The unique manner in which digital asset securities are issued, held and transferred makes them inevitably prone to unique concerns compared to traditional securities. As expected, these concerns have triggered conversation among market participants regarding whether and how traditional federal securities laws apply to novel digital asset securities and transactions. On July 8, 2019, the Division of Trading and Markets of the Securities and Exchange Commission and the Financial Industry Regulatory Authority (together, the “Staffs”), issued a joint statement clarifying that entities participating in the marketplace for digital asset securities must comply with federal securities laws, particularly the Customer Protection Rule.
The Customer Protection Rule requires broker-dealers to physically hold customer assets separately from the firm’s assets, thus ensuring that customer assets are readily available and returned to the customer in the event that the broker-dealer fails. The statement highlights the heightened risks associated with custodying digital asset securities due to their susceptibility to cyber fraud and theft and the possibility that a broker-dealer may mistakenly and irreversibly transfer digital securities to an unknown or unintended recipient. The Staffs noted merely maintaining a “private key” to a crypto wallet for digital securities, whether the key is held by a third-party custodian or the broker-dealer directly, may not be sufficient to protect customer assets because holding the private key does not provide enough control for one to reverse or cancel an unauthorized or mistaken transaction. Furthermore, it is difficult for broker-dealers to prove that no other parties have access to the key in a way that could permit them to make transfers without the broker-dealer’s consent.
Various broker-dealer recordkeeping and reporting rules create similar issues due to the nature of distributed ledger technology. It may be difficult for a broker-dealer to evidence the existence of digital asset securities for purposes of complying with these recordkeeping and reporting rules, which in turn pose challenges to the independent auditors in properly conducting the annual broker-dealer audit. The Staffs noted that some firms are considering specifically designing features using distributed ledger technology that would enable a firm to facilitate verification of digital asset security positions.
Finally, the statement addresses related challenges to applying the Securities Investor Protection Act (“SIPA”) to digital asset securities. Generally, SIPA governs the liquidation process of a broker-dealer and gives securities customers a first priority claim to cash and securities held by the firm for its securities customers. However, digital asset securities that may fall under the broad definition of “security” under the Security Act of 1933, may fall outside the narrow definition of “security” under SIPA, leaving customers with only an unsecured general creditor claim against the broker-dealer. Moreover, in a bankruptcy of the broker-dealer, additional challenges may arise in determining whether a broker-dealer holds a digital asset security in its “possession and control.”
The Staffs have engaged – and continue to engage – in discussions regarding alternative proposals for compliance with the Customer Protection Rule. The Staffs advise broker-dealers to be aware of the inherent difficulties in maintaining exclusive control and possession of digital asset securities, and urge firms to continue finding novel and effective ways to comply with the Customer Protection Rule in the digital asset context.