SEC/FINRA Issue Joint Guidance on Broker-Dealer Custody of Digital Assets
In Short
The Situation: In a recently released joint statement ("Statement"), the Staffs of the U.S. Securities and Exchange Commission's ("SEC") Division of Trading and Markets, and the Financial Industry Regulatory Authority ("FINRA") (together, "Staffs") shared their views about the application of the U.S. securities laws and SEC and FINRA rules to broker-dealer custody of "digital asset securities."
The Result: The Statement identifies several issues that broker-dealers participating in digital asset securities trades must consider, including, most notably, the custodying of such assets. However, the Statement does not provide sufficient guidance for broker-dealers to custody digital asset securities with certainty that they are in compliance with the possession or control requirements of the SEC's Customer Protection Rule.
Looking Ahead: Broker-dealers operating in this space should note that the Statement makes clear that digital token custody and trading must fit within the existing SEC and FINRA regulatory framework. As such, broker-dealers should seek guidance from experienced counsel in understanding how digital asset securities trading can comply with existing regulations.
On July 8, 2019, the Staffs jointly released the Statement describing how the federal securities laws and SEC and FINRA rules apply to broker-dealer custody of digital asset securities. The Statement identifies several important questions that broker-dealers participating in digital asset securities transactions should consider, including their existing regulatory obligations under the SEC's Customer Protection Rule, recordkeeping and financial reporting rules, and the Securities Investor Protection Act of 1970 ("SIPA"), as amended.
Notably, the Statement does not provide clear guidance regarding how broker-dealers can comply with applicable rules when custodying digital asset securities. Moreover, the Statement "is not a rule, regulation, guidance, or statement" of the SEC or FINRA, and "does not alter or amend applicable law and has no legal force or effect." Accordingly, firms are left to carefully evaluate how their digital asset securities trading activities can comply with those requirements under the backdrop of a continuously evolving legal landscape.
Customer Protection Rule
According to the Statement, broker-dealers intending to custody digital asset securities must comply with the Customer Protection Rule, designed to prevent broker-dealer firms from misallocating or misusing customer funds or securities in their possession. It also requires firms to maintain physical possession or control of their customers' fully paid for and excess margin securities, or keep them unencumbered by liens at a suitable "control location." The Staffs noted the increased risk of fraud, theft, and error that may exist when a firm holds custody of digital asset securities. A firm must consider such risks when determining how it, or a third-party custodian, can custody digital asset securities traded on a blockchain or other distributed ledger technology. The Statement notes, for example, that merely possessing a private key may not be enough to show that the broker-dealer has "exclusive control" of an asset. Likewise, holding a private key may not be sufficient to permit the reversal or cancellation of erroneous transactions.
Recordkeeping and Financial Reporting
Under the SEC's broker-dealer recordkeeping and reporting rules (SEC Rules 17a-3, 17a-4, and 17a-5), broker-dealers must, among other things, maintain current ledgers of their assets and liabilities, records and share counts of all securities carried by the firm for its customers, as well as file financial reports including net capital and reserve formula computations.
The Statement points out that broker-dealers considering the use of distributed ledger technologies should consider whether the nature of the blockchain could make it difficult to evidence the existence of digital asset securities for books-and-records and financial reporting purposes, which in turn may affect the firm's auditor's ability to perform an adequate audit. In this respect, the Statement implies that a broker-dealer's use of blockchain technology to meet these obligations could be problematic, but stops short of stating that they should not do so.
SIPA Coverage
Under SIPA, if a broker-dealer fails, customers are protected from losses. The Statement warns, though, that if a digital asset is not deemed a security under SIPA, holders of those digital assets are likely not afforded SIPA protections. That means they would only have unsecured general creditor claims against the estate of the failed broker-dealer. Furthermore, if a firm does not hold a customer's digital assets in its possession or control, those assets may not be able to be returned to the customer upon the firm's failure. The Statement notes that this result is likely contrary to customer expectations.
Control Location
Firms have sought guidance from the Staffs regarding the proposed use of an issuer or transfer agent as a "control location" to comply with the Customer Protection Rule's possession or control requirements for digital securities. As proposed, such an arrangement could involve uncertificated securities for which an issuer or transfer agent maintains a traditional master security-holder file and publishes, as a courtesy, the ownership record on a distributed ledger. (In this situation, the distributed ledger is not represented to be the authoritative share record.)
In the Statement, the Staffs neither approved nor disapproved this type of arrangement for control location purposes. Rather, if a broker-dealer proposes to use such an arrangement, the SEC staff says that it will consider a request that the issuer or transfer agent be considered a good control location for digital securities under Rule 15c3-3 (although it provides no guidance as to the factors such a request should address). The Statement implies, however, that the blockchain or other distributed ledger technology itself would not be a suitable control location for digital securities and therefore may not be usable as the sole stock register.
Three Key Takeaways
- The Statement does not provide definitive guidance that will allow firms to be confident that they have structured their digital asset securities activities in compliance with regulatory requirements. Instead, the Statement poses numerous Staff concerns but does not provide clear-cut answers.
- It is also clear that the Staffs are not ready to recognize the blockchain or other distributed ledger technology alone as a good control location for uncertificated securities.
- Finally, while the Statement describes how some firms have structured their businesses, it neither approves nor disapproves those structures, leaving those firms and others that seek to model a compliant structure in regulatory limbo.