audits of tokenized transactions, and understanding the rising impact of anti-money laundering, or AML, and sanctions failures on financial reporting.

What is at stake? Financial misstatements, enforcement penalties, reputational damage, and potential threats to the organization’s viability. Auditors and their clients must adapt or risk falling behind.

Tokenized assets are increasingly held by public companies, funds, and financial institutions. As these assets move into mainstream portfolios and accounting systems, regulators and audit committees are demanding greater accountability. Yet traditional audit practices (designed for bank accounts and inventory ledgers) don’t easily apply to blockchain systems.

Audit Readiness

Audit readiness is no longer about ticking boxes. It is about demonstrating that tokenized assets are real, owned by the entity, properly valued, and disclosed in accordance with evolving accounting standards. Yet many companies and audit teams may be unprepared for what this means in practice. Firms must rethink how they complete several key tasks.

Verifying existence and ownership

Unlike cash in a bank, tokenized assets are stored on-chain and may be controlled by cryptographic keys. Auditors must determine whether an entity truly controls those assets and assess the risk of loss or misappropriation.

Measuring value and volatility

Crypto markets are volatile, trade 24/7, and often lack traditional price discovery mechanisms. With new fair value requirements in place, firms must justify their valuation methods under heightened scrutiny.

Ensuring proper disclosure

Updated US generally accepted accounting principles guidance demands clear reporting on how these assets are safeguarded and measured. Disclosures must reflect the specific risks associated with custody, access, and market instability.

These tasks affect every step of the audit process, from planning to fieldwork to forming an opinion. Audit firms need to bring in specialized talent, adopt blockchain-native tools, and develop methodologies that go beyond checklists to assess environments in entirely new ways.

Companies holding these assets also must be ready to support these efforts with robust internal controls, documented policies, and transparent service-provider relationships. Waiting until the audit starts is already too late.

An Escalating Risk

Regulators around the world have sharpened their focus on illicit finance risks tied to digital assets. US agencies such as the Office of Foreign Assets Control and the Financial Crimes Enforcement Network, and global bodies such as the Financial Action Task Force, now expect crypto businesses to apply the same, if not stricter, standards as banks. Noncompliance poses several consequences.

Massive enforcement penalties: Recent crypto enforcement actions have exceeded $4 billion in penalties.
Disclosure obligations: Companies must report known risks or ongoing investigations tied to compliance failures.
Going concern implications: Material violations can threaten a firm’s ability to operate, particularly if access to financial markets is impaired.
Restatements and impairments: Assets tied to sanctioned wallets may become legally or practically worthless, requiring impairment charges and revised financials.

These risks directly impact the financial statements. Weak AML programs are no longer a “compliance-only” issue—they also are an audit issue, a valuation issue, and a legal risk that could undermine investor confidence. Auditors must evaluate how effectively a company is identifying, monitoring, and managing these exposures.

For companies, this means proactively upgrading compliance programs, monitoring blockchain activity with the right tools, and ensuring clear documentation of how risks are addressed. For audit teams, this requires integrating AML and sanctions risk into the audit approach—not as a separate checklist, but as part of how financial assertions are tested and evaluated.

Call to Action

Tokenization is a fundamental shift in how value is created, stored, and transferred rather than a niche experiment. But trust in this new system can’t be assumed; it must be earned. To meet the moment, both audit firms and token-holding entities must act.

Auditors and legal advisers should invest in training and talent knowledgeable in areas including blockchain, various crypto asset types, cryptography, AML, sanctions, and accounting standards. They can also use specialized audit tools, including blockchain analytics software and cryptographic verification methods, to gather sufficient appropriate audit evidence.

It’s also a good idea for auditors and legal advisers to redesign risk assessments, audit planning, and testing procedures to address the unique challenges of tokenized assets, such as pseudo-anonymity and reliance on off-chain data. They should recognize that AML/sanctions compliance program effectiveness is directly relevant to assessing the risk of material financial misstatement. Findings from compliance testing provide substantive evidence.

Companies holding tokenized assets should prioritize strong controls around private key generation, storage, and access. Also, they should establish secure transaction authorization workflows and perform regular reconciliation between internal records and blockchain data.

These companies should develop and rigorously maintain effective AML, Know Your Customer, and sanctions screening programs tailored to the specific risks of crypto assets. This includes using appropriate blockchain analytics tools.

Firms should thoroughly vet and continuously monitor custodians and other service providers, and ensure comprehensive records support asset existence, ownership claims, valuation methodologies, and compliance activities. It’s important to be prepared for heightened auditor scrutiny.

Companies shouldwork closely with auditors and legal counsel who possess demonstrable expertise in blockchain technology and cryptoasset risks before significant issues arise. The path forward for the tokenized economy depends on establishing trust.

This trust can only be built through rigorous assurance processes and a demonstrable commitment to compliance. Proactively addressing these invisible risks isn’t just best practice; it is essential to sustainable growth and avoiding significant financial and legal repercussions.

This article was previously published in Bloomberg Law.