Comment Letter to the SEC on Custody of Digital Asset Securities by Special Purpose Broker-Dealers
April 27, 2021
Vanessa Countryman
Secretary
U.S. Securities and Exchange Commission
100 F Street NE
Washington DC 20549-1090
Re: File No. S7-25-20: Custody of Digital Asset Securities by Special Purpose Broker-Dealers
Dear Ms. Countryman:
The Association for Digital Asset Markets (“ADAM”) appreciates the opportunity to comment on the U.S. Securities and Exchange Commission’s (the “Commission”) statement and request for comment regarding Custody of Digital Asset Securities by Special Purpose Broker-Dealers (the “Custody Statement”).
ADAM applauds the Commission’s steps towards establishing a framework for the custody of digital assets securities that would further the goal of greater participation in the marketplace for digital asset securities by investors. We are writing to suggest that the Commission look to the standards set forth in ADAM’s Code of Conduct as responsive to many of the Commission’s questions and concerns in the Custody Statement.
ADAM Background
ADAM is a private, non-profit, membership-based association of firms operating in the digital asset markets and considers itself a “self-governing association,” that seeks to foster fair and orderly digital asset markets. ADAM works with leading financial firms, entrepreneurs, and regulators to develop industry best practices that facilitate safe, secure, and efficient digital asset markets. In this vein, ADAM’s objectives are to: (1) protect market participants from fraud and manipulation; (2) provide clear standards for efficient trading, custody, and the clearing and settlement of digital assets; (3) encourage professionalism and ethical conduct by market participants; and (4) increase transparency and provide information to the public and governments about digital asset markets. In furtherance of this, ADAM released a principles-based Code of Conduct (the “Code”)3 in late 2019 that sets certain standards of professional conduct for ADAM members. In particular, the Code addresses the following areas:
- Compliance and Risk Management
- Market Ethics
- Conflicts of Interest
- Transparency and Fairness
- Market Integrity
- Custody
- Information Security and Business Continuity
- Anti-Money Laundering and Countering the Finance of Terrorism
ADAM intends to update and improve the Code periodically, taking into consideration market and regulatory updates such as the Custody Statement. In addition, we will continuously consult with industry participants, current and former regulators and lawmakers, legal and compliance experts, and academics to further improve the Code in furtherance of helping the industry develop and maintain standards that will further confidence in digital assets.
Overview of the Custody Statement
As we understand it, a broker-dealer operating under the terms and conditions of the Custody Statement will not be subject to a SEC enforcement action on the basis that the broker-dealer deems itself to have obtained and maintained physical possession or control of customer fully paid and excess margin digital asset securities for the purposes of Rule 15c3-3(b)(1) of the Securities Exchange Act of 1934 (“Exchange Act”). The terms and conditions of the Custody Statement are framed in the context of the protections provided to customers under Rule 15c3- 3 (also known as the “Customer Protection Rule”) and the Securities Investor Protection Act of 1970 (“SIPA”). Rule 15c3-3 requires a broker-dealer to promptly obtain and thereafter maintain physical possession or control of all fully-paid and excess margin securities it carries for the accounts of customers.
The Commission highlighted certain areas that it considered when developing the terms and conditions under which a broker-dealer could custody digital asset securities under the Custody Statement. These include:
- Technological Access: Whether a broker-dealer has access to the distributed ledger technology and has the capability to transfer the assets on the associated technology.
- Business Limitations: A condition of the Custody Statement is that a broker-dealer limits its business exclusively to digital asset securities.
- Security Status Analysis: Under the terms of the Custody Statement, a broker-dealer availing itself of the terms Custody Statement should conduct and document analysis of whether a particular digital asset is a security that is offered and sold pursuant to an effective registration statement or an available exemption from registration.
- Asset Analysis: A broker-dealer must assess the characteristics of digital asset security, including the distributed ledger technology and associated network, prior to undertaking to maintain custody of the digital asset security and at reasonable intervals thereafter.
