Chief compliance officers (CCOs) at registered investment advisers (RIAs) investing in cryptoassets shouldn’t take the recent no-action letter (NAL) from the U.S. Securities and Exchange Commission (SEC) allowing them to select state-chartered trust companies (STCs) as qualified custodians lightly.
The U.S. regulatory agency’s decision allows RIAs to breathe a sigh of relief they will not be fined if they use a STC to safekeep their cryptoassets. However, they must still do plenty of due diligence to meet the SEC’s checklist, cautioned legal experts. “Advisers that custody [or plan to custody] cryptoassets should treat this moment as an opportunity to review governance, contracts, and documentation,” recommended Lindsay Burkett-St Laurent, senior managing director in the U.S. for IQ-EQ, a Luxembourg headquartered global investor services firm specializing in alternative funds, ultra-high-net-worth individuals and family offices. In her November commentary on the SEC’s NAL, she also noted that fund managers that formalize their policies and refresh their decision-making process will be the best-positioned to succeed in the new favorable regulatory environment for cryptoassets. “While the path forward is now clearer, advisers must still take detailed steps like confirming chartering and supervision, reviewing financials and SOC [Systems and Operations Control] reports, evaluating wallet architecture and key management and considering cyber incident response,” agreed David Adams, a partner in the law firm of Mintz in Washington, D,C. “There is an initial and annual compliance lift through reviews, enhanced vendor oversight, and updated policies and procedures.” SOC is a framework created by the American Institute of Certified Accountants (AICPA), which verifies a firm has appropriate internal operating controls. Wallet architecture refers to the overall design used to store and protect digital assets. It includes how private keys — the secret code to accessing an account — are generated as well cybersecurity protection and response measures.
In its NAL dated September 30, 2025, the SEC’s Division of Investment Management told the law firm of Simpson Thacher & Bartlett that the U.S. regulatory agency would not penalize a RIA for selecting a STC to safekeep cryptoassets if five criteria were met. The NAL marked the first no-action guidance for the cryptomarket developed by the SEC unit governing registered investment advisers and registered funds fund from the SEC In providing badly needed clarity for cryptocustody, the SEC’s division defined cryptoassets as assets that are “digital representations of value that are recorded on a cryptographically secured distributed ledger.” In her statement supporting the no-action letter, SEC Commissioner Hester Peirce stated that the no-action letter covers “in addition to the crypto assets that are native to crypto networks and applications and may be subject to the custody provisions, equity or debt securities that have been formatted as cryptoassets on a crypto network (commonly known as tokenized securities).” Commissioner Peirce heads up the SEC’s Crypto Task Force, launched in January 2025, to develop the Commission’s more lenient strategy on cryptoasset regulation.
The SEC said that it wants a RIA to have a “reasonable basis” to believe an STC is authorized by a state regulator to provide crypto custody services and that the STC it chooses, maintains, and implements written internal policies and procedures reasonably designed to safeguard cryptoassts from theft, loss or misuse. The RIA must also confirm that the potential service provider’s most recent annual financial statement has been audited by an independent public accountant and prepared in accordance with Generally Accepted Accounting Principles (GAAP), a set of U.S. accounting rules used to ensure comparable financial results across companies. In addition, a STC must provide a SOC-1 or SOC-2 certification. A SOC-1 report indicates a firm has the right strategy to produce correct financial reports. SOC-2 certification indicates that a firm can protecting assets from a cybersecurity breach. A RIA’s written agreement with a STC must state that the STC will not lend, pledge or rehypothecate any cryptoassets without the fund manager’s consent and any cryptoassets must be segregated from the assets of the STC. Lastly, an RIA must prove that selecting a particular STC is in the “best interest” of the fund it manages and its shareholders.
