Christmas came early for many in the digital asset community by way of a statement from the U.S. Securities and Exchange Commission (“SEC” or “Commission”) on December 23, 2020 that grants relief in the area of broker “custody” of digital asset securities. The framework laid out by the SEC will operate somewhat like a hybrid no-action letter/safe harbor/pilot program, pursuant to which “special purpose” brokers may follow certain, specific steps and custody digital asset securities during a five-year program period without the risk of facing an enforcement action.
U.S. broker-dealers are subject to a multitude of laws and rules, including those of the SEC and the Financial Industry Regulatory Authority (“FINRA”). One such rule is the “Customer Protection Rule” (Rule 15c3-3 under the Securities Exchange Act of 1934 (“Exchange Act”)). As the SEC points out, the Customer Protection Rule requires, in part, that a broker-dealer promptly obtain and thereafter maintain physical possession or control of all fully-paid and excess margin securities it carries for customer accounts, and segregate customer securities and related cash from the firm’s proprietary business activities, other than those that facilitate customer transactions.
For several years, in various areas of its jurisdiction, the SEC has been forced to balance the rapid development of a nascent industry that sprung up around blockchain technology and digital assets against the backdrop of the need to enforce compliance with existing rules and regulations and carry out its mission, including to protect investors. At the same time, in the absence of SEC guidance on many areas affecting this new industry (including custody), industry participants have been left to develop solutions based on their best guess of what the SEC expects or will accept.1 The SEC acknowledges, and as the SEC notes in the statement, questions have arisen, and persisted, surrounding the application of the Customer Protection Rule to the custody of digital asset securities. In this regard, the SEC acknowledges that “the market for digital asset securities is still new and rapidly evolving. The technical requirements for transacting and custodying digital asset securities are different from those involving traditional securities. And traditional securities transactions often involve a variety of intermediaries, infrastructure providers, and counterparties for which there may be no analog in the digital asset securities market.” The SEC considers a “digital asset security” to be a digital asset that meets the definition of a “security” under the federal securities laws.2
Request for Comment
In the statement, the SEC expresses its interest in seeking input from the public on “evolving standards and best practices with respect to custody of digital asset securities.” The SEC indicates that “it intends to consider the public’s comments in connection with any future rulemaking or other [SEC] action in this area.” The SEC posed several questions on which it hopes to receive feedback from the public, including asking about industry best practices with respect to protecting against theft, loss, and unauthorized or accidental use of private keys necessary for accessing and transferring digital asset securities, and industry best practices for generating, safekeeping, and using private keys.
Relief on Custody3
Most importantly, the SEC will provide limited relief (both in terms of scope and duration) from enforcement with respect to the Customer Protection Rule in relation to digital asset securities. The SEC characterizes this as an effort to “support innovation in the digital asset securities market to develop its infrastructure” and to “provide market participants with an opportunity to develop practices and processes that will enhance their ability to demonstrate possession or control over digital asset securities.” The SEC believes this relief will also “provide the [SEC] with experience in overseeing broker-dealer custody of digital asset securities to inform further action in this area.”
The relief is available only to a “special purpose broker-dealer”—one that “limit[s] its business to digital asset securities (to isolate risk) and [that has] policies and procedures to, among other things, assess a given digital asset security’s distributed ledger technology and protect the private keys necessary to transfer the digital asset security.” Broker-dealers that deal other than with digital asset securities may not rely on the relief.
The SEC noted that a “digital asset security that is not in the exclusive physical possession or control of the broker-dealer because, for example, an unauthorized person knows or has access to the associated private key (and therefore has the ability to transfer it without the authorization of the broker-dealer) would not be held in a manner that complies with the possession or control requirement of Rule 15c3-3 and thus would be vulnerable to the risks the rule seeks to mitigate.
Key Points and Observations
Conditions to the Relief
The SEC essentially provided a roadmap of the following nine steps a broker-dealer can take to avail itself of the relief and, therefore, not risk SEC enforcement regarding compliance with the Customer Protection Rule in relation to digital asset securities:
1. The broker-dealer has access to the digital asset securities and the capability to transfer them on the associated distributed ledger technology.