- Awareness of Material Operational Problems: The broker-dealer is not permitted to maintain custody of digital asset security if it is aware of any material security or operational problems or weaknesses with the distributed ledger technology and associated network used to access and transfer the digital asset security, or is aware of other material risks posed to the broker-dealer’s business by the digital asset security.
- Industry Best Practices: The broker-dealer should establish, maintain, and enforce reasonably designed written policies, procedures, and controls that are consistent with industry best practices to demonstrate the broker-dealer has exclusive control over the digital asset securities it holds in custody and to protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody.
- Policies and Procedures for Maintaining Control: The broker-dealer establishes, maintains, and enforces reasonably designed written policies, procedures, an arrangements to: specifically identify, in advance, the steps it intends to take in the wake of certain events that could affect the firm’s custody of the digital asset securities.
- Customer Disclosures: The broker-dealer should provide certain written disclosures to prospective customers regarding the broker-dealer’s custody and the risks associated with such custody.
- Agreements with Customers: The broker-dealer enters into a written agreement with each customer that sets forth the terms and conditions with respect to receiving, purchasing, holding, safekeeping, selling, transferring, exchanging, custody, liquidating, and otherwise transacting in digital asset securities on behalf of the customer.
Comments on the Custody Statement
ADAM applauds the Commission’s steps towards a establishing a framework for the custody of digital assets securities. As the Commission knows, the digital asset marketplace is dynamic and is evolving rapidly. As with other technological innovations, the framework established under the federal securities laws may not be amenable to these innovations on a timely basis. There is currently no formal registered self-regulatory organization or association that serves to formalize industry standards for market participants engaged in the digital asset business. To this end, ADAM was specifically created as a non-profit organization to further confidence in the developing digital asset industry by, among other things, creating the Code to further industry standards and codes of business conduct. ADAM believes that the Code is illustrative to many of the Commission’s questions and concerns.
- Industry Best Practices:
a. What are industry best practices with respect to protecting against theft, loss, and unauthorized or accidental use of private keys necessary for accessing and transferring digital asset securities? What are industry best practices for generating, safekeeping, and using private keys? Please identify the sources of such best practices?The requirements under the Code are applicable to ADAM members. With respect to the Commission’s specific questions regarding industry standards, the Code requires that, in providing custody services, members ensure a high degree of customer protection by, among other things:
- Assessing, and communicating clearly to their clients, the technical options for secure custody of digital assets and any associated limitations on asset owners’ ability to quickly access or liquidate such assets;
- Providing clear information to clients regarding a Member’s policies with respect to the exercise of voting rights (including staking) on behalf of clients and, unless otherwise agreed between the parties, not withhold in their own accounts material distributions (such as airdrops or gas) that belong to clients. In addition, the Code encourages ADAM members to provide clear information to clients regarding the handling of any forks with respect to digital assets held or controlled by such member;
- Adopting an information security program consistent with the principles discussed below;
- Maintaining a robust system of internal controls, including a complete audit trail of the movement of digital assets and other client property (including fiat currency) between the member, its clients, and any third parties, that ensures that a client’s digital assets and other property are accurately accounted for and appropriately segregated from assets belonging to the member; and
- Providing reasonable notice to clients prior to changing any material terms of a custody arrangement, including without limitation fees, segregation of assets, or rights to distributions so that clients will have a reasonable opportunity to withdraw their digital assets and other property from such custody arrangement and seek alternative arrangements prior to the effectiveness of any such changes.
In furtherance of these protective measures, ADAM members also are encouraged to adopt information security programs commensurate with their size, complexity, and risk, and encouraged to engage in regular business continuity planning. With respect to the latter, the Code encourages members to engage in regular business resiliency and continuity planning to enable the timely recovery of operations and fulfilment of the member’s contractual and legal obligations, including in the event of a wide-scale or major disruption. In addition, members that operate platforms or provide custody services that would cause material disruption in the event of their unexpected failure or outage, are encouraged to:
- Take reasonable measures to ensure that their systems have levels of capacity, integrity, resiliency, availability and security to maintain operational capability;
- Adopt policies governing whether and under what circumstances trading may be halted in response to market volatility or external events, and for handling such trading suspensions or trading halts due to outages, including how trading will be resumed, handling of open orders, and availability of client funds; and
- Provide reasonably timely notice, in accordance with applicable laws and regulations and taking into account any requests by regulators or law enforcement or any risks of disclosure, to affected parties of breaches, hacks, or other security incidents that have resulted in or are reasonably likely to result in exposure of sensitive information or loss, theft or inaccessibility of the party’s digital assets or other property.
