The staff of the Securities and Exchange Commission’s Division of Examinations (Staff) on February 26, 2021, published a Risk Alert (Risk Alert)¹ regarding digital asset securities.² The Risk Alert highlights observations made by the Staff during examinations of investment advisers, broker-dealers, transfer agents and national securities exchanges (collectively, Firms) regarding activities related to the offer, sale and trading of digital asset securities. This OnPoint discusses a sampling of the Staff’s observations for helping Firms design and enhance their compliance policies and practices.

Considerations for Investment Advisers

The Staff identified several areas of focus for investment advisers managing digital asset securities, as well as other digital assets and derivative products, for clients:

• Portfolio Management: When examining an investment adviser’s policies, procedures and practices related to investing client assets directly or through pooled products in digital asset securities, derivatives and other digital assets, the Staff will focus on: whether advisers properly classify digital assets (including whether they are properly classified as securities); the adviser’s due diligence with regard to digital asset securities;³ the adviser’s evaluation and mitigation of the risks related to trading and execution of digital asset transactions, including with regard to know-your-customer and anti-money laundering (AML) procedures, security breaches and fraud; how the adviser manages the complexities associated with certain digital assets (such as “forked” and “airdropped” digital assets),⁴ including allocations of those assets across client accounts and conflicts of interest; and the adviser’s fulfillment of its fiduciary duty with respect to recommending digital asset securities for client portfolios.⁵

• Books and Records: The Risk Alert notes that platforms that support trading in digital assets “vary in reliability and consistency with regard to order execution, settlement methods, and post-trade recordation and notification.” When examining an adviser’s books and recordkeeping practices in the context of digital securities, the Staff will review whether the adviser is making and keeping accurate books and records, including recording trading activity in accordance with Rule 204-2 under the Investment Advisers Act of 1940.
• Custody: The Staff will review an adviser’s practices related to the custody of digital assets and associated risks, including: occurrences of unauthorized transactions (including theft); the adviser’s controls for safekeeping digital assets (such as private key and trading platform access); whether the adviser’s business continuity plan provides for key personnel to have exclusive access to private keys and how the adviser evaluates harm due to the loss of private keys; the reliability of software used to access digital asset networks; storage of digital assets on trading platforms or with third-party custodians; and the adviser’s security procedures related to software and hardware wallets.
• Disclosures: The Staff will focus on how advisers disclose the unique risks associated with digital assets, including whether any risks are magnified as a result of the digital nature of the assets. The Risk Alert notes that the Staff will assess disclosures of specific risks, such as “complexities of the products and technology underlying such assets, technical, legal, market, and operational risks (including custody and cybersecurity), price volatility, illiquidity, valuation methodology, related-party transactions, and conflicts of interest.”
• Pricing client portfolios: The Risk Alert notes that the valuation of digital assets and digital asset securities can be challenging due to: market fragmentation, illiquidity and volatility in markets for digital assets; and the potential for manipulation of digital asset markets. When examining an adviser’s valuation methodologies utilized to determine the value of digital assets managed on clients’ behalf, the Staff will focus in particular on: how those methodologies are used to determine principal markets; fair value; valuation after significant events impacting digital assets; and recognition of forked and airdropped digital assets. Further, the Staff will review disclosures related to such valuation methodologies, as well as advisory fee calculations and the interaction of valuation practices with such fees.
• Registration issues: Examinations also will focus on registration requirements, including how the adviser calculates its regulatory assets under management and characterizes digital assets in pooled vehicles that it manages. If the adviser manages a private fund, examinations also will consider how the fund determines applicable exemptions from registration as an investment company.⁶

Considerations for Broker-Dealers

The Risk Alert identifies several areas on which the Staff will focus during examinations of broker-dealers’ activities related to digital assets and digital asset securities.

• Safekeeping of funds and operations: Examinations of broker-dealers will focus on the broker-dealer’s operations as they relate to the safekeeping and custody of digital asset securities.⁷

