On July 8, 2019 the U.S. Securities and Exchange Commission (the “SEC”) and the Financial Industry Regulatory Authority (“FINRA”) (both, the “Regulators”) published a Public Statement titled, “Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities” (the “Joint Statement”). The Joint Statement follows many months of discussions with certain digital asset securities industry participants seeking registration with the SEC as broker-dealers.
The Joint Statement noted the Regulators’ discussions with these industry participants have contributed to the Regulators’ ever-evolving understanding of how certain federal securities laws and FINRA rules may affect or be applicable to those industry participants. Many of these discussions were focused on finding a custody solution for digital asset securities that would meet the possession or control standards prescribed in the SEC’s Customer Protection Rule. As a result, the Joint Statement explored the importance and potential applicability of the Customer Protection Rule to industry participants.
SEC Customer Protection Rule
Rule 15c3-3 promulgated under the Securities Exchange Act of 1934, known as the Customer Protection Rule, requires an entity registered with the SEC as a broker-dealer to safeguard customer securities and funds it holds, in order to prevent investor loss or harm in the event of its failure or other disruptive event, such as a cybersecurity hack. The Customer Protection Rule would also apply to broker-dealers engaged in digital asset securities transactions. In their Joint Statement, the Regulators defined the term “digital asset” as an asset that is issued and transferred using distributed ledger or blockchain technology, including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.” According to the Regulators, a digital asset may or may not meet the definition of a “security” under the federal securities laws and, for the purposes of the Joint Statement, a digital asset that is a security is referred to as a “digital asset security.”
The Joint Statement described the ways in which the Customer Protection Rule might apply to certain models of noncustodial broker-dealers and custodial broker-dealers in the digital asset securities industry. As the Joint Statement noted, noncustodial activities of broker-dealers general do not present the same level of risk as custodial broker-dealers and therefore, they are not a priority for the Regulators with respect to the application of the Customer Protection Rule. Custodial broker-dealers, on the other hand, present unique risks and the task of of complying with the Customer Protection Rule is more challenging for them. Notably, the Customer Protection rule requires a broker-dealer to physically hold customers’ fully paid and excess margin securities or maintain them free of lien at a good control location, such as a third-party custodian.
For broker-dealers operating within the digital asset securities space, the Joint Statement noted that “the manner in which digital asset securities are issued, held, and transferred may create greater risk that a broker-dealer maintaining custody of them could be victimized by fraud or theft, could lose a ‘private key’ necessary to transfer a client’s digital asset securities, or could transfer a client’s digital asset securities to an unknown or unintended address without meaningful recourse to invalidate fraudulent transactions, recover or replace lost property, or correct errors.” For example, a broker-dealer may have difficulty determining whether it or its third-party custodian maintains custody of digital asset securities, if the broker-dealer holds its customer’s private key (giving it control over the customer’s securities) but the third-party custodian may also have access to the customer’s private key. As a result, broker-dealers engaged in digital asset securities transactions would require enhanced and alternative methods, technology, and means of securely holding custody of customer cash and digital asset securities.
In addition, the Regulators explored the rules addressing books and records and financial reporting, noting that the very purpose and nature of blockchain technology seeks to upend the methods and means by which industry participants transact and record such transactions. Reliance on blockchain technology to record and report digital asset securities transactions presents novel challenges, including difficulty in reporting private blockchain transactions to third parties, demonstrating the existence of digital asset securities located on private blockchains, and how such information can be presented to auditors during the annual broker-dealer audit.
Finally, the Joint Statement considered the complexities of the application of the Securities Investor Protection Act of 1970 (“SIPA”) to digital asset securities. Specifically, the Joint Statement noted that SIPA protections apply only to those securities meeting the definition of “security” under SIPA, which differs from the definition of “security” under federal securities laws. Accordingly, the SIPA protections would not apply to certain digital asset securities if they do not meet the SIPA definition of “security.” As a result, holders of such digital asset securities would have only unsecured general credit claims against a failing broker-dealer’s estate.
With many industry participants seeking to engage in digital asset security transactions, the Joint Statement provides some helpful clarity, notwithstanding the technological and compliance challenges identified by the Regulators. Industry participants should now begin to evaluate their ability to comply with the SEC broker-dealer requirements based on the guidance from the Joint Statement.