- Industry Best Practices:
- Disclosures:
What are accepted practices (or model language) with respect to disclosing the risks of digital asset securities and the use of private keys? Have these practices or the model language been utilized with customers?
As mentioned above, the digital asset marketplace is still developing, and such, accepted practices will vary and depend on the nature of the entity’s business and customer base. In light of this, the Code contains principles of business conduct that encourage transparency, fairness, and market integrity and are intended to provide customers with general and specific risks associated with digital assets. In furtherance of this, ADAM members are encouraged to provide disclosures regarding:
- Conflicts of Interests:
In particular, members are encouraged to: (i) disclose any material conflict of interest that has not been eliminated and measures taken to manage such conflicts; (ii) adopt and disclose policies to address conflicts of interest that may arise as a result of any of the following: incentives for creation and/or redemption; treasury transactions; market-making by the platform or an affiliate; or possession of material non-public information regarding the digital asset; (iii) disclose details regarding principal trading activities and encouraged to transact on an arms-length basis; and (iv) institute appropriate organizational and information barriers to limit access to, and trading on the basis of, information relating to client orders or other confidential information.
- Roles and Capacities:
Members are encouraged to clearly communicate their roles and capacities in handling orders or executing transactions, including whether they are acting as principal or agent, and whether a relationship is one of client or counterparty. These include: (i) being truthful in their statements, using clear and unambiguous language, making clear whether the prices they are providing are firm or indicative, and providing to clients and counterparties all material information regarding the nature of the relationship between the parties and terms under which they will interact; (ii) providing clear and unambiguous information to their trading clients and counterparties regarding settlement procedures and the unwinding of transactions; (iii) not making inaccurate or misleading statements about a member’s respective regulatory status, or the status of any regulatory approvals or licenses obtained.
- Fairness and Transparency:
Members handling client orders are encouraged to do so with fairness and transparency, consistent with the role in which those members are acting, including: (i) clearly disclosing the terms and conditions under which the member will interact with the client, including fees and commissions; (ii) making clients aware of how orders are handled and transacted; (iii) making clients aware of how any discretion granted to the member will be exercised, and exercising that discretion reasonably, fairly, and in such a way that is not designed or intended to disadvantage the client; and (iv) having appropriate information barriers in place to prevent the sharing of information relating to client orders with any affiliated principal trading desk.
- Platforms Operators:
Members operating trading platforms are encouraged to: (i) provide clear information regarding trading rules (such as the methodology for matching orders), order types, and fee structures; (ii) protect against misuse of client information or knowledge of client positions by platform personnel; (iii) as applicable, (a) make clear to all clients the platform’s policies regarding availability of margin, (b) protect clients against mutualization of losses in the event of a participant default, unless clients affirmatively consent to such loss mutualization, and (c protect against misuse of confidential information about margin levels or collateral liquidation by the platform or its personnel; (iv) provide information regarding trades executed on the platform, to the extent such information is provided, on a non-discriminatory basis to all clients; (v) avoid making inaccurate or misleading statements regarding trading volumes or available liquidity; (vi) maintain objective, reasonable, and publicly-disclosed criteria for participation, which promote fair and nondiscriminatory access for clients who meet the platform’s criteria and follow the platform’s rules; and (vii) provide to clients clear information about which digital assets are made available for trading on the platform, and any fees or other monetary or in-kind compensation that may be received from digital asset issuers for listing.
- Conflicts of Interests:
- Expansion of Relief:
Should the SEC expand this position in the future to include other businesses such as traditional securities and/or non-security digital assets? Should this position be expanded to include the use of non-security digital assets as a means of payment for digital asset securities, such as by incorporating a de minimis threshold for non-security digital assets?
