On February 26, 2021, the Division of Examinations (DEX) of the Securities and Exchange Commission (SEC) issued a Risk Alert addressing the offer, sale and trading of digital assets that are securities (Digital Asset Securities) as well as compliance issues associated with the use of distributed ledger technology, including blockchain.
1. What is a Digital Asset?
For purposes of the Risk Alert, it’s an asset that is issued and/or transferred using distributed ledger technology, including, but not limited to, so-called “virtual currencies,” “coins,” and “tokens.”
2. Are all Digital Assets securities under the federal securities laws?
A particular digital asset may or may not meet the definition of “security” under the federal securities laws. The SEC has put out guidance about whether a digital asset would be treated as an investment contract under the federal securities laws as well as its analysis about why a particular cryptocurrency was an unregistered security.
3. So, if I stick to Digital Assets that aren’t securities, then I don’t really need to worry about anything in the Risk Alert, do I?
Not so fast. Particularly with respect to investment advisers, the Risk Alert indicates that DEX will not limit itself to Digital Asset Securities in examinations.
4. What are DEX’s areas of focus in investment adviser examinations?
Portfolio management. DEX will review advisers’ policies, procedures, and practices if they invest client assets in Digital Asset Securities or other digital assets, with a particular focus on:
- are advisers correctly classifying Digital Assets as securities or non-securities;
- due diligence on digital assets (e.g., does the adviser understand the digital asset, wallets, or any other devices or software used to interact with the relevant digital asset network or application, and the relevant liquidity and volatility of the digital asset);
- evaluation and mitigation of risks related to trading venues and trade execution or settlement facilities (e.g., with respect to security breaches, fraud, insolvency, market manipulation, the quality of market surveillance, KYC/AML procedures, and compliance with applicable rules and regulations);
- management of risks and complexities associated with “forked” (backward-incompatible protocol changes to a distributed ledger that create additional versions of the distributed ledger, creating new digital assets) and “airdropped” (digital assets distributed to numerous addresses, usually at no monetary cost to the recipient or in exchange for certain promotional or other services) digital assets (e.g., allocations thereof across client accounts, conflicts of interest, or other issues that may result from the fork or airdrop event); and
- fulfillment of their fiduciary duty with respect to investment advice – across all client types.
Books and records. Examinations will include a review of whether advisers are making and keeping accurate books and records, including recording trading activity in accordance with the recordkeeping requirements, if applicable. Digital asset trading platforms vary in reliability and consistency with regard to order execution, settlement methods, and post-trade recordation and notification, which an adviser should consider when designing its recordkeeping practices.
Custody. Examinations will review the risks and practices related to the custody of digital assets by investment advisers and examine for compliance with the custody rule (Rule 206(4)-2 under the Advisers Act), where applicable. Regardless of how digital assets are stored, the staff will review:
- occurrences of unauthorized transactions, including theft of digital assets;
- controls around safekeeping of digital assets (e.g., employee access to private keys and trading platform accounts);
- business continuity plans where key personnel have exclusive access to private keys;
- how the adviser evaluates harm due to the loss of private keys;
- reliability of software used to interact with relevant digital asset networks;
- storage of digital assets on trading platform accounts and with third party custodians; and
- security procedures related to software and hardware wallets.
Disclosures. Examinations will include a review of disclosures to investors in a variety of media (e.g., solicitations, marketing materials, regulatory brochures and supplements, and fund documents) regarding the unique risks associated with digital assets, including any risks that are heightened as a result of the digital nature of such assets. In particular, DEX staff will assess disclosures regarding specific risks, including the complexities of the products and technology underlying such assets, technical, legal, market, and operational risks (including custody and cybersecurity), price volatility, illiquidity, valuation methodology, related-party transactions, and conflicts of interest.
Pricing client portfolios. Advisers apply a variety of valuation methods to determine the value of digital assets managed on behalf of clients. Investment advisers may face valuation challenges for digital assets due to market fragmentation, illiquidity, volatility, and the potential for manipulation. Examinations will include a review of, among other things, the valuation methodologies utilized, including those used to determine principal markets, fair value, valuation after significant events, and recognition of forked and airdropped digital assets. The staff will also review disclosures related to valuation methodologies, and advisory fee calculations and the impact valuation practices have on these fees.
