The SEC’s Division of Examinations (the “Division”) issued a risk alert1 (the “Risk Alert”) on the observations of the Division’s staff (the “Staff”) from examinations of SEC-registered investment advisers (“Advisers”), broker-dealers (“Broker-Dealers”), and other firms2 regarding digital assets3 that are securities (“Digital Asset Securities”). The Risk Alert is intended to assist firms in developing and enhancing their compliance practices regarding Digital Asset Securities and disclose the Division’s focus areas for future examinations.
Based on the risks identified by the Staff in recent examinations of Advisers managing Digital Asset Securities, future examinations will focus on compliance associated with portfolio management, books and records, custody, disclosures, valuation, and registration issues.
Portfolio Management. Staff reviews of policies, procedures, and practices of investment advisers investing in digital assets will focus on:
• Classification of digital assets managed on behalf of clients, including whether they are classified as securities;
• Due diligence on digital assets (e.g., that the adviser understands the digital asset, wallets, and any other devices or software used to interact with the digital asset network or application, and the liquidity and volatility of the digital asset);
• Evaluation and mitigation of risks related to trading venues, trade execution and settlement facilities (e.g., security breaches, fraud, insolvency, market manipulation, the quality of market surveillance, and KYC/AML procedures);
• Management of risks and complexities regarding “forked” and “airdropped” digital assets (e.g., allocations across client accounts and conflicts of interest);4 and
• Fulfillment of Advisers’ fiduciary duty with respect to investment advice.
Books and Records. The Staff will examine the accuracy of books and records, including records of trading activity. When designing recordkeeping practices, Advisers should consider the reliability and consistency of digital asset trading platforms as to execution, settlement methods, and post-trade recording and notification.
Custody. Examinations will include a review of the risks and practices related to the custody of digital assets by Advisers for compliance with the custody rule (Rule 206(4)-2 of the Investment Advisers Act of 1940). The Staff will review the following regardless of how digital assets are stored:
• Unauthorized transactions, including theft of digital assets;
• Controls related to the safekeeping of digital assets (e.g., employee access to private keys and trading platform accounts);
• Business continuity plans where key personnel have exclusive access to private keys;
• How the Adviser evaluates harm due to the loss of private keys;
• Reliability of software used to interact with digital asset networks;
• Storage of digital assets on trading platform accounts and third-party custodians; and
• Security procedures related to software and hardware wallets.
Disclosures. Examinations will include a review of disclosures regarding the unique risks associated with digital assets, including complexities of the products and technology underlying such assets, technical, legal, market, and operational risks (including custody and cybersecurity), price volatility, illiquidity, valuation methodology, related-party transactions, and conflicts of interest.
Valuation. Examinations will include a review of valuation methodologies, including those used to determine principal markets, fair value, valuation after significant events, and recognition of forked and airdropped digital assets as well as disclosures of valuation methodologies and the impact of valuation practices on advisory fees.
Registration Issues. The Staff will review compliance matters related to registration, including how the Adviser calculates its regulatory assets under management and characterizes the digital assets in pooled investment vehicles.
In the Risk Alert, the Staff stated that future examinations of Broker-Dealers will focus on:
Safekeeping of Funds and Operations. The Divisions will investigate operational activities unique to Digital Asset Securities, especially custody. The SEC has proposed creating a limited purpose Broker-Dealer category that would limit the business of such limited purpose Broker-Dealers to dealing only with Digital Asset Securities in order to protect traditional securities customers, counterparties, and market participants from the risks of digital asset security fraud, theft, or loss.5
Registration Requirements. Affiliates of a Broker-Dealer who effect transactions in Digital Asset Securities for the accounts of others may be required to register as Broker-Dealers.
Anti-Money Laundering (AML). Broker-Dealer AML programs should check against the Specially Designated Nationals list maintained by the Office of Foreign Assets Control (“OFAC”) and comply with other AML obligations, including customer due diligence and the filing of suspicious activity reports, if necessary, when interacting with digital assets.
Offerings. As Broker-Dealers may be involved in digital asset underwriting and private placement activity, the Division will review their due diligence and the disclosures made to customers related to the offering, which may differ from traditional due diligence and disclosures.
Disclosure of Conflicts of Interest. Broker-Dealers may operate in multiple capacities in connection with the distribution and custody of Digital Asset Securities. Therefore, the Division will continue to review the existence and disclosures of conflicts of interest and related matters.
Outside Business Activities. Some registered representatives of Broker-Dealers provide services related to digital assets outside of their Broker-Dealer employment. FINRA-member Broker-Dealers must evaluate the activities of their registered persons to determine whether such activity constitutes outside business or securities activity and should therefore be subject to the approval of, and supervision by, the Broker-Dealer.
The Risk Alert highlights the Division’s focus on Advisers and Broker-Dealers that interact with Digital Asset Securities. Such Advisers and Broker-Dealers should carefully review their compliance policies and procedures and client disclosures related to Digital Asset Securities in anticipation of an examination by the Staff.
Seward & Kissel LLP, and our compliance consulting service SKRC (Seward & Kissel Regulatory Compliance), are available to assist Advisers and Broker-Dealers with the issues identified in the Risk Alert.