Market Institutionalization
The SEC’s long-awaited NAL comes as cryptoassets are starting to attract attention from mainstream financial players such as pension plans, foundations and sovereign wealth managers. The Seventh Annual Global Crypto Hedge Fund Report just released by the London-based Alternative Investment Management Association (AIMA), the global trade group for the hedge fund industry, found that about 55 percent of the 122 hedge fund managers surveyed had some exposure to digital assets, reflecting a steady institutional shift towards the asset class despite market volatility. That’s an eight percent increase from the 42 percent reported in the organization’s 2024 survey. Traditional hedge fund managers are investing in derivatives rather than digital assets directly to fulfill hedging strategies. Pure cryptohedge funds are also experiencing significant growth with the most popular assets held being Bitcoin (BTC), Ethereum (ETH) Solana (SOL), and Ripple (XRP). According to the AIMA’s survey, SOL is showing the largest hike in interest with Rothschild Investment LLC and PNC Financial recently disclosing their holdings in the Volatility Shares Exchange-Traded Fund (SOLZ). The ETF invests in SOL directly and through derivatives. Greyscale Investments and Tuttle Capital have also filed with the SEC to create exchange-traded funds focused on Cardano (ADA) and XRP. Among institutional investors surveyed, about two-thirds have allocated some of their funds to digital assets while 41 percent said they would do so if regulatory oversight were clarified. That oversight includes defining which cryptoassets are securities and their safekeeping requirements.
The “custody rule” of the Investment Company Act of 1940 and the Investment Advisers Act of 1940 requires registered funds and registered fund managers respectively to select a qualified custodian to safekeep investor assets. National banks, broker-dealers and futures commission merchants easily fit the definition of qualified, but STCs might not. A STC is supervised by a state banking authority and does not take deposits of cash insured by the Federal Deposit Insurance Corporation (FDIC). Popular cryptocustodians falling into the category of STC include Anchorage Digital, BitGo Trust, Coinbase Custody Trust, Two Ocean Trust, and Paxos Trust. Coinbase, and Paxos follow New York State’s banking regulations while BitGo follows South Dakota’s regulations. (Anchorage Digital is the only crypto-native STC governed by the Office of the Comptroller of the Currency (OCC) as a federally chartered bank). Two Ocean Trust follows Wyoming law. (Ripple is not a state-chartered trust company, but in August 2025 it applied to the OCC for a national trust bank charter as Ripple National Trust Bank). In its recent commentary on the SEC’s NAL, the law firm of McDermott Will & Schulte representing Two Ocean Trust said that the Commission has “broadly adopted the custodial standards promulgated in the Wyoming Digital Asset Framework.” That’s the 2020 legislation governing the cryptoasset industry in that state.
Until now RIAs which selected STCs to safekeep their cryptoassets may have been uncertain about whether it met the definition of a bank under both 1940 Acts because of the SEC’s important caveat. The STC must have a “substantial portion of its business consisting of receiving deposits or exercising fiduciary powers similar to those permitted by national banks under the authority of the OCC. The phrase “substantial portion” was never clearly defined and the SEC has spent the past five years downplaying the role of STCs in the cryptomarket. In 2020 the SEC announced it would not endorse the decision made by the Wyoming Division of Banking to recognize Two Ocean Trust as a qualified custodian for cryptoassets and sought public comment on whether STCs should be considered equivalent to banks for the purpose of becoming qualified custodians. Subsequent SEC decisions appeared to favor banks and broker-dealers. On January 23, 2025, the SEC rescinded Staff Accounting Bulletin 121, making it easier for banks to offer cryptocustody under traditional regulatory protections. In June 2025, the SEC and broker-dealer watchdog Financial Industry Regulatory Authority (FINRA) also withdrew their July 2019 joint statement warning broker-dealers they may not be able to comply with federal securities laws, such as customer protection rules, when safekeeping cryptoassets. By June, the SEC had decided to withdraw its decision to seek industry feedback on the status of STCs as qualified custodians paving the way for its NAL.
The SEC’s new stance also followed its decision to withdraw a proposed amendment to the “custody rule” which the cryptoindustry believed would have made it more difficult for fund managers to select a cryptocustodian. Although former SEC Chairman Gary Gensler praised the potential changes to the “custody rule” and indicated that the providers of cryptoasset custody could not meet the definition of qualified custodians, industry feedback as indicated in an article published in FinOps Report in July 2023, was critical on the grounds the new rules were impractical and costly for all custodians to follow. The SEC’s new NAL deals strictly with cryptoassets and does not change any provisions of either the Investment Act of 1940 or the Investment Advisers Act of 1940 when it comes to safekeeping investor assets. The requirements RIAs must meet to obtain regulatory relief converge with foreign standards for cryptoasset custodians such as the European Union’s Markets in Crypto Assets Regulation (MiCA) and a May 2025 consultation paper published by the UK’s securities regulator Financial Conduct Authority (FCA) calling for cryptocustodians to have operational resilience and segregation of investor assets from their own.
