On February 15, 2023, the U.S. Securities and Exchange Commission (SEC) published sweeping and controversial proposed amendments to Rule 206(4)-2 (Custody Rule) under the Investment Advisers Act of 1940 (Advisers Act). Last amended in 2009, the Custody Rule is designed to protect advisory clients from the misuse or misappropriation of their funds and securities. The Custody Rule requires registered investment advisers who have custody of client funds or securities to implement an enumerated set of requirements, including, among other things, generally maintaining client funds and securities with a qualified custodian.

In a 4-1 vote, with Commissioner Hester Peirce the lone vote against, the SEC proposed amendments that would effectively replace the existing Custody Rule with the new Rule 223-1 under the Advisers Act (Proposed Rule), the overarching purpose of which is to enhance investor protections relating to advisory client assets. The Proposed Rule, if adopted, would apply to client funds and securities and any client assets over which the adviser has custody. The Proposed Rule would also expand and enhance the role of qualified custodians.

The Proposed Rule, which is also referred to as the “safeguarding rule,” reflects the SEC’s growing concern about the safekeeping of digital assets by advisers and the uncertainty in the marketplace about the application of the Custody Rule. The SEC has been increasingly focused on the nature of digital assets and other “changes in technology, advisory services, and custodial practices” that “have created new and different ways for client assets to be placed at risk of loss.”[1]

This Update summarizes the Proposed Rule’s key changes, with particular attention to digital assets and other issues that we believe are likely to garner significant attention from commenters.

Overview of the Current Custody Rule

Currently, SEC-registered investment advisers with custody of client funds and securities must comply with the Custody Rule. An adviser has custody if it (or its related person in connection with the adviser’s services) holds, directly or indirectly, client funds or securities or has any authority to obtain possession of them. The Custody Rule prescribes requirements designed to enhance the safety of client assets by insulating them from financial reverses of the investment adviser, including its insolvency.[2] A key safeguard of the Custody Rule is that an adviser with custody generally must maintain client funds and securities at a “qualified custodian,”[3] either in a separate account for the client under the client’s name or in accounts under the adviser’s name as agent or trustee for the adviser’s clients that contain only client funds and securities (i.e., client funds and securities may not be commingled with the adviser’s proprietary assets).

Summary of Key Changes

The SEC has proposed redesignating the current Custody Rule as new Rule 223-1 under the Advisers Act (i.e., the Proposed Rule) and continuing to apply it to investment advisers registered, or required to be registered, with the SEC.[4] The following is a summary of the key changes in the Proposed Rule.

1. Expand the definition of “assets” to cover all “positions held in a client’s account”

Currently, the Custody Rule applies to “funds and securities” of a client held in an advisory account. The Proposed Rule would expand the scope of the current Custody Rule beyond client “funds and securities” to include “other positions held in the client’s account,” thus capturing the entirety of a client account’s positions, holdings, or investments. In expanding the scope, the SEC cites the fact that an adviser’s fiduciary duty extends to the entire relationship between the adviser and client regardless of whether a specific holding in a client account meets the definition of “funds” or “securities.”[5]

By expanding the scope of the Custody Rule to include all client assets instead of only client funds and securities, the SEC believes it is “properly balancing the desire of investment advisers to provide advisory services regarding novel or innovative asset types with the need to ensure that such assets are properly safeguarded.”[6] The SEC stated that the changes are “designed to remain evergreen, encompassing new investment types as they continue to evolve.”[7] Notably, the commissioners agreed that cryptocurrencies and other digital assets—including those that do not meet the definition of a security—would fall within the expanded scope, and therefore investors with digital assets would be provided more protections.

While the Proposed Rule would expressly cover digital assets, in the proposing release (Release) the SEC noted that “most crypto assets are likely to be funds or crypto asset securities covered by the current [Custody Rule].”[8] In remarks before the Investor Advisory Committee two weeks after the Proposed Rule was released, Chair Gary Gensler reiterated this sentiment, stating that “[o]ur current custody rule, adopted in 2009, [already] covers a significant amount of crypto assets.”[9]

2. Clarify and reaffirm the scope of financial institutions that may serve as qualified custodians

Currently, the Custody Rule permits a range of financial institutions—including state and federally chartered banks and trust companies, registered broker-dealers, futures commission merchants, and foreign financial institutions (FFIs)—to serve as qualified custodians.[10] The Proposed Rule, while clarifying certain eligibility criteria for banks and FFIs, generally reaffirmed the current scope of financial institutions that may serve as qualified custodians.

