SEC and FINRA issue joint statement on broker-dealer custody of digital asset securities

new

Financial Services Alert

By:

On July 8, 2019, the Securities and Exchange Commission and the Financial Industry Regulatory Authority issued a long-awaited Joint Statement addressing the ways in which the federal securities laws and regulations and FINRA rules apply to the intermediation of transactions in, and custody of, "digital asset securities." In issuing the Joint Statement, the staffs of the SEC Division of Trading and Markets and FINRA (the Staffs) attempted to align the agencies' historic approach to broker-dealer regulation and investor protection, particularly SEC Rule 15c3-3 (the Customer Protection Rule), with the new world of digital asset securities.

According to the Joint Statement, "digital assets" are assets issued and transferred using distributed ledger or blockchain technology and can include "virtual currencies," "coins," and "tokens." Since a digital asset may or may not meet the definition of "security" under the federal securities laws, the Staffs refer to a digital asset that meets the definition of security as a "digital asset security." The Joint Statement focuses on digital asset securities and, notably, does not address digital assets that are generally not viewed as securities, such as Bitcoin, even with respect to situations where a broker-dealer might receive, hold or otherwise handle such digital assets in connection with transactions in digital asset securities.

The Staffs begin by emphasizing that novel and complex regulatory and compliance issues are raised when attempting to apply federal securities laws and regulations, FINRA rules, and other laws to digital asset securities and related technologies, especially with respect to the Customer Protection Rule. They explain that with conventional securities, compliance with these requirements is facilitated by a number of established laws and practices, but these laws and practices may not work effectively with digital asset securities. The Staffs note that they have discussed these issues with industry participants to understand how various custody solutions for digital asset securities would satisfy the Customer Protection Rule's possession and control standards, and they invite firms to continue engaging with them with respect to these issues.

While the Joint Statement provides a welcome discussion of what the Staffs believe to be critical issues relating to the trading of digital asset securities and the establishment of an organized marketplace to do so, it is only a beginning. It explains the issues and articulates significant questions that need to be answered, but it does not answer those questions and does not provide any definitive guidance as to what custody or other practices will be considered acceptable.

The Customer Protection Rule

The Joint Statement explains that entities participating in the market for digital asset securities must comply with relevant securities laws, and those that buy, sell, or otherwise effect transactions in digital asset securities for customers or for their own accounts may be required to register as broker-dealers and become FINRA members. As broker-dealers, they must comply with the Customer Protection Rule, which is designed to safeguard customer securities and funds held by broker-dealers and reduce the risk of loss in the event of a broker-dealer's failure. It also enhances the ability to monitor broker-dealers' practices with respect to the handling of customer assets.

The rule requires broker-dealers to safeguard customer assets and keep them separate from those of the broker-dealer. This increases the likelihood that customers' securities and cash can be returned to them if the broker-dealer fails. The Staffs contrast the successful 50-year record of recovering investor assets in cases of broker-dealer failures to more recent reports of thefts of Bitcoins and other digital assets resulting from cyberattacks on their trading platforms, citing estimates that approximately $1.7 billion of digital assets were stolen in 2018, over three times more than in 2017.

The Joint Statement explains that irrespective of the form of security, the fundamental elements of the Customer Protection Rule (and other SEC financial responsibility rules) apply with equal effect. Acknowledging that it may be challenging for broker-dealers to comply with these rules in the context of digital asset securities without significant technological developments and solutions, the Joint Statement states that the Staffs are continuing the dialogue with market participants and gathering information to better respond to these developments, while continuing to focus on the SEC's and FINRA's investor protection, market integrity and related mandates.

The Staffs note that the Customer Protection Rule is designed to protect broker-dealer customers from losses and delays in accessing their securities and cash if the broker-dealer fails, so that those securities and cash are readily available for return to the customers. Consequently, the rule requires broker-dealers to physically hold customers' fully paid and excess margin securities, or maintain them free of any liens at good control locations. With conventional securities this is generally done by third parties such as the Depository Trust Company or a clearing bank (or, in certain cases, the issuer or its transfer agent), a process that also allows for reversing or canceling erroneous transactions.

With digital asset securities, however, the Staffs assert that the mechanics and risks associated with custody are significantly different and may create greater risk of fraud or theft. A broker-dealer could lose the "private keys" necessary to transfer a client's digital asset securities, or could transfer those securities to an unknown or unintended address, without any ability to invalidate fraudulent transactions, recover or replace lost property, or correct errors. All of this presents a significant challenge: how to satisfy the possession and control requirements of the Customer Protection Rule when dealing with digital asset securities, and how to avoid the risk of customer losses and resulting liability for the broker-dealer.

Other broker-dealer obligations

The Joint Statement also discusses other broker-dealer requirements in the digital asset securities context.

