UK: SEC And FINRA Issue Joint Statement On Broker-Dealer Custody Of Digital Asset Securities

Last Updated: 22 July 2019
Article by Edward J. Johnsen, Mary Dunbar, John Grady and Bradley E. Phipps

On July 8, 2019, the Securities and Exchange Commission and the Financial Industry Regulatory Authority issued a long-awaited Joint Statement addressing the ways in which the federal securities laws and regulations and FINRA rules apply to the intermediation of transactions in, and custody of, "digital asset securities." In issuing the Joint Statement, the staffs of the SEC Division of Trading and Markets and FINRA (the Staffs) attempted to align the agencies' historic approach to broker-dealer regulation and investor protection, particularly SEC Rule 15c3-3 (the Customer Protection Rule), with the new world of digital asset securities.

According to the Joint Statement, "digital assets" are assets issued and transferred using distributed ledger or blockchain technology and can include "virtual currencies," "coins," and "tokens." Since a digital asset may or may not meet the definition of "security" under the federal securities laws, the Staffs refer to a digital asset that meets the definition of security as a "digital asset security." The Joint Statement focuses on digital asset securities and, notably, does not address digital assets that are generally not viewed as securities, such as Bitcoin, even with respect to situations where a broker-dealer might receive, hold or otherwise handle such digital assets in connection with transactions in digital asset securities.

The Staffs begin by emphasizing that novel and complex regulatory and compliance issues are raised when attempting to apply federal securities laws and regulations, FINRA rules, and other laws to digital asset securities and related technologies, especially with respect to the Customer Protection Rule. They explain that with conventional securities, compliance with these requirements is facilitated by a number of established laws and practices, but these laws and practices may not work effectively with digital asset securities. The Staffs note that they have discussed these issues with industry participants to understand how various custody solutions for digital asset securities would satisfy the Customer Protection Rule's possession and control standards, and they invite firms to continue engaging with them with respect to these issues.

While the Joint Statement provides a welcome discussion of what the Staffs believe to be critical issues relating to the trading of digital asset securities and the establishment of an organized marketplace to do so, it is only a beginning. It explains the issues and articulates significant questions that need to be answered, but it does not answer those questions and does not provide any definitive guidance as to what custody or other practices will be considered acceptable.

The Customer Protection Rule

The Joint Statement explains that entities participating in the market for digital asset securities must comply with relevant securities laws, and those that buy, sell, or otherwise effect transactions in digital asset securities for customers or for their own accounts may be required to register as broker-dealers and become FINRA members. As broker-dealers, they must comply with the Customer Protection Rule, which is designed to safeguard customer securities and funds held by broker-dealers and reduce the risk of loss in the event of a broker-dealer's failure. It also enhances the ability to monitor broker-dealers' practices with respect to the handling of customer assets.

The rule requires broker-dealers to safeguard customer assets and keep them separate from those of the broker-dealer. This increases the likelihood that customers' securities and cash can be returned to them if the broker-dealer fails. The Staffs contrast the successful 50-year record of recovering investor assets in cases of broker-dealer failures to more recent reports of thefts of Bitcoins and other digital assets resulting from cyberattacks on their trading platforms, citing estimates that approximately $1.7 billion of digital assets were stolen in 2018, over three times more than in 2017.

The Joint Statement explains that irrespective of the form of security, the fundamental elements of the Customer Protection Rule (and other SEC financial responsibility rules) apply with equal effect. Acknowledging that it may be challenging for broker-dealers to comply with these rules in the context of digital asset securities without significant technological developments and solutions, the Joint Statement states that the Staffs are continuing the dialogue with market participants and gathering information to better respond to these developments, while continuing to focus on the SEC's and FINRA's investor protection, market integrity and related mandates.

The Staffs note that the Customer Protection Rule is designed to protect broker-dealer customers from losses and delays in accessing their securities and cash if the broker-dealer fails, so that those securities and cash are readily available for return to the customers. Consequently, the rule requires broker-dealers to physically hold customers' fully paid and excess margin securities, or maintain them free of any liens at good control locations. With conventional securities this is generally done by third parties such as the Depository Trust Company or a clearing bank (or, in certain cases, the issuer or its transfer agent), a process that also allows for reversing or canceling erroneous transactions.

With digital asset securities, however, the Staffs assert that the mechanics and risks associated with custody are significantly different and may create greater risk of fraud or theft. A broker-dealer could lose the "private keys" necessary to transfer a client's digital asset securities, or could transfer those securities to an unknown or unintended address, without any ability to invalidate fraudulent transactions, recover or replace lost property, or correct errors. All of this presents a significant challenge: how to satisfy the possession and control requirements of the Customer Protection Rule when dealing with digital asset securities, and how to avoid the risk of customer losses and resulting liability for the broker-dealer.

Other broker-dealer obligations

The Joint Statement also discusses other broker-dealer requirements in the digital asset securities context.

