The US Securities and Exchange Commission’s decision to give broker-dealers a five-year reprieve from any regulatory sanctions to custody digital security assets in a trial run under limited circumstances isn’t all that sound, caution some broker-dealers, cryptoasset market players, and legal experts.
While praising the SEC’s effort, respondents to the SEC’s request for feedback and others discussing its stance announced late last year suggest that the regulatory agency’s condition that broker-dealers wanting to safekeep digital asset securities separate those assets in a special purpose company isn’t practical. What’s more, some of the SEC’s other provisions need clarification. The SEC doesn’t think the risks of custody of digital asset securities can be ringfenced from traditional securities in a full service broker-dealer so special purpose broker-dealers (SPBDs) must be created. In its announcement in December 2020, the SEC said that the restriction to safekeeping digital asset securities within SPBDs only will allow broker-dealers to avoid any SEC sanctions that could arise if the firm engaged in activities involving non-security digital assets not expressly governed by the SEC’s customer protection rule. The SEC also asked for feedback on best practices, technological systems, and settlement mechanisms, as well as whether it should allow for the custody of digital assets by businesses that also hold traditional securities such as stocks or bonds.
The SEC’s move comes amidst much industry concern as to when the regulatory agency would finally provide some badly needed guidance on what broker-dealers should do if they want to safekeep digital assets. Regulatory uncertainty, regulation by enforcement, and inconsistent interpretations on which financial entity can safekeep digital security assets under which conditions has hampered institutional investment in the crypto market, say legal experts. In July 2019, the SEC cautioned that it was worried about the safekeeping of digital assets, but offered no safe harbor leaving other regulators to come up with a solution. Wyoming devised its own regulations governing the custody of digital assets and gave its blessings to a few financial firms such as Kraken, Avanti, and Two Ocean to become special-purpose depositories and serve as digital asset custodians while fulfilling the SEC’s “custody rule” for investment advisors. That rule requires a registered investment advisor to select a “qualified” custodian to safekeep its assets. South Dakota and New York granted “trust-company” status to companies wanting to act as custodians for digital assets such as Anchorage, BitGo, Coinbase, Kingdom Trust and Paxos; however, it remained unclear whether that designation would fit the SEC’s definition of a qualified custodian since the SEC never explicitly said so. In July 2020 the Office of the Comptroller of the Currency issued an interpretative letter allowing national banks to become custodians for digital assets and issued a few conditional charters. The SEC refused to back Wyoming’s decision saying it was not bound by the state’s decision and did not comment on the OCC’s announcement. With industry pressure mounting, the SEC was ultimately forced to issue a statement of a framework for how SPBDs can custody digital security assets. The SEC is free to revoke the framework at the end of five years after April 27, 2021.
The SEC’s framework does not explicitly state whether following the guidelines in its statement means that a broker-dealer has fulfilled the status of “qualified custodian” under the SEC’s custody rule. Satisfying the customer protection rule appears to be at the crux of the SEC’s guidelines for how broker-dealers can become custodians of digital asset securities. A key requirement of Rule 15c3-3 is that broker-dealers have physical possession or control of securities. Among the provisions broker-dealers must follow to safekeep digital security assets beyond becoming SPBDs is to prove to investors they have written policies and controls to establish exclusive control over the digital security assets and to protect them against theft, loss, or unauthorized use of the private keys. That is the code for accessing the assets. Broker-dealers must also disclose to investors the risks of investing in digital security assets, such as valuation, liquidity, and potential theft as well as the fact the digital security assets may not be protected by the Securities Industry Protection Corporation (SIPC), the way traditional brokerage securities accounts are.
Respondents to the SEC’s request for comment about its statement on the custody of digital security assets and others who spoke with FinOps Report were quick to poke holes at the regulatory agency’s presumptions about the riskiness of digital security asset custody, hence the need for separate SPBDs. “There is no basis for the SEC to make the assertion that the custody of digital security assets is riskier than for traditional assets,” Matthew Comstock, a partner at the law firm of Murphy & McGonigle tells FinOps Report. In his letter to the SEC dated April 7, Alan Konevsky, chief legal officer of tZERO Group, a finech company and owner of broker-dealer subsidiaries that offer an alternative trading platform with blockchain functionality agrees. noting the SEC’s flawed logic. “The [SEC] draws a parallel between the risks associated with digital asset securities and the risks associated with non-digital assets, including those that are offered and traded on offshore venues. While both types of assets look to leverage digital infrastructure, the differences in their DNA are critical. Digital asset securities are not anonymous bearer instruments like non-security digital assets that change hands on a range of domestic and foreign venues, liquidity pools and through other transactions,” he writes.
In its May 20 letter to the SEC, the broker-dealer trade group Securities Industry and Financial Markets Association argues that regardless of whether assets are digital or traditional, the risk of loss, hacking, or theft can be reduced by technology- appropriate methodology. The digital assets themselves can also be designed so that issuers can replace, reissue, or reassign them in case of erroneous transactions, theft or lost keys. In its letter to the SEC dated April 5, the Washington DC-based digital asset trade group Digital Chamber of Commerce also asserts that using blockchain is actually a sound way of fulfilling securities regulations because of its enhanced accountability and real-time transformation gathering. “Blockchain technology enables broker-dealers to fully comply with their recordkeeping and reporting requirements by allowing firms to evidence the existence and ownership of digital asset securities through the audit process,” writes Amy Davine Kim, chief policy officer.