Recordkeeping and reporting rules. Recordkeeping and reporting rules require broker-dealers to make and keep ledgers reflecting assets and liabilities, a record reflecting each security carried by the broker-dealer for customers and a record of differences determined by a count of customer securities in the broker-dealer's possession or control when compared to its current books and records. Broker-dealers also routinely prepare financial statements and supporting schedules such as net capital computations and information relating to the Customer Protection Rule's possession and control requirements.

The Joint Statement explains that distributed ledger technology and the unique characteristics of digital asset securities may make it difficult to comply with these requirements and for a broker-dealer's independent auditors to carry out their functions. Observing that some firms are apparently considering using distributed ledger technology with features designed to enable broker-dealers to meet their recordkeeping and other obligations, the Staffs cautioned that broker-dealers should consider how such technology could impact their ability to comply with these rules.

Securities Investor Protection Act of 1970 (SIPA). Broker-dealers that fail and cannot return customer property are generally liquidated in accordance with SIPA, under which customers have a first priority claim to cash and securities held by the firm for such customers and are eligible for up to $500,000 in protection for missing assets. While these protections apply to "securities" (as defined in SIPA) and cash deposited with the broker-dealer for the purpose of purchasing such securities, they do not apply to assets that are securities under federal securities laws but are not so defined under SIPA. For example, the SIPA definition does not include certain investment contracts that are not the subject of a registration statement pursuant to the Securities Act of 1933, as amended. If a digital asset security does not meet the SIPA definition of security, SIPA protection may not apply and holders may have only unsecured general creditor claims against the broker-dealer in the event of its failure.

Noncustodial broker-dealer activities

The Joint Statement also discusses digital asset securities activities that do not involve custody, explaining that such activities do not raise the same level of concern with the Staffs (assuming all other relevant securities laws, rules, and regulations are followed). Activities falling into this category include:

  1. a broker-dealer sending trade-matching details (eg, parties, price, and quantity) to the buyer and issuer of a digital asset security in a manner similar to a traditional private placement, with the issuer settling the transaction with the buyer away from the broker-dealer and the broker-dealer instructing the customer to pay the issuer directly and instructing the issuer to issue the digital asset security directly to the customer.
  2. a secondary market transaction involving a broker-dealer introducing a buyer to a seller of digital asset securities through a trading platform, with the trade settling directly between the buyer and seller.
  3. a secondary market transaction involving a broker-dealer introducing a buyer to a seller of digital asset securities through a trading platform, with the trade settling directly between the buyer and seller.

This latter category could include a broker-dealer alternative trading system (ATS) that matches buyers and sellers of digital asset securities, with the trades settled directly between the buyer and seller (or their third-party custodians) and the ATS neither guaranteeing nor otherwise having responsibility for settling the trades, and at no time exercising any control over the digital asset securities or the currency used to make the purchase.

Observations

As stated above, the Joint Statement's discussion of the issues facing those wishing to intermediate transactions in digital asset securities and facilitate the creation of an organized marketplace for them is welcome, but it is merely a beginning. It explains the issues and articulates some of the most significant questions that need to be answered. It does not, however, answer those questions. As the Joint Statement itself points out, it simply represents Staff views, and the statements therein are not rules, regulations, guidance, or statements of the SEC or FINRA themselves. It is clearly an important step but it does not alter or amend applicable law and has no legal force or effect. It sets forth a number of issues and concepts that are under consideration, but it does not provide any definitive guidance with respect to what custody or other practices will be considered acceptable.

The Staffs explain that entities hoping to engage in digital asset securities activities have been seeking to register as broker-dealers and become FINRA members and that currently registered broker-dealers are seeking to add digital asset securities to the financial products and services they offer. Some proposed business models include custody of digital asset securities and thus implicate the Customer Protection Rule. According to the Joint Statement, a number of entities have met with the Staffs to discuss these matters, including how they would custody digital asset securities in compliance with the applicable rules, and the Staffs invite continued discussion.

However, the Staffs did not place their imprimatur on any particular method of custody. Instead, they said that the circumstances in which a broker-dealer could custody digital asset securities in compliance with the Customer Protection Rule remain under discussion. They noted that certain broker-dealers have inquired about using an issuer or transfer agent as a control location for purposes of the possession and control requirements of the Customer Protection Rule. They then stated that if a broker-dealer is considering this type of arrangement, it would have to submit an application to the Division of Trading and Markets for consideration of such arrangement as a satisfactory control location pursuant to the current application process found in the Customer Protection Rule. The Staffs did not, however, indicate under what circumstances they might approve such an application.

So the Joint Statement can be viewed at best as an opening statement in a broader, more public discussion on these issues than has occurred to this point. However, there is still much to be done and said before there is a clear path for creating and maintaining a real marketplace for transactions in digital asset securities. At the same time, digital assets remain a priority for both SEC and FINRA examiners.

If you would like to learn more about the Joint Statement and what it means for your business, please contact the authors or any member of the Financial Services team.