Oct. 29, 2023
I respectfully submit the following comments and considerations regarding the proposed Safeguarding Advisory Client Assets rules. 1. INADEQUATE CONSIDERATION OF THE NEEDS OF MARGINALIZED COMMUNITIES The proposed SEC rule regarding the safeguarding of client assets held in custody by investment advisers does not adequately consider the impact it may have on marginalized communities who stand to benefit from increased access to digital assets. While the goal of enhancing investor protections is laudable, the prescriptive requirements in the proposed rule could have the unintended consequence of limiting access to digital assets for underserved populations. Specifically, the proposed requirements related to "possession and control" and mandatory contractual provisions between advisers and qualified custodians may make it cost prohibitive for smaller or new entrants to provide compliant custody solutions for digital assets. This could restrict consumer choice and innovation in an emerging area that holds promise to expand economic opportunity. Entrepreneurs from marginalized backgrounds seeking to serve their own communities may be disproportionately impacted. Further, the proposed limitations on the use of decentralized networks for client assets could preclude advisory services related to decentralized finance (DeFi) protocols and governance tokens. These innovations have opened new pathways to generate wealth for marginalized groups through collateralized lending, staking rewards, liquidity pools and other means. Imposing regulatory barriers that inhibit access to DeFi may perpetuate financial exclusion. While SEC concerns about protecting investors are valid, the proposal lacks nuance in balancing these objectives against the interests of those who stand to gain from broader participation in digital asset markets. The Commission should reconsider prescribing strict custody requirements in a "one-size-fits-all" manner and explore more flexible approaches. This could include establishing special exemptions or safe harbors for smaller advisers serving retail clients, provided baseline consumer protections are met. With thoughtful recalibration, the SEC can achieve its mission while supporting wider access to digital assets and decentralized networks - especially for those communities where needs remain greatest. The Commission should not overlook this potential in reforming its custody rule. 2. DIFFICULTY INTERPRETING PROPOSED SEC CUSTODY RULE CHANGES The SEC's proposed amendments to the custody rule create ambiguity that will make compliance difficult. The proposed changes do not provide enough clarity on key issues like what constitutes "possession or control" of crypto assets. This ambiguity will lead to confusion among investment advisers about how to comply. The proposed rule changes state that "proving exclusive control of a crypto asset may be more challenging than for assets such as stocks and bonds." However, the proposal does not specify what is actually required to demonstrate "exclusive control" of crypto assets. There is uncertainty around whether arrangements like sharding of private keys would satisfy the custody requirements. This lack of clarity makes it hard for investment advisers to know if their current custody arrangements will be compliant under the new rule. In addition, the proposal suggests that some common activities like staking may violate the custody rule but again does not provide clear guidance. The SEC states that the proposed amendments do not directly address crypto asset staking and asks for comment on this issue. The lack of direction from the SEC creates confusion and risk for investment advisers who want to engage in staking on behalf of clients. Advisers are left guessing as to whether existing staking arrangements will pass muster. The SEC has a responsibility under the Administrative Procedure Act to propose regulations that are clear and unambiguous. The D.C. Circuit has held that a regulation is unconstitutionally vague if it 'fails to provide a person of ordinary intelligence fair notice of what is prohibited. Fox Television Stations, Inc. v. FCC, 613 F.3d 317, 331 (D.C. Cir. 2010). Here, the SEC's proposed custody rule changes do not give sufficient notice to investment advisers of what specific steps they must take to comply. This violates principles of due process and fair notice. The SEC should clarify ambiguities in the proposed custody rule changes before adopting any final regulations. Investment advisers need straightforward guidance in order to configure their operations to comply with the rule and meet their fiduciary obligations to clients. 