Oct. 30, 2023
To the staff of the Securities and Exchange Commission: This comment submission sets out a number of concerns with the Commission’s proposed rule, as set forth in the numbered points articulated below. Please consider each of these points in evaluating the proposed rule. I. THE PROPOSED AMENDMENTS PLACE AN UNFAIR ADVANTAGE IN THE HANDS OF FEDERALLY CHARTERED BANKS AND DISADVANTAGE STATE-CHARTERED TRUST COMPANIES PROVIDING CRYPTO CUSTODY SERVICES. The proposed amendments to Rule 206(4)-2 would unfairly advantage federally chartered banks and disadvantage state-chartered trust companies that are seeking to provide crypto custody services. While the proposed rule does not explicitly prohibit state-chartered trust companies from potentially qualifying as custodians, the proposing release makes clear the SEC's skepticism that these "new entrants" could meet the proposed requirements. This skepticism lacks any statutory basis and ignores the emerging state regulatory framework governing crypto custodians. Section 202(a)(2) of the Investment Advisers Act defines "qualified custodian" to include a "bank," which is further defined in Section 202(a)(2) to include any state-chartered trust company that meets certain requirements. The proposed amendments do not alter these statutory definitions. Yet, the proposing release singles out state-chartered trust companies as presenting novel risks, without any citation to evidence that state-regulated companies pose greater risks compared to federally regulated custodians. Several states, including New York, Wyoming, and Nevada, have enacted comprehensive regulatory regimes governing crypto custody providers. For example, the New York Department of Financial Services requires any entity custodying virtual currency to obtain a BitLicense and comply with stringent anti-fraud, anti-manipulation, cybersecurity, recordkeeping, capital, and other requirements (New York Banking Law § 200-b). Wyoming requires all "special purpose depository institutions" that provide crypto custody services to be examined for safety and soundness and subjected to strict net worth, liquidity, and other prudential requirements (Wyo. Stat. Ann. §§ 13-12-101 to 13-12-126). Without evidence that state-regulated crypto custodians present materially different risks compared to federally regulated banks, the proposed amendments unfairly favor federally chartered custodians and disadvantage state-regulated companies operating under emerging state laws. The proposed "one-size-fits-all" approach conflicts with principles of federalism and cooperative state-federal regulation of the financial system. Rather than pre-judge an entire category of potential qualified custodians, the SEC should evaluate applicants individually based on the sufficiency of their controls, protections, and regulatory oversight. The SEC could also use its authority under Advisers Act Section 206(4) to require additional protections tailored to addressing any heightened risks posed by crypto custody. However, categorically limiting "qualified custodian" status to federally regulated banks lacks justification and exceeds the SEC's statutory authority. II. THE FIFTH AMENDMENT’S DUE PROCESS CLAUSE PROTECTS AGAINST ARBITRARY ENFORCEMENT OF CRYPTOCURRENCY REGULATIONS. The Securities and Exchange Commission's (SEC) proposed amendments to expand the scope of the investment adviser custody rule raise significant due process concerns. The Fifth Amendment provides that no person shall be "deprived of life, liberty, or property, without due process of law." The Due Process Clause protects individuals from arbitrary enforcement of the law and requires fair notice of what conduct is prohibited. The proposed amendments fail to provide the clarity and precision required to avoid arbitrary enforcement against cryptocurrency market participants. The proposed amendments would expand the custody rule to cover "other positions" held in a client's account, including cryptocurrencies. However, the SEC has not provided clear guidance on when a cryptocurrency will be deemed a "security" subject to the custody rule requirements versus a "commodity" not covered by the rule. This ambiguity grants the SEC broad discretion to retroactively determine that specific cryptocurrencies are securities if it wishes to bring an enforcement action. Market participants have no way to determine in advance whether their cryptocurrency activities will be deemed compliant. The proposed "exclusive possession or control" standard for custodians of cryptocurrencies is also impermissibly vague. As Commissioner Uyeda noted, it is unclear whether any cryptocurrency custodial arrangement could satisfy this ambiguous standard given the ease of transferring cryptocurrency ownership. The SEC's insistence on "exclusive" possession of private keys seems to preclude dual-control multi-party computation systems that offer significant security benefits. Again, the uncertainty leaves market participants unable to determine what custodial systems are permitted. The Due Process Clause does not permit such ambiguous regulations that lend themselves to arbitrary, retrospective enforcement. The Supreme Court has consistently held that "a statute which either forbids or requires the doing of