In a year-end change of course, the SEC identified the minimum steps that broker-dealers must take when acting as custodians of digital asset securities.
On December 23, 2020, the US Securities and Exchange Commission (SEC) staff issued a statement (Custody of Digital Asset Securities by Special Purpose Broker-Dealers) (the Statement) outlining its position on how broker-dealers must operate when acting as custodians of digital asset securities[i] in order to avoid enforcement action. The SEC’s Statement, which will be in effect for five years, is intended to encourage innovation while providing both industry participants and the SEC the opportunity to develop best practices with respect to the custody of digital asset securities.
The SEC had previously issued a joint staff statement with the Financial Industry Regulatory Authority (FINRA) in July 2019 (Joint Statement), which had highlighted the importance of compliance by broker-dealers custodying digital assets with Rule 15c3-3 of the Securities Exchange Act of 1934 (the Customer Protection Rule). The Joint Statement had emphasized how digital asset securities, as opposed to traditional securities, are particularly susceptible to being lost due to cyberfraud, cybertheft, loss of a private key, or a faulty blockchain transaction (as discussed in this blog post). The SEC’s more recent Statement repeated and expounded upon these concerns by stating that digital asset securities do not provide customers the protections offered by traditional securities infrastructure. The SEC stated that the traditional infrastructure “contains checks and controls that can be used to verify proprietary and customer holdings of traditional securities by broker-dealers, as well as processes designed to ensure that both parties to a transfer of traditional securities agree to the terms of the transfer.”
While the Joint Statement had proposed potential non-custodial approaches for broker-dealers transacting in digital asset securities, it had not put forward a potential custodial solution. Thus, it effectively closed the door for broker-dealers seeking to custody digital asset securities. In a recently published discussion paper (Current Regulatory and Operational Considerations for Broker-Dealers and a Look Towards the Future), the US Securities Industry and Financial Markets Association (SIFMA) had criticized this lack of guidance. The paper stated that digital asset projects were consequently being forced to “leverage bespoke issuance and trading models that have scalability challenges and can potentially introduce more risk to investors.” Indeed, these bespoke models include unregulated decentralized exchange models that appear to fall outside the usual rubric of the securities laws, which rely significantly on the regulation of intermediaries to protect the interests of the investing public.
Thus, the lack of guidance in this area essentially represented an abdication of the SEC’s investor protection responsibilities, as regulated entities could not offer the full range of services to consumers. As such, the publication of the Statement represents a significant development. It reads as a response to SIFMA’s exhortation to regulators to clarify the “fundamentally important” issue of how market participants can establish possession or control of digital assets in compliance with the Customer Protection Rule.
The New Guidance
The Statement lays out the minimum measures that broker-dealers must take to comply with the Customer Protection Rule when acting as custodians of digital asset securities. The guiding principle behind the measures is to mitigate the risk of the loss or theft of digital asset securities and the impact such an event which would have on broker-dealers, their customers and counterparties, and other market participants.
In addition to requiring that the broker-dealer have exclusive physical possession or control of the digital asset security, the statement strongly recommends that the broker-dealer:
- Has access to the digital asset securities and the capability to transfer them on the associated distributed ledger technology
- Limits its business to dealing in, effecting transactions in, maintaining custody of, and/or operating an alternative trading system for digital asset securities
- Maintains policies and procedures that allow the broker-dealer to conduct federal securities law analysis with respect to digital assets before undertaking to effect transactions in or custody of such assets
- Establishes policies and procedures to assess the characteristics of a digital asset security’s distributed ledger technology and associated network prior to undertaking to maintain custody of the digital asset security and at reasonable intervals thereafter
- Does not undertake to maintain custody of a digital asset security if the firm is aware of either of the following:
- Any material security or operational problems or weaknesses with the distributed ledger technology and associated network used to access and transfer the digital asset security
- Other material risks posed to the broker-dealer’s business by the digital asset security
- Establishes policies and procedures that are consistent with industry best practices to:
- Demonstrate the broker-dealer has exclusive control over the digital asset securities it holds in custody
- Protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody
- Establishes policies and procedures to:
- Identify steps it will take in the wake of events that impact custody (e.g., 51% attacks)
- Allow for the broker-dealer to comply with a court-ordered freeze or seizure
- Allow for the transfer of the digital asset securities held by the broker-dealer to an appropriate party in the event the broker-dealer can no longer continue operations
- Provides written disclosures to prospective customers relaying:
- The firm’s recognition that it is in possession or control of digital asset securities held for the customer for the purposes of the Customer Protection Rule based on its compliance with the Statement
- The risks of investing in or holding digital asset securities, as identified by the Statement
- Enters into a written agreement with each customer that sets forth the terms and conditions with respect to receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custodying, liquidating, and otherwise transacting in digital asset securities on behalf of the customer
The Statement gives market participants much-needed insight into the SEC’s views on custody of digital asset securities, while allowing the SEC time to “continue to evaluate its position.” In the meantime, broker-dealers that seek to custody digital asset securities must navigate FINRA’s new membership approval process. This process will likely continue to be somewhat arduous in the area of digital asset securities, at least until a more well-worn path is forged for digital asset broker-dealers. Nonetheless, the Statement is a welcome course correction that will enable regulated entities to help protect the interests of investors seeking to engage with this new asset class — an important goal that will require continued attention and innovative solutions by the SEC.
[i] For the purposes of the Statement, the SEC defined the term “digital asset” as an asset issued or transferred using distributed ledger or blockchain technology (DLT), including “virtual currencies,” “coins,” and “tokens.” As such, the SEC understood a digital asset security to be any of the foregoing that meets the definition of a security under federal securities laws.