Recordkeeping and reporting rules. Recordkeeping and reporting rules require broker-dealers to make and keep ledgers reflecting assets and liabilities, a record reflecting each security carried by the broker-dealer for customers and a record of differences determined by a count of customer securities in the broker-dealer's possession or control when compared to its current books and records. Broker-dealers also routinely prepare financial statements and supporting schedules such as net capital computations and information relating to the Customer Protection Rule's possession and control requirements.

The Joint Statement explains that distributed ledger technology and the unique characteristics of digital asset securities may make it difficult to comply with these requirements and for a broker-dealer's independent auditors to carry out their functions. Observing that some firms are apparently considering using distributed ledger technology with features designed to enable broker-dealers to meet their recordkeeping and other obligations, the Staffs cautioned that broker-dealers should consider how such technology could impact their ability to comply with these rules.

Securities Investor Protection Act of 1970 (SIPA). Broker-dealers that fail and cannot return customer property are generally liquidated in accordance with SIPA, under which customers have a first priority claim to cash and securities held by the firm for such customers and are eligible for up to $500,000 in protection for missing assets. While these protections apply to "securities" (as defined in SIPA) and cash deposited with the broker-dealer for the purpose of purchasing such securities, they do not apply to assets that are securities under federal securities laws but are not so defined under SIPA. For example, the SIPA definition does not include certain investment contracts that are not the subject of a registration statement pursuant to the Securities Act of 1933, as amended. If a digital asset security does not meet the SIPA definition of security, SIPA protection may not apply and holders may have only unsecured general creditor claims against the broker-dealer in the event of its failure.

Noncustodial broker-dealer activities

The Joint Statement also discusses digital asset securities activities that do not involve custody, explaining that such activities do not raise the same level of concern with the Staffs (assuming all other relevant securities laws, rules, and regulations are followed). Activities falling into this category include:

  1. a broker-dealer sending trade-matching details (eg, parties, price, and quantity) to the buyer and issuer of a digital asset security in a manner similar to a traditional private placement, with the issuer settling the transaction with the buyer away from the broker-dealer and the broker-dealer instructing the customer to pay the issuer directly and instructing the issuer to issue the digital asset security directly to the customer.
  2. a secondary market transaction involving a broker-dealer introducing a buyer to a seller of digital asset securities through a trading platform, with the trade settling directly between the buyer and seller.
  3. a secondary market transaction involving a broker-dealer introducing a buyer to a seller of digital asset securities through a trading platform, with the trade settling directly between the buyer and seller.

This latter category could include a broker-dealer alternative trading system (ATS) that matches buyers and sellers of digital asset securities, with the trades settled directly between the buyer and seller (or their third-party custodians) and the ATS neither guaranteeing nor otherwise having responsibility for settling the trades, and at no time exercising any control over the digital asset securities or the currency used to make the purchase.


As stated above, the Joint Statement's discussion of the issues facing those wishing to intermediate transactions in digital asset securities and facilitate the creation of an organized marketplace for them is welcome, but it is merely a beginning. It explains the issues and articulates some of the most significant questions that need to be answered. It does not, however, answer those questions. As the Joint Statement itself points out, it simply represents Staff views, and the statements therein are not rules, regulations, guidance, or statements of the SEC or FINRA themselves. It is clearly an important step but it does not alter or amend applicable law and has no legal force or effect. It sets forth a number of issues and concepts that are under consideration, but it does not provide any definitive guidance with respect to what custody or other practices will be considered acceptable.

The Staffs explain that entities hoping to engage in digital asset securities activities have been seeking to register as broker-dealers and become FINRA members and that currently registered broker-dealers are seeking to add digital asset securities to the financial products and services they offer. Some proposed business models include custody of digital asset securities and thus implicate the Customer Protection Rule. According to the Joint Statement, a number of entities have met with the Staffs to discuss these matters, including how they would custody digital asset securities in compliance with the applicable rules, and the Staffs invite continued discussion.

However, the Staffs did not place their imprimatur on any particular method of custody. Instead, they said that the circumstances in which a broker-dealer could custody digital asset securities in compliance with the Customer Protection Rule remain under discussion. They noted that certain broker-dealers have inquired about using an issuer or transfer agent as a control location for purposes of the possession and control requirements of the Customer Protection Rule. They then stated that if a broker-dealer is considering this type of arrangement, it would have to submit an application to the Division of Trading and Markets for consideration of such arrangement as a satisfactory control location pursuant to the current application process found in the Customer Protection Rule. The Staffs did not, however, indicate under what circumstances they might approve such an application.

So the Joint Statement can be viewed at best as an opening statement in a broader, more public discussion on these issues than has occurred to this point. However, there is still much to be done and said before there is a clear path for creating and maintaining a real marketplace for transactions in digital asset securities. At the same time, digital assets remain a priority for both SEC and FINRA examiners.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Topics
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions