Custody of Digital Asset Securities by Broker-Dealers

In December 2020, the U.S. Securities and Exchange Commission (“SEC”) said it would allow for the custody of digital asset securities by special purpose broker dealers (“BD”) to foster innovation. The grant pertains to BDs that exclusively focus on digital asset securities, not cryptocurrencies, and is subject to change during its five-year effectiveness.

A security is subject to the “possession” and “control” requirements of Customer Protection Rule (SEC Rule 15c3-3). While the “possession” prong is generally uncontested for digital securities, the SEC has, to date, distinguished the “control” prong of digital securities from traditional securities. Traditional securities are generally considered in control of a clearing broker when those securities are maintained by a qualified custodian such as a clearing agency, bank or transfer agent. These third-parties are able to officially verify the existence and amount of such securities and, if need be, transactions can be reversed or cancelled.

For digital asset securities that are issued on and traded through Distributed Ledger Technology (“DLT”) (e.g., a blockchain),the control prong is said to be in doubt because the custodianship is without intermediaries and the single point of failure has historically been deemed too risky by the SEC’s Division of Trading & Markets. Demonstrated instances of fraud, theft, loss of codes (private keys) and securities being sent to an incorrect destination without the ability to reverse or cancel have all been used as proof by the SEC of broker-dealers’ diminished ability to control the securities in line with SEC Rule 15c3-3.

Yet, for the first time, the SEC has provided guidance through this statement for “measures a broker-dealer can employ to comply with Rule 15c3-3 and mitigate these risks.” There are seven specific limitations and affirmative steps that the SEC provided for within the statement that would permit a clearing BD to self-custody digital asset securities on a DLT ledger:

1. An Alternative Trading System (“ATS”) BD cannot also deal in traditional securities or non-securities (e.g., cryptocurrencies). In this manner, the SEC figures to shield clients of the traditional asset class and expose only those clients wanting to bear the risk of trading digital securities.
2. A BD should have procedures on conducting due diligence of whether the digital security trading on its ATS is “offered and sold pursuant to an effective registration statement or an available exemption from registration.” To date, most issues of digital securities have been private offerings, exempt from registration (e.g., Regulation D) with an appropriate notice (e.g., Form D) and filings (e.g., Offering Memoranda) to the SEC.
3. A BD should have procedures on conducting an analysis of the DLT network on which the digital security issue will be custodied, both prior to issuance and periodically thereafter. Along with the functionality of the DLT network, the BD is to understand various processes of the DLT under certain circumstances, such as attacks, forks, airdrops, etc. The goal of this due diligence is to understand any flaws or problems with the network in order to determine whether the BD can custody a security on that DLT initially or whether it can continue to do so subsequently.
4. A BD should have industry best practice procedures on its processes to protect clients from “theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody.” Extensive safeguards within this crucial area will go a long way in assuring the SEC that the BD maintains control of the security in that its processes cannot be compromised intentionally or inadvertently.
5. A BD should have procedures addressing various contingencies, such as those in circumstances described in item (3) above as well as court orders, transfers, receiverships and liquidations, including the discontinuation of the BD itself. As with traditional securities, the SEC is concerned with the continuity of customer assets outside of the functionality of the BD itself.
6. A BD should have appropriate written disclosures to prospective and concurrent clients, addressing issues such as SIPA exclusion, liquidity, volatility, valuation as well as risks described in items (3), (4) and (5) above.
7. A BD should have an appropriate written agreement with each customer addressing all terms and conditions for “receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custodying, liquidating and otherwise transacting in digital asset securities on behalf of the customer.” The required disclosures described in item (6) above may likely be contained within this agreement.

The statement contains a self-imposed timeline of five years for the effectiveness of this no-action relief. Accompanying comments for public comments mainly inquires about industry best practices on DLT attacks, private key storage and processes, disclosures and other risks that could be considered. As a result of received comments, the SEC has reserved the right to alter the guidance of the issued statement.

The SEC’s statement is a major milestone following the Office of the Comptroller of the Currency’s interpretive letter issued in July 2020, concluding that national banks may provide cryptocurrency custody services on behalf of customers.  

The statement is a first-of-its-kind guideline, after several years of unofficial considerations, providing for custody and clearing of digital asset securities through the DLT. The guidance provides BDs with a practical and reasonable direction to hone in on and should lead to further entries of market participants and increased activity in digital asset securities transactions.