SEC Staff Issues Helpful Guidance on Custodying Digital Asset Securities and Complying with the Customer Protection Rule

On Wednesday, December 17, the SEC’s Division of Trading and Markets (Division) issued a helpful statement (the Statement) to clarify its views on how a broker-dealer can meet its obligation pursuant to paragraph (b)(1) of Rule 15c3-3 of the Securities Exchange Act of 1934, as amended (the Customer Protection Rule), with respect to digital or crypto assets that are securities that a broker-dealer may carry for the accounts of its customers. 

Paragraph (b)(1) of the Customer Protection Rule requires a broker-dealer to maintain physical possession or control of customer fully paid securities and excess margin securities. The application of this requirement to digital asset securities had previously been challenging, as it was difficult to determine what constituted “physical possession” of digital asset securities. Unlike traditional securities, which are held in accounts at a broker-dealer or a registered clearing corporation, digital asset securities, including tokenized equity and debt securities, are typically “held” on public blockchains.[1] The Statement applies only to the “possession” requirement of the Customer Protection Rule, although the Division previously advised that a broker-dealer could establish control of a digital asset security by holding it in a “good control location” specified in Rule 15c3-3(c)[2].

Digital Asset Possession Requirements

The Statement provides that when a broker-dealer takes the following steps and implements the attendant controls described, the Division will not object to that broker-dealer being deemed to have “physical possession” of the digital asset security pursuant to paragraph (b)(1) of the Customer Protection Rule. Specifically, the broker-dealer must:

• Have access to the digital asset security and be able to transfer it on the applicable blockchain/distributed ledger technology.

• Establish, maintain, and enforce written policies and procedures to assess the distributed ledger technology and network where transfers of digital asset securities are recorded. The broker-dealer must perform this assessment (evaluating factors such as performance, speed, scalability, resiliency, security, and visibility) both prior to undertaking to maintain possession and at reasonable intervals thereafter. This assessment is designed to identify any significant weaknesses or operational issues with the distributed ledger technology or network that could affect the broker-dealer’s ability to possess the subject security, so that the broker-dealer could take appropriate risk-reducing action.

• Not deem itself in possession of the digital asset security when it becomes aware of (a) any material security or operational problem or weakness with the distributed ledger technology or associated network; or (b) other material risks that custodying the digital asset security would pose to the broker-dealer’s business.

• Establish, maintain, and enforce reasonably designed written policies and procedures and controls — consistent with industry best practices — to protect against the theft, loss, or unauthorized or accidental use of the private keys necessary to access and transfer the security. Importantly, such procedures and controls will be “reasonably designed” only if they provide that no other person has access to the relevant private keys or has the ability to transfer the asset without the broker-dealer’s authorization. The restriction on “no other person” is precise and literal: no other person, including the customer, any third party, or any affiliate of the broker-dealer, can have access to private keys or have the ability to transfer without authorization. In other words, the broker-dealer must have exclusive control.

• Establish, maintain and enforce written policies and procedures to address in advance (a) how the broker-dealer will respond to or address certain events that could affect the broker-dealer’s possession (such as blockchain malfunctions); (b) complying with lawful orders affecting the transfer of the digital asset securities or other similar actions; and (c) allowing for the transfer of the digital asset securities in the event of the broker-dealer’s liquidation or similar event.

Analysis and Conclusion

The Statement reflects thoughtful analysis on the part of market participants and the Division regarding the integration of custody of digital asset securities into the traditional regulatory framework for protecting customer assets. It provides a workable approach for broker-dealers to adapt their practices to maintain possession of digital assets and provide valuable custody services to its customers. While Congress and regulatory agencies continue to develop approaches for digital asset and digital asset securities regulation, the Statement makes good on the SEC’s commitment, through its Crypto Task Force and Project Crypto, to provide guidance to market participants on crypto and digital asset securities issue and to facilitate a flourishing crypto economy in the United States. Commenting on the Statement, Commissioner Hester M. Peirce remarked that while it provides clarity to broker-dealers seeking to provide custody services to their customers, she encourages the Division to swiftly develop recommendations for Commission consideration regarding amendments to the Customer Protection Rule to address the custody of crypto assets.[3]