The Securities Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA), the self-regulatory organization that oversees broker-dealers, issued an unusual joint statement on July 8, 2019, to address questions, raised recently by various participants in businesses that trade and hold digital tokens, about the rules and procedures applicable to the custody of these assets.

Ultimately, the joint statement resolves few of the most critical questions, and serves more to highlight both the increasing urgency generally felt for developing workable solutions and the SEC's assertions—repeated in one form or another at least four times in the statement—that it appreciates and encourages continuing dialogue with the blockchain industry on the relevant issues. In fact, much of this dialogue so far has come in the context of the applications by multiple firms for broker-dealer approvals focused on handling transactions in digital assets. These applications have been effectively frozen in SEC and FINRA review for months.

Perhaps one of the most key concepts in the joint statement comes up in the footnotes. Following the terminology that the SEC uses in their Framework for "Investment Contract" Analysis of Digital Assets, the staffs point out they are using the term "digital asset" in the joint statement to refer to an "asset that is issued and transferred using distributed ledger or blockchain technology, including, but not limited to, so-called 'virtual currencies.'" The joint statement also introduces a second term, "digital asset security," to refer to the subset of digital assets that are "securities" under the federal securities laws. Thus, the joint statement can be read, in part, as an extension of the SEC's evolving guidance that they recognize that certain virtual currencies—potentially beyond Bitcoin and Ether—are not securities subject to their supervision.

With respect to digital asset securities, however, the joint statement charts an ambivalent course. On the one hand, the staffs note that "digital asset securities and related innovative technologies raise novel and complex regulatory and compliance questions and challenges." On the other hand, the staffs also seek to make clear that the current set of rules under the Exchange Act of 1934 (the Exchange Act) are designed to provide meaningful protections to investors, and are just as applicable to digital asset securities as to any other security.

The joint statement highlights three rules for particular attention, while acknowledging that other regulations, even though not addressed in depth in the joint statement, are nonetheless also applicable:

  • Customer Protection Rule (Exchange Act Rule 15c3-3)
  • Books and records rules (Exchange Act Rules 17a-3, 17a-4, and 17a-5)
  • Securities Investor Protection Act (SIPA)

The Customer Protection Rule requires broker-dealers to safeguard customer assets and to keep customer assets separate from the broker-dealer's own assets. As the staffs repeatedly concede in the joint statement, the nature of digital assets can make compliance with the Customer Protection Rule difficult. The joint statement notes that "The ability of a broker-dealer to comply with aspects of the Customer Protection Rule is greatly facilitated by established laws and practices regarding the loss or theft of a security, that may not be available or effective in the case of certain digital assets." The staffs also acknowledge that where applicants for new broker-dealer registrations or for modifications of their existing registrations have business models that don't involve the applicant in the custody of digital assets, the Customer Protection Rule would not apply. Such non-custodial business models include where:

  • The broker-dealer sends trade-matching details to the buyer and the token issuer and the issuer settles the trade bilaterally with the buyer, away from the broker-dealer;
  • The broker-dealer facilitates "over the counter" secondary market transactions in tokens without taking custody of or exercising control over the tokens; and
  • A secondary market transaction in tokens involves the broker-dealer who introduces a buyer to a seller of tokens through a trading platform where the trade is settled directly between the buyer and seller.

The staffs also raise important concerns about whether a broker-dealer can always establish that it maintains custody, within the meaning of the relevant Exchange Act rules, of digital asset securities. Specifically, the staffs note that even where a broker-dealer (or its third party custodian) holds the private key necessary to effect a transfer of a client's digital asset securities, it would not have the requisite exclusive control if it cannot demonstrate that no one else has a copy of the private key allowing it to transfer the relevant asset without the consent of the broker-dealer.

Similarly, in applying the Exchange Act's books and records rules to digital asset securities, the staffs note that "the nature of distributed ledger technology, as well as the characteristics associated with digital asset securities, may make it difficult for a broker-dealer to evidence the existence of digital asset securities" – which is at the core of these rules for broker-dealers. In this area, the staffs nudge the industry toward innovating to bridge the gap, including through regulatory nodes or permissioned distributed ledger technologies: "...some firms are considering the use of distributed ledger technology with features designed to enable firms to meet recordkeeping obligations and facilitate prompt verification of digital asset security positions...Broker-dealers should consider how the nature of the technology may impact their ability to comply with the broker-dealer recordkeeping and reporting rules."

With regard to SIPA, the staffs observe that the protections of this regime apply only to a "security" as defined in SIPA and cash deposited with the broker-dealer for the purpose of purchasing such securities. Because some assets that are "securities" under the federal securities laws —including many "investment contracts"— are excluded from the definition of "security" under SIPA, the staffs raise the concern that market participants that steer their token trading activity toward registered broker-dealers may have the false expectation that their digital asset securities have the benefit of SIPA's protections.

Interestingly, the SEC's Division of Trading and Markets, and not its Strategic Hub for Innovation and Financial Technology (FinHub), was most prominently involved with the preparation of the joint statement. This certainly helps emphasize that, without eschewing their role in financial innovation, the SEC regards the area of broker-dealer customer protection as requiring the industry to conform to the existing rules, rather than trying to tailor the rules to the novel features of the virtual currency industry.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.