Regarding FFIs, the SEC proposed implementing seven new conditions that a foreign entity must satisfy to meet the definition of an FFI. Specifically, to qualify as an FFI, a foreign entity must:

• Be formed as an entity under the laws of a country or jurisdiction other than the United States.
• Be regulated by its home country “as a banking institution, trust company, or other financial institution that customarily holds financial assets for its customers.”
• Be required to comply with laws and regulations similar to the anti-money laundering provisions of the Bank Secrecy Act and its accompanying regulations.
• Hold its customers’ assets in accounts designed to protect such assets from the entity’s creditors in cases of insolvency or the entity’s failure.
• Have the “requisite financial strength to provide due care for client assets.”
• Be legally required to “implement practices, procedures, and internal controls designed to ensure the exercise of due care with respect to the safekeeping of client assets.”
• Not be operated for the purpose of evading the requirements of the Proposed Rule.[11]

These changes, if adopted, should make it easier for foreign digital asset custodians and their counsel to determine whether they may serve as a qualified custodian.

Regarding banks, the Proposed Rule adds a requirement that to serve as a qualified custodian, a bank must hold client assets in an account designed to protect such assets from creditors of the bank in the event of the bank’s insolvency.[12] This requirement would also apply to state-chartered trust companies that serve as qualified custodians; the Proposed Rule (like the Custody Rule) looks to the definition of “bank” under the Advisers Act, which includes state-chartered trust companies that meet certain conditions.[13] In January 2023, notably, the New York State Department of Financial Services issued guidance to virtual currency entities that act as custodians (including New York state trust companies), imposing a substantially similar requirement, among other protections for custodial customers.[14]

Although the Proposed Rule did not modify the ability of state-chartered trust companies to serve as qualified custodians, the SEC raised various questions regarding the quality of regulatory protections and oversight imposed on such companies. The SEC found that “approximately 20 state-chartered trust companies and other state-chartered, limited purpose banking entities” currently offer custodial services for digital assets.[15] In light of this fact and the broader concerns that the SEC has expressed regarding the protections needed for the custody of digital assets, the SEC included a number of questions for comment on the topic. Specifically, the SEC questioned whether such entities “offer, and are regulated to provide, the types of protections [the SEC believes] a qualified custodian should provide under the rule.”[16] Commissioner Mark Uyeda speculated that this question suggests that it is the SEC’s view that “state regulated banking entities are less trustworthy than federally chartered ones.”[17]

The SEC’s questions regarding the use of state-chartered banking institutions, including limited purpose trust companies, as qualified custodians are not new. In fact, the SEC staff requested comment on the capacity of state-chartered trust companies to serve as qualified custodians under the Custody Rule in November 2020. Among other things, the SEC staff questioned where there would “be any gaps in—or enhancements to—protection of advisory client assets as a result of a state-chartered trust company serving as qualified custodian of digital assets or other types of client assets.”[18] Multiple digital asset custodians submitted letters in response, with state-chartered trust companies asserting that they can properly serve as qualified custodians.[19]

3. Require qualified custodians to demonstrate “possession or control” of client assets

The current Custody Rule requires an adviser with custody over client assets to ensure that a qualified custodian “maintains” the client assets. The Proposed Rule clarifies what it means for an adviser to “maintain” assets with a qualified custodian. While the Proposed Rule would, like the Custody Rule, “entrust safekeeping of client assets to a qualified custodian,” it would deviate from the existing Custody Rule in that “a qualified custodian does not ‘maintain’ a client asset for purposes of the rule if it does not have ‘possession or control’ of that asset.”[20]

The Proposed Rule defines “possession or control” of an asset to mean that (1) the qualified custodian is required to “participate in any change in beneficial ownership of [the] assets,” (2) the qualified custodian’s participation “would effectuate the transaction involved in the change in beneficial ownership,” and (3) the qualified custodian’s participation is a “condition precedent to the change in beneficial ownership.”[21]

