The RFIA would enact a rebuttable presumption that an ancillary asset in connection with an investment contract is a commodity.

By Marlon Q. Paz, Stephen P. Wink, Jenny Cieplak, and Deric Behar

Latham & Watkins presents a blog series on the Responsible Financial Innovation Act, which was introduced in the US Senate on June 10, 2022, to create a framework for digital assets, cryptocurrency, and blockchain technology. This first post in the series covers SEC and securities issues.

Securities issues are covered in Title III (Responsible Securities Innovation) of the Responsible Financial Innovation Act (RFIA). The RFIA would add a new Section 41 to the Securities Exchange Act of 1934 (Securities Offerings Involving Certain Intangible Assets) that would provide much-needed statutory clarity on the allocation of regulatory jurisdiction over digital assets.

Ancillary Assets

Ancillary assets are presumed not to be a security: The RFIA maintains that an ancillary asset provided to a purchaser in connection with the purchase or sale of a security through an investment contract is presumed to be a commodity, and therefore is not subject to the requirements under the Securities Act of 1933 or the Securities Exchange Act of 1934. Essentially, the drafters seek to avoid the problem identified in the Telegram and Kik cases with the simple agreement for future tokens, or SAFT (see here, here, and here), in which the delivery of the ancillary asset was found to be part of the “same plan of financing” as the original security, and thus was also a security. However, this presumption is rebuttable: if a US court of competent jurisdiction conducts an appropriate proceeding, it may issue an order finding that there is not a substantial basis for the presumption that an ancillary asset is a commodity and not a security.

Disclosure Requirements: Issuers of ancillary assets would be required to furnish a comprehensive list of disclosures to the SEC semiannually, beginning on the date that is 180 days after the first date on which the security is offered, sold, or otherwise provided.

  • Unless exempted by the SEC, disclosure obligations are triggered if (1) the average daily aggregate value of all ancillary assets offered, sold, or provided by the issuer is more than $5 million, and (2) the issuer (or an owner of more than 10% of any class of the issuer’s equity securities) engages in entrepreneurial or managerial efforts that primarily determine the value of the ancillary asset.
  • Disclosure obligations “in the public interest or for the protection of investors” would include basic corporate information regarding the issuer. Among other things, disclosures must include information regarding the experience of the issuer in developing or offering assets similar to the ancillary asset; the activities that the issuer has taken in the relevant disclosure period, and is projecting to take in the one-year period following the submission of the disclosure, with respect to promoting the use, value, or resale of the ancillary asset; anticipated costs; backgrounds of the board of directors (or equivalent body), senior management, and key employees of the issuer; descriptions of assets, liabilities, and legal proceedings of the issuer; risk factors relating to the impact of the issuer on, or unique knowledge relating to, the value of the ancillary asset; ownership information; purchases, sales, and dispositions of the ancillary asset; a statement attesting that the issuer maintains the financial resources to continue business as a going concern for the one-year period following the submission of the disclosure, absent a material change in circumstances; and any material legal, regulatory, or tax considerations applicable to owning, storing, using, or trading the ancillary asset.

Termination of Disclosure Requirements: Issuers of an ancillary asset may move to terminate disclosure requirements by providing the SEC with a certification supported by reasonable evidence that the ancillary asset in question maintains a value that is no longer contingent on the issuer’s entrepreneurial or managerial efforts, i.e., it becomes sufficiently decentralized. (Or alternatively, a certification that it no longer meets the $5 million triggering threshold noted above). Denial of the certification is subject to the SEC’s discretion (by majority vote), after notice and opportunity for hearing, “if the Commission finds that the certification is not supported by substantial evidence.” If denied, issuers may refile a certification 180 days after the date on which the original certification is denied.

  • Sufficient decentralization is not a term that is employed or defined in the bill. More guidance should be provided in future iterations of the bill, as lack of precision combined with the discretionary aspect of the determination hearing may overwhelm even good-faith attempts at certification.

Broker-Dealer Custody of Digital Assets and Guidance on Good Control Location

Broker-dealer applicants have long sought guidance for the custody of digital assets in compliance with their obligations under Rule 15c3-3, known as the Customer Protection Rule. The RFIA seeks to resolve this long-standing issue by (i) clarifying that, with respect to a digital asset that is a security, the good control location under Rule 15c3–3 may be fulfilled by protecting the asset with commercially reasonable cybersecurity practices for a private key and (ii) directing the SEC to amend the Customer Protection Rule, as discussed below, and (iii) directing the SEC the adopt guidance permitting broker-dealers to engage in the trading and custody of digital asset securities.

Control Location: The RFIA would require that within 180 days from the date of enactment, the SEC issue guidance providing that the requirement to designate a satisfactory control location for a digital asset security under the Customer Protection Rule may be satisfied by protecting the digital asset through commercially reasonable cybersecurity practices.

Custody and Customer Protection Rules: The RFIA would require that within 18 months from date of enactment, the SEC complete its ongoing modernization of the Customer Protection Rule and the Custody Rule (Rule 206(4)-2 under the Investment Advisers Act). Any final rule must address (among other things) investor protection and education with respect to digital assets; digital assets, distributed ledger technology, and use of collaborative custody or multi-signature arrangements, including distribution of private key material and resulting obligations; changes in market structure and asset characteristics, and use of technology to facilitate regulatory compliance and risk management.

Trading and Custodial Activities in Digital Asset Securities: The RFIA would require that within 270 days from date of enactment, for the purposes of the Customer Protection Rule, the SEC adopt final guidance permitting a broker or a dealer to perform, within the same legal entity, both trading and custodial activities relating to fully-paid and excess margin digital assets, including virtual currency and digital assets that are securities (in addition to traditional securities, client funds, and other assets permitted by the SEC to be within the control of a broker or dealer).

SEC and CFTC Interagency Coordination

Examination Standards

The RFIA would require that within 18 months from date of enactment, the SEC and the CFTC (in consultation with the Financial Crimes Enforcement Network) publish final guidance and adopt examination standards relating to digital asset intermediaries. Topics should include anti-money laundering, customer identification, beneficial ownership, and sanctions compliance (including with respect to payment stablecoin activities and subsidiary value), and information technology standards.


Cybersecurity for digital asset intermediaries: The RFIA would require that within 18 months from the date of enactment, the SEC and the CFTC consult with Treasury and the National Institute of Standards and Technology to develop comprehensive, principles-based guidance relating to cybersecurity for digital asset intermediaries. Such guidance should account for the intermediary’s internal governance, organizational culture, and cybersecurity program; security operations; risk identification, measurement, testing, assurance, and mitigation processes; and potential for illicit activities including sanctions avoidance.

Self-Regulatory Organization (SRO)

The RFIA would require that within six months from the date of enactment, the SEC and the CFTC (in consultation with digital asset intermediaries and digital asset industry groups) study and report on the principles for development of a digital asset market SRO, and develop a proposal for its creation. Such principles should include, among other things:

  • standard setting, corporate transparency requirements, and rulemaking relating to digital asset market conduct;
  • regular consultation among the SEC and the CFTC with respect to rules governing digital asset market conduct and the governance of registered digital asset associations;
  • appropriate investigatory and disciplinary powers of registered digital asset associations and registered digital asset exchanges, respectively;
  • authority of digital asset intermediaries to conduct activities relating to traditional assets;
  • risk-based examination authority; and
  • dispute resolution and arbitration.