Digital Asset Securities: Joint SEC and FINRA Statement Aimed at Broker-Dealer Custody

On July 8, 2019, the long-awaited statement (Statement) on custody of digital asset securities was released jointly by the staffs (Staffs) of the U.S. Securities and Exchange Commission (SEC) Division of Trading and Markets and the Financial Industry Regulatory Authority (FINRA).1  The Statement is based on industry discussions with the Staffs and highlights the following:

  1. Certain noncustodial broker-dealer models may have a path forward for FINRA approval.
  2. The Staffs have concerns relating to broker-dealer custody of digital asset securities that remain unanswered, but certain good control locations (i.e., banks, issuers and transfer agents) may provide a viable custody solution under the Customer Protection Rule.2
  3. Market participants should consider other broker-dealer requirements, including books and records and financial reporting rules.

Noncustodial Broker-Dealer Models for Digital Asset Securities

The Statement offers new guidance on noncustodial business models for digital assets that are presented to the Staffs in the near term through pending membership applications with FINRA.3 These noncustodial broker-dealer models “do not raise the same level of concern” at FINRA and the SEC. The Statement gives three examples of these noncustodial broker-dealer models:

  1. A broker-dealer sends trade-matching details to the buyer and issuer of a digital asset security. The broker-dealer then instructs the buyer to pay the issuer directly and the issuer to release the asset directly to the buyer (e.g., to the customer’s digital asset wallet). This model is akin to a traditional private placement agent.
  2. A broker-dealer facilitates over-the-counter secondary market transactions in digital asset securities. However, the clearance and settlement of the transactions happens directly between the buyer and seller and does not pass through the broker-dealer. It is similar to the first example, which relates to primary issuance, while this example relates to a secondary market transaction.
  3. The broker-dealer introduces the digital asset buyer to the seller through a trading platform, and the trade is settled directly between buyer and seller. For instance, a broker-dealer that operates an alternative trading system (ATS) matches a buyer and seller. The executed trade on the ATS is either settled directly between the buyer and seller or through a third-party custodian. In either case, the securities and funds do not pass through the broker-dealer.

In each of these examples, the broker-dealer would rely on an exemption from the Customer Protection Rule.4

The Customer Protection Rule

Broker-dealers subject to the Customer Protection Rule are required to promptly obtain and thereafter maintain the physical possession or control of all fully paid digital asset securities.5 Where a broker-dealer does not itself maintain possession of a customer’s digital asset securities, the rule requires that the broker-dealer hold or custody the securities in a good “control location.” For purposes of digital asset securities, the Statement notes that banks, issuers and transfer agents may be viable good “control locations.” Given that the purpose of the Customer Protection Rule is to “prevent investor loss or harm in the event of a broker-dealer’s failure, and to enhance the Commission’s ability to monitor and prevent unsound business practices,” the Statement raises specific concerns regarding broker-dealer custody of digital asset securities that remain unresolved:6

  • The lack of insurance coverage for certain types of digital asset securities under the Securities Investment Protection Act (SIPA), which generally protects an investor in the event of a broker-dealer’s insolvency.7 The issue arises from the disparity between the narrow definition of “security” under SIPA and the broad definition of security, including investment contracts, under the Securities Act of 1933.8
  • The potential for theft and fraud, including through the loss of “private keys,” which are required in order to transfer digital asset securities and evince custody of a digital asset. The Staffs would like broker-dealers to ensure that they are the only party who has a copy of the private key.9
  • Broker-dealers may transfer a digital asset to an “unknown or unintended address without meaningful recourse.” Given the immutability of blockchain technology, certain digital asset securities transactions may not be reversible in the event of trade errors.

Other Broker-Dealer Rules Applicable to Digital Asset Securities

The Statement notes several other rules that are generally applicable to broker-dealers but here provide, for the first time, additional considerations relevant to digital asset securities.10 These rules include various broker-dealer financial responsibility rules, and recordkeeping and reporting rules as enshrined in Rule 15c3-3, Rule 15c3-1 (the Net Capital Rule) and Rules 17a-3 – Rule 17a-5. These recordkeeping rules help securities regulators determine whether broker-dealers are in compliance with securities laws. In addition, the Staffs expressed concern that it may be challenging to keep accurate books and records of digital assets, which may in turn create challenges for broker-dealers’ independent auditors.