3. LIMITED ACCESS TO RELEVANT POLICY GOALS UNDER THE PROPOSED SEC RULE ON SAFEGUARDING CLIENT ASSETS The proposed SEC rule on safeguarding client assets raises significant concerns about limited access to relevant policy goals. While the rule aims to enhance investor protections for client assets, it does so in a way that is overly prescriptive and could restrict market access and innovation. The proposed requirements for "possession or control" of digital assets and other novel asset classes are particularly problematic. As acknowledged by the SEC, demonstrating exclusive control of a digital asset is complicated due to the ability to transfer assets through use of a private key. However, the proposed rule only provides one way of showing "possession or control" - through exclusive possession of a private key. This ignores technological solutions like multi-party computation that allow qualified custodians to cryptographically demonstrate participation in transactions without maintaining exclusive control. By prescribing a narrow method for custody of digital assets, the proposed rule cuts off other solutions that may provide equal or greater protections aligned with policy goals. The result is limited access and stifled innovation in novel asset custody services. Rather than taking a technology-neutral approach, the proposed rule cements a specific technical implementation that could quickly become outdated. The proposed rule also limits access to relevant policy goals by requiring prescriptive contractual terms between advisers and custodians. While aiming to standardize protections, mandatory terms like indemnification and insurance requirements will restrict qualified custodians able to service certain assets like digital assets. Market access suffers under a one-size-fits-all contract mandate that does not account for unique risks and evolving best practices. A better approach would set general policy goals and guidance allowing flexibility in technical implementations. The SEC should focus on desired outcomes rather than prescribing rigid methods. This allows the market to construct efficient solutions that keep pace with technology and risks. The proposed rule instead pursues investor protection through overly narrow means that restrict access and creativity. A principles-based framework is needed to ensure investor protections while promoting access and innovation. 4. LACK OF CLEAR GUIDELINES UNDERMINES THE PROPOSED SEC RULE The proposed amendments by the Securities and Exchange Commission (SEC) to Rule 206(4)-2 regarding the custody of digital assets by registered investment advisers lack sufficiently clear guidelines for compliance. While the goal of enhancing investor protections is laudable, the proposed rule fails to provide clear standards on key issues. This introduces uncertainty and ambiguity that undermines the rule's effectiveness. The Proposed Rule Fails to Clearly Define "Possession or Control" for Digital Assets A core requirement in the proposed rule is that a qualified custodian must demonstrate "possession or control" of client digital assets. However, the parameters of "possession or control" are inadequately defined as applied to digital assets. Unlike traditional assets, establishing exclusive control of digital assets is complicated by their ability to be transferred simply with a private key. The SEC acknowledges that demonstrating exclusive control is difficult, but its alternative of requiring the custodian's participation in transactions provides little clarity. Terms like requiring the custodian's participation as a "condition precedent" to effectuating transactions remain vague. This ambiguity surrounding "possession or control" generates uncertainty for advisers on acceptable custody arrangements under the rule. The lack of clear guidelines undermines the ability of advisers to comply. The Rule Creates Confusion Around Digital Asset Trading and Settlement The proposed rule appears to prohibit an adviser from transferring client assets to a digital asset exchange for trading purposes if the exchange is not a qualified custodian. However, the SEC does not provide clear guidance on how advisers can execute and settle digital asset transactions in a compliant manner. Nearly all digital asset trading occurs on platforms that are not qualified custodians. The SEC's statements imply that the movement of assets to such platforms would violate custody requirements. But the SEC does not delineate how advisers can trade digital assets while still complying with custody rules. This gap in guidance creates significant confusion. Without clear guidelines on trading and settlement, advisers cannot reasonably comply with the rule's mandates. The SEC must provide precise direction to enable compliance. While the SEC aims to enhance protections, the proposed rule lacks sufficiently clear guidelines on vital topics like "possession or control" and trading/settlement. This ambiguity undermines the ability of advisers to comply. The SEC should clarify these issues or risk creating a rule that advisers cannot reasonably follow due to a lack of clear instructions. Additional precision is needed to craft an effective rule that achieves the SEC's objectives. 5. THE HIGH COSTS OF COMPLYING WITH THE PROPOSED RULES UNDERMINE ITS EFFICACY The proposed amendments to Rule 206(4)-2 create compliance burdens that disproportionately harm smaller registered investment advisers (RIAs), exceedingly complicate custody of crypto assets, and impose impractical assurances on qualified custodians. This overreach thwarts the SEC's goal of enhanced investor protection. The Commission should take care to craft a measured rule that provides meaningful safeguards without saddling the investment advisory industry with unreasonable compliance costs. Section 206 of the Investment Advisers Act prohibits RIAs from engaging in fraudulent conduct. The SEC may define and prescribe means reasonably designed to prevent fraud under Section 206(4). While the Commission enjoys latitude in crafting rules, its authority is not boundless. The investment adviser cannot be burdened with a rule that is so broad that compliance becomes