ADAM believes that the Commission should expand the relief outlined in the Custody Statement to, at a minimum, include (i) a broker-dealer’s ancillary business; (ii) permit the use of non-securities digital assets to purchase securities (both digital asset securities and traditional securities); and (iii) make clear that a broker-dealer can use sub-custodians that can custody digital assets consistent with the requirements of the Customer Protection Rule.
Broker-Dealer’s Ancillary Businesses
While we understand and appreciate the Commission’s concern regarding the risk to a brokerdealer’s business lines if a broker-dealer were permitted to engage in a traditional securities business alongside its digital assets business, we believe that the limitations imposed in the Custody Statement are too conservative and not consistent with how most firms organize their digital asset businesses. ADAM strongly believes that firms engaged in digital asset business and custody should be able to provide services for all manner of digital and non-digital assets, including non-securities digital assets. Limiting special purpose broker-dealers only to security digital assets, runs the risk that these broker-dealers’ operations will be inefficient and immediately placed at a competitive disadvantage when compared to banks and trust companies which are not so constrained. Further, the concerns raised by the Commission in the Custody Statement are applicable generally to custody of all types of digital assets, not simply those that are securities. As such, any subsequent rulemaking should address a regulated broker-dealer’s ability to custody all types of digital assets and not be limited to only securities digital assets.
In addition, we believe that a broker-dealer offering a full panoply of traditional securities services should also be able to offer digital asset services. While we understand and appreciate the Commission’s investor protection and market integrity concern, we believe that a framework can be developed to insulate a broker-dealer’s digital asset business from its traditional securities business in a manner that will safeguard the traditional security assets held by the broker-dealer. For instance, the Customer Protection Rule provides for a framework under which fully-paid customer securities and excess margin securities are segregated from the proprietary positions of the broker-dealer in order to protect customer positions in the event that a broker-dealer experiences an insolvency or liquidity event. We believe, for example, that a modified framework under the Customer Protection Rule can be used to segregate a full-service broker-dealer’s digital asset business from the broker-dealer’s proprietary positions and the broker-dealer traditional securities business. Through a combination of customer disclosures and customer agreements, including potentially subordination agreements, a broker-dealer can segregate a customer’s traditional securities positions from those of the customer’s digital assets in a manner that will insulate customer assets from one another in the event of a liquidation or insolvency event on the part of the broker-dealer. Such an approach would be a natural extension of the conditions contained in the Custody Agreement that a digital asset broker-dealer disclose to customers the risks associated with holding digital assets and that customer agreements account for these risks.
Use of Digital Assets to Purchase Securities
As the marketplace for digital assets matures and expands, investors may increasingly seek to have their assets in the form of digital asset currencies rather than in fiat currencies. We believe that investors will seek out those intermediaries that will provide a seamless means of purchasing traditional and digital asset securities using digital asset currencies without having to separately use third parties to convert these assets into fiat currencies in order to facilitate a transaction in securities. As such, the digital asset marketplace would be best served by allowing investors to seamlessly purchase all types of securities with established digital currencies, and permitting broker-dealers to determine the best way to settle securities based on the transaction in question. To some extent, broker-dealers already do this with respect to transactions in non-U.S. securities where a domestic broker-dealer provides execution, settlement and currency conversion services to facilitate a customer’s transaction. We believe that broker-dealers can be similarly situated to provide these conversion services as necessary.
ADAM is aware that there are a number of market participants who offer exposure to nonsecurity digital assets through a product that qualifies as a security under U.S. federal securities laws. For example, certain market participants offer accredited investors (as defined under Rule 501(a) of Regulation D of the Securities Act of 1933 (the “Securities Act”)) the ability to gain exposure to a digital asset such as BTC or ETH by subscribing to a private placement through a regulated broker-dealer. This process occurs either by way of the customer subscribing with fiat currency (cash USD) or an equivalent amount of the underlying digital asset. The latter method is commonly referred to as an “in-kind” subscription and is analogous to the creation and redemption process for an exchange-traded fund (“ETF”) both in the U.S. and abroad.
