In a White House news conference Monday, July 15, Treasury Secretary Steven Mnuchin expressed serious concerns about cryptocurrency and digital investments and raised national security implications of large technology companies creating their own coin. On July 11, President Donald Trump tweeted, “I am not a fan of Bitcoin and other Cryptocurrencies, which are not money, and whose value is highly volatile and based on thin air. Unregulated Crypto Assets can facilitate unlawful behavior, including drug trade and other illegal activity….”
The sudden attention to cryptocurrency and digital assets is striking after a few years of uncertainty and a fragmented regulatory environment that has left many investors vulnerable to fraudsters, hacking, lost passwords and unrecoverable assets in blockchain investing. The natural result of a “distributed ledger” is that it is decentralized. Few of the traditional securities and markets investment protections exist in the blockchain and crypto-investing world.
The investment world in cryptocurrency and tokens has been littered with tales of woe: A coin offering from the Decentralized Autonomous Organization (the DAO) raised significant proceeds only to be hacked for $70 million.1 A CEO dies with the sole password to $200 million in crypto assets, leaving clients in the cold.2 We are accustomed to working in a world of fairness, transparency, reversibility and accountability, which includes central clearing, KYC, tax reporting, legal identity and liability. Crypto assets challenge these notions and create a harsh environment in which investors have little recourse. In other words, “invest at your own risk; you are on your own.”
In an effort to control these risks, protect the investing public and provide greater clarity to the large number of market entrants from outside the traditional investment space, the SEC and FINRA have published useful clarifications on client asset custody. On July 8, 2019, the joint staffs of the SEC’s Division of Trading and Markets and FINRA published a statement on broker-dealer custody of digital asset securities (the Public Statement) that included discussion on the following topics:
- How the SEC’s existing Customer Protection Rule3 might apply to custodial and noncustodial broker-dealers in the digital asset securities industry;
- The potential impact of distributed ledger technology (e.g., blockchain) on broker-dealer recordkeeping and reporting rules; and
- Concerns the agencies have regarding compliance with the Securities Investor Protection Act of 1970, as amended (SIPA), regarding customer protection in regard to digital asset securities.
The Public Statement offered new guidance for both custodial and noncustodial4 broker-dealers who have applied for new or expanded broker-dealer applications to include digital asset securities. Several applications have been received that offer varying treatment on the important questions of asset custody and customer protection. The Public Statement is an attempt to synthesize the guidance applicants and the market as a whole are receiving and to prevent further examples of fraud and customer asset loss resulting from failure to employ best practices.
Noncustodial Broker-Dealers
On the one hand, the agencies noted that noncustodial activities involving digital asset securities generally do not raise the same level of concern among the staffs of the SEC and FINRA, provided that the relevant securities laws and other legal and regulatory requirements are followed. The joint staffs provided three helpful examples of these types of noncustodial broker-dealer activities, whereby an exemption to the Customer Protection Rule might apply:
- Where the broker-dealer sends the trade-matching details to the buyer and issuer of a digital asset security, and the issuer settles the transaction bilaterally between the buyer and issuer, away from the broker-dealer
- Where the broker-dealer facilitates an “over the counter” secondary market transaction, whereby the buyer and seller complete the transaction directly, without the securities passing through the broker-dealer facilitating the transaction
- Where the broker-dealer, in a secondary market transaction, introduces a buyer to a seller of digital asset securities through a trading platform, where the trade is settled directly between the buyer and seller
Custodial Broker-Dealers
On the other hand, custodial broker-dealers do present a more challenging task in determining the application of securities rules—in particular, the Customer Protection Rule—within the digital asset securities and cryptocurrency/token space.
The Customer Protection Rule requires broker-dealers to safeguard customer assets, keep customer assets separate from the firm’s assets, and maintain the physical possession or control of fully paid digital asset securities. Alternatively, where the broker-dealer does not maintain possession of the customer’s digital asset securities, the broker-dealer is required to hold or maintain custody the securities free of lien in a good “control location.” Examples of good control locations include banks, issuers and transfer agents. The recent record of $1.7 billion in digital asset security cyber theft, in 2018, runs counter to the 50-year track record of customer protection of assets held in custody by broker-dealers. The manner in which digital asset securities are issued, held or transferred has created a greater risk that broker-dealers could suffer from fraudulent third-party transactions, cyber theft and loss of digital asset property via “private keys,” which are required to transfer digital asset securities and to establish custody of a digital asset security. The staffs acknowledge that market participants wishing to have custody of digital asset securities have to deal with the challenges of complying with broker-dealer financial rules while the laws applicable to these digital asset securities continue to develop.
