Skip to content.

SEC/FINRA Joint Statement on Broker-Dealer Custody of Digital Asset Securities

On July 8, 2019, the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issued a news release (the “Joint Statement”) to address concerns regarding the applicability of U.S. federal securities laws to the intermediation and custody of digital assets.[1] The Joint Statement is aimed at clarifying the applicability of consumer protection rules for SEC-registered broker-dealers in regards to custodial obligations for digital asset securities.

Since some digital assets may or may not meet the definition of a “security” under the U.S. Securities Exchange Act of 1934 (the “Exchange Act”),[2] the Joint Statement was released to ensure that market participants could determine whether their activities would trigger the Exchange Act’s regulations for brokers and dealers. As the Exchange Act requires those who meet the statutory definition of a broker or a dealer to register with the SEC and become a member of FINRA or a comparable self-regulatory organization, the Joint Statement provides direction so that brokers and dealers may conduct themselves in accordance with U.S. federal securities laws.

The Consumer Protection Rule for Digital Asset Securities

Individuals or businesses that act as agent in the purchase or sale of digital asset securities (brokers), and those who are engaged in the business of buying or selling digital asset securities for their own purposes (dealers), must comply with the Exchange Act’s Consumer Protection Rule (the “CPR”). The CPR mandates financial responsibility rules that require broker-dealers to comply with FINRA’s system of self-regulation, as well as the Exchange Act’s requirement to separate customer assets from firm assets, as a measure of investor loss protection in the event of a broker-dealer failure and liquidation.

While conceived at the time of traditional paper-based securities, the intention of CPR is to ensure that customers of a broker-dealer are able to quickly retrieve digital asset securities from the firm in the event of the firm’s failure and to guard against improper use of customers’ digital asset securities by the broker-dealer.

As the CPR requires the broker-dealer to keep a customer’s digital asset securities in a “good control location”, the Joint Statement expressly notes that there would be “many significant differences in the mechanics and risks associated with custodying traditional securities [versus] digital asset securities” and that “the manner in which digital asset securities are issued, held, and transferred may create greater risk that a broker-dealer maintaining custody of them could be victimized by fraud or theft, […] without meaningful recourse to invalidate fraudulent transactions, recover or replace lost property, or correct errors”.

Since the requirements for demonstrating that a digital asset security is held in a “good control location” is predicated on the ability to maintain exclusive control over the digital asset security, in order to satisfy the requirements of the Exchange Act, broker-dealers will need to demonstrate that their measures for custodying digital asset securities are designed to prevent the occurrence of fraud, theft or unauthorized transactions. While not clarifying what framework for the custodying of digital asset securities would meet the requirements of the Exchange Act, the Joint Statement expresses that the SEC and FINRA encourage and support innovation in the securities market to address the current CPR framework.

Further, the Joint Statement outlines three scenarios where individuals or businesses that seek to engage in broker-dealer activities would not be required to comply with the CPR. Provided that the individual or business complies with the applicable securities laws, self-regulatory organization rules and regulatory requirements, the following non-custodial activities are not subject to compliance with CPR:

  • Private placement activities: the CPR does not apply where the broker-dealer provides trade-matching details to an issuer (such as party names and purchase details) as long as the transaction occurs bilaterally between the buyer and the issuer. As the broker-dealer is merely directing the buyer to engage with the issuer themselves, the transaction entails no custody of the buyer’s or issuer’s digital asset securities;
  • “Over-the-counter” secondary market transactions: similar to the above, the CPR does not apply where the broker-dealer assists the buyer and seller or issuer of a digital asset security where the security does not go into the possession of the broker-dealer facilitating the transaction; and
  • Operation of an alternative trading system: where the broker-dealer operates or manages a trading platform that connects buyers and sellers or issuers of digital asset securities and facilitates a transaction directly between the two parties, the CPR does not apply so long as the operator does not “guarantee or otherwise have responsibility for settling the trades and would not at any time exercise any level of control over the digital asset securities being sold or the cash being used to make the purchase”.

Recovery of Digital Asset Securities

In the event of a broker-dealer failure leading to liquidation, the Securities Investor Protection Act (the “SIPA”)[3] requires the broker-dealer to make all securities available to the associated customer as a first-priority claim on the firm’s assets. However, the SIPA definition of “security” subsumes the Exchange Act’s definition of security but expressly excludes “an investment contract or interest that is not the subject of a registration statement with the [SEC]”. The impact of this difference between the SIPA definition of “security” and the Exchange Act’s definition means there may be digital assets which are:

  • included within the SIPA and the Exchange Act’s definition of “security”, and therefore protected under SIPA;
  • included within the Exchange Act’s definition of “security” but not the SIPA definition of “security”, and therefore not protected under SIPA; or
  • not included within the Exchange Act’s definition of “security” and therefore not protected under SIPA.

Therefore, if a customer gives custody of a digital asset to a broker-dealer that fails and undergoes liquidation, the effect of the Exchange Act and SIPA may mean that, in certain circumstances, the customer may not have a first-priority claim on repossessing their digital asset. Instead, the customer would be downgraded to a general creditor claim and would not benefit from the broker-dealers indemnity fund, which would likely be inconsistent with the customer’s expectations.

Implications of Financial Reporting Rules on Digital Asset Securities

Additionally, the Joint Statement briefly discusses the application of financial reporting rules with respect to digital asset securities. Due to the lack of centralized data storage or administration, financial reporting for digital asset securities requires non-traditional considerations with respect to the Exchange Act’s reporting requirements. As the Exchange Act requires broker-dealers to keep updated ledgers of all assets and liabilities, the difficulty in accurately substantiating the existence and value of digital asset securities may pose difficulties for broker-dealers for auditing purposes.


Further consultation between relevant stakeholders, FINRA and the SEC is required to clarify the uncertainties of custodial obligations for broker-dealers. However, the Joint Statement is an indication that regulators are attuned to the difficulties of applying current securities laws to modern digital assets. As such, compliance with the federal securities regime for broker-dealers involved in the marketplace of digital asset securities will continue to be an important consideration for those wishing to enter the market. The Joint Statement indicates that the SEC and FINRA are open to the creation of industry-led solutions in this space.

The Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) have also published a joint consultation paper addressing custody issues with digital assets In a Canadian context. Please see our earlier post on this topic for further details.

For more information about our firm’s Fintech expertise, please contact the authors and see our Fintech group page.


[1] The Joint Statement defines “digital asset” to include an asset that is issued and transferred using distributed ledger or blockchain technology, such as virtual currencies, coins, and tokens. It also notes that a digital asset may or may not meet the definition of a “security” under the federal securities laws.

[2] Securities Exchange Act of 1934, 15 USC § 78 (2012).

[3] Securities Investor Protection Act of 1970, 15 USC § 78aaa (2012).




Stay Connected

Get the latest posts from this blog

Please enter a valid email address