News & Insights

Client Alert

July 19, 2019

Why It’s Taking So Long: the SEC and FINRA Issue Guidance on Crypto Broker-Dealer Complexities

The SEC signaled last week that it appears to be growing more comfortable approving certain digital asset activities, qualifying the first two initial coin offerings ever to proceed as registered securities.

Earlier this month, the U.S. Securities and Exchange Commission and FINRA highlighted some of the complexities that have made them particularly careful about approving licenses for firms looking to start or expand a broker-dealer operation to deal in digital assets.[i]

In a rare joint statement (“Joint Guidance”) published on July 8, the SEC’s Division of Trading and Markets and FINRA’s Office of General Counsel provided guidance focused primarily on issues that arise when a broker-dealer’s business involves taking custody (or arranging for custody) of a customer’s digital assets. Holding custody of customer securities and funds is a common function of traditional securities broker-dealers. For digital assets, however, regulators and industry participants alike have identified this as a thorny issue.


The SEC had already made its position clear that “[a]n entity that facilitates the issuance of digital asset securities in ICOs and secondary trading in digital asset securities may also be acting as a ‘broker’ or ‘dealer’ that is required to register with the Commission and become a member of a self-regulatory organization, typically FINRA.”[ii] A November 2018 enforcement action filed against TokenLot LLC and two individuals who operated the self-proclaimed “ICO Superstore” also showed that the SEC is willing to file charges against firms and individuals that operate as broker-dealers without proper registration.[iii]

Despite these clear calls to register before acting as a broker-dealer in digital asset securities, recent news reports have chronicled industry-participant frustrations with the waiting periods for approval of crypto-related broker-dealer applicants.[iv] The Joint Guidance issued earlier this month walked through a number of the complexities that may have caused FINRA to tread carefully on approving New Membership Applications (“NMAs”), as well as Continuing Membership Applications (“CMAs”), which an existing broker-dealer must file in order to expand its business to include digital asset securities.


Drawing on decades of laws on broker-dealer registration and investor protection, the Joint Guidance recognized the tension between the design of existing regulations and their evolving understanding of how those regulations fit onto new and developing technologies. The key issues raised in the Joint Guidance related to safeguarding customer securities and funds, recordkeeping and reporting rules, and the degree to which the Securities Investor Protection Act of 1970 (“SIPA”) provides a backstop for digital asset investments in the event that a broker-dealer fails.

The Joint Guidance acknowledged that market participants wishing to hold custody of digital asset securities “may find it challenging to comply with the broker-dealer financial responsibility rules without putting in place significant technological enhancements and solutions unique to digital asset securities.” It also acknowledged that staff at the SEC and at FINRA “stand ready” to continue to engage industry players pursuing crypto-related broker-dealer roles.

The Customer Protection Rule, Risks Associated with “Private Keys”

The Joint Guidance confirmed that a broker-dealer seeking to custody digital asset securities must comply with the Customer Protection Rule by safeguarding customer securities entrusted to the firm.[v] It acknowledged, however, that there are “significant differences in the mechanics and risks associated with custodying traditional securities and digital asset securities.”

In the context of digital assets, it may be difficult to determine that the broker-dealer, or its third-party custodian, actually maintains custody of the assets. For example, holding a customer’s private key may not be sufficient evidence by itself that the broker-dealer has exclusive control of the digital asset security; copies of a given key might exist that also give another party control. Additionally, the key itself may not suffice to allow cancellation or reversal of mistaken or unauthorized transactions.

As a result, the Joint Guidance encouraged careful consideration of how a firm can hold possession or control of digital asset securities in compliance with the Customer Protection Rule, as well as how a firm can maintain meaningful and exclusive access allowing for error correction, invalidation of fraudulent transactions, and recovery of lost property.

The Joint Guidance also indicated that the SEC and FINRA have received questions about whether a digital asset’s issuer, or perhaps its transfer agent, is a suitable “control location” for purposes of holding possession or control under the Customer Protection Rule.[vi] (For certain traditional securities, it is appropriate for the issuer itself to hold the securities.) The Joint Guidance merely flagged this as an open question and stated that the two regulators will consider specific circumstances like this as they arise.

