On February 26, 2021, the Securities and Exchange Commission’s (“SEC”) Division of Examinations (the “Division” and formerly known as “OCIE”) released a Risk Alert (the “Risk Alert”) reminding market participants – investment advisers, broker-dealers, exchanges, and transfer agents – of the framework surrounding digital assets that are securities (“Digital Asset Securities”). The Division also set forth areas of focus for the Division’s future examinations with respect to Digital Asset Securities and distributed ledger technology. Market participants should consider each of the described risks when updating their compliance policies to adapt to these new technologies.

Investment Advisers

The bulk of this Risk Alert pertains to investment advisers. This section is arguably both broadest in scope and contains the most novel risk factors. It is the only section where the Division has grouped Digital Asset Securities with all other digital assets and derivative products. Moreover, it applies to both direct and indirect (through pooled vehicles) management of all of these assets.

With respect to portfolio management by investment advisers investing client’s assets in Digital Asset Securities and other digital assets, the Risk Alert identifies five areas the Division will focus on during examinations:

  • How digital assets are classified, including whether such assets are securities;
  • Whether the investment adviser has conducted due diligence on the digital assets (e.g., understanding of the digital asset, wallets, or other devices or software used to interact with the relevant digital asset network or application; liquidity and volatility of the digital asset);
  • How the investment adviser has evaluated and mitigated risks relating to trading venues, trade execution, and settlement facilities (e.g., security breaches, insolvency, market manipulation, fraud, quality of market surveillance, and compliance with KYC/AML procedures and other relevant rules and regulations);
  • Whether the investment adviser has properly managed risks and complexities related to “forked” and “airdropped” digital assets (e.g., proper allocation across accounts; conflicts of interests); and
  • Whether the investment adviser fulfilled its fiduciary duty across all client types.

The Division also states that it will review risks related to custody of digital assets, particularly with respect to compliance under Rule 206(4)-2 of the Investment Adviser’s Act of 1940 (the “Custody Rule”), where applicable, and related matters such as:

  • Unauthorized transactions and theft of digital assets;
  • Controls around safekeeping of digital assets, private keys and accounts;
  • Business continuity plans with respect to private keys;
  • How the loss of private keys is handled; and
  • Reliability of digital asset network software, third party custodians, software and hardware wallets, and related security procedures.

Importantly, this section devotes considerable attention to risks arising from inadequate handling of private keys, which suggests an emerging focus in this area for advisers as fiduciaries, whereas such matters historically have been viewed in the context of third party custody providers.

Finally, the Risk Alert covers examinations of books and records (whether advisers are keeping accurate records given the variation among digital asset trading platforms), disclosures to investors (whether the unique risks associated with digital assets are properly addressed and disclosed), pricing client portfolios (whether proper valuation methods are used and whether such methods are disclosed), and registration issues (how regulatory assets under management are calculated, classification of digital assets and clients).

Broker-Dealers

The Division also identified a list of risks that will be the focus of regulatory examinations of broker-dealers:

  • An understanding of operational activities, including those unique to the safekeeping of and custody of Digital Asset Securities;
  • Compliance with registration requirements for broker-dealers and any affiliated entities that trade in Digital Asset Securities;
  • A review of due diligence performed by broker-dealers and disclosures made to customers with respect to the offering of Digital Asset Securities; and
  • A review of conflicts of interest – the existence of such conflicts and whether those are properly disclosed and addressed.

Two additional highlighted risks deserve individual attention. First, with respect to anti-money laundering procedures, controls, and documentation, the Risk Alert explicitly emphasizes that Division staff has previously observed non-compliant practices in this area. For example, staff have observed AML programs not consistently addressing or implementing routine searches or, when such searches are conducted, they are not updated to check against the Specially Designated Nationals list.

Second, the Division is concerned with outside business activities related to digital assets and has observed registered representatives of broker-dealers offering services related to digital assets apart from their employer. Broker-dealers should consider whether such activities should be subjected to the approval, supervision, and recordation of the broker-dealer.

National Securities Exchanges and Transfer Agents

Finally, the Division describes their focus for examinations of national securities exchanges and transfer agents. With respect to national securities exchanges, the Division will examine platforms that facilitate trading in Digital Asset Securities and review whether they meet the definition of an exchange, or whether they are correctly operating pursuant to an exemption to the registration requirement (e.g., compliance with Regulation ATS for alternative trading systems). With respect to transfer agents, the Division will examine whether registered transfer agents servicing Digital Asset Securities are in compliance with SEC rules for registered transfer agents (e.g. accurate clearance and settlement of securities transactions.