Currently, a market intermediary who accepts non-security digital assets for purchase of a security, within a broker-dealer-customer relationship, must rely on the existing third-party custodial infrastructure in order to facilitate the customer’s business. This creates unnecessary friction by interjecting additional parties within the transaction chain merely to ensure compliance with the legacy regulatory framework. If such market intermediary were able to accept a deposit of a non-security digital asset directly within a broker-dealer in compliance with applicable regulatory requirements and under the conditions set forth in the Statement, not only would such an arrangement result in additional consumer protections for the customer (including but not limited to those stated earlier), but it also would constitute an incremental step to introducing blockchain technology within the existing regulatory perimeter in a productive and commercially feasible manner.
Furthermore, it is critical that the Commission carefully consider this topic for an additional reason. There has been a heightened level of attention in the media and amongst market participants over the past several months about the inevitability of a U.S.-listed exchangetraded product (“ETP”) based on an underlying asset such as BTC coming to market in the near future. An ETP, the shares of which are listed and traded publicly on a national securities exchange, will require the participation of broker-dealers to facilitate its operation. Specifically, not only would investors purchase shares of the ETP in the secondary market through a brokerdealer, but broker-dealers serving as Authorized Participants (“APs”) would transact directly with the ETP through creation and redemption transactions to maintain the supply and demand for shares of the ETP in the secondary market.
The APs would likely transact with the ETP in kind such that they would purchase and redeem a creation unit of the ETP in exchange for a basket of the underlying asset (e.g., BTC or ETH). In the case of a creation, the AP would purchase a sufficient quantity of the reference asset in the spot non-security digital asset markets to pay for a creation unit and in a redemption, the AP would receive a basket of the reference asset equivalent in value to the redeemed ETP shares. It is likely that these APs would either be reluctant to engage in non-security digital asset activity for many of the reasons set forth herein and the Commission’s Statement, or would instead enter into contractual agreements with non-broker-dealer entities termed Liquidity Providers to facilitate this activity. In either event, the inability of a broker-dealer to transact in kind in a non-security digital asset would be problematic for the efficient operation of an ETP and disadvantageous to the investors of such an ETP absent appropriate SEC guidance.
Finally, some proposed arrangements for ETPs contemplate an arrangement whereby a customer may purchase the ETP shares with the corresponding non-security digital asset in lieu of cash. As stated earlier, because the purchase of an ETP by a customer requires the involvement of a broker-dealer, there is the potential for market dislocation should a brokerdealer be unable to accept this “in-kind” purchase from a customer.
We urge the Commission to address this potential gap in market structure in connection with the question of whether this Statement should be expanded to allow a broker-dealer to accept a non-security digital asset as a means of payment for a traditional security.
Use of Non-Broker-Dealer Custodians
As mentioned above, ADAM enthusiastically supports the Custody Statement and believes that the Commission has the ability to go one step further to clarify the types of banks that can automatically serve as good control location under Rule 15c3-3(c)(5). We note that under Rule 15c3-3(c)(5), securities under the control of a broker or dealer shall be deemed to be securities which:
[a]re in the custody or control of a bank as defined in section 3(a)(6) of the Act, the delivery of which securities to the broker or dealer does not require the payment of money or value and the bank having acknowledged in writing that the securities in its custody or control are not subject to any right, charge, security interest, lien or claim of any kind in favor of a bank or any person claiming through the bank.
A “bank,” in turn, is defined in Section 3(a)(6) of the Exchange Act to mean:
(A) a banking institution organized under the laws of the United States or a Federal savings association, as defined in section 1462(5) 1 of title 12, (B) a member bank of the Federal Reserve System, (C) any other banking institution or savings association, as defined in section 1462(4) 1 of title 12, whether incorporated or not, doing business under the laws of any State or of the United States, a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency pursuant to section 92a of title 12, and which is supervised and examined by State or Federal authority having supervision over banks or savings associations, and which is not operated for the purpose of evading the provisions of this chapter, and (D) a receiver, conservator, or other liquidating agent of any institution or firm included in clauses (A), (B), or (C) of this paragraph.