Recordkeeping and Reporting Rules

The Joint Guidance also flagged the recordkeeping and reporting rules broker-dealers must mind in conducting business, including with digital assets.[vii] These rules include keeping current ledgers reflecting assets and liabilities, as well as maintaining a securities record reflecting each security carried by the broker-dealer for its customers. They also include routinely preparing financial statements that report net capital and other specific details required of broker-dealers.[viii]

Again, compliance with these rules becomes more complex in the context of digital assets. According to the Joint Guidance, “[t]he nature of distributed ledger technology, as well as the characteristics associated with digital asset securities, may make it difficult for a broker-dealer to evidence the existence of digital asset securities for the purposes of the broker-dealer’s regulatory books, records, and financial statements.” These difficulties evidencing the actual existence of the securities for purposes of its books and records in turn create challenges for a broker-dealer’s independent auditor during annual audits.

Addressing some firms’ potential use of features like regulatory nodes or permissioned distributed ledger technologies to carry out recordkeeping, the Joint Guidance also cautioned that broker-dealers should consider how the new technology might affect their ability to abide by the SEC’s and FINRA’s specific recordkeeping and reporting rules.

Scope of Insurance for Customers Following a Broker-Dealer’s Failure

As a failsafe to the many regulations aimed at ensuring broker-dealers’ financial reliability, SIPA allows for liquidation of a broker-dealer that becomes unable to return customer property.[ix] SIPA’s protections, however, apply only to a “security” as defined in SIPA and to cash deposited with the broker-dealer for the purpose of purchasing securities.[x] The SIPA definition of “security” is slightly different than the definition in the federal securities laws enforced and relied upon by the SEC and FINRA. As the Joint Guidance explains, there may be digital assets that fit into one definition and not the other. In other words, a given digital asset may be: (1) a security under both the federal securities laws and SIPA, and thus protected by SIPA; (2) a security under the federal securities laws, but not under SIPA, and thus not protected by SIPA; or (3) not a security under the federal securities laws and therefore not protected by SIPA.

In the event of a broker-dealer’s failure, customers whose digital assets are deemed to fall outside of SIPA’s protections are left with just a general claim against that broker-dealer’s estate, an outcome the SEC and FINRA staffs believe would be “inconsistent with the expectations of persons who would use a broker-dealer to custody their digital asset securities.” Ambiguities around whether a broker-dealer truly holds and controls a given digital asset further blur the question of what happens to that digital asset if the broker-dealer fails.

Noncustodial Broker-Dealer Models

The Joint Guidance also noted that business models set up to avoid engaging in custody functions “do not raise the same level of concern” as custodial business models, provided that applicable legal and regulatory requirements are honored. Importantly, the guidance provided several examples of business activities that would be considered noncustodial. The examples included business models where:

  • a broker-dealer sends trade-matching details to the buyer and issuer of a digital asset security and the issuer settles the transaction bilaterally between the buyer and issuer, away from the broker-dealer;
  • a broker-dealer facilitates “over-the-counter” secondary market transactions in digital asset securities without taking custody of or exercising control over the digital asset securities; and
  • in a secondary market transaction, a broker-dealer introduces a buyer to a seller of digital asset securities through a trading platform where the trade is settled directly between the buyer and seller.

While these business models do not raise some of the concerns applicable to models involving custody of digital assets, the Joint Guidance stated directly that neither the SEC nor FINRA were offering any views about whether these noncustodial models necessarily are compliant with other laws and regulations.


The Joint Guidance is the latest in a march of targeted guidance from both agencies in this space.

In July 2018, FINRA released a statement encouraging firms to notify the regulator if they engaged in activities related to digital assets.[xi]

In November 2018, the SEC’s Division of Trading and Markets issued a public statement along with its fellow Divisions of Corporation Finance and Investment Management, highlighting ways digital asset securities encounter federal securities laws, including the broker-dealer registration requirements.[xii] At the end of May 2019, the SEC hosted a Fintech Forum during which senior officials from its various divisions, including Trading and Markets, made brief speeches and then moderated interactive panels with industry participants.[xiii]

Most recently, on June 27 the SEC and FINRA together held an open forum for broker-dealers to discuss current compliance practices, including “the challenges of new markets, new