Registration issues. Advisers’ examinations will include a review of compliance matters related to appropriate registration. This includes, among other things, understanding how the investment adviser calculates its regulatory assets under management, and characterizes the digital assets in the pooled vehicles it manages and the status of clients. For private funds that investment advisers manage, this also includes understanding how the funds determine applicable exemptions from registration as investment companies.
5. What are DEX’s areas of focus in broker-dealer exams?
DEX staff has identified risks through regulatory coordination and through observations from recent examinations of broker-dealers. Accordingly, future broker-dealer examinations will focus on regulatory compliance associated with, among other things:
- Safekeeping of funds and operations. DEX staff will examine broker-dealers to understand operational activities, including operations that are unique to the safety and custody of Digital Asset Securities.
- Registration requirements. Examinations will include broker-dealers’ and any affiliated entities’ compliance with registration requirements. For example, if an affiliate of a registered broker-dealer engages in the business of effecting transactions in Digital Asset Securities for the accounts of others, that affiliate may be required to register as a broker- dealer.
- Anti-Money Laundering (AML). Certain pseudonymous aspects of distributed ledger technology present challenges to the implementation of an AML program. DEX staff has observed broker-dealer AML programs that have not consistently addressed or implemented routine searches or, to the extent they implemented routine searches, have not updated those searches to check against the Specially Designated Nationals list maintained by the Office of Foreign Assets Control (OFAC) at the U.S. Department of the Treasury. DEX staff also has observed inadequate AML procedures, controls, and documentation regarding Digital Asset Securities. The staff will continue to examine broker-dealer compliance with AML obligations (e.g., filing suspicious activity reports and performing customer due diligence).
- Offerings. Broker-dealers may be involved in underwriting and private placement activity with respect to Digital Asset Securities, which can raise unique disclosure and due diligence obligations. Examinations will include a review of the due diligence performed by broker-dealers, and the disclosures made by broker-dealers to customers related to the offering of Digital Asset Securities.
- Disclosure of conflicts of interest. Broker-dealers may operate in multiple capacities, including as trading platforms or proprietary traders of Digital Asset Securities on their own and other platforms. Examinations will include a review of the existence and disclosures of conflicts of interest and the compliance policies and procedures to address them.
- Outside Business Activities. DEX staff has observed instances of broker-dealer registered representatives offering services related to digital assets apart from their employer. FINRA-member broker-dealers are required to evaluate the activities of their registered persons to determine whether such activity constitutes outside business activities or an outside securities activity and therefore should be subjected to the approval, supervision, and recordation of the broker-dealer. DEX staff will continue to review FINRA-member broker-dealer compliance processes in connection with the evaluation, approval, and monitoring of outside business activities.
6. What are DEX’s areas of focus with respect to trading venues?
- Exchange Registration. Advances in distributed ledger technology have introduced innovative methods for facilitating electronic trading in Digital Asset Securities. A platform that operates as an “exchange” as defined under Section 3(a)(1) of the Securities Exchange Act of 1934 and Rule 3b-16(a) thereunder must register as a national securities exchange or operate in accordance with an exemption. DEX staff will examine platforms that facilitate trading in Digital Asset Securities and review whether they meet the definition of an exchange.
- Compliance with Regulation ATS. One exemption from national securities exchange registration that is available to an entity that meets the definition of an exchange is Regulation ATS, the exemption for alternative trading systems (“ATSs”). Examinations will include a review of whether an ATS that trades Digital Asset Securities is operating in compliance with Regulation ATS, including, among other things, whether the ATS has accurately and timely disclosed information on Form ATS and Form ATS-R, and has adequate safeguards and procedures to protect confidential subscriber trading information.
7. What are DEX’s areas of focus with respect to transfer agents?
Compliance with Transfer Agent Rules. Issuers increasingly use distributed ledger technology to perform, directly or indirectly, various shareholder administrative functions, including recording ownership. The SEC has promulgated rules for registered transfer agents that are intended to facilitate prompt and accurate clearance and settlement of securities transactions. Examinations will include a review of whether registered transfer agents servicing Digital Asset Securities are operating in compliance with those rules.