Restricting the custody of digital security assets to SPBDs which only deal only with such assets is not in the best interests of investors, argues SIFMA. Investors would need to open accounts with different broker-dealers and the restriction could “create an artificial distinction” that would be challenging for both issuers and investors as they may not be able to clearly distinguish digital assets from traditional assets. Creating a separate SPBD will also be a cost-prohibitive endeavor for broker-dealers, say respondents to the SEC’s request for comment and others. “The SPBD will require a compliance director, two FINRA Series 24 licensed directors and one Series 27 licensed FinOP with no guarantee that the SEC will allow the business to operate past the five-year test period,” Marlon Paz, a legal counselor to several cryptoasset companies and head of the broker-dealer practice with the law firm of Mayer Brown tell FinOps Report. He questions how any broker-dealer will be able to operate for five years with no return on investment. “The market and innovation the [SEC’s] statement rightly seeks to fuel will suffer,” says tZERO Group’s Konevsky in his letter to the SEC.
What should the SEC do instead? Let broker-dealers address the risks of digital assets as they see fit without creating a separate SPBD is the consensus. “Different market, credit, liquidity, operational, and regulatory risks could be better mitigated if broker-dealers are instead required to implement effective risk and control frameworks for these businesses that are integrated with their enterprise-wide risk management programs,” writes the Digital Chamber of Commerce’s Kim in her letter to the SEC. “This would enable broker-dealers to benefit from converged and streamlined enterprise risk management processes applied consistently across holistic organizations.” In his letter to the SEC, Charles De Simone, vice president of technology and operations for SIFMA calls on the regulatory agency to allow broker-dealers to use a principle-based approach with the “ability to evaluate what digital asset securities they will support taking into consideration relevant operational risks and regulatory requirement related to the technology underlying the digital asset security.” Comstock agrees. “Why not have broker-dealers evaluate each digital asset security separately to address its riskiness and procedures,” he says.
Paz suggests that broker-dealers would be better off if the SEC were to create a pilot program for a limited number of existing broker-dealers, or broker-dealer applicants whose applications have been pending, to safekeep a select number of digital security assets. “While digital assets are risky and investor protection rightfully should be the top priority there are numerous traditional assets that are also risky including junk bonds,” he explains. Paz’s proposed alternative mimics the SEC-approved pilot program for the settlement of digital assets operated by Paxos. The standard-setting Association of Digital Asset Markets (ADAM), which represents exchanges and custodians in the cryptoasset market, argues that broker-dealers should be able to custody digital securities using a modified version of the customer protection rule. “Through a combination of customer disclosures and customer agreements including potentially subordination agreements, a broker-dealer can segregate a customer’s traditional securities positions from the customer’s digital assets in a manner in a manner that will insulate customer assets from one another in the event of liquidation or insolvency event on the part of the broker-dealer,” writes Michelle Bond, chief executive of ADAM, in her April 27 letter to the SEC. “Such an approach would be a natural extension of the conditions contained in the custody agreement that a digital broker-dealer disclose to customers the risks associated with holding digital assets and that customer agreements account for those risks.” ADAM’s members include Anchorage Digital, BitGo, Paxos, and Symbiont with the law firms of Morgan Lewis, DLA Piper, and DLx Law as partners.
Should the SEC proceed with its requirement that broker-dealers create SPBDs to custody digital security assets, those SPBDs should be allowed to use non-security digital assets to fund and settle transactions in digital asset securities and to conduct non-security digital asset business, say some respondents to the SEC’s request for comment. “The SEC’s statement provides the industry a five-year incubator to assess the viability of digital asset securities,” writes Konevsky. “Such an investment cannot be properly made if market participants are using legacy technology for the cash funding and settlement phase of a digital asset security lifecycle. Real-time settlement is a critical benchmark and benefit of the digital asset securities ecosystem. It cannot be meaningfully achieved if traditional fiat currency and banking systems are still driving the settlement of the cash leg of securities transactions on the current timetable.” Traditional equities and fixed-income transactions settle on a T+2 timetable, or two days after a trade is executed.
Operational efficiencies aside for settling digital asset securities transactions in non-security digital assets, it may also lessen the utility of, or compromise the integrity of digital asset securities transactions blockchain-based records if fiat currency is used for settlement, say respondents to the SEC’s request for comment. “If the cash leg of the transaction occurs through legacy systems the blockchain record will either be incomplete (if it only records the securities leg of a transaction) or exposed to heightened risk of potential error, data loss or manipulation (if the operational process for copying the governing record of the cash transfer to the blockchain experiences a disruption or error),” writes Konevsky. “In addition, multiple sets of records that either exist in parallel or have to be reconciled increase the potential for security breaches and other illicit activities.”