a trap for the unwary, rather than a means of avoiding injury to clients. When rules stray beyond means reasonably designed to prevent fraud, imposing impractical burdens, they may become vulnerable to challenge. The proposed rule leans heavily toward overbreadth. It would newly require all RIAs to safeguard crypto assets only with qualified custodians, imposing custody requirements on thousands of advisers unfamiliar with such assets. Yet crypto custody solutions remain nascent. The SEC admits proving exclusive control of a crypto asset may be more challenging than for assets such as stocks and bonds. Subjecting all advisers to strict custody rules for novel assets sets the stage for widespread inadvertent noncompliance. Equally concerning, the rule mandates that qualified custodians provide contractual assurances to RIAs including: exercising due care per reasonable commercial standards, implementing appropriate safeguards, indemnifying for custodian negligence or misconduct, identifying and segregating assets, and avoiding liens on assets. While larger custodians may find this feasible, smaller qualified custodians will struggle to devote resources toward exhaustive due diligence, contract development, and liability management demanded by the proposed amendments. Rather than enhance investor protection, this red tape may diminish the pool of available qualified crypto custodians, limiting choice and increasing costs. When rules aimed at preventing fraud impose impractical burdens threatening to ensnare the unwary, they require careful reexamination. The Commission should recalibrate its proposed custody rule amendments to strengthen investor protections without unreasonably handcuffing the investment advisory industry. More modest requirements calibrated to the size and sophistication of market participants would better align costs and benefits, serving the SEC’s mission to protect investors, maintain fair and orderly markets, and facilitate capital formation. 6. THE PROPOSED RULE SHOULD BE MODIFIED BECAUSE IT IMPOSES SIGNIFICANT AND UNNECESSARY ADMINISTRATIVE BURDENS ON INVESTMENT ADVISERS The proposed amendments to Rule 206(4)-2 would impose substantial new administrative burdens on registered investment advisers (RIAs) that hold crypto assets which are not justified by the protections afforded to advisory clients. While the broad policy goals of safeguarding client assets and updating custodial requirements in light of technological changes are laudable, the proposal goes too far and would create compliance obstacles that impede investment advisers’ ability to perform their services efficiently and cost-effectively. The SEC should modify the proposed rule to reduce these administrative burdens. Specifically, the proposed rule would require advisers to: Enter into written agreements with qualified custodians imposing significant new duties and requirements, which will be time-consuming and costly to negotiate and monitor (Proposed Rule 206(4)-2(a)(6)). Receive and review annual written assurances from qualified custodians regarding their maintenance of client assets, further increasing compliance costs (Proposed Rule 206(4)-2(a)(6)(ii)). Amend their Form ADV disclosures, which is administratively burdensome, especially for mid-sized and small advisers (Proposed Rule 206(4)-2(a)(7)). In addition, the uncertain application of the proposed rule to crypto assets and staking would impose ongoing costs as advisers attempt to comply based on unclear requirements. These new administrative burdens are not matched by equivalent benefits to advisory clients. The core purpose of safeguarding client assets can be accomplished at lower cost through more tailored requirements. For example, rather than mandatory contractual provisions, the rule could require advisers to conduct due diligence on custodians and document that diligence. And written annual assurances could be made optional rather than mandatory. Administrative burdens can divert resources from investment activities that benefit clients. As the D.C. Circuit has noted, "Congress intended to impose [on investment advisers] fiduciary duties which are the highest known to the law." SEC v. Capital Gains Research Bureau, Inc., 375 U.S. 180, 194 (1963). The proposed rule undermines that purpose by imposing bureaucratic requirements that yield little concrete protection for investors. The SEC should modify the proposed amendments to reduce unnecessary administrative burdens, while still reasonably ensuring that client assets are protected. 7. POOR ORGANIZATION OF THE PROPOSED RULE UNDERMINES ITS PURPOSE AND CLARITY The proposed amendments to Rule 206(4)-2 lack organization and clarity, undermining the SEC's stated goals of modernizing the custody rule and enhancing investor protections. Specifically, the poor organization of the proposed rule causes confusion around: (1) the scope of assets covered, (2) the requirements for demonstrating "exclusive possession or control" over crypto assets, and (3) the qualifications and requirements for becoming a "qualified custodian." The proposed amendments significantly expand the scope of assets covered by the custody rule to include "other positions" like crypto assets, but the rule does not clearly define "crypto assets." The term could encompass cryptocurrencies, crypto securities, stablecoins, and non-fungible tokens. The broad term "crypto assets" causes confusion