2. The broker-dealer limits its business to dealing in, effecting transactions in, maintaining custody of, and/or operating an alternative trading system for digital asset securities; provided a broker-dealer may hold proprietary positions in traditional securities solely for the purposes of meeting the firm’s minimum net capital requirements under Exchange Act Rule 15c3-1 or hedging the risks of its proprietary positions in traditional securities and digital asset securities.
3. The broker-dealer establishes, maintains, and enforces reasonably designed written policies and procedures to conduct and document an analysis of whether a particular digital asset is a security offered and sold pursuant to an effective registration statement or an available exemption from registration, and whether the broker-dealer meets its requirements to comply with the federal securities laws with respect to effecting transactions in the digital asset security, before undertaking to effect transactions in and maintain custody of the digital asset security.
4. The broker-dealer establishes, maintains, and enforces reasonably designed written policies and procedures to conduct and document an assessment of the characteristics of a digital asset security’s distributed ledger technology and associated network prior to undertaking to maintain custody of the digital asset security and at reasonable intervals thereafter.
5. The broker-dealer does not undertake to maintain custody of a digital asset security if the firm is aware of any material security or operational problems or weaknesses with the distributed ledger technology and associated network used to access and transfer the digital asset security, or is aware of other material risks posed to the broker-dealer’s business by the digital asset security.
6. The broker-dealer establishes, maintains, and enforces reasonably designed written policies, procedures, and controls that are consistent with industry best practices to demonstrate the broker-dealer has exclusive control over the digital asset securities it holds in custody and to protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody.
7. The broker-dealer establishes, maintains, and enforces reasonably designed written policies, procedures, and arrangements to: (i) specifically identify, in advance, the steps it will take in the wake of certain events that could affect the firm’s custody of the digital asset securities, including, without limitation, blockchain malfunctions, 51% attacks, hard forks, or airdrops; (ii) allow for the broker-dealer to comply with a court-ordered freeze or seizure; and (iii) allow for the transfer of the digital asset securities held by the broker-dealer to another special purpose broker-dealer, a trustee, receiver, liquidator, or person performing a similar function, or to another appropriate person, in the event the broker-dealer can no longer continue as a going concern and self-liquidates or is subject to a formal bankruptcy, receivership, liquidation, or similar proceeding.
8. The broker-dealer provides written disclosures to prospective customers: (i) that the firm is deeming itself to be in possession or control of digital asset securities held for the customer for the purposes of paragraph (b)(1) of Rule 15c3-3 based on its compliance with the SEC’s statement; and (ii) about the risks of investing in or holding digital asset securities that, at a minimum: (a) prominently disclose that digital asset securities may not be “securities” as defined in the Securities Investor Protection Act of 1970 (“SIPA”)—and in particular, digital asset securities that are “investment contracts” under the Howey test but are not registered with the Commission are excluded from SIPA’s definition of “securities”—and thus the protections afforded to securities customers under SIPA may not apply; (b) describe the risks of fraud, manipulation, theft, and loss associated with digital asset securities; (c) describe the risks relating to valuation, price volatility, and liquidity associated with digital asset securities; and (d) describe, at a high level that would not compromise any security protocols, the processes, software and hardware systems, and any other formats or systems utilized by the broker-dealer to create, store, or use the broker-dealer’s private keys and protect them from loss, theft, or unauthorized or accidental use.
9. The broker-dealer enters into a written agreement with each customer that sets forth the terms and conditions with respect to receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custodying, liquidating and otherwise transacting in digital asset securities on behalf of the customer.
A broker-dealer that complies with the steps will not be subject to an SEC enforcement action on the basis that the broker-dealer deems itself to have obtained and maintained physical possession or control of customer fully paid and excess margin digital asset securities for the purposes of paragraph (b)(1) of Rule 15c3-3.4
The relief is valid for 5 years from the date of the statement.