• Registration requirements: The Staff will focus on whether broker-dealers and their affiliates are compliant with registration requirements. In particular, the Risk Alert notes that if an affiliate of a broker-dealer effects transactions in digital asset securities for the accounts of others, such affiliate may be required to register as a broker-dealer.
• AML: The Risk Alert notes that, during examinations, the Staff has observed inadequate broker-dealer AML procedures and controls. For example, the Staff has observed instances where AML programs fail to consistently search the Specially Designated Nationals list maintained by the Office of Foreign Assets Control. The Risk Alert notes that the Staff will continue to examine broker-dealers’ compliance with applicable AML regulations.
• Offerings: The Risk Alert notes that the Staff will review the adequacy of disclosures made, and due diligence performed, by broker-dealers involved in underwritten offerings and private placements of digital asset securities.
• Disclosure of conflicts of interest: The Staff observed broker-dealers acting in multiple capacities, including as trading platforms or trading digital assets securities on their own and third-party platforms. According to the Risk Alert, these activities may give rise to conflicts of interest that require disclosure, as well as policies to mitigate them.
• Outside Business Activities: During examinations, the Staff observed instances of broker-dealer representatives offering digital asset-related services separate from the broker-dealer’s digital asset services. The Risk Alert notes that FINRA requires broker-dealers to evaluate the outside business activities of their registered representatives to determine whether such activities are subject to approval and supervision of, and recordation by, the broker-dealer. The Staff will review FINRA-member broker-dealers’ compliance with these requirements.

Considerations for National Securities Exchanges and Transfer Agents

The Risk Alert notes that distributed ledger technology has created new opportunities to electronically trade digital asset securities. The Staff noted that any platform that operates as an exchange for digital asset securities must register as a national securities exchange or operate pursuant to an exemption. One possible exemption on which a platform that facilitates trades in digital asset securities could rely is the exemption for alternative trading systems (ATS) operated by registered broker-dealers. The Risk Alert notes that examinations will include a review of whether an ATS is in compliance with Regulation ATS, including accurate and timely filing of Form ATS and Form ATS-R.

For transfer agents, the Risk Alert notes that distributed ledger technology is being used by issuers of securities for functions such as recording ownership of the issuer’s securities. Examinations of registered transfer agent’s servicing of digital asset securities will include whether they are doing so in a manner consistent with the SEC’s rules relating to transfer agents.

Conclusion

The Risk Alert provides an opportunity for Firms that transact, hold or otherwise deal in digital assets to review their internal practices, policies and procedures to ensure they address the issues raised in the Risk Alert. The Risk Alert offers a glimpse of the current list of items related to digital assets that the Staff believes are worthy of sustained attention.

Footnotes

1) The Division of Examinations’ Continued Focus on Digital Asset Securities, Risk Alert, Division of Examinations (Feb. 26, 2021). A Risk Alert has “no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person.” All factual statements in this OnPoint are based on the Risk Alert.

2) As used in the Risk Alert, the term “digital asset” refers to any asset that is issued and/or transferred using distributed ledger technology (e.g., blockchain), including virtual currencies, coins and tokens. Digital asset securities are those digital assets that are “securities” under the federal securities laws.

3) The Risk Alert provides as examples of such due diligence: the adviser’s interaction with the digital asset network or application; and the adviser’s review of the liquidity and volatility of the digital asset.

4) A “fork” is an update to a cryptocurrency’s software that makes its existing rules either valid or invalid, sometimes resulting in spinoff versions of the blockchain. An “airdrop” is a distribution of a cryptocurrency token, usually without charge, to multiple digital wallet addresses.

5) Concerning fiduciary duty, the Risk Alert cites to the SEC’s 2019 interpretive release, quoting that release’s statements concerning best interest and suitability. See Commission Interpretation Regarding Standard of Conduct for Investment Advisers, SEC Rel. No. IA-5248 (June 5, 2019) at 12 (“The duty of care includes a duty to provide investment advice that is in the best interest of the client, including a duty to provide advice that is suitable for the client.”).

6) In this regard, the Risk Alert cites a 2018 SEC enforcement matter that alleged (among other matters) that a purported private fund was, in fact, an unregistered investment company due to its investment of more than 40% of the fund’s total assets (exclusive of Government Securities and cash items) in digital asset securities. See Crypto Asset Management, LP et al., SEC Rel. No. IC-33222 (Sept. 11, 2018); see also Investment Company Act of 1940 Section 3(a)(1)(C) (defining “investment company” to include any issuer that “is engaged or proposes to engage in the business of investing, reinvesting, owning, holding, or trading in securities, and owns or proposes to acquire investment securities having a value exceeding 40 per centum of the value of such issuer’s total assets (exclusive of Government securities and cash items) on an unconsolidated basis.”).

7) See, e.g., Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities, Division of Trading and Markets, U.S. Securities and Exchange Commission and Office of General Counsel, Financial Industry Regulatory Authority (July 8, 2019).