because custody rules and qualified custodian requirements may differ based on the type of asset. Clear definitions and organization of each asset class is needed. Similarly, the requirements around demonstrating "exclusive possession or control" over crypto assets lacks clarity and precision. While the Commission expresses doubt that exclusive control can be shown due to the ability to transfer private keys, exclusive control of traditional securities can also be transferred or re-registered. The rule fails to articulate what specifically must be shown for crypto assets versus other assets. For example, must the custodian demonstrate it controls the private keys without sharing access? Can multi-party authentication systems qualify? The poor organization and lack of clarity may preclude compliant crypto custody models. Finally, the proposed amendments do not clearly lay out the qualifications and requirements for becoming a "qualified custodian." For example, the Commission suggests that crypto trading platforms cannot serve as qualified custodians but does not amend the definition of "bank" that governs qualified custodian status. The conflicting statements sow confusion. A clear framework is needed. See 5 U.S.C § 553(b)(notice requirements for informal rulemaking). In summary, while the Commission aims to adapt the custody rule to new assets and technologies, the poor organization and lack of clarity in the proposed amendments undercut those goals. The Commission should revise the proposal to clearly define pertinent terms, articulate custody requirements for specific asset classes, and provide a transparent framework for the qualifications and duties of qualified custodians. Good organization is key to establishing a custody framework that provides flexibility for new technologies while upholding stringent investor protections. 8. INEFFECTIVE COMPLIANCE EDUCATION EVALUATION MECHANISMS UNDERMINE INVESTOR PROTECTIONS The proposed SEC rule regarding the safeguarding of client assets raises critical concerns regarding the effectiveness of compliance education programs at investment advisers. While the rule aims to enhance protections for advisory clients, it lacks sufficient mechanisms for rigorously evaluating the compliance education programs that are core to achieving this objective. Without adequate oversight of education programs, advisers may fail to properly train personnel on meeting the rule’s custody requirements. This could severely undermine the SEC’s goals of strengthening controls around the safekeeping of client assets. The proposed rule could therefore be revised to include more rigorous compliance education assessment requirements instead of qualified custodian requirements. For instance, the SEC could mandate that advisers undergo annual audits of their compliance training programs by an independent third party but allow for custody by the RIAs. The audit should evaluate content quality, personnel comprehension levels, and overall program effectiveness at instilling custody rules and controls. Advisers would then submit these audit reports to the SEC for review. Requiring independent audits of compliance education is critical for ensuring advisers properly understand custody regulations and implement adequate controls. Absent strong oversight of training programs, advisers may conduct superficial or ineffective training that gives personnel false confidence in their custody systems. This could lead to poorly designed processes that place client assets at risk despite the rule’s intent. Rigorous education audits would solve this problem by incentivizing advisers to provide robust training, enhancing personnel comprehension of requirements. To require only qualified custodians is not a superior way to protect investors. In summary, while the SEC's proposed custody rule aims to better safeguard client assets, it lacks sufficient mechanisms for evaluating adviser compliance education programs. Adding mandatory independent audits of training would significantly strengthen oversight and adherence to the rule. The SEC should revise the proposal accordingly before finalizing to realize its goal of heightened investor protections. 9. THE SEC'S PROPOSED RULE 223-1 PROVIDES INSUFFICIENT GUIDANCE ON QUALIFIED CUSTODIAN STATUS FOR STATE-CHARTERED TRUST COMPANIES HOLDING CRYPTO ASSETS The Securities and Exchange Commission's proposed amendments to Rule 206(4)-2, which would be redesignated as Rule 223-1, aim to provide enhanced protections for investors by expanding the types of assets subject to the custody rule and imposing heightened standards on qualified custodians. However, the proposed rule fails to provide sufficient guidance on whether state-chartered trust companies that custody crypto assets can qualify as "qualified custodians" under the new rule. While the proposed rule does not expressly prohibit state-chartered trusts from serving as qualified custodians, statements made by SEC Chair Gary Gensler indicate a clear skepticism of crypto platforms' ability to meet the qualified custodian requirements. For instance, Chair Gensler stated "Make no mistake: Based upon how crypto platforms generally operate, investment advisers cannot rely on them as qualified custodians." This blanket statement demonstrates Chair Gensler’s skepticism about certain entities reaching the requisite qualified custodian status as contemplated by the proposed rule. The