Last week, the Staffs of the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) (collectively, the Staffs) released a Joint Statement concerning the application of the SEC’s Customer Protection Rule and other federal laws and regulations to transactions in digital asset securities. The Joint Statement is the result of months of dialogue among the Staffs and industry participants regarding the practical application of the federal securities laws to emerging digital technologies. Nonetheless, it gives no indication as to when FINRA expects to begin working down its backlog of applications from broker-dealers seeking to facilitate markets in digital asset securities.
The Customer Protection Rule
The Joint Statement primarily addresses the application of SEC Rule 15c3-3, the Customer Protection Rule, to federally registered broker-dealers taking custody over their customers’ digital asset securities. The Customer Protection Rule requires broker-dealers to segregate customer assets in specially protected accounts, thereby increasing the likelihood that customers will be able to withdraw their assets even if the broker-dealer becomes insolvent. To comply with the rule, broker-dealers must either physically hold customers’ fully paid and excess margin securities or deposit them at the Depository Trust Company, a clearing bank, or other “good control location” free of any liens or encumberments. This infrastructure additionally protects customers by allowing mistaken or unauthorized transactions to be reversed or canceled.
While the Customer Protection Rule applies to both traditional and digital asset securities, the Staffs advised that broker-dealers taking custody over digital asset securities may need to take additional precautions to respond to unique risks presented by these emerging technologies. For instance, there may be greater risk that a broker-dealer maintaining custody of digital asset securities could become the victim of fraud or theft or could lose the “private key” required to transfer a client’s digital asset securities. Further, another party could hold a copy of the private key without the broker-dealer’s knowledge and transfer the digital asset security without the broker-dealer’s consent. The Staffs noted that an estimated $1.7 billion worth of digital assets was stolen in 2018, of which approximately $950 million resulted from cyberattacks on bitcoin trading platforms. These risks could cause customers to suffer losses and create liabilities for the broker-dealer and its creditors.
The Staffs noted that broker-dealer activities that do not involve custody functions do not trigger the Customer Protection Rule. Examples of such activities include the facilitation of bilateral transactions between buyers and sellers similar to traditional private placements or “over the counter” secondary market transactions. These transactions do not “raise the same level of concern among the Staffs” as do transactions in which the broker-dealer assumes custody over the securities.
Other Federal Regulations
The Staffs advised broker-dealers to consider how distributed ledger technology may impact their ability to comply with broker-dealer recordkeeping and reporting rules. Because transactions in digital asset securities are recorded on distributed ledgers such as blockchains rather than traditional ledgers, broker-dealers may find it more difficult to evidence the existence of these digital asset securities on financial statements and to provide sufficient detail about these assets to independent auditors.
Finally, the Staffs discussed the application of the Securities Investor Protection Act (SIPA) to broker-dealers exercising custody over digital assets. In the event a broker-dealer is liquidated, SIPA gives securities customers first-priority claims to securities and cash deposited with the broker-dealer. However, the Joint Statement notes that SIPA’s definition of “security” is different than the federal securities laws definitions. For example, the definition in SIPA of “security” excludes an investment contract or interest that is not the subject of a registration statement with the Commission pursuant to the provisions of the Securities Act of 1933. Consequently, customers whose digital assets are subject to the Customer Protection Rule and other federal regulations may only have an unsecured general creditor claim against their broker-dealer’s estate in the event their broker-dealer fails. The Staffs found that such outcomes are likely inconsistent with the expectations of investors in digital assets that do not qualify for SIPA protection.
Absent from the Joint Statement is a clear answer to the question at the forefront of many industry participants’ minds: When will FINRA begin approving the dozens of applications of existing broker-dealers and new registrants seeking authority to offer a variety of custodial and non-custodial services with respect to digital assets? Applicants seeking to engage only in non-custodial activities, such as market-making, may be encouraged that the Staffs have indicated that those activities pose the least concern to federal regulators, and, presumptively, may be more readily approved. Nonetheless, the Staffs have given no indication that FINRA will prioritize processing applications seeking authority to provide only non-custodial services currently in its backlog, or when such applications will once again be approved.
Meanwhile, the Joint Statement underscores that considerable uncertainty remains regarding the application of existing laws and regulations to broker-dealer activities involving the custody of digital assets. While the Staffs invite broker-dealers and other industry participants to continue to engage with federal regulators to develop workable methodologies for securely carrying customers’ digital assets, industry participants hoping to get a firm answer as to when secondary market trading in digital asset securities will gain federal regulators’ seal of approval will have to keep waiting.