In a White House news conference Monday, July 15, Treasury Secretary Steven Mnuchin expressed serious concerns about cryptocurrency and digital investments and raised national security implications of large technology companies creating their own coin. On July 11, President Trump tweeted, “I am not a fan of Bitcoin and other Cryptocurrencies, which are not money, and whose value is highly volatile and based on thin air. Unregulated Crypto Assets can facilitate unlawful behavior, including drug trade and other illegal activity….”

The sudden attention to cryptocurrency and digital assets is striking after a few years of uncertainty and a fragmented regulatory environment that has left many investors vulnerable to fraudsters, hacking, lost passwords and unrecoverable assets in blockchain investing. The natural result of a “distributed ledger” is that it is decentralized. A coin offering from the Decentralized Autonomous Organization (the DAO) raised significant proceeds only to be hacked for $70 million.1 A CEO dies with the sole password to $200 million in crypto assets, leaving clients in the cold.2 Few of the traditional investment protections exist in the blockchain and crypto-investing world.

In an effort to control these risks and to protect the investing public, and to provide greater clarity to the large number of market entrants from outside the traditional investment space, the SEC and FINRA have published useful clarifications on client asset custody. On July 8, 2019, the joint staffs of the SEC’s Division of Trading and Markets and FINRA published a statement on broker-dealer custody of digital asset securities (the Public Statement) that included discussion on the following topics:

  • How the SEC’s existing Customer Protection Rule3 might apply to custodial and noncustodial broker-dealers in the digital asset securities industry;
  • The potential impact of distributed ledger technology (e.g., blockchain) on broker-dealer recordkeeping and reporting rules; and
  • Concerns the agencies have regarding compliance with the Securities Investor Protection Act of 1970, as amended (SIPA) regarding customer protection in regard to digital asset securities.

The Public Statement offered new guidance for both custodial and noncustodial4 broker-dealers who have applied for new or expanded broker-dealer applications to include digital asset securities. Several applications have been received that offer varying treatment on the important questions of asset custody and customer protection. The Public Statement is an attempt to synthesize the guidance applicants and the market as a whole are receiving and to prevent further examples of fraud and customer asset loss resulting from failure to employ best practices.

Noncustodial Broker-Dealers

On the one hand, the agencies noted that noncustodial activities involving digital asset securities generally do not raise the same level of concern among the staffs of the SEC and FINRA, provided that the relevant securities laws and other legal and regulatory requirements are followed. The joint staffs provided three helpful examples of these types of noncustodial broker-dealer activities, whereby an exemption to the Customer Protection Rule might apply:

  • Where the broker-dealer sends the trade-matching details to the buyer and issuer of a digital asset security, and the issuer settles the transaction bilaterally between the buyer and issuer, away from the broker-dealer;
  • Where the broker-dealer facilitates an “over the counter” secondary market transaction, whereby the buyer and seller complete the transaction directly without the securities passing through the broker-dealer facilitating the transaction; and
  • Where the broker-dealer, in a secondary market transaction, introduces a buyer to a seller of digital asset securities through a trading platform where the trade is settled directly between the buyer and seller.

Custodial Broker-Dealers

On the other hand, custodial broker-dealers do present a more challenging task in determining the application of securities rules—in particular, the Customer Protection Rule—within the digital asset securities and cryptocurrency/token space.

The Customer Protection Rule requires broker-dealers to safeguard customer assets, keep customer assets separate from the firm’s assets, and maintain the physical possession or control of fully paid digital asset securities. Alternatively, where the broker-dealer does not maintain possession of the customer’s digital asset securities, the broker-dealer is required to hold or maintain custody of the securities free of lien in a good “control location.” Examples of good control locations include banks, issuers and transfer agents. Officials are concerned that a record $1.7 billion in digital assets were stolen or hacked in 2018, reversing a 50-year track record of customer protection of assets held in custody by broker-dealers. The manner in which digital asset securities are issued, held or transferred has created a greater risk that broker-dealers could suffer from fraudulent third-party transactions, cyber theft and loss of digital asset property via “private keys,” which are required to transfer digital asset securities and to establish custody of a digital asset security. The staffs acknowledge that market participants wishing to have custody digital asset securities have to deal with the challenges of complying with broker-dealer financial rules while the laws applicable to these digital asset securities continue to develop.

Additionally, the Public Statement considers books and records and financial reporting where broker-dealers are required to make and keep current ledgers reflecting all assets and liabilities. The Public Statement also considered a securities record reflecting each security carried by the broker-dealer for its customers, and all differences determined by the count of customer securities in the broker-dealer’s possession or control compared with the routinely prepared financial statements. The joint staffs did consider that the characteristics of distributed ledger technology, and digital asset securities in general, make it difficult for a broker-dealer to evidence the existence of digital asset securities for purposes of the broker-dealer’s regulatory books, records, financial statements and supporting schedules. Regardless, the Public Statement cautions broker-dealers to consider how the nature of the technology will impact their compliance with such recordkeeping and reporting rules.

The Public Statement also raises concerns and risks regarding SIPA’s application to digital asset securities. Under SIPA, securities customers have first priority claims to cash and securities held by a broker-dealer that becomes insolvent. Generally, SIPA protections apply to a “security” as defined in SIPA, which differs from the definition of “security” under federal securities laws. As a result, holders of digital asset securities would have only unsecured general creditor claims against the broker-dealer’s estate, but not a valid SIPA insurance claim like they would for traditional stocks and bonds that are lost. Further uncertainty exists regarding when and whether broker-dealers hold a digital asset security in its possession or control. This would create a greater risk that customers’ securities will not be returned in the event of a broker-dealer insolvency. As a result, the staffs have considered and discussed the impending gap in customer protection for holders of digital asset securities.

Why it matters

The Public Statement is significant for several reasons:

  • Consistent with prior guidance, we see the regulators less concerned with brokerage activities involving crypto securities that do not “touch the assets.” Third-party and over-the-counter “matchmaking” services that are likely engaged in brokerage activities when they charge “transaction-based compensation” and set the terms for the sale of securities between two parties do not, as they do not in the traditional securities context, give rise to the requirement that a broker act as a qualified custodian.
  • Regulators are reminding brokers and broker-applicants that the Customer Protection Rule applies to all securities transactions, including crypto and digital securities. While digital securities create much excitement and potential for wealth, the industry has been tormented with tales of woe from its inception relating to the fact that it is decentralized, uncontrolled and unforgiving. Assets are hacked and cannot be recovered; passwords are lost and assets are not recoverable; counterparties often are not known entities, but a series of 1s and 0s and #s. More control must be asserted by custodians in this situation to counteract the possibility of customer asset loss because of fraud or negligence.
  • The Public Statement is intended to guide applicants looking to act as a broker-dealer with respect to transactions in crypto assets. Some market participants in digital assets and cryptocurrency are not regulated by the SEC or FINRA either because (i) they do not believe the assets in the transactions are “securities,” or (ii) they are not subject to the broker-dealer rules because their activities do not meet the definition of a “broker” under Section 15 of the Exchange Act. In other words, they are not offering securities “of another.”

One thing is clear—there will be significant action and statements from regulators and public officials in the weeks to come.

To read the Public Statement, click here.