The SEC acknowledged that a qualified custodian’s “participation in a change in beneficial ownership may take different forms depending on the type of assets involved”[22] and devoted attention to how this concept might apply in the context of digital assets.[23] The SEC explained that, under the existing regulatory regimes, qualified custodians would generally have “possession or control” of assets that are in their physical or exclusive possession or control.[24]

But, the SEC continued, there is added difficulty in proving exclusive control of a digital asset when compared to traditional assets, such as stocks and bonds.[25] For example, even if a digital asset custodian implemented processes that aimed to create exclusive possession or control, actually demonstrating such control could be complicated by specific characteristics of digital assets, such as “being transferable by anyone in possession of a private key.” The SEC also observed that companies are providing digital asset custodial services wherein a client, adviser, and custodian may all hold copies of the private key associated with the client’s assets simultaneously, in which case all parties have the authority to change beneficial ownership; in such cases, exclusive control does not exist.

Critically, while exclusive possession or control of a particular asset is “one way” to demonstrate that the custodian is required to participate in a change of beneficial ownership, it is “not the only way” under the Proposed Rule. A qualified custodian also has “possession or control” where the assets are held “in a manner such that an adviser is unable to change beneficial ownership . . . without the custodian’s involvement.”[26] Essentially, “possession or control” can be demonstrated if a custodian’s participation is necessary or required to effectuate any transaction that changes beneficial ownership, even if the custodian does not have the authority to execute such a transaction independent of other persons.

Applying these principles to digital assets, it appears that a qualified custodian could “maintain” digital assets even in cases where the custody solution incorporates multisignature[27] and multi-party computation (MPC)[28] technology. For example, if the private key necessary to sign a transaction is broken into three components (e.g., shards), and the private key cannot be generated without a shard controlled by the qualified custodian, the qualified custodian should be able to demonstrate that it is “required to participate in any change in beneficial ownership” and that its participation is a “condition precedent” that (if satisfied) would “effectuate” such change. As long as qualified custodians can satisfy these criteria, the Proposed Rule appears to grant flexibility to qualified custodians to determine how they implement key distribution and signing arrangements with their adviser clients. That said, a primary objective for the SEC’s approach to “possession or control” in the Proposed Rule is that “a critical custodial function is to prevent loss or unauthorized transfers of ownership of the client’s assets” and that a client can take “comfort that what is reported on its account statement is an accurate attestation of holdings and transactions by that custodian.”[29] As a practical matter, therefore, it will be important for digital asset qualified custodians to ensure that they are sufficiently involved in private key signing mechanisms to help detect and prevent unauthorized transfers.

A separate, potentially critical question for advisers is whether they could comply with the proposed “possession or control” requirement when executing and settling digital asset trades. Typically, digital asset exchanges require that individuals pre-fund accounts prior to the execution of a trade; digital assets and fiat currency must be maintained in an account controlled by the exchange before the assets can be used for transactions.[30] Many digital asset exchanges are not qualified custodians.[31] Under the Proposed Rule, if an adviser transfers a client’s assets to such an exchange, the assets are no longer “maintained” with a qualified custodian, and the adviser is no longer in custody of the client’s assets in a compliant manner.[32] The SEC suggested as much, noting that advisers may violate the Proposed Rule, and the Custody Rule for that matter, if they hold client digital assets on any trading platform that is not a qualified custodian.[33]

Advisers and custodians may wish to propose and request greater clarity on these topics during the comment period.

4. Expand the definition of “custody” to include discretionary authority

The Proposed Rule would explicitly include discretionary authority within the definition of “custody.” Under the current Custody Rule, a registered investment adviser does not have “custody” over the assets of its clients if it merely possesses the “authority to issue instructions to a broker-dealer or a custodian to effect or to settle trades.”[34] Based on this, an adviser currently has broad authority to effect direct purchases or sales of client assets that may not involve a qualified custodian, such as loan participation interests.