SPBDs can just as easily comply with the customer protection rule for non-security digital assets as they would for digital security assets, argues Konevsky, based on the “prudent compliance architecture” the SPBD must implement for digital asset securities, in conjunction with other security measures suggested in his letter to the SEC for non-security digital assets. Those measures include reasonably-tailored security measures for the private key controlling access to the wallet address that is the recorded owner of the customer’s non-security digital assets. The non-digital security assets may use different techniques depending on the nature of the asset to which the key provides access. SPBDs would also not facilitate any transaction in non-security digital assets if material security or operational problems arose on an applicable network. The SPBD would have policies and procedures in place to address, among other things 51 percent attacks, airdrops, and hard forks. Konevsky suggests alternative protections for holders of these non-security digital products, such as insurance.
Broker-dealers which decide to become SPBDs also shouldn’t be responsible for deciding whether an asset falls under the definition of a digital security, according to the Digital Chamber of Commerce. “In our view, the Commission has yet to provide a clear and efficient framework that will allow issuers and market intermediaries to properly analyze when a digital asset that is not an intended digital asset security should be deemed to be a security and vice versa,” writes Kim. “Until such binding rules are promulgated it is problematic to require a broker-dealer seeking to custody digital assets or securities or settle transactions utilizing a non-security digital asset take on that burden and associated risk.” The issuer, or its legal counsel, should decide whether or not a digital asset is a security. If the SPBD must take that task the SEC should give it a safe harbor from any regulatory action if it disagrees with its decision, according to the Digital Chamber of Commerce. “The SEC has come up with the so-called Howey test, but that is aimed at helping issuers figure out when a digital asset is not a security and does not have to register the offering with the SEC,” says Comstock. “The SEC is now telling SPBDs have to figure out when a digital asset is a security.” He believes that the SEC should allow SPBDs to make a “reasonable analysis” of whether a digital asset is a security. The Howey test refers to a 1946 Supreme Court ruling setting the criteria to determine whether a transaction qualifies as an “investment contract” and therefore would be considered a security subject to the SEC’s disclosure and registration requirements. The SEC has said that, based on the Howey test, Bitcoin does not qualify as a security, but tokens issued in initial coin offerings do.
Among the cryptoasset market’s other concerns with the SEC’s announcement on the custody of digital assets is its broad definition of a digital asset as an asset either issued in a distributed ledger platform or transferred through distributed ledger technology. If that is the case what happens when a security only “tangentially” interacts with a blockchain platform as would take place when issuers have arranged for a “carbon copy” of the stockholder register to be made visible on either public or private blockchains, questions the Digital Chamber of Commerce. The trade group believes that occurrence should not cause the asset to be defined as a digital asset. “The Commission should clarify that traditionally represented book-entry securities that have non-controlling blockchain components are not digital assets for the purposes of the statement since these traditionally issued securities do not represent new risks for investors,” writes Kim.
Given the difficulties of setting up an SPBD, say respondents to the SEC’s request for comment, the SEC should allow broker-dealers trading in digital assets to select a third-party custodian such as a bank, transfer agent, or clearing agency to safekeep digital assets. “The SEC should confirm that a broker-dealer is not required to custody digital assets itself, rather it can hold such securities at control locations set out in paragraph [C] of Rule 15c3-3,” writes tZERO Group’s Konevsky. “Because the broker-dealer would not itself custody its customers’ digital asset securities, it would not be an SPBD within the meaning of the SEC’s statement,” he believes. “The SEC would have a difficult time challenging a broker-dealer’s decision to use a bank to maintain custody or control over digital asset securities as long as the bank follows the OCC’s guidance,” says Comstock. In its letter to the SEC, ADAM also requests that the SEC clarify that broker-dealers can comply with the customer protection rule if they pick a bank chartered by the OCC or a state-chartered bank to safekeep digital asset securities.
No one expects an avalanche of applications to hit FINA’s desk any time soon. Any entity that intends to operate as an SPBD will have to complete a new member application (NMA), confirms a spokesman for FINRA. The broker-dealer regulatory agency will likely be forced to confer with the SEC on whether each applicant can meet the requirements of the customer protection rule based on the SEC’s December 2020 statement. The process could take several months of review with broker-dealers facing a high risk of rejection. “For the first few broker-dealer applicants it will be a painful process as the NMA does not address digital asset securities,” says Comstock.
Compliance managers at several US broker-dealers who spoke with FinOps Report questioned whether applying to become an SPBD is worth the effort. The consensus: the SEC should allow a broker-dealer to use a third-party custodian to avoid becoming an SPBD. Still some step forward is better than none, acknowledge some legal experts. “It was likely not necessary for the SEC to require broker-dealers create separate SPBDs to custody digital securities, but with this isolated platform the SEC is able to study the process, procedures, supervision, custody and difficulties in a controlled environment,” Susan Light, a partner in the financial markets and funds practice of Katten Muchin Rosenman in New York tells FinOps Report. “The hope is that when the SEC becomes comfortable with this initial limited business model of digital securities it will open the door for both traditional broker-dealers to engage in this business and increase transactions in other digital assets.” She believes that the industry has raised many legitimate questions about the SEC’s plan for SPBDs and it’s now time for the regulatory agency to issue clarifying statements and frequently-asked questions.