CCOs Reaction
A dozen CCOs at RIAs contacted by FinOps Report said that the SEC’s NAL codified “much” of their existing practice. However, because the Commission took a principles-based approach, fund managers must still document their selection and oversight of cryptoasset custodians. As a result, the CCOs are asking their external counsel for advice on how their current agreements match up with the SEC’s caveats. “The SEC doesn’t provide any specifics for what fund managers should look for in a qualified custodian,” said one CCO speaking on condition of anonymity. “The SEC only requires that a fund manager verify that the custodian have the appropriate means to protect client assets and funds from theft or misuse.” Deciding whether that condition exists is a bit subjective without any details on the exact technology which must be used.
Four of the dozen CCOs, who declined to be identified, acknowledged that their audits have uncovered that were remiss on at least one of the SEC’s requirements in its no-action letter. When pressed to specify which one, they responded it was receiving a financial statement following GAAP. “We do so for the parent firm, but not always for the subsidiary,” said one CCO. All of the CCOs were also concerned about whether they could justify using a particular custodian as being in the “best interest” of the firm. “We make the best choice based on the options we have and there is plenty of overlap among the providers,” said another CCO. “We just have to pray we did the right thing.” At issue is that the SEC’s NAL did not address what happens if a STC were to go bankrupt. Unlike traditional banks, RIAs using STCs cannot benefit from the FDIC’s insurance program and if a RIA’s assets were comingled with those of the STC, the RIA could be considered an unsecured creditor becoming the last in line to be paid from the bankruptcy estate. Even if a RIA can prove its claim, recovery is painstakingly slow and the reimbursement is set at the value of the cryptoassets at the time the bankruptcy is filed. As a result, a fund’s investors could lose out on any appreciation as shown in the case of FTX’s bankruptcy in November 2022. Former FTX CEO Sam Bankman-Fried, sentenced to a 25-year jail term, admitted to unknowingly commingling funds between FTX and sister company Almeda Research but denied any wrongdoing. A November 9, 2025 update offered by Sunil Kavini, a representative of FTX’s creditors, highlighted that so far FTX has only distributed USD$7.1 billion of the estimated USD$16.5 billion available. The real recovery rate could range from 9 percent to 46 percent when adjusted for current cryptoprices; as FinOps went to press Bitcoin was valued at close to USD$100,000.
Even with the Commission’s new relief, fund managers shouldn’t get too comfortable for too long. “According to its Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, the SEC is focusing on revisiting the custody agreements of both registered investment advisers and registered funds so the [No-Action} Letter may portend additional useful changes with respect to the custody of Crypto Assets,” wrote the law firm of Morgan Lewis in its commentary. The agenda, stated by current SEC Chairman Paul Atkins, includes rule changes on the road to the safe issuance, custody, and trading of cryptoassets.
A 2028 change in administration in Washington, D.C. could spell a return to stricter oversight of the cryptoindustry with a rules-based regime designed to protect investors rather than to promote innovation. In the meantime, the SEC doesn’t have its house in order. “The SEC is ideologically split with Commissioner Peirce welcoming the move as bringing crypto out of the gray zone and Commissioner Crenshaw warning it pokes holes in core protections.” explained Mintz’s Adams. “Thus. some uncertainty about the future will persist until the SEC finalizes more comprehensive rulemaking to modernize the adviser custody rules.” In criticizing the SEC’s NAL, Commissioner Caroline Crenshaw noted in her statement that unlike national banks, STCs are subject to an inconsistent hodgepodge of less rigorous rules and less oversight.”
Chris Kentouris
New York City
KentourisC@gmail.com
917.510.3226
Accounting# AICPA# AlternativeInvestmentManagementAssociation# Bitcoin# Compliance# FundCompliance# FundOperations# Crypto# Cryptoassets# Cryptocustody# Cryptoindustry# Custody# Dechert# DueDiligence# Ethereum# GAAP# GenerallyAcceptedAccountingPrinciples# Greyscale# Hedgefunds# MorganLewis# No-ActionLetter# Regulation# QualifiedCustodian# Ripple# SEC# SECAdvisersAct# SECChairmanGensler# SECChairmanAtkins# SECCommissionerCrenshaw# SECCommissionerPierce# SECInvestmentCompanyAct# SecuritiesandExchangeCommission# SOC-1# SOC-2# Solana# SOLZ# TuttleCapital# XRP#
Image Designed by DionnRenee.com, © 2025 DionnRenee, published in FinOps Report
Leave a Comment
You must be logged in to post a comment.