While the SEC noted that there is limited risk presented by this type of “authorized trading” activity, as long as the custodian “participates in a one-for-one exchange of assets,” the arrangement presents the types of risks that the Custody Rule is designed to address.[35] To fill this perceived gap, the Proposed Rule updates the definition of “custody” to expressly include discretionary authority, which means “the authority to decide which assets to purchase and sell for the client.”[36] Under the Proposed Rule, a registered investment adviser has “custody” of client assets in any arrangement in which such adviser is “authorized or permitted to withdraw or transfer beneficial ownership of [the] client assets.”[37] Thus, to comply with the Proposed Rule, an adviser generally needs to ensure that a qualified custodian has “possession or control” over client assets at all times, including instances in which the adviser is exercising “discretionary authority.”[38]

5. Require minimum contractual protections for advisory clients

In a change from the current Custody Rule, the Proposed Rule would require an adviser to enter into a written agreement with and obtain assurances in writing from the qualified custodian to ensure the qualified custodian provides certain standard custodial protections when maintaining client assets.[39] The SEC indicated that these requirements “do not prescribe specific safeguarding procedures or require that client assets be maintained in a particular manner. Rather, they are designed to serve as guardrails that would apply irrespective of the type of asset or the type of financial institution acting as a qualified custodian.”[40]

Under the Proposed Rule, a qualified custodian must maintain possession or control of client assets pursuant to a written agreement with the adviser that contains the following contractual provisions, which the adviser must “reasonably believe” have been implemented:[41]

• Recordkeeping. The qualified custodian will promptly, upon request, provide records to the SEC or an independent public accountant engaged for the purpose of assessing safeguarding efforts.
• Account statements. Advisory clients will receive periodic (at least quarterly) custodial account statements directly from the qualified custodian. Such account statements shall not identify assets for which the qualified custodian lacks possession or control unless requested by the client and the qualified custodian clearly identifies such assets.
• Internal control reports. At least annually, the qualified custodian will obtain and provide a written internal control report that includes the opinion of an independent public accountant regarding the effectiveness of the qualified custodian’s internal controls. Additional requirements apply if the adviser or a related person acts as the qualified custodian.
• Authority to effect transactions. A custodial agreement should reflect an adviser’s agreed-upon level of authority to effect transactions in the advisory client’s account as well as any applicable terms or limitations, and permit the adviser and the client to reduce that authority.

The Proposed Rule would also require an adviser to obtain “reasonable assurances” from the qualified custodian in writing that the custodian will comply with, and maintain an “ongoing reasonable belief” that the custodian is complying with, the following requirements:[42]

• Standard of care. The qualified custodian will exercise due care in accordance with reasonable commercial standards and implement appropriate measures to safeguard the advisory client’s assets. Of relevance to digital asset advisers, the SEC stated that “the exercise of due care may require, in many cases, that crypto assets be stored in a cold wallet, but depending on the facts and circumstances, such as when a client seeks to buy and sell crypto assets very frequently, due care may mean the use of hot wallets in combination with robust policies and procedures.”[43]
• Indemnification and insurance. The qualified custodian will indemnify an advisory client when its negligence, recklessness, or willful misconduct results in the loss of client assets and must maintain insurance arrangements to adequately protect the client.
• Responsibility for sub-custodians and other service providers. The qualified custodian will not be relieved of its responsibilities to an advisory client as a result of sub-custodial or other service provider arrangements.
• Asset ownership and segregation. The qualified custodian will clearly identify an advisory client’s assets as such in its books and records, hold them in a custodial account, and segregate all client assets from its proprietary assets and liabilities.
• Unauthorized liens. The qualified custodian will not subject the client’s assets to any rights, charges, security interests, liens, or claims in favor of a qualified custodian or its related persons or creditors unless authorized in writing by the client. The SEC acknowledged that in many cases, qualified custodians negotiate for contractual rights to liens or similar claims that arise from unpaid client fees; these would still be permitted under the Proposed Rule as long as the client has provided written authorization.[44]

6. Limit the exception for privately placed securities

The Proposed Rule would modify the current Custody Rule’s exception from the obligation to maintain client assets with a qualified custodian for certain privately offered securities[45] in several ways.[46] First, it would be expanded to include certain physical assets. Second, it would be narrowed so that the adviser could rely on the exception only if (1) the adviser reasonably determines that ownership cannot be recorded and maintained by a qualified custodian, (2) the adviser reasonably safeguards the assets, (3) the adviser notifies a designated independent public accountant of any asset transfer within one business day, (4) the independent public accountant verifies asset transfers and notifies the SEC upon the finding of any material discrepancies, and (5) the existence and ownership of the assets are verified during an annual independent verification or as part of an independent financial statement audit. In the SEC’s view, these modifications would limit availability of the exception to “circumstances that truly warrant it” because “the bulk of advisory client assets are able to be maintained by qualified custodians.” [47] Of note, the SEC clarified that digital asset securities issued on public, permissionless blockchains would not satisfy the conditions of privately offered securities under the Proposed Rule.[48]