an act in terms so vague that men of common intelligence must necessarily guess at its meaning and differ as to its application violates the first essential of due process of law." Regulated parties must be able to ascertain in advance what conduct is allowed and prohibited. The SEC should clarify which cryptocurrencies are categorically treated as securities or commodities based on their economic characteristics and intended use, rather than leaving that determination ambiguous. The SEC should also provide objective technological and operational criteria for custodial systems that will satisfy the "exclusive possession or control" standard, rather than an indeterminate principle. Clearer regulations focused on preventing asset loss, without arbitrarily favoring certain custodial models over others, will provide the due process protections owed to market participants. Vague, sweeping powers to retroactively impose liability for undefined violations of ambiguous standards violate basic notions of fair notice and due process. III. THE PROPOSED RULE PROVIDES INEFFECTIVE COMPLAINT RESOLUTION. The SEC's proposed amendments to Rule 206(4)-2 seek to provide enhanced investor protections by regulating the custody of crypto assets by investment advisers. However, the proposed rule does not provide an effective mechanism for resolving complaints related to crypto assets held in custody. The proposed rule requires investment advisers to maintain client crypto assets with a qualified custodian that can demonstrate "exclusive possession or control" over such assets (Proposed Rule 206(4)-2(d)(6)(ii)). This exclusive possession or control standard may make it difficult for clients to resolve complaints related to erroneous or fraudulent crypto transactions. The immutable nature of blockchain transactions often makes it impossible to reverse such transactions, even when the qualified custodian is at fault (See Proposed Rule Release at 62-63). Without the ability to reverse fraudulent or erroneous transactions, clients will have no recourse to recover lost crypto assets. The proposed rule does not require qualified custodians to have a transparent complaint resolution process specifically tailored to crypto assets. Under FINRA Rule 4513, broker-dealers must have written procedures regarding complaint receipt, investigation, and resolution. The SEC should consider amending the proposed rule to require qualified custodians to have analogous written crypto complaint procedures. Codifying complaint investigation and escalation requirements would better protect clients and ensure effective resolution of complaints related to crypto assets held in custody. The proposed rule also does not require qualified custodians to obtain fidelity bond coverage for crypto assets held in custody. Under FINRA Rule 4360, broker-dealers must maintain fidelity bond coverage for certain types of claims, including claims related to fraudulent trading losses. The SEC should consider amending the proposed rule to require qualified custodians to obtain analogous fidelity bond coverage for crypto assets held in custody. Mandating fidelity bond coverage would provide clients an avenue for recovering losses due to custodial fraud or error involving crypto assets. In summary, the proposed custody rule amendments do not establish an effective mechanism for resolving complaints related to crypto assets held in custody. The SEC should address this regulatory gap by requiring transparent complaint procedures and mandatory fidelity bond coverage tailored to crypto assets. Doing so would enhance investor protections and complaint resolution under the amended custody rule. IV. THE PROPOSED RULE DOES NOT PROVIDE CLEAR GUIDELINES FOR ENFORCEMENT PROGRAM MODERNIZATION IN RESPONSE TO TECHNOLOGICAL ADVANCEMENTS. The Securities and Exchange Commission's proposed amendments to the custody rule under the Investment Advisers Act fail to provide clear guidelines on enforcement program modernization in response to the technological advancements in digital assets. While the Commission notes the evolution of financial products and services has led to new entrants providing custody services for crypto assets, the proposed rule does not outline how the SEC's enforcement program will adapt to regulate these new technologies. The custody rule should provide detailed guidance on enforcement policies, procedures and coordination with other regulators to oversee qualified custodians utilizing innovative systems for securing digital assets. As the Commission has acknowledged, proving exclusive control of a crypto asset may be challenging due to the decentralized nature of blockchain networks. However, rather than preclude certain models of custody, the SEC should establish new examination and enforcement techniques attuned to these technological complexities. For example, in accordance with its mandate under Section 19(a) of the Securities Exchange Act, the SEC could develop specialized training programs to equip its staff with expertise in blockchain analysis, forensic investigation of smart contracts, and security audits of cryptographic key management protocols. The custody rule should delineate plans for procuring technical resources and talent capable of evaluating claims of