Additionally, the Public Statement considers books and records and financial reporting where broker-dealers are required to make and keep current ledgers reflecting all assets and liabilities. The Public Statement also considered a securities record reflecting each security carried by the broker-dealer for its customers, and all differences determined by the count of customer securities in the broker-dealer’s possession or control compared with the routinely prepared financial statements. The joint staffs did consider that the characteristics of distributed ledger technology, and digital asset securities in general, make it difficult for a broker-dealer to evidence the existence of digital asset securities for purposes of the broker-dealer’s regulatory books, records, financial statements and supporting schedules. Regardless, the Public Statement cautions broker-dealers to consider how the nature of the technology will impact their compliance with such recordkeeping and reporting rules.
The Public Statement also raises concerns and risks regarding SIPA’s application to digital asset securities. Under SIPA, securities customers have first priority claims to cash and securities held by a broker-dealer that becomes insolvent. Generally, SIPA protections apply to a “security” as defined in SIPA, which differs from the definition of “security” under federal securities laws. As a result, holders of digital asset securities would have only unsecured general creditor claims against the broker-dealer’s estate. Further uncertainty exists regarding when and whether a broker-dealer holds a digital asset security in its possession or control. This would create a greater risk that customers’ securities will not be returned in the event of a broker-dealer insolvency. As a result, the staffs have considered and discussed the impending gap in customer protection for holders of digital asset securities.
Why it matters
The Public Statement is significant for several reasons:
- Regulators seem to be more willing to wade into the crypto space where there is a clear regulatory mandate (e.g., securities and investments). The frustration many have with Bitcoin and cryptocurrency is that they defy definition and are not “backed” by or based on any objective measure of value. But securities transactions which invoke the registration, broker-dealer and investment advisor anti-fraud rules are seemingly going to face tougher scrutiny than they have in the past. This might backfire for regulators that take ownership over issues and then additional tragedies strike that they cannot prevent.
- Consistent with prior guidance, regulators seem less concerned with brokerage activities involving crypto securities that do not “touch the assets.” Third-party and over-the-counter “matchmaking” services that are likely engaged in brokerage activities when they charge “transaction-based compensation” and set the terms for the sale of securities between two parties do not—as they do not in the traditional securities context—give rise to the requirement that a broker act as a qualified custodian.
- Regulators are reminding brokers and broker-applicants that the Customer Protection Rule applies to all securities transactions, including crypto and digital securities. While digital securities create much excitement and potential for wealth, the industry has been tormented with tales of woe from its inception relating to the fact that it is decentralized, uncontrolled and unforgiving. Assets are hacked and cannot be recovered; passwords are lost and assets are not recoverable; counterparties often are not known entities, but a series of 1s and 0s and #s. More control must be asserted by custodians in this situation to counteract the possibility of customer asset loss because of fraud or negligence.
- The Public Statement is intended to guide applicants looking to act as a broker-dealer with respect to transactions in crypto assets. Some market participants in digital assets and cryptocurrency are not regulated by the SEC or FINRA either because (i) they do not believe the assets in the transactions are “securities,” or (ii) they are not subject to the broker-dealer rules because their activities do not meet the definition of a “broker” under Section 15 of the Exchange Act. For example, they may not be offering securities “of another” or they may not be acting “for value.”
One thing is clear—there will be significant action and statements from regulators and public officials in the weeks to come.
To read the Public Statement, click here.
1 See Samuel Falkon, “The Story of the DAO—Its History and Consequences.” https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee
2 https://www.crainsnewyork.com/finance/crypto-company-cant-access-200m-after-ceo-dies-sole-password
3 Rule 15c3-3 of the Securities Exchange Act of 1934, as amended.
4 Registered broker-dealers are either custodial or noncustodial. Those who apply and are approved to act as “qualified custodians” maintain client funds and securities either in a separate account for each client or in accounts that only contain funds and securities under the name of the same investment advisor or trustee for the clients.