Comments Request

In the Proposed Rule, the SEC presented numerous issues and questions for consideration and requested comment from the public. The following are examples of the topics on which the SEC requested input:

• The types of assets subject to the safekeeping requirements expressed in the Proposed Rule.
• Whether the nature of settlement should affect the status of assets held in custody and whether controls can be put in place by a qualified custodian to enhance the protections of these assets.
• The definition of “qualified custodian” and the ability of certain institutions, including state-chartered banks and trust companies, to serve as qualified custodians.
• How the written agreement requirement, mandatory contractual provisions, and other minimum protections will affect registered investment advisers, qualified custodians, and custody practices generally.

The public has 60 days after publication of the Release in the Federal Register to submit comments on the Proposed Rule. At the time of this Update, the Release had not yet been published in the Federal Register.

Conclusion

We expect the Proposed Rule will generate strong reactions and commentary from industry participants, particularly from custodians and advisers who have custody of client digital assets. We believe that a particularly important issue on which digital asset advisers may wish to comment is whether they can execute and settle trades in compliance with the Proposed Rule, given that digital assets generally trade on platforms that are not qualified custodians. More broadly, if the Proposed Rule is adopted in its current form, we anticipate that advisers and custodians involved in various asset classes will object to the prescriptive contractual requirements that may increase legal and operational costs and burdens. We also expect commenters to evaluate whether and to what extent the new criteria for the privately offered securities exception have been drawn too narrowly.

Regardless of whether the Proposed Rule is adopted in its current form, the SEC staff has already begun examining and closely scrutinizing the custody practices of investment advisers as they relate to digital assets. For example, in a February 2021 risk alert, the SEC Division of Examinations noted areas of focus for future examinations of investment advisers who manage digital assets, including the risks posed by the custody of digital assets and practices related to such, as well as such advisers’ compliance with the Custody Rule.[49] The Division of Examinations emphasized that it will review, among other areas, controls around the safekeeping of digital assets and storage of digital assets on trading platform accounts and with third-party custodians. SEC commissioners have, likewise, focused on digital asset custody risks. In his statement on the Proposed Rule, for example, Chair Gensler asserted that the current Custody Rule already “covers a significant amount of crypto assets” and that “[b]ased upon how crypto platforms generally operate, investment advisers cannot rely on them as qualified custodians.”

Given the focus on the custody of digital assets by investment advisers, as well as SEC statements about the application and interpretation of the existing Custody Rule, advisers and other industry participants should consider the Release and SEC commentary a useful guide to what the SEC Staff will evaluate when assessing compliance with the Custody Rule.

Endnotes

[1]      Safeguarding Advisory Client Assets, Investment Advisers Act Rel. No. 6240 (Feb. 15, 2023); Fact Sheet, Proposed Safeguarding Rule, SEC (Feb. 15, 2023).

[2]      Adoption of the Custody Rule under the Investment Advisers Act of 1940, IA Release No. 123 (Feb. 27, 1962).

[3]      The term “qualified custodian” is defined in Rule 206(4)-2(d)(6) to mean certain banks and savings associations, broker-dealers registered with the SEC, futures commission merchants registered with the Commodity Futures Trading Commission, and foreign financial institutions that meet certain criteria.

[4]      Exempt reporting advisers would continue not to be subject to the Custody Rule.

[5]     See Commission Interpretation Regarding Standard of Conduct for Investment Advisers, Release No. IA-5248 at n.17 (June 5, 2019), discussing the broad scope of the fiduciary duty in a variety of contexts, including situations where securities are not specifically involved.

[6]      Release at 20.

[7]      Release at 27.

[8]      Release at 18.

[9]      Prepared Remarks Before the Investor Advisory Committee, Chair Gary Gensler (Mar. 2, 2023) (Gensler Remarks).

[10]     Rule 206(4)-2(d)(6).

[11]     Release at 47-48.