exclusive possession and control over crypto assets. In addition, the rule should formalize collaboration with state regulators and the OCC to coordinate oversight of state-chartered trusts and national banks providing qualified crypto custody services. Consistent, unified supervision is necessary, as custody of digital assets spans traditional regulatory boundaries. Clear enforcement guidelines would provide regulatory clarity to market participants and prevent fragmentation across federal and state jurisdictions. Ultimately, promoting financial innovation requires modernizing enforcement alongside new technologies. The custody rule presents an opportunity to configure the SEC's programs to the realities of securing digital assets. A principles-based approach paired with robust enforcement preparations will enable regulators to foster responsible crypto-native qualified custodians while still protecting investors. V. THE RULE HAS INEFFECTIVE MECHANISMS FOR EVALUATING COMPLIANCE RESEARCH PROGRAMS. The proposed amendments to the custody rule under the Investment Advisers Act of 1940 seek to enhance protections for advisory clients by expanding the definition of "assets" to include digital assets like cryptocurrencies. However, the proposed rule contains ineffective mechanisms for evaluating compliance research programs for digital asset custodians. The proposed rule requires investment advisers to only use "qualified custodians" that meet certain assurances and conditions, including implementing appropriate safeguards against theft and proving exclusive possession or control over client assets. While these requirements may be straightforward for traditional securities, they do not properly account for the technological characteristics of digital assets that make demonstrating exclusive control more challenging. The proposed rule lacks clear guidance on how digital asset custodians can prove exclusive possession or control to qualify as compliant custodians. The assumption that custodians must completely restrict clients from accessing or transferring their own assets is at odds with the nature of digital assets and imposes an unworkable compliance burden. More flexible evaluation criteria are needed to accommodate secure custodial models that allow some form of client access through private keys while still maintaining adequate protections against theft and fraud. In addition, the proposed rule suggests that most digital asset custodians and trading platforms cannot currently qualify as compliant qualified custodians. However, this conclusion is not based on proper empirical analysis of the range of controls and safeguards implemented by different digital asset companies. There is no clear mechanism in the rule for systematically evaluating the security and compliance features of different custodial models before preemptively disqualifying them. To establish effective compliance mechanisms, the final rule should include provisions to: Develop objective validation criteria tailored to digital assets for evaluating possession/control, theft prevention safeguards, and compliance procedures more holistically. Create an evaluation process to individually assess different companies' custodial models against these validation criteria before determining their status as qualified custodians. Provide pathways for compliant digital asset custodians to apply, submit evidence, and appeal any denial of qualified custodian status. Allow flexibility to accommodate emerging best practices and technological improvements in digital asset custody, avoiding rigid requirements that hinder innovation. Establishing these improved mechanisms will enable more rigorous, empirically-grounded oversight of digital asset custody compliance, while supporting responsible innovation in this growing field. A rushed conclusion that most new custodial models inherently lack adequate protections does not serve investor interests and conflicts with the SEC's mission to facilitate capital formation. The final rule should take care to properly evaluate digital asset compliance tools on their merits. VI. THE RULE WILL IMPOSE DIFFICULTIES WITH UPDATING INFORMATION. The proposed amendments would pose significant difficulties for investment advisers in updating required information in a timely manner. The custody rule should provide flexibility regarding updating information to accommodate the unique nature of digital assets. Under the proposed amendments, investment advisers would be required to obtain reasonable assurances from qualified custodians regarding safeguarding of client assets on an ongoing basis (Proposed Rule 206(4)-2(a)(6)). However, the volatile nature of the digital asset markets makes frequent material changes to custodians' policies and procedures inevitable. Rigidly requiring reasonable assurances to be updated continuously would impose an extraordinary burden on investment advisers. As the Supreme Court noted in SEC v. Chenery Corp., 318 U.S. 80 (1943), regulations must be flexible enough to adapt to rapidly evolving areas. Moreover, the proposed requirement under Rule 206(4)-2(a)(6) that investment advisers enter into a written agreement with qualified custodians before placing any client assets with the custodian is impractical for