Broker-Dealer Custody of Digital Asset Securities – The SEC and FINRA Statement
July 16, 2019
On July 8, 2019, the staffs of the Division of Trading and Markets at the Securities and Exchange Commission (SEC) and of the Office of General Counsel at the Financial Industry Regulatory Authority (FINRA) released the long awaited statement1 (Statement) on custody of digital asset securities.2 The Statement is in response to industry requests for clarity on the application of the federal securities laws and FINRA rules to intermediation and custody of digital asset securities3 and transactions. The key points in the Statement are as follows:
- The SEC and FINRA will rely on the historic approach to broker-dealer regulation and investor protection. The Customer Protection Rule, codified as Rule 15c3-3 under the Securities Exchange Act of 1934 (Exchange Act) is central to the framework for transacting in digital asset securities.
- Noncustodial broker-dealer models have an easier path forward for FINRA approval.
- Broker-dealers seeking to custody digital asset securities must address key concerns and may need to submit requests for good control locations determination.
- Market participants should consider all SEC-registered broker-dealer requirements, particularly books and records and financial reporting rules.
Importance of the Customer Protection Rule
Any person that buys, sells, or otherwise transacts or is involved in effecting transactions in digital asset securities for customers or its own account is subject to state and federal securities laws, and may be required to register with the SEC as a broker or a dealer and become a member of and comply with the rules of a self-regulatory organization (SRO) like FINRA. To dispel any doubt left after the SEC’s enforcement action in Tokenlot, LLC,4 the Statement makes clear that all persons seeking to transact in the capital markets for digital asset securities must comply with the securities laws and regulation. Importantly, all broker-dealers must comply with broker-dealer financial responsibility rules, including, as applicable, custodial requirements under the Customer Protection Rule. Seward & Kissel has engaged in discussions with the staffs to address considerations relevant to concerns with compliance with the Customer Protection Rule by broker-dealers seeking to transact in digital asset securities, and will continue to do so in an effort to further develop methodologies for compliance with applicable financial responsibility rules.
Noncustodial Broker-Dealer Models Present Lower Hurdles
The staffs stated that, in general, noncustodial activities involving digital asset securities do not raise the same level of concern among the staffs, provided that the relevant securities laws, SRO rules, and other legal and regulatory requirements are followed. For example, the custodial requirements are not triggered if the digital asset securities do not pass through the broker-dealer facilitating the transaction or the trade is settled directly between the buyer and seller. Persons transacting in digital asset securities must analyze, and comply with, all relevant laws and regulations. For example, the staffs noted that entities that perform functions to facilitate the clearance and settlement of transactions in digital asset securities may be required to register as a clearing agency under Section 17A of the Exchange Act.
Staff Considerations for Broker-Dealer Custody of Digital Asset Securities
The staffs stated that whether a security is paper or digital, the same fundamental elements of the broker-dealer financial responsibility rules apply. Broker-dealers subject to the Customer Protection Rule are required to safeguard customer securities, including digital asset securities, and funds entrusted to the firm. In case of a broker-dealer failure, customer securities and cash must be readily available to be returned to customers. Compliance with these requirements may be challenging to market participants, and the staffs noted that there are specific concerns regarding broker-dealer custody of digital asset securities that remain unresolved:
- Broker-dealers must have, and must demonstrate, exclusive control of the digital asset security. There is potential for theft and fraud, including through the loss of “private keys,” which are required in order to transfer digital asset securities and evince custody of a digital asset.
- Broker-dealers must have processes to reverse or cancel mistaken or unauthorized transactions. Broker-dealers may transfer a digital asset security to an “unknown or unintended address without meaningful recourse.” Given the immutability of blockchain technology, certain digital asset securities transactions may not be reversible in the event of trade errors.
- Inconsistency between the expectations and the reality regarding the protections afforded to persons who would use a broker-dealer to custody their digital asset securities in case of a broker-dealer liquidation. There is a disparity between the narrow definition of “security” under the Securities Investment Protection Act (SIPA) and the broad definition of security, including investment contracts, under the Securities Act of 1933 and the Exchange Act. Certain types of digital asset securities lack coverage under SIPA, which generally protects an investor in the event of a broker-dealer’s insolvency.
- The SEC staff is open to receiving good control location applications from broker-dealers wishing to utilize an issuer or a transfer agent as a proposed “control location” under Rule 15c3-3(c)(7). The Statement notes, however, that this would involve digital asset securities in which the issuer or transfer agent maintains a traditional single master security holder list, and also publishes, as a courtesy, a non-authoritative record ownership using distributed ledger technology.5
Thus, in light of the Statement, to comply with the Customer Protection Rule, (i) a broker-dealer must have, and be able to demonstrate, exclusive control of the digital asset security, (ii) there must be a mechanism to reverse or cancel mistaken or unauthorized transactions; and (iii) customer expectations must align with the protections available to the assets in custody.
The Books and Records and Financial Reporting Rules
The Statement raises the concern that it may be challenging for a broker-dealer to make and/or keep accurate books and records of digital asset securities, which may in turn create challenges for the independent auditor to the broker-dealer. Under the broker-dealer recordkeeping and financial reporting rules, a broker-dealer must, among other things, make and keep current ledgers reflecting all assets and liabilities, as well as a securities record reflecting each security carried by the broker-dealer for its customers and all differences determined by the count of customer securities in the broker-dealer’s possession or control compared to the result of the count with the broker-dealer’s existing books and records. The books, records, and financial reporting requirements are central to the regulatory framework, and must be satisfactorily addressed in the context of digital asset securities to assure full compliance.
The Statement offers long awaited insights for compliance by broker-dealers and a framework for continued dialogue with the staffs. Continued engagement with the staffs, which is expressly requested in the Statement, offers great opportunities for the development of sound policy that would promote fair and orderly capital markets in digital asset securities.
1 The Statement represents views of SEC and FINRA staff; it “is not a rule, regulation, guidance, or statement of the” SEC or FINRA and “does not alter or amend applicable law and has no legal force or effect.”
2 See Division of Trading and Markets, U.S. Securities and Exchange Commission Office of General Counsel, Financial Industry Regulatory Authority, Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities, July 8, 2019, available at https://www.sec.gov/news/public-statement/joint-staff-statement-broker-dealer-custody-digital-asset-securities.
3 For the purposes of the statement, the term “digital asset” refers to an asset that is issued and transferred using distributed ledger or blockchain technology, including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.” A digital asset may or may not meet the definition of a “security” under the federal securities laws. For the purposes of the statement, a digital asset that is a security is referred to as a “digital asset security.”
5 We are discussing with SEC staff how this aspect of the Statement comports with Section 224 of the Delaware General Corporation Law.