The statement applies to the broker Customer Protection Rule (and only one aspect thereof). Importantly, the statement does not apply to the “Custody Rule” for investment advisers (Rule 206(4)-2 under the Investment Advisers Act of 1940). This is another critical area of uncertainty in the path toward regulatory compliance for investment advisers dealing with digital assets (both securities and non-securities) for their clients. In early November 2020, SEC staff of the Division of Investment Management (“IM Division”), in consultation with the SEC’s “FinHub” staff, issued a statement with respect to the custody of digital assets. Unfortunately, we were left without clarity on what the SEC considers to be “custody” for purposes of the adviser Custody Rule. It appears that the SEC is still in fact-gathering and listening mode in that respect, as it has been since as early as January 2018.5
This is a major development that literally surfaced in the final few hours of the Clayton-led SEC under President Trump. This is important for at least two reasons. First, from a procedural standpoint, we would typically expect the SEC to provide this type of relief pursuant to formal rulemaking (like a pilot program) or a formal exemption. But those actions require significant time and agency resources. Chairman Clayton’s agenda was quite robust, and many of those agenda items made it over the finish line under his tenure. It may be that there simply was not enough time to get this one out the door in the typical manner. Also, the use of “Commission Statements” in place of formal rulemaking has become more prevalent in recent years. The SEC has used this approach several times under Chairman Clayton’s leadership.6 A statement or relief like this from the Commission itself carries more weight than does guidance or relief from the SEC staff—it is viewed as a better foundation on which market participants may rely, given that the Commission is not bound by staff-level guidance/relief.
Second, what the SEC giveth, the SEC may also take away. Said differently, it is just as easy for the SEC to roll back this relief as it was to grant it (actually, it is easier to unwind). All bets are off under a Biden-appointed SEC Chair. But we likely will not know who will fill that seat until late spring/early summer 2021. In the meantime, the remaining four Commissioners will have responsibility for running the agency. This likely means that SEC Commissioner Hester Peirce (who is outspokenly pro innovation and often shares her views in the crypto context) or Commissioner Elad Roisman will serve as interim Chair until approximately January 20, 2021 when President-Elect Biden will be sworn in as President. At that time, it is likely that SEC Commissioner Allison Lee will become acting Chair until a permanent Chair is nominated and confirmed. The nomination and confirmation process can take several months. For example, Chairman Clayton did not assume his role until May 2017, roughly four months after President Trump entered the oval office.
As FINRA members, eligible broker-dealers will be subject to examination by FINRA and SEC staff to review whether the firm is operating in a manner consistent with the prescribed steps.
This is certainly a positive development for the crypto and blockchain community and also one that opens a new channel of growth and opportunity for the broker-dealer community. This could also signal hope that the investment management community, including investment advisers and funds, will receive guidance or similar relief from the SEC regarding compliance with the Custody Rule in relation to digital assets, including concerning serving as a “qualified custodian.” We will monitor developments in this area, including updates from the SEC as it gathers feedback from the public, insight from the agency over time as market participants rely on the relief, and any potential Commission rulemaking in this area.
1 In June 2019, SEC and FINRA staff issued a joint statement on broker-dealer custody of digital assets. Of particular focus was how (and whether) broker-dealers could meet the possession or control standards prescribed in the Customer Protection Rule. That letter provided several examples of questions with which the staffs were grappling, but ultimately no answers or guidance were offered. Instead, the letter noted that “the specific circumstances where a broker-dealer could custody digital asset securities in a manner that the Staffs believe would comply with the Customer Protection Rule remain under discussion, and the Staffs stand ready to continue to engage with entities pursuing this line of business.”
2 The SEC considers a “digital asset” to be an asset that is issued and/or transferred using distributed ledger or blockchain technology, including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.” The SEC points out that, in its view, a digital asset may or may not meet the definition of a “security” under the federal securities laws. See, e.g., Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, Exchange Act Release No. 81207 (July 25, 2017).
3 The relief does not modify or change any obligations of a broker-dealer, or other party, to otherwise comply with the federal securities laws, including the broker-dealer financial responsibility rules, obligations regarding proxy voting and beneficial ownership communications, as well as the broker-dealer’s obligation to become a member of FINRA and to comply with applicable anti-money laundering and countering the financing of terrorism obligations under the Bank Secrecy Act.
4 The SEC points out that paragraph (b)(1) of Rule 15c3-3 requires that a broker-dealer “control” customer fully paid and excess margin securities, it may not be possible for a broker-dealer to establish control over a digital asset security with the same control mechanisms used in connection with traditional securities.
5 See, e.g., January 2018 letter from the Director of the IM Division to the Investment Company Institute (“ICI”) and Securities Industry and Financial Markets Association (“SIFMA”). See also March 2019 response from the Deputy Director and Chief Counsel of the IM Division to ICI.
6 See https://www.sec.gov/rules/policy.shtml.