Stablecoin Reserve Transparency: Attestation vs Audit vs Proof-of-Reserves

"The issuer publishes its reserves" sounds reassuring until you ask at what assurance level. A dashboard, an attestation, and an audit are three different things, and a treasury that cannot tell them apart cannot really assess issuer risk. This guide is the three tiers and what GENIUS now mandates.

TL;DR

• Three tiers, increasing rigor: proof-of-reserves view → third-party attestation (point-in-time, defined procedures) → financial-statement audit (comprehensive, opinion).
• An attestation ≠ an audit; a dashboard ≠ either (the PoR vs audit distinction, applied to issuers).
• GENIUS mandates monthly reserve-composition disclosure + annual independent audit (larger issuers) — floor raised from voluntary.
• Read the assurance tier, scope, firm, cadence — not just "they have transparency".
• Treasury policy should set a minimum assurance tier for stablecoin eligibility.
• A PoR dashboard is not a solvency proof — an input, weighted by who produced it.

The three tiers

They are increasing in rigor and scope. The recurring error is conflating them — treating a dashboard as an audit (the proof-of-reserves vs audit point, at the issuer level).

Attestation is not audit

An attestation (often agreed-upon-procedures or an examination) reports on specific assertions at a point in time, typically narrower scope and a different assurance level than a financial-statement audit (comprehensive, registered firm, opinion). For treasury due diligence, which tier the issuer provides matters more than the mere presence of "transparency". "We publish attestations" and "we are audited" are not the same claim.

What GENIUS mandates

For permitted payment stablecoin issuers, GENIUS requires monthly public disclosure of reserve composition and, for larger issuers, annual independent audits — raising the floor from voluntary attestations to a mandated disclosure-plus-audit regime. The exact scope and effective date are rule-trigger-dependent and counsel-confirmed (see GENIUS impact); the direction is clearly toward higher, mandated assurance for US issuance.

How a treasury should read it

For each candidate stablecoin issuer, identify:

• the assurance tier (PoR / attestation / audit);
• the scope (which assertions, what period, what is excluded);
• the firm and its registration;
• the cadence (monthly attestation + annual audit vs occasional dashboard).

A monthly attestation by a recognised firm plus an annual audit is materially stronger than a self-reported dashboard. Treasury policy should specify the minimum assurance tier for a stablecoin to be eligible.

A dashboard is not solvency

A proof-of-reserves view typically shows assets at a point in time, often does not capture all liabilities/off-chain obligations, and may carry no formal assurance — the same limitations as elsewhere. It is a transparency signal, not a solvency proof or an audit. Treat it as one input, weighted by who produced it and under what assurance — never a conclusion.

Practical guidance

1. Classify the assurance tier of every issuer's reserve reporting.
2. Do not equate attestation with audit, or a dashboard with either.
3. Use the GENIUS floor (monthly disclosure + annual audit) as a benchmark — hedge the effective date.
4. Read scope, firm, registration, cadence, not just "transparent".
5. Set a minimum assurance tier in treasury policy for eligibility.
6. Treat PoR as one weighted input, not a solvency proof.

How vendor tools support assurance tracking

Cryptio and Request Finance tag holdings by issuer; the assurance-tier assessment is a due-diligence input the treasury records against each. Confirm the tool lets you attach the issuer's assurance status to the holding so policy can enforce a minimum tier — the assessment is judgement; the tool keeps the record.

How Wag3s helps

Wag3s Ledger records each stablecoin holding's issuer and the assessed reserve-assurance tier, so treasury policy can enforce a minimum (e.g. audited issuer) and the due-diligence basis is on the audit trail — assurance becomes a tracked, enforceable criterion, not an impression. See the Ledger product page and the Wag3s for accountants page.

Further reading

• Proof of Reserves vs a Financial-Statement Audit
• The GENIUS Act and Stablecoin Treasury
• Stablecoin Treasury Policy
• Stablecoin Depeg Risk for Treasury
• MiCA Stablecoins (ART/EMT)
• Stablecoin Treasury Accounting Controls

Sources

• Assurance distinction: proof-of-reserves view (often no/limited assurance) vs third-party attestation (point-in-time, defined procedures) vs financial-statement audit (comprehensive, registered firm, opinion) — see proof-of-reserves vs audit
• GENIUS Act — monthly public reserve-composition disclosure and annual independent audit for (larger) permitted payment stablecoin issuers; scope/effective date rule-trigger-dependent, counsel-confirmed
• A proof-of-reserves dashboard is a transparency signal, not a solvency proof or an audit (point-in-time, may exclude liabilities, may carry no formal assurance)