digital assets. Unlike traditional securities that settle trade-by-trade, digital assets are designed for instant transfer. There is often no opportunity to negotiate and execute agreements prior to executing trades. The SEC should clarify that reasonable assurances can be obtained after initially placing assets with a qualified custodian. The SEC should revise the proposed amendments to reasonably accommodate the need for flexibility in updating required information regarding digital asset qualified custodians. This would further the SEC's mission of facilitating innovation while preserving necessary investor protections. VII. THE PROPOSED RULE WILL HAVE A DISPROPORTIONATE IMPACT ON STATE-CHARTERED TRUST COMPANIES AND THE BROADER CRYPTO ECOSYSTEM. The SEC’s proposed amendments to Rule 206(4)-2 would have a disproportionate impact on state-chartered trust companies seeking to provide crypto custody services. By imposing overly prescriptive requirements on demonstrating “exclusive possession or control” of crypto assets, the proposal would make it nearly impossible for state-chartered trusts to qualify as custodians. This outcome is not supported by the Investment Advisers Act and would severely restrict access to qualified crypto custodians, to the detriment of advisory clients. The proposed rule runs counter to Section 202(a)(2) of the Advisers Act, which defines “qualified custodian” to include a “bank” as defined in Section 202(a)(2). The term “bank” explicitly includes any state-chartered trust company that meets the requirements set forth in Section 202(a)(2)(B). There is no indication that Congress intended to exclude state-chartered trusts simply because they provide custody services for emerging digital asset classes like crypto. As long as a state-chartered trust company satisfies the definitional requirements in Section 202(a)(2)(B), it should be permitted to serve as a qualified custodian. Furthermore, the proposed rule exceeds the SEC's rulemaking authority under Section 206(4) of the Advisers Act, which empowers the Commission to adopt rules only where "necessary or appropriate in the public interest or for the protection of investors." Requiring custodians to demonstrate exclusive, sole control of crypto assets does not offer meaningful additional protection for investors beyond existing requirements that custodians maintain adequate controls and segregate client assets. And by severely limiting access to qualified crypto custodians, the proposal harms the public interest by chilling innovation in the digital asset space. The SEC should reconsider its position and provide a flexible framework that allows state-chartered institutions to demonstrate exclusive possession and control of crypto assets through a combination of technical, operational, and audit controls. This outcome is supported by the plain language of the Advisers Act as well as sound policy. State-chartered trusts can provide secure and regulated custody solutions that expand investor choice – but only if the SEC does not impose unreasonable burdens beyond what is authorized by statute. VIII. THE PROPOSED RULE PRESENTS THE RISK OF UNDUE INFLUENCE. The SEC's proposed amendments to Rule 206(4)-2 would constitute an undue exercise of power that would improperly restrict investment advisers' ability to invest in and hold cryptocurrencies such as Bitcoin and Ethereum on behalf of their clients. The proposed amendments presume that SEC regulation is needed to protect investors from loss or theft of their cryptocurrency assets. However, the SEC fails to demonstrate that existing state and federal regulations are inadequate. Subjecting cryptocurrencies to the proposed qualified custodian requirement ignores the technical realities of cryptocurrency systems and imposes unreasonable burdens on investment advisers. This overreach exceeds the SEC's statutory authority to regulate securities under 15 U.S.C. § 80b-1 et seq. and violates the Administrative Procedure Act's prohibition on agency action that is arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law. See 5 U.S.C. § 706(2)(A). The proposed amendments also fail to consider less burdensome alternatives. For example, the SEC could allow advisers to hold cryptocurrency using robust security protocols like multisignature wallets. Or it could permit advisers to use third-party fiduciaries that don't meet the full definition of "qualified custodian." By refusing to explore alternatives, the SEC improperly substitutes its judgment for that of advisers who are in the best position to determine appropriate safeguards based on their clients' needs and risk tolerances. Rather than protect investors, the proposed amendments' overbroad requirements will restrict access to cryptocurrency investments and stifle financial innovation. The SEC should reconsider this undue exercise of its authority. IX. CRYPTOCURRENCIES DO NOT MEET THE DEFINITION OF A SECURITY AND SHOULD NOT BE REGULATED AS SUCH. The proposed changes would greatly expand the SEC's authority to regulate cryptocurrencies by categorizing them as "assets" subject to the custody rule. However, cryptocurrencies should not be regulated in this manner because they do not meet the legal definition of a security. The Supreme Court has established