As the Commission is aware, the Office of the Comptroller of the Currency (“OCC”) has begun to charter and permit banks to engage in the custody of digital assets. Because the OCC is beginning to grant these charters, we believe that the Commission should take the opportunity to clarify that broker-dealers can use a sub-custodian like a bank chartered by the OCC to custody digital assets and that such an approach would be consistent with Rule 15c3-3(c)(5). Moreover, we believe that state-chartered banks should also be included in the types of entities whereby a broker-dealer can custody assets in compliance with Rule 15c3-3(c)(5) given that the definition of a bank specifically contemplates such entities.
In addition, while slightly outside the scope of this comment letter, we believe that the Commission should make clear that a special purpose broker-dealer that satisfies the conditions of the Custody Statement comes within the meaning of a “qualified custodian” as defined in Rule 206(4)-2 of the Investment Advisers Act of 1940. ADAM believes that this will help further the development of, and confidence in, digital asset markets.
- Additional Comments and Observations:
FINRA Approval
Broker-dealers are generally required to become members of a national securities association that is registered under Section 15A of the Exchange Act. Currently, the Financial Industry Regulatory Authority, Inc. (“FINRA”) is the only such association. While the Commission’s Custody Statement is a greatly welcomed development, we are concerned that the FINRA registration and approval process may serve as a further delay to broker-dealers being able to effectively custody digital assets. When considering a new member application, FINRA will review the entirety of a prospective broker-dealer’s business plan, all information and documents submitted by the prospective broker-dealer, all information provided during the membership interview with a view toward evaluating the prospective broker-dealer under the standards set forth in the FINRA Rule 1000 series, and in particular, FINRA Rule 1014 which governs membership decisions. This process is time consuming and, in our experience, can last up to 12 months or longer. In light of this, we request that the Commission and its staff work closely with FINRA and its staff in evaluating new membership applications from broker-dealers seeking to avail themselves of the Custody Statement so as to avoid any further delays in this development of this marketplace.ADAM appreciates the Commission’s consideration of the comments above. As the comment period is open for the next five years, we look forward to supplementing this response as our members gain further experience with the conditions of the Custody Statement.
Sincerely,
Michelle Bond
Chief Executive Officer
Association for Digital Asset Markets (ADAM)
###
- Custody of Digital Asset Securities by Special Purpose Broker-Dealers, Exchange Act Release No. 90788 (Dec. 23, 2020) 86 Fed. Reg. 11,627 (Feb. 26, 2021).
- ADAM is a broad-based industry group that is a standard-setting body and seeks to include a wide variety of market participants, including trading platforms, custodians, investors, asset managers, traders, liquidity providers, and brokers. Its members are firms that are active in digital asset markets or seek to participate in those markets. ADAM members include: Anchorage Digital, N.A.; BitGo; BitOoda; BlockFi; BTIG; CMTDigital; Cumberland; Dunamis Trading; Eventus Systems; Fireblocks; FTX.com; FTX.us; Galaxy Digital; Genesis; Grayscale; GSR; HRT; Multicoin Capital; Oasis Pro Markets; Parataxis; Paxos; Sarson Funds; Symbiont; WisdomTree; and XBTO. ADAM law firm partners include: Morgan Lewis; DLA Piper; and DLx Law.
- The Code is available at http://www.theadam.io/code/.
- For purposes of the Custody Statement, the term ‘‘digital asset’’ refers to an asset that is issued and/or transferred using distributed ledger or blockchain technology (‘‘distributed ledger technology’’), including, but not limited to, so-called ‘‘virtual currencies,’’ ‘‘coins,’’ and ‘‘tokens.’’ The focus of the Custody Statement is digital assets that rely on cryptographic protocols. As stated in the Custody Statement, a digital asset may or may not meet the definition of a ‘‘security’’ under the federal securities laws.
- The Custody Statement is effective on April 27, 2021 and expires after 5 years, during which time, the Commission is soliciting comment in order to further inform its views regarding future potential rulemaking or other action.
