Davis Polk Discusses SEC No-Action Statement on Custody of Digital Asset Securities

A recent SEC conditional no-action position (the “No-Action Statement”) has further opened the regulatory door to trading of digital asset securities (“DAS”), by allowing certain limited purpose DAS-only broker-dealers to maintain custody of these securities on behalf of customers.  As firms have sought to develop trading systems for DAS, questions regarding whether or how broker-dealers could custody these securities for customers in compliance with SEC rules has been one of the primary regulatory hurdles.  Efforts to meet the SEC staff’s prior guidance that broker-dealers generally could not custody DAS for customers triggered somewhat cumbersome workaround attempts.  While not a complete solution, the No-Action Statement offers certain broker-dealers another alternative that may allow them to provide traditional brokerage services involving DAS in a more direct fashion.

Existing DAS Custody Challenges

As described in our July 12, 2019 memorandum, the Customer Protection Rule requires a broker-dealer to obtain and maintain physical possession or control of all fully paid and excess margin securities carried by a broker-dealer for the account of customers.  Unlike traditional securities, ownership of DAS is typically recorded on a distributed ledger, or blockchain, rather than through stock certificates or book-entry records maintained by an issuer’s transfer agent or a central securities depository, such as the Depository Trust Company.  As a result, a broker-dealer typically would not be able to use the same control mechanisms over a DAS as it does over a traditional security.

In July 2019, the staffs of the SEC and FINRA released a joint statement expressing their concerns that a broker-dealer may not be able to maintain custody of DAS in a manner that meets the requirements of the Customer Protection Rule.[1]  Since then, firms in the DAS space seeking to facilitate the real-time trading of DAS have been working through trading and settlement structures that would allow customers to trade, but without a broker-dealer involved in custodying the DAS.  As described in our September 29, 2020 memorandum, one workaround for which the SEC staff granted no-action relief, dubbed the “Three-Step Process,” involves the use of a separate, non-broker-dealer third-party custodian.[2]  The Three-Step Process may not be ideal for all firms, as it involves complicated workflows and requires customers to maintain a separate custodial relationship away from the broker-dealer.

In a major step forward, the Commission-level No-Action Statement provides that, for a period of five years, the SEC will not take enforcement action against a broker-dealer that maintains custody of a customer’s DAS so long as the broker-dealer limits its activities to business involving DAS (i.e., has no business in traditional securities) and meets certain other conditions.

Overview of the No-Action Statement

In providing this latest relief, the SEC reiterated its concerns regarding whether broker-dealers could maintain control as required by the Customer Protection Rule, noting that even where a broker-dealer holds the private key for a DAS, the DAS may not be in the exclusive physical possession or control of the broker-dealer where, for example, “an unauthorized person knows or has access to the associated private key (and therefore has the ability to transfer it without the authorization of the broker-dealer).” However, the SEC believes the identified risks are mitigated by the conditions imposed in connection with the No-Action Statement, which provides that a broker-dealer may custody the DAS of its customers so long as it:

  1. limits its business exclusively to dealing in, effecting transactions in, maintaining custody of, and/or operating an alternative trading system for DAS;[3]
  2. has access to the DAS and the capability to transfer them on the associated distributed ledger technology;
  3. refrains from custodying a DAS if aware of (i) any material security or operational problems or weaknesses with the distributed ledger technology and associated network used to access and transfer the DAS, or (ii) other material risks posed to the broker-dealer’s business by the DAS;
  4. establishes, maintains, and enforces reasonably designed written policies and procedures to:
    • assess whether a digital asset is a security offered and sold pursuant to an effective registration statement or an available exemption from registration, and whether the broker-dealer has fulfilled its requirements to comply with the federal securities laws with respect to effecting transactions in that DAS;
    • assess the characteristics of a DAS’s distributed ledger technology and associated network (e.g., performance, transaction speed and throughput, scalability, security) prior to undertaking to maintain custody of the DAS and at reasonable intervals thereafter;
    • demonstrate that the broker-dealer has exclusive possession or control over DAS consistent with industry best practices to protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the DAS the broker-dealer holds in custody;
    • address certain types of disruptions (e.g., blockchain malfunctions, 51% attacks, hard forks, or airdrops) and transfers (e.g., to comply with court-ordered freezes or seizures or to respond to an event that has caused the broker-dealer to cease operating as a going concern);
  5. provides detailed written disclosures to prospective customers about the risks of investing in or holding DAS, including that certain DAS may not be considered “securities” for purposes of the customers being protected under the Securities Investor Protection Act (“SIPA”); and
  6. enters into a written agreement with each customer regarding receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custodying, liquidating, and otherwise transacting in DAS on behalf of the customer.

The No-Action Statement will expire five years after the date of publication.  A broker-dealer availing itself of the No-Action Statement must continue to meet all other obligations under the Customer Protection Rule and the federal securities laws.  In addition, the SEC states that broker-dealers relying on the No-Action Statement will be subject to examination by FINRA and SEC staff to review whether the firm is operating in a manner consistent with the No-Action Statement.

Limitation to Special Purpose Broker-Dealers

The most challenging condition to the No-Action Statement, which will exclude the vast majority of firms from relying on it, is the exclusion of a broker-dealer whose business involves traditional securities.  Additionally, the No-Action Statement excludes a broker-dealer who deals in non-security digital assets.  As a result, a broker-dealer relying on the No-Action Statement would not be able to accept a non-security digital asset (potentially such as a “stablecoin”) as a means of payment for DAS.

We believe the exclusion of broker-dealers who engage in any traditional securities activities from the No-Action Statement reflects the SEC’s concern over how such a broker-dealer would be resolved under SIPA.  Specifically, should a broker-dealer custodying both traditional securities and DAS become insolvent as a result of custody failures involving DAS, SIPA would entitle all customers to a pro rata share of their eligible customer claims—potentially causing customers who were investing only in traditional securities to cover losses for those investing in DAS.

As a result of this restriction, the relief is likely only to be relied on by broker-dealers that have no material pre-existing activity in traditional securities and other firms interested in the DAS space may need to continue to rely on workarounds like the Three-Step Process.

Requests for Comment and Next Steps

The SEC has requested comments regarding certain industry best practices with respect to DAS (such as the processes for generating and safekeeping private keys, addressing hard forks or attacks, and providing appropriate disclosure to customers) and whether to extend the No-Action Statement to broker-dealers that engage in business involving traditional securities and/or non-security digital assets.  The SEC indicated that it will continue to evaluate its position during the five-year period as it considers responses to the request for comments as well as further action in this area, including any future rulemaking.

ENDNOTES

[1] See Division of Trading and Markets, SEC and Office of General Counsel, FINRA, Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities, July 8, 2019, https://www.sec.gov/news/public-statement/joint-staff-statement-broker-dealer-custody-digital-asset-securities.

[2] See Division of Trading and Markets, SEC, Re: ATS Role in the Settlement of Digital Asset Security Trades, Sept. 25, 2020, https://www.sec.gov/divisions/marketreg/mr-noaction/2020/finra-ats-role-in-settlement-of-digital-asset-security-trades-09252020.pdf.

[3] A broker-dealer relying on the No-Action Statement would be permitted to hold proprietary positions in traditional securities solely for the purposes of meeting the firm’s minimum net capital requirements or hedging the risks of its proprietary positions in traditional securities and DAS.

This post comes to us from Davis Polk & Wardwell LLP. It is based on the firm’s memorandum, “SEC Takes No-Action Position on Custody of Digital Asset Securities by Special Purpose Broker-Dealers,” dated January 13, 2021, available here.