The staffs of the Division of Trading and Markets at the U.S. Securities and Exchange Commission (SEC) and the Office of General Counsel at the Financial Industry Regulatory Authority (FINRA) made a joint statement on Monday (July 8) to articulate their main concerns regarding regulatory compliance by broker-dealers wishing to work with digital asset securities.

Why Are the SEC and FINRA Making This Public Statement?

FINRA is “a not-for-profit organization authorized by Congress to protect America’s investors by making sure the broker-dealer industry operates fairly and honestly.”

As Coindesk reported on June 17, roughly 40 crypto businesses have been waiting for months to get their application for a broker-dealer license approved. This step is a prerequisite to applying for an Alternative Trading System (ATS) license from the SEC, which would allow them to offer to their customers trading in digital asset securities (i.e. digital assets that are securities).

Three of Coindesk’s sources said at the time that “some startups have been waiting at least a year, with a few standing by for as many as 14 months, without seeing any movement from FINRA.” 

FINRA director of media relations Ray Pellecchia told Coindek:

Membership applications from firms proposing to engage in digital asset businesses present new, complex issues and we are in the process of working through them.

One well-known crypto business that has very recently expressed interest in getting a broker-dealer license from FINRA is digital asset exchange Gemini.

It seems that the purpose of this public statement was to explain to “market participants” (and other interested parties) why and how “the application of the federal securities laws, FINRA rules and other bodies of laws to digital assets, digital asset securities and related innovative technologies raise novel and complex regulatory and compliance questions and challenges.” 

One area of particular concern is compliance with the SEC’s Customer Protection Rule.

What Is the Customer Protection Rule?

Rule 15c3-3 under the Securities Exchange Act of 1934 (the “Exchange Act”) is known as the Customer Protection Rule. The purpose of this rule is “to safeguard customer securities and funds held by a broker-dealer, to prevent investor loss or harm in the event of a broker-dealer’s failure, and to enhance the Commission’s ability to monitor and prevent unsound business practices.” In other words, the Customer Protection Rule “requires broker-dealers to safeguard customer assets and to keep customer assets separate from the firm’s assets, thus increasing the likelihood that customers’ securities and cash can be returned to them in the event of the broker-dealer’s failure.”

Two types of businesses have contacted FINRA:

  • Those entities that “intend to engage in broker-dealer activities involving digital asset securities are seeking to register with the Commission and have submitted New Membership Applications (‘NMAs’) to FINRA.”
  • Those entities that “are already registered broker-dealers and FINRA members are seeking to expand their businesses to include digital asset securities services and activities.” The reason that these entities are contacting FINRA is that they are forbidden from “materially changing” their “business operations (e.g., engaging in material digital asset securities activities for the first time) without FINRA’s prior approval of a Continuing Membership Application (‘CMA’).”

Some of the NMA and CMAs have proposed business models that do not involve custody of digital asset securities, while others have business models that has a custody element, which means that they need to comply with the Customer Protection Rule (as well as other rules related to custody). In general, the Noncustodial Broker-Dealer Models are not too worrisome for the staffs of the SEC and FINRA “provided that the relevant securities laws, SRO rules, and other legal and regulatory requirements are followed.” Here is one such example:

… a broker-dealer facilitates 'over-the counter' secondary market transactions in digital asset securities without taking custody of or exercising control over the digital asset securities. In this example, the buyer and seller complete the transaction directly and, therefore, the securities do not pass through the broker-dealer facilitating the transaction.

As for the Custodial Broker-Dealer Models, the Staffs “acknowledge that market participants wishing to custody digital asset securities may find it challenging to comply with the broker-dealer financial responsibility rules without putting in place significant technological enhancements and solutions unique to digital asset securities,” and as “the market, infrastructure, and law applicable to digital asset securities continue to develop,” the Staffs “will continue their constructive engagement with market participants and to gather additional information so that they may better respond to developments in the market” while ensuring that both the SEC and FINRA are “advancing” their respective missions.

With respect to the requirements of the Customer Protection Rule, there are special considerations when it comes to digital asset securities. For example:

… the manner in which digital asset securities are issued, held, and transferred may create greater risk that a broker-dealer maintaining custody of them could be victimized by fraud or theft, could lose a 'private key' necessary to transfer a client’s digital asset securities, or could transfer a client’s digital asset securities to an unknown or unintended address without meaningful recourse to invalidate fraudulent transactions, recover or replace lost property, or correct errors.

A broker-dealer that has custody of digital asset securities, either directly itself or indirectly via a third-party custodian, could face difficult challenges. For instance, say, the broker-dealer or its third-party custodian has a private key for a digital asset security. Just holding that private key does not necessarily prove that the there is “exclusive control” of that digital asset security; how does it prove that “no other party has a copy of the private key”? Also, holding the private key “may not be sufficient to allow it to reverse or cancel mistaken or unauthorized transactions.”

Reactions From Crypto Twitter

Here is what Jake Chervisnky, one of the most popular crypto lawyers on Twitter, had to say:

As for another crypto law commentator, Katherine Wu, this was her assessment:


Featured Image Credit: Photo via