Securities Regulation Daily FINRA offer guidance on custody of digital asset securities
Monday, July 8, 2019

FINRA offer guidance on custody of digital asset securities

By Mark S. Nelson, J.D.

New guidance issued by the SEC’s Trading & Markets Division and FINRA addresses emerging digital asset security custody models while emphasizing that the "fundamental elements" of securities custody apply regardless of whether securities are in paper or digital form.

The SEC’s Division of Trading and Markets and the Financial Industry Regulatory Authority, Inc. issued non-binding guidance on the custody of digital asset securities that, among other things, emphasizes compliance with the SEC’s financial responsibility rules for broker-dealers. However, the guidance acknowledges that existing securities regulations may not perfectly fit the custody needs of those handling digital asset securities. The joint Trading and Markets-FINRA statement also said the guidance (SEC versionFINRA version) was prompted by a growing number of new and continuing membership applications submitted to FINRA proposing "diverse" custody models for digital asset securities.

The developing custody landscape. The guidance divides the digital asset security landscape into noncustodial and custodial models. Among the noncustodial models that have been proposed are the following:

  • trade matching in which a broker-dealer instructs a customer to pay for, and an issuer to issue, a digital asset security to a customer’s digital wallet (i.e., the broker-dealer only issues instructions and the transaction is settled bilaterally, directly between the issuer and the buyer);
  • OTC secondary market transactions in which the buyer and seller directly transact such that the digital asset security never goes through a broker dealer (i.e., the broker-dealer plays a facilitating role only); and
  • the use of an introducing broker-dealer in a secondary market transaction where the broker-dealer refers the seller and buyer to a platform where the seller and buyer directly settle (e.g., the guidance suggested a broker-dealer ATS where the buyer and seller either settle directly or they instruct their custodians to settle).

The remainder of the guidance addresses various issues that may arise in the context of compliance with the SEC’s constellation of financial responsibility rules. These rules were adopted in revised form in 2013 and include: (1) Rule 15c3-1 (customer protection); (2) Rule 17a-3 (making of records); (3) Rule 17a-4 (record retention); (4) Rule 17a-5 (financial reports); and (5) Rule 17a-13 (quarterly security counts).

The guidance described the issues related to these rules as "novel and complex." The guidance also emphasized the potential for theft of digital asset securities. As an example, the guidance observed that the SEC has had a largely successful 50-year history with its customer protection rule, but that the risk of theft associated with digital asset securities "contrast[s]" with this history. A footnote to the guidance (note 6) cited a report by CipherTrace estimating that $1.7 billion Bitcoin were stolen in 2018, a significant increase (3.6 times more) over 2017. The footnote also suggested that more than half of the 2018 Bitcoin thefts studied ($950 million or nearly 56 percent) were the result of cyberattacks on trading platforms.

Customer protection rule. The purpose, said the guidance, of the customer protection rule is to ensure the safeguarding of customer securities and funds held by broker-dealers in order to prevent loss or other harm in the event that a broker-dealer fails, and to give the SEC the capability to monitor broker-dealers’ activities. Under the "traditional" model, broker-dealers comply with the rule by maintaining custody of customer securities at a third-party custodian or by maintaining custody of uncertificated securities at the issuer or the issuer’s transfer agent.

The guidance here again raised the prospect for theft of digital asset securities, which in turn raises several questions: (1) Could a broker-dealer demonstrate that it has exclusive control of a digital asset security? and (2) Would a broker-dealer holding private keys be able to reverse or cancel transactions?

Other financial responsibility rules. According to the guidance, the purpose of various broker-dealer rules for making and keeping records and counting securities held is to provide a record of broker-dealer assets and liabilities and to enable further SEC monitoring of broker-dealer activities. In the context of digital asset securities, several issues arise, including how a broker-dealer would evidence the existence of a digital asset security. The guidance also raised the possibility that a broker-dealer’s outside auditor may balk at financial reports that cannot show the existence of a digital asset security.

The SEC’s 2019 FinTech Forum, although not mentioned in the guidance, provided a glimpse at the more detailed issues facing auditors in the blockchain space. The "Investment Management Considerations" panel, hosted by Dalia Blass, director of the SEC's Division of Investment Management, explored many of the issues addressed more generally by the new Trading and Markets-FINRA guidance. But with respect to auditing, Amy Steele of Deloitte suggested a "top five" set of issues, with existence of a digital asset being the top issue. Steele said the way to prove a digital asset exists is to look carefully at the specific blockchain's consensus mechanism.

Steele also raised four more issues that auditors will need to grapple with. With respect to rights, one will have to show they own or control an asset, which means they may need to engage in a small transaction or other messaging to demonstrate their ownership or control. A related issue is how does one show exclusive control. Steele agreed with another panelist that valuation is a "solvable" issue. Ambiguity, however, can arise in digital transactions and one may need to show that they have engaged in arms-length transactions rather than in affiliate transactions. Finally, the safeguarding of assets is something auditors will look for, including cyber controls, the control of keys, and the use of multi-sig measures and deep cold storage.

SIPA considerations. The Securities Investor Protection Act functions to ensure investors who use broker-dealers can recover their property if their broker-dealer fails. The guidance suggests that a digital asset security that does not fall within SIPA’s definition of "security" would likely not be covered. There also could be increased risk that such assets held by a broker-dealer might not be returned to customers if the broker-deal failed because of ambiguity about whether the broker-dealer has possession or control of the asset.

To further explain how SIPA would impact digital assets one can look to remarks by Elizabeth Baird, deputy director of the SEC's Division of Trading and Markets, who moderated the "Trading and Markets Considerations" panel at the SEC’s 2019 Fintech Forum. Baird noted that SIPA’s definition of "security" is narrower than the same definition contained in the Securities Act and the Exchange Act. She also observed that SIPA would not likely cover virtual currencies held in custody at a broker-dealer because they may not be "funds" or "cash." Moreover, Baird cautioned that SIPA only covers registered securities, which means that securities subject to an exemption would not be covered by SIPA.

MainStory: TopStory Blockchain BrokerDealers CorpGovNews GCNNews ExchangesMarketRegulation FedTracker Securities FinancialIntermediaries FINRANews SECNewsSpeeches

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Securities Regulation Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on securities regulation legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.