proposed rule amends the definition of "qualified custodian" to require specified assurances and standards designed to safeguard client assets. However, the rule does not provide guidance on how state-chartered trusts can demonstrate they meet these new qualifying conditions. Under Section 202(a)(2) of the Investment Advisers Act, the term "qualified custodian" includes a bank or trust company that meets certain specifications. The proposed rule does not alter this definition. As such, properly regulated state-chartered trusts with fiduciary powers remain eligible as qualified custodians on a technical reading of the rule. Yet the proposing release casts doubt on their status without explaining what state-chartered trusts must do to comply with the enhanced qualified custodian requirements. The SEC should clarify how state-chartered trusts can satisfy the new conditions rather than excluding them outright based on generalizations about crypto platforms. The lack of guidance raises significant uncertainty for both state-chartered trusts seeking to maintain qualified custodian status and registered investment advisers utilizing their custody services. It also potentially restricts access to qualified crypto custody arrangements, harming innovation and investment in this developing area. The SEC should provide greater clarification on how state-chartered trusts can demonstrate compliance with the proposed qualified custodian requirements. This will further the rule's goals of enhancing investor protections while allowing properly regulated entities providing crypto custody services to continue operating in this market. 10. HIGH TURNOVER RATES AMONG STAFF The Proposed Rule poses significant operational challenges for advisers, particularly related to retaining qualified staff to implement the required internal controls. The complexity of the crypto ecosystem, combined with the rigorous requirements in the Proposed Rule, will make hiring and retaining competent personnel difficult. This high turnover will undermine the Rule's goals of safeguarding client assets. The Proposed Rule imposes extensive obligations on advisers to implement internal controls, policies and procedures to safeguard client crypto assets. Implementing robust controls in the rapidly evolving crypto industry requires substantial expertise that is currently in short supply. High turnover among skilled crypto personnel has been a consistent challenge for the industry. Advisers will struggle to recruit and retain qualified professionals to design and implement the required controls under the proposed rule. Junior staffers without requisite expertise will be forced into roles beyond their capabilities. When advisers cannot retain institutional knowledge and crypto-proficiency, controls may degrade over time, leaving client assets vulnerable. This risk is exacerbated by the complexity and rapid evolution of the crypto markets. The SEC should provide flexibility for advisers to develop controls tailored to their crypto activities. For instance, permitting reliance on standardized control frameworks developed specifically for crypto. The SEC should also consider phasing in compliance deadlines to allow sufficient time to recruit expertise. Rigid requirements coupled with personnel challenges will undermine the Rule's policy aims. The SEC should mitigate these turnover risks to truly protect crypto investors. 11. DATA PROTECTION INSUFFICIENCIES IN THE SEC'S PROPOSED CRYPTOCURRENCY REGULATIONS The SEC's proposed regulations outlined in Proposed Rule 223-1 lack sufficient protections against data loss and misuse, posing a threat to consumers. The SEC should amend the proposal to include more robust requirements for data security, encryption, and privacy before finalizing any regulations. The proposed regulations fail to ensure that investors' personal data, including sensitive information like Social Security numbers and account details, will be properly safeguarded by cryptocurrency exchanges, wallet providers, advisers, and other entities. Without clear requirements for data protection, these entities may store data insecurely or share it without permission, putting consumers at risk of identity theft and financial harm. This violates consumers' reasonable expectations of privacy and contravenes the SEC's mission to protect investors. The risk of data breaches involving cryptocurrency firms is well documented. According to the Crypto Crime Report by Chainalysis, illicit transaction volume reached $20 billion in 2022, with much of that relating to stolen funds and scams perpetrated through hacking of wallets and exchanges. The report states that "many of these attacks succeeded because of poor security practices" at cryptocurrency businesses. Utilizing qualified custodians, however, is a less preferrable solution than self custody which removes intermediary risk altogether. The SEC should look to existing data security laws and regulations for models to strengthen its proposal. Without adding proper data protections, the SEC risks exposing cryptocurrency investors and consumers to privacy violations, fraud, and financial loss. The current proposal's lack of security standards represents an insufficient and negligent approach to regulating these rapidly growing markets. The SEC must amend the rule to include meaningful safeguards before implementation. Thank you for your consideration of these issues.