a clear test to determine whether an asset is a security in SEC v. W.J. Howey Co. Under this test, known as the Howey test, an asset is a security if it involves (1) an investment of money, (2) in a common enterprise, (3) with an expectation of profits, (4) derived solely from the efforts of others. While cryptocurrencies may in some cases meet the first three prongs of this test, they do not meet the fourth prong. Cryptocurrencies like Bitcoin and Ethereum are decentralized networks that rely on cryptography and distributed ledger technology. They operate through peer-to-peer consensus mechanisms like proof-of-work and proof-of-stake. Users interact directly with these protocols to send and receive coins or tokens. The profits that users earn from cryptocurrencies derive from the cryptocurrencies themselves as an autonomous technology, not the efforts of any third party. This key distinction means cryptocurrencies are not securities under the Howey test. The SEC itself has acknowledged that Bitcoin and Ethereum are not securities due to their decentralized nature. Trying to regulate decentralized cryptocurrencies as securities would go against years of the SEC's own guidance. It would also likely exceed the SEC's authority under federal securities laws. X. THE PROPOSED RULE WOULD CREATE UNFAIR DISADVANTAGES FOR DIGITAL ASSET PARTICIPANTS. The proposed amendments to Rule 206(4)-2 under the Investment Advisers Act of 1940 would impose unfair disadvantages on certain participants in the digital asset market. While the goal of enhancing investor protections is laudable, the proposed rule goes too far and would have several concerning implications: Impractical custody requirements for digital assets. The proposed rule's "possession or control" requirements are overly rigid and impractical for digital asset qualified custodians to satisfy. Digital assets have unique attributes that make demonstrating exclusive control challenging, such as transferability via private keys. The proposed rule should allow more flexibility for digital asset custody models that utilize innovative approaches like multisig and MPC technology. Imposing blanket physical possession requirements could preclude certain custodians from participating in this market. Barriers for non-bank and decentralized custodians. The heightened eligibility criteria for foreign financial institutions and questions raised about state-chartered trust companies could restrict those entities from serving as qualified custodians. Many digital asset custodians are non-banks using novel custody solutions. Limiting their ability to qualify would negatively impact digital asset market participants. Trade execution challenges. By including discretionary trading authority within the custody definition, digital asset advisers face hurdles executing trades on platforms that are not qualified custodians. Most digital asset trading occurs on such platforms. The rule should exempt temporary transfers to facilitate trades, or provide a reasonable transition period for platforms to become qualified custodians. Overly prescriptive contractual requirements. Strict new contractual protections like required indemnity and insurance provisions may not be feasible or available for certain digital asset custodians in the current marketplace. The rule should take a principles-based approach to give custodians flexibility in implementing controls appropriate to the assets. While the SEC aims to enhance investor protections, the proposed rule risks unduly burdening digital asset market participants and constraining technological innovation in this developing area. The SEC should reconsider provisions that impose impractical requirements or unfair limitations, so that the rule achieves its goals without placing certain groups at a disadvantage. XI. THE PROPOSED RULE SHOULD ADDRESS REGULATORY INCONSISTENCY ON THE CUSTODY OF DIGITAL ASSETS. The proposed rule regarding custody of digital assets like cryptocurrency by registered investment advisers ("RIAs") highlight concerning inconsistencies and contradictions in the application of custody requirements that should be clarified before finalizing any rule. Specifically, the SEC’s differing perspectives on applying custody requirements to digital assets versus traditional securities, the uncertainty around whether certain digital asset custodians can qualify under the rule, and the disconnect between federal and state approaches create significant regulatory inconsistencies. Clarifying these issues through additional rulemaking rather than ad hoc determinations will help ensure appropriate investor protections are in place without unduly burdening market participants. The Proposed Amendments take an overly rigid position that custody of digital assets inherently poses greater risks than traditional securities, but do not provide a basis for believing digital assets cannot be held with reasonable safeguards akin to those applicable to securities. At the same time, federal banking regulators have allowed banks to provide crypto custody services, recognizing such services can be offered consistent with safe and sound banking practices. The SEC should reconsider broad assumptions that digital asset custody necessitates more stringent requirements