On July 8, 2019, the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issued a joint statement clarifying how their traditional regulatory approaches would apply to how broker-dealers handle their customers’ digital asset securities and transactions. Specifically, the statement focuses on how certain SEC and FINRA rules apply to broker-dealers that wish to take custody of digital asset securities or perform other noncustodial activities involving such assets.
The SEC and FINRA staffs (collectively, the “Staffs”) said that a number of firms have applied to FINRA to engage in broker-activities involving digital asset securities, and a number of registered broker-dealers have also submitted applications to expand their businesses to include digital asset securities services. Many of these applications cover proposed business models that would involve the applicant taking custody of digital asset securities, while others would involve certain noncustodial activities.
The Staffs acknowledged the challenges that broker-dealers face when taking custody of digital assets. Among other things, the Staffs said that custody of digital assets may create higher risks of fraud or theft, especially if the “private key” is lost or stolen. Another challenge that broker-dealers face is that simply possessing the “private key” does not by itself demonstrate that the broker-dealer has exclusive control of the asset. These risks, the Staffs said, could lead to customer losses with corresponding liabilities for the broker-dealer.
For activities that involve taking custody of digital asset securities, the Staffs said that the “fundamental elements” of the broker-dealer financial responsibility rules apply. The Staffs also raised concerns about how broker-dealers that wish to take custody of digital asset securities may comply with certain SEC and FINRA rules, including:
- The Customer Protection Rule –The Staffs expressed concern that broker-dealers that take custody of digital asset securities may not have sufficient recourse to recover digital asset securities that may be lost due to a number of heightened risks, such as theft or loss of a private key. Further, a broker-dealer may face difficulty in proving that it, or its third-party custodian, maintains custody or exclusive control of digital asset securities.
- The Books and Records and Financial Reporting Rules – The Staffs said that the decentralized nature of digital ledger technology (DLT) may make it difficult for a broker-dealer to confirm the existence of digital asset securities for purposes of the broker-dealer’s regulatory books, records and financial statements. This could also create challenges for an independent auditor in testing management’s assertions in the broker-dealer’s financial statements.
- Securities Investor Protection Act of 1970 (SIPA) – If a digital asset security were to not meet the definition of “security” under SIPA and a carrying broker-dealer were to fail, the statement notes that SIPA protection would be unlikely to apply, and therefore the holders of such digital asset securities would only have unsecured general creditor claims against the broker-dealer’s estate. The Staffs opined that they “believe that such potential outcomes are likely to be inconsistent with the expectations of persons who would use a broker-dealer to custody their digital asset securities.” The challenges associated with the Books and Records and Financial Reporting Rules would also create greater risk for customers that their securities will not be returned in the event of a broker-dealer failure.
- Control Location Applications – The Staffs said they have received applications for arrangements that would involve uncertificated securities where the issuer or a transfer agent publishes as a courtesy the ownership record using DLT (which would not be the authoritative record of share ownership), in addition to the traditional single master security holder list. In such circumstances, the Staffs said they will consider whether the issuer or the transfer agent can be considered a satisfactory control location.
In respect of noncustodial activities involving digital asset securities, the Staffs said that they “do not raise the same level of concern . . . , provided that the relevant securities laws, SRO [self-regulatory organization] rules, and other legal and regulatory requirements are followed.” Examples of such activities may include:
- Those similar to a traditional private placement where the issuer settles the transaction away from the broker-dealer;
- Where a broker-dealer facilitates over-the-counter secondary market transactions in digital asset securities without taking custody or exercising control of such assets; and
- Where a secondary market transaction involves a broker-dealer introducing a buyer or seller of digital asset securities through a trading platform (i.e., an alternative trading system) where the trade is settled directly between the buyer and seller.
While the Staffs did not comment on any specific applications, it appears that those broker-dealers that wish to carry out the referenced noncustodial activities may receive approval in the near future, provided they are in compliance with all applicable rules and regulations. However, the Staffs continued to express concern regarding broker-dealer custody of digital asset securities, and it appears that those broker-dealers that wish to take custody of such assets still must address the Staffs’ concerns to demonstrate that they are in compliance with the broker-dealer financial responsibility rules.
Although the Staffs highlighted the challenges broker-dealers specifically face with maintaining custody of digital assets, some of the issues they address would apply equally to the challenges that other regulated entities, such as investment companies and investment advisers, also face when considering custody of digital assets.