The staffs of the Division of Trading and Markets (Division) of the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) (collectively, the “Regulators”) published a joint statement (the “Joint Statement”) on July 8, 2019, articulating primary regulatory concerns regarding broker-dealers’ ability to comply with financial responsibility rules in the context of digital asset securities. Of chief concern is the Customer Protection Rule, which governs custody. The Joint Statement highlights that the Regulators are unified in their concerns and underscores that they are coordinating their deliberative approach to broker-dealer regulation and oversight as such regulation relates to facilitating transactions in digital asset securities and the questions and complex issues it raises about fundamental market infrastructure.
Pursuant to the Securities Exchange Act of 1934 (the “Exchange Act”), the SEC has broad and plenary authority to register and regulate broker-dealers, transfer agents, and securities industry self-regulatory organizations (i.e., securities exchanges, FINRA, etc.). Many of the critical regulatory issues raised by trading digital asset securities involve the current interpretation and application of SEC rules and regulations. As a result, regulated intermediaries face some complex compliance issues related to trading digital asset securities and require guidance from the Division. The Joint Statement focuses on a basic broker-dealer compliance issue, custody, and provides insight into the Regulators’ thoughts on potential paths forward, primarily for noncustodial broker-dealers.
This update summarizes the considerations raised in the Joint Statement with respect to broker-dealers that (1) take custody of, or carry, customers’ funds and securities, and (2) are noncustodial.
Considerations for Broker-Dealers That Take Custody of Digital Asset Securities
The Regulators express heightened concerns that relate directly to investor protection and market integrity in the Joint Statement. For example, the Joint Statement focuses on broker-dealers’ ability to comply with the Customer Protection Rule, which is meant to protect customer securities from fraud, theft, or loss. Specifically, the Regulators question how broker-dealers that have custody of digital asset securities would invalidate fraudulent transactions, correct errors, or recover lost customer assets. The Regulators also highlight the fact that protections under the Securities Investor Protection Act of 1970 (SIPA) “apply to a ‘security’ as defined in SIPA and cash deposited with the broker-dealer for the purpose of purchasing securities.” The SIPA definition is taken from the definitions of “security” in the Securities Act of 1933 (the “Securities Act”) and Exchange Act (together with the Securities Act, the “Acts”); however, it is narrower and does not include many of the securities that are covered under the Acts. The Regulators raise concerns that this could lead to investor confusion over coverage and risk of loss in the event of a broker-dealer failure.
Customer Protection Rule
Exchange Act Rule 15c3-3, or the Customer Protection Rule, is designed to ensure that customers are protected from losses or delays in accessing customer funds in the event that a broker-dealer fails. Specifically, the Customer Protection Rule requires broker-dealers to have internal structures in place to safeguard customer securities and other funds such that funds are readily available even if the broker-dealer fails, by taking, and then maintaining, physical possession or control. In order to ensure this protection, depending on the type of security, broker-dealers may hold customer funds with a third-party custodian that controls the transfer of customer funds, such as the Depository Trust Company or a transfer agent. The Regulators are grappling with questions about how a broker-dealer, or other regulated intermediary, would address unauthorized, fraudulent, or erroneous transactions.
In the Joint Statement, the Regulators raise the following concerns about broker-dealers maintaining custody of digital asset securities:
- An enhanced risk of fraud or theft of digital assets based on the internal structures used by the broker-dealer to maintain the custody of, and effect transfer of, digital assets.
- The risk of losing private keys needed to transfer customer digital asset securities or correct improper transfers.
- Uncertainty as to whether maintaining private keys is sufficient to establish the exclusive control of digital asset securities required by the Customer Protection Rule.
As the Regulators note, “[t]hese risks could cause securities customers to suffer losses, with corresponding liabilities for the broker-dealer, imperiling the firm, its customers, and other creditors,” thus creating an impediment to the Regulators’ goals to protect investors; maintain fair, orderly, and efficient markets; and ultimately facilitate capital formation.
Broker-Dealer Recordkeeping and Financial Reporting Rules
Broker-dealers are required to keep records of all assets and liabilities, including securities records that account for customer securities carried by the broker-dealers, and to prepare financial statements. In the Joint Statement, the Regulators explain that “[t]he nature of distributed ledger technology, as well as the characteristics associated with digital asset securities,” are likely to create difficulties for a broker-dealer in providing sufficient evidence to establish and verify the existence of digital asset securities for purposes of financial reporting and auditing, particularly with an independent auditor. Accordingly, the Regulators advise broker-dealers to consider how the technology may affect their ability to comply with recordkeeping and reporting rules.