than securities custody, and instead evaluate risks of specific custody models. Imposing blanket restrictions out of step with other regulators and the realities of digital asset custody technology will only drive activity offshore without meaningfully enhancing protections. In addition, the Proposed Amendments create uncertainty about whether state-chartered trust companies can qualify as digital asset custodians, conflicting with the text of the Advisers Act’s definition of “qualified custodian.” Rather than expressing skepticism about whether any digital asset custodian can properly safeguard assets, the SEC should provide guidance on required controls and protections expected of a qualified custodian, regardless of charter. Allowing flexibility based on specific policies and procedures, instead of limiting options to federally-chartered custodians, will facilitate responsible digital asset custody services. Finally, the SEC’s skepticism of state oversight of digital asset custodians directly conflicts with increasing state regulation of digital asset companies. State regulators have been proactive in implementing tailored licensing and supervision programs for digital asset activities. The SEC should coordinate with state regulators in developing digital asset custody requirements instead of discounting state supervision. Otherwise, advisers are left to navigate inconsistent federal and state custodian requirements. A coordinated approach would provide greater regulatory clarity. In sum, the SEC should address inconsistencies in applying custody requirements to digital assets versus securities, uncertainty around permissible digital asset custodians, and conflicts between federal and state regulation. Doing so will provide RIAs much-needed clarity in providing digital asset services to clients while upholding critical investor protections. XII. THE RULE DOES NOT ENSURE FAIR CRYPTO REGULATION THAT FACILITATES GROWTH AND INNOVATION. The proposed amendments to Rule 206(4)-2 under the Investment Advisers Act of 1940 impose significant burdens on the evolving international crypto market that will stifle innovation and growth. While the goal of investor protection is laudable, the expansive scope of assets covered combined with prescriptive custodial requirements fails to account for the unique nature of digital assets and their borderless transfers. The proposed rule would detrimentally impact smaller international crypto advisers and custodians. Requiring written agreements with specific mandatory terms, as well as assurances related to standards of care and insurance requirements, creates impractical hurdles for new entrants seeking to compete in this space. The compliance costs will be too high, forcing out smaller firms and concentrating assets with larger custodians, reducing competition. Rather than blanket requirements, a principles-based approach should be taken that provides flexibility based on the risk profile of assets. In addition, the "possession or control" requirement could prohibit international transfers of crypto assets to exchanges or counterparties that are not qualified custodians. This ignores the reality that digital assets freely flow across borders by design. Impeding this open architecture will put U.S. firms at a disadvantage compared to those operating in jurisdictions with more flexible frameworks. The SEC should reconsider the proposed rule's broad applicability and instead take a targeted approach focusing on higher risk assets. Overly rigid custody mandates on all crypto assets will stifle innovation and create unintended obstacles to cross-border crypto development. The U.S. risks falling behind more progressive regimes if burdensome regulations are imposed without accounting for unique attributes of digital assets and their global nature. The SEC should promote smart crypto oversight that balances innovation and growth with appropriate investor protections. XIII. THE PROPOSED RULE DOES NOT ADEQUATELY ACCOUNT FOR DIFFERENCES BETWEEN DIGITAL ASSETS AND TRADITIONAL SECURITIES. The proposed rule's expansive definition of "custody" and rigid requirements around "exclusive control" over digital assets reflect a lack of understanding of how these assets differ from traditional securities. The SEC acknowledges the challenges of proving exclusive control over cryptocurrencies, yet still demands advisers meet this vague standard or face being in violation. Further, the assumption that advisers who do not use SEC-approved custodians are putting their clients' assets at risk is an overreach and exceeds the SEC's authority. Investment advisers have a fiduciary duty to act in their clients' best interests, including protecting assets under management. Many have developed secure ways to self-custody cryptocurrencies without issues. Requiring use of qualified custodians would limit client choice and market innovation. Finally, the transition period of just 1-1.5 years is unrealistic. Building integrations with qualified custodians, migrating assets, and adjusting operations to comply will take significant time and resources for many advisers. This aggressive timeline seems intended to drive certain participants out of the market entirely rather than allow them time to meet new requirements.