SEC Seeks Input On Custody Issues Arising From Digital Assets

Blockchain & E-Transactions Law

This week, the SEC's Division of Investment Management issued a letter seeking industry and public input on custody issues arising from digital assets.

The "Custody Rule," Rule 206(4)-2 under the Advisers Act of 1940, provides it is a fraudulent act or practice to have custody of client assets, unless an adviser complies with Custody-Rule requirements, including among others, by a qualified custodian subject to annual independent audits.

The Division’s recent Guidance Update on custody issues focused on inadvertent custody (e.g. where boilerplate in the adviser’s agreement with a custodian confers a power to withdraw or direct client assets beyond the adviser’s trading authorization).  See  ("2017" Guidance Update).

Most securities trades settle by the simultaneous delivery of the purchased asset against payment ("DVP") through a trusted intermediary, like the Depository Trust Clearing Corporation ("DTCC").  But digital assets, like crypto-currencies, usually involve peer-to-peer ("P2P") transactions and settlement on a Blockchain.  The Division’s letter seeks industry and public input on non-DVP settled assets, asking:

  • What types of instruments traded on a Non-DVP basis? How do these instruments trade?
  • Describe the risks of misappropriation or loss associated with various types of Non-DVP trading. What controls do investment advisers have in place to address the risks of misappropriation related to such trading? What types of independent checks, other than a surprise examination, do investment advisers use currently to test these controls?
  • Are there particular types of securities transactions settled on a Non-DVP basis that present a greater or lesser risk of misappropriation or loss?
  • What role do custodians play in the settlement process of Non-DVP trading? What role do they play in mitigating risks of misappropriation or loss arising from such trading?
  • For advisers who currently obtain surprise examinations, what is the marginal cost of adding accounts that trade on a Non-DVP basis to the list of client accounts provided to the accountant performing the surprise examination of a sample of client accounts?
  • What challenges do investment advisers have in obtaining surprise examinations regarding Non-DVP traded securities? How do advisers to unaudited private funds that are subject to surprise examinations address these challenges?
  • Are there types of external checks that could be more effective and less costly than surprise examinations with respect to Non-DVP traded securities?
  • To what extent do Non-DVP assets appear on client account statements from qualified custodians? To what extent does an investment adviser have any influence over, or input into whether and how such assets appear on account statements? Are there any assets that trade on a Non-DVP basis that would not appear on a qualified custodian’s account statements?
  • To what extent could evolving technologies, such as Blockchain/distributed ledger technology ("DLT"), provide enhanced or diminished client protection in the context of Non-DVP trading?

Specifically, the Staff seeks further information on digital assets, including:

  • Practices and challenges;
  • Whether advisers include digital assets as "funds" or "securities" within assets under management (and other regulatory reporting) and challenges associated with the issue;
  • P2P settlement practices and issues.

Interested parties should submit comments to IMOCC@sec.gov , with "Custody Rule and Non-DVP Trading" or "Custody Rule and Digital Assets" in the subject line.

The March 12, 2019 letter, "Engaging on Non-DVP Custodial Practices and Digital Assets," is here.

Burr
Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.


Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.