- More specifically, the Custody Statement is conditioned on a broker-dealer limiting its business to dealing in, effecting transactions in, maintaining custody of, and/or operating an alternative trading system for digital asset securities. The Custody Statement makes clear that a broker-dealer may hold proprietary positions in traditional securities solely for the purposes of meeting minimum net capital requirements under Exchange Act Rule 15c3-1, or hedging the risks of its proprietary positions in traditional securities and digital asset securities.
- As reflected in the Custody Statement, the assessment could examine at least the following aspects of the distributed ledger technology and its associated network, among others: performance; transaction speed and throughput; scalability; resiliency; security and the relevant consensus mechanism; extensibility; and visibility.
- As reflected in the Custody Statement, these policies, procedures, and controls could address, among other matters: the on-boarding of a digital asset security such that the broker-dealer can associate the digital asset security to a private key over which it can reasonably demonstrate exclusive physical possession or control; the processes, software and hardware systems, and any other formats or systems utilized to create, store, or use private keys and any security or operational vulnerabilities of those systems and formats; the establishment of private key generation processes that are secure and produce a cryptographically strong private key that is compatible with the distributed ledger technology and associated network and that is not susceptible to being discovered by unauthorized persons during the generation process or thereafter; measures to protect private keys from being used to make an unauthorized or accidental transfer of a digital asset security held in custody by the broker-dealer; and measures that protect private keys from being corrupted, lost or destroyed, that back-up the private key in a manner that does not compromise the security of the private key, and that otherwise preserve the ability of the firm to access and transfer a digital asset security it holds in the event a facility, software, or hardware system, or other format or system on which the private keys are stored and/or used is disrupted or destroyed.
- These would include policies and procedures that address blockchain malfunctions, 51% attacks, hard forks, or airdrops; allow the broker-dealer to comply with a court-ordered freeze or seizure; and allow the transfer of the digital asset securities held by the broker-dealer to another special purpose broker-dealer, a trustee, receiver, liquidator, a person performing a similar function, or another appropriate person, in the event the broker-dealer can no longer continue as a going concern and self-liquidates or is subject to a formal bankruptcy, receivership, liquidation, or similar proceeding.
- These disclosures would include a statement (i) that the broker-dealer is deeming itself to be in possession or control of digital asset securities held for the customer for the purposes of Rule 15c3-3(b)(1) based on its compliance with the Custody Statement; and (ii) about the risks of investing in or holding digital asset securities. The risk disclosures that the Commission expects include, at a minimum: a prominent disclosure that digital asset securities may not be “securities” as defined in SIPA, and in particular, that digital asset securities that are “investment contracts” under the test articulated in SEC v. W.J. Howey Co., 328 U.S. 293 (1946) (“Howey”), but are not registered with the Commission are excluded from SIPA’s definition of “securities,” describe the risks of fraud, manipulation, theft, and loss associated with digital asset securities; describe the risks relating to valuation, price volatility, and liquidity associated with digital asset securities; and describe, at a high level that would not compromise any security protocols, the processes, software and hardware systems, and any other formats or systems utilized by the broker-dealer to create, store, or use the broker-dealer’s private keys and protect them from loss, theft, or unauthorized or accidental use.
- This planning includes: (a) regular risk assessments; (b) physical safeguards, secure authentication methods (including, where appropriate, multi-factor authentication), and other information access controls; (c) industrystandard encryption of information in-transit and at rest; (d) appropriate redundancy and contingency planning with respect to the management of digital asset keys; (e) penetration testing and vulnerability screening, and prompt remediation of identified vulnerabilities; (f) employee background checks (where consistent with applicable laws and regulations) and training, as well as ongoing monitoring of employee conduct as it relates to information security and access controls; and (g) third-party audits of their information security controls, including certifications of any standards a member represents that its information security controls meet.
- Although the term ETF is commonly referenced in public discussion, the product that market participants commonly refer to would more likely than not be more appropriately classified as an ETP, the shares of which are registered pursuant to the Securities Act, rather than an exchange-traded investment company regulated under the Investment Company Act of 1940.
- See, e.g., Anchorage Digital N.A. Approval Letter https://www.occ.gov/news-issuances/news-releases/2021/nrocc-2021-6a.pdf