[12]     In the Release, the SEC stated that, “the account terms should clearly identify that the account is distinguishable from a general deposit account and clarify the nature of the relationship between the account holder and the qualified custodian as a relationship account that protects the client assets from credits of the bank or savings association in the event of the insolvency or failure of the bank or savings association.” Although the Proposed Rule does not contain any requirements in respect of these terms, the SEC did request comments on these terms.

[13]     See Section 2(a)(2) of the Advisers Act, which defines “bank” to include: “banking institution[s] organized under the laws of the United States or a Federal savings association,” “member bank[s] of the Federal Reserve System,” and “any other banking institution, savings association, . . . or trust company, whether incorporated or not, doing business under the laws of any State or of the United States, a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency, and which is supervised and examined by State or Federal authority having supervision over banks or savings associations, and which is not operated for the purpose of evading the provisions of this subchapter.”

[14]     Guidance on Custodial Structures for Customer Protection in the Event of Insolvency, New York State Department of Financial Services (Jan. 23, 2023).

[15]     Release at 265.

[16]     Release at 76.

[17]     Statement on Proposed Rule Regarding the Safeguarding of Advisory Client Assets, Commissioner Mark T. Uyeda (Feb. 15, 2023).

[18]     Statement on Wyoming Division of Banking’s “NAL on Custody of Digital Assets and Qualified Custodian Status,” SEC Division of Investment Management Staff (Nov. 9, 2020), (Noting that investment advisers have important regulatory obligations under the Custody Rule and are expected to exercise care with respect to client assets with which they are entrusted. Further, determining who qualifies as a qualified custodian is a complicated, and facts- and circumstances-based, analysis given the critical role qualified custodians play within this framework by safeguarding the client assets entrusted to investment advisers. Moreover, the SEC has limited the types of financial institutions that may act as qualified custodians to those institutions that possess key characteristics, including being subject to extensive regulation and oversight, that help to ensure that client assets are adequately safeguarded).

[19]     “Engaging on Non-DVP Custodial Practices and Digital Assets,” SEC Staff.

[20]     Release at 21.

[21]     Proposed Rule 223-1(d)(8).

[22]     Release at 62.

[23]     Release at 66.

[24]     Release at 63-66.

[25]     Release at 66.

[26]     Release at 67.

[27]     “Multisignature refers to requiring more than one key to authorize a Bitcoin transaction. It is generally used to divide up responsibility for possession of bitcoins.” Multisignature, BitcoinWiki.

[28]     “MPC enables multiple parties—each holding their own private data—to evaluate a computation without ever revealing any of the private data held by each party (or any otherwise related secret information).” What is MPC (Multi-Party Computation)?, Fireblocks.

[29]     Release at 62-63 and 283-84.

[30]     In some custody arrangements, customers have the ability to make trades “on” certain exchanges without ever removing digital assets from an independent custodian.

[31]     Release at 265.

[32]     Release at 67.

[33]     Release at 18.

[34]     Release at 32.

[35]     Release at 33.

[36]     Proposed Rule 223-1(d)(4).

[37]    Proposed Rule 223-1(d)(3)(ii).

[38]     Release at 67.

[39]     Release at 74.

[40]     Release at 77.

[41]     Proposed Rule 223-1(a)(i).

[42]     Proposed Rule 223-1(a)(ii)

[43]     Release at 85, 86.

[44]     Release at 177.

[45]    Proposed Rule 223-1(d)(9) defines “privately offered securities” to mean securities that are (1) acquired from the issuer in a transaction or chain of transactions not involving any public offering; (2) uncertificated, and ownership thereof is recorded only on the books of the issuer or its transfer agent in the name of the client as it appears in the records the adviser is required to keep under Rule 204-2 under the Advisers Act; and (3) transferable only with prior consent of the issuer or holders of the outstanding securities of the issuer. The Release makes clear that this term excludes non-securities, such as “[c]rypto assets that are not crypto asset securities…” Release at 135 n. 227.

[46]     Proposed Rule 223-1(b)(2).

[47]     Release at 24.

[48]     Release at 135.

[49]     The Division of Examinations’ Continued Focus on Digital Asset Securities, SEC Division of Examinations Risk (Feb. 26, 2021).

[50]     Gensler Remarks.

© 2023 Perkins Coie LLP