Under SIPA, customers are entitled to up to $500,000 in protection if the broker-dealer fails and is unable to return customer assets. SIPA protections apply only to a “security” (as defined by SIPA) and cash deposited for purposes of purchasing securities. Notably, there are key differences between the definition of “security” under the federal securities laws and SIPA. For instance, the Regulators note that the SIPA security definition does not include “an investment contract or interest that is not the subject of a registration statement with the [SEC] pursuant to the provisions of the [Securities Act].”
As a consequence of these differences, customers may be faced with a circumstance where they are not entitled to SIPA protection because their digital assets are “securities” under the Acts but not under SIPA. The Regulators warn that these consequences are likely “inconsistent with the expectations of persons who would use a broker-dealer to custody their digital asset securities.”
Noncustodial Broker-Dealer Arrangements
As consistently noted by the staffs of the Division and the Division of Investment Management, as well as SEC Commissioner Hester M. Peirce, the custody of digital assets is a primary issue for broker-dealers, investment advisers, investment funds, and investors alike. However, in the Joint Statement, the Regulators note that not all broker-dealers’ business models in the digital asset space necessarily involve the custody of digital asset securities. Generally, noncustodial broker-dealer business models do not raise the same level of regulatory concern; therefore, providing a potential path forward for broker-dealers seeking to transact, or facilitate transactions, in digital asset securities.
In the Joint Statement, the Regulators provide three examples of noncustodial digital asset business models:
- Digital asset broker-dealer that resembles a private placement agent: The broker-dealer sends trade details to the buyer and issuer of a digital asset security, and the issuer settles the transaction bilaterally with the buyer.
- Broker-dealer that is an over-the-counter (OTC) market facilitator for digital assets: The broker-dealer facilitates OTC transactions in digital asset securities where the buyer and seller complete the transaction directly, apart from the broker-dealer.
- Broker-dealer that operates an alternative trading system (ATS) for digital assets: The broker-dealer operates an ATS that matches buyers and sellers of digital asset securities. The trades could be settled directly between the buyer and seller, or the buyer and seller could instruct their respective custodians to settle the transactions.
Questions Related to Other Regulated Intermediaries
According to the Regulators, a commonly asked question in the context of digital assets is whether and how to use an issuer or transfer agent as a “control location” for the purpose of a broker-dealer satisfying the possession or control requirements under the Customer Protection Rule. In this context, the digital assets would be “uncertificated securities” (e.g., mutual funds), and the issuer or transfer agent would maintain a master ownership list but would also publish a copy using distributed ledger technology. For the Regulators, the issue of alternative control location is still an open question, and in the Joint Statement, they explain that the Division is still considering under what circumstances the issuer or the transfer agent might be considered a satisfactory control location pursuant to an application under the Customer Protection Rule.
The Joint Statement provides insight into the Regulators’ thinking on custody of digital assets by broker-dealers and elaborates on some of the primary regulatory compliance issues. Unsurprisingly, the Joint Statement does not provide solutions to the questions it raises. Rather, it informs those that operate (or seek to operate) in this space about the underlying regulatory concerns. While the lack of clarity may be frustrating, it leaves the door open for industry-led solutions to these fundamental market structure questions.
The key takeaway from the Joint Statement is that broker-dealers that seek to expand their businesses to facilitate transactions in digital asset securities must seek FINRA approval prior to expanding their line(s) of business. Prior to seeking FINRA approval in most, if not all, situations, a broker-dealer will need guidance from the Division before FINRA will issue approval. Further, there is no current custody solution that the Division has approved for broker-dealers to comply with the Customer Protection Rule, and there needs to be additional thought given to the SIPA issue raised. In short, the Regulators are looking at the overall market structure and the potential impact while searching for viable solutions to mitigate known risks.
This is an exciting time. There is significant potential to influence the next wave of regulatory and market structure innovation. The goal to create robust primary and secondary markets for digital asset securities is within reach for those who are willing to meaningfully engage in the process, work with experienced securities regulatory counsel, and work with the Regulators.
Please contact experienced securities regulatory counsel with questions about this development and how it might apply to you or your business.
 17 C.F.R. § 240.15c3-3.
 See generally 17 C.F.R. §§ 240.17a-3 (record making), 240.17a-4 (record retention), and 240.17a-5 (financial reporting). The financial responsibility rules also include 17 C.F.R. §§ 240.15c3-1 (the net capital rule) and 240.17a-13 (the quarterly securities count rule), which are not addressed in depth in the Joint Statement.
 15 U.S.C. § 78aaa-78lll.
 See 15 U.S.C. § 78lll(14).
© 2019 Perkins Coie LLP