On December 23, 2020, the Securities and Exchange Commission (SEC or Commission) issued a statement (Statement) regarding the custody of digital assets that are “securities” under the federal securities laws.¹ The Statement sets forth the Commission’s position that, for a five-year period, certain special purpose broker-dealers² that maintain custody of digital asset securities³ in compliance with certain conditions will not be subject to a Commission enforcement action for compliance with Rule 15c3-3(b)(1) under the Securities Exchange Act of 1934 (the Exchange Act). In addition, to provide insight into best practices, the Commission is requesting comment on specific questions related to the custody of digital asset securities.

The Statement is notable because it provides a path for broker-dealers to maintain custody of digital asset securities. The SEC staff had previously provided guidance that allowed broker-dealers to transact in digital asset securities but only when providing noncustodial services.⁴ While temporary and subject to a number of conditions, the Statement allows broker-dealers to provide for digital asset securities more of the services they provide for traditional securities. Indeed, the Commission acknowledged in the Statement that it “envisions broker-dealers performing the full set of broker-dealer functions with respect to digital asset securities—including maintaining custody of these assets—in a manner that addresses the unique attributes of digital asset securities and minimizes risk to investors and other market participants.”⁵  

The Commission’s Position

The Commission sets forth its position providing time-limited relief from Rule 15c3-3(b)(1) (part of the Customer Protection Rule), which requires a broker-dealer to promptly obtain and thereafter maintain physical possession or control of all fully paid-for and excess margin securities it carries for customer accounts.⁶ Given the unique nature of digital asset securities, questions had arisen about how a broker-dealer could comply with the Customer Protection Rule when transacting in these securities. The Statement recognizes that broker-dealers may not be able to “control” customer fully paid-for and excess margin digital asset securities using the same mechanisms used for traditional securities, and it provides a path for broker-dealers to maintain custody of digital asset securities, while addressing the risks unique to these assets.⁷ In particular, for five years following the publication of the Statement, a broker-dealer complying with the following conditions would not be subject to a Commission enforcement action with respect to compliance with Rule 15c3-3(b)(1). The broker-dealer:

• has access to the digital asset securities and the capability to transfer them on the associated distributed ledger technology;
• limits its business to dealing in, effecting transactions in, maintaining custody of, and/or operating an alternative trading system for digital asset securities;
• establishes, maintains, and enforces reasonably designed written policies and procedures to conduct and document an analysis of whether a particular digital asset is a security offered and sold pursuant to an effective registration statement or an available exemption from registration, and whether the broker-dealer meets these requirements before undertaking to effect transactions in and maintain custody of the digital asset security;
• establishes, maintains, and enforces reasonably designed written policies and procedures to conduct and document an assessment of the characteristics of a digital asset security’s distributed ledger technology and associated network prior to undertaking to maintain custody of the digital asset security and at reasonable intervals thereafter;
• does not undertake to maintain custody of a digital asset security if the firm is aware of any material security or operational problems or weaknesses with the distributed ledger technology and associated network used to access and transfer the digital asset security, or is aware of other material risks posed to the broker-dealer’s business by the digital asset security;
• establishes, maintains, and enforces reasonably designed written policies, procedures, and controls that are consistent with industry best practices to demonstrate the broker-dealer has exclusive control over the digital asset securities it holds in custody and to protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody;
• establishes, maintains, and enforces reasonably designed written policies, procedures, and arrangements to: (i) specifically identify, in advance, the steps it will take in the wake of certain events that could affect the firm’s custody of the digital asset securities, including, without limitation, blockchain malfunctions, 51% attacks, hard forks, or airdrops; (ii) allow for the broker-dealer to comply with a court-ordered freeze or seizure; and (iii) allow for the transfer of the digital asset securities held by the broker-dealer to another special purpose broker-dealer, a trustee, receiver, liquidator, or person performing a similar function, or to another appropriate person, in the event the broker-dealer can no longer continue and self-liquidates or is subject to a formal bankruptcy, receivership, liquidation, or similar proceeding;
• provides written disclosures to prospective customers: (i) that the firm is deeming itself to be in possession or control of digital asset securities held for the customer for the purposes of paragraph (b)(1) of Rule 15c3-3 based on its compliance with the Commission’s Statement; and (ii) about certain risks of investing in or holding digital asset securities; and
• enters into a written agreement with each customer that sets forth the terms and conditions with respect to receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custodying, liquidating, and otherwise transacting in digital asset securities on behalf of the customer.⁸ 

Key Takeaways

The Statement is a significant step forward from prior SEC staff guidance as the Statement provides a path for broker-dealers to maintain custody of digital asset securities. Broker-dealers now have an opportunity to demonstrate compliance with the Customer Protection Rule and to address the risks associated with digital asset securities. In addition, the Commission requests comment on specific aspects of the custody of digital asset securities, including, among others, best practices with respect to protection against theft and loss of digital asset securities, and events that could affect a broker-dealer’s custody of digital asset securities (e.g., hard fork, airdrop, 51% attack).⁹ This provides the industry the opportunity to engage with the Commission and its staff regarding best practices for custodying digital asset securities, by providing public comment with the hope that this insight will inform future rules and Commission action.¹⁰  

One notable condition on which to consider commenting is the requirement for a broker-dealer to “limit its business to dealing in, effecting transactions in, maintaining custody of . . . digital asset securities.” This requirement means broker-dealers that currently engage in both a traditional securities business and a noncustodial digital asset securities business will likely need to create a new broker-dealer to separate these businesses before offering the custodial activities permitted by the Statement. In addition, broker-dealers that currently provide noncustodial services for digital asset securities should consider seeking Financial Industry Regulatory Authority (FINRA) approval to expand their business to provide custodial services, as this type of expansion would likely be considered a material change in business.