The Statement provides welcome guidance on broker-dealer noncustodial arrangements and a framework for continued dialogue among the Staffs and market participants for digital asset custody issues. Market participants are invited to continue engaging in this dialogue with the Staffs while innovators in the fintech market work toward developing methodologies addressing the unique regulatory challenges posed by digital asset securities.


Thank you to Sidley Law Clerk Sarah K. Gromet for her significant contributions to this post.

Division of Trading and Markets, U.S. Securities and Exchange Commission Office of General Counsel, Financial Industry Regulatory Authority, Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities, July 8, 2019, available at The Statement represents views of the Staffs and “is not a rule, regulation, guidance, or statement of the” SEC or FINRA and “does not alter or amend applicable law and has no legal force or effect.” The Statement does not address the custody rules applicable to registered investment advisers. However, a March 2019 letter from Paul G. Cellupica, Deputy Director and Chief Counsel of the SEC’s Division of Investment Management, to Karen Barr, President and CEO, Investment Adviser Association, asks for input regarding considerations for investment advisers in custody of digital asset securities. Engaging on Non-DVP Custodial Practices and Digital Assets, available at

SEC Rule 15c3-3 is commonly referred to as the “Customer Protection Rule.” See 17 CFR § 240.15c3-3. The Customer Protection Rule imposes certain custodial requirements on broker-dealers and is intended for safekeeping of customer assets and to protect investors against loss.

3 Unregistered entities seeking to engage in broker-dealer activity must file new membership applications (NMAs), while broker-dealers seeking to materially change their business models, including by transacting in digital asset securities, must file continuing membership applications (CMAs). The Statement notes that broker-dealers can seek a materiality consultation to determine whether a contemplated change, “such as engaging in digital asset securities activity” will necessitate the filing of a CMA. In doing so, the Statement may extend FINRA Regulatory Notice 18-20 (Notice 18-20), which expires July 31, 2019. Notice 18-20 notifies broker-dealers to consult with FINRA if they begin to engage in activity related to digital assets.

A commonly used exemption is SEC Rule 15c3-3(k)(2)(i), which provides that the rule is not applicable to a broker-dealer “[w]ho carries no margin accounts, promptly transmits all customer funds and delivers all securities received in connection with its activities as a broker or dealer, does not otherwise hold funds or securities for, or owe money or securities to, customers and effectuates all financial transactions between the broker or dealer and its customers through one or more bank accounts, each to be designated as ‘Special Account for the Exclusive Benefit of Customers of (name of the broker or dealer)[.]’”

For further discussion of the Customer Protection Rule’s application to digital asset securities, see Sidley, Custody of Digital Asset Securities: A Proposal to Address Open Questions for Broker-Dealers Under the SEC’s Customer Protection Rule (Sidley Custody Proposal), available at

Emphasizing that the Statement is an articulation of the Staffs’ concerns rather than guidance, the Statement notes that “[t]he specific circumstances where a broker-dealer could custody digital asset securities in a manner that the Staffs believe would comply with the Customer Protection Rule remain under discussion.”

See Sidley Custody Proposal, available at

A detailed description of the SEC FinHub’s Digital Asset Framework for analyzing whether a digital asset meets the definition of an “investment contract” and thus a security under the Securities Act of 1933 is available at

Broker-dealers may alleviate these concerns by self-generating the private keys, and maintaining sole access to them, allowing broker-dealers both to prevent wrongful transfers and to demonstrate custody sufficient to recover inadvertently transferred digital assets. See Sidley Custody Proposal, available at

10 As this is the first joint public statement highlighting the broker-dealer requirements applicable to digital asset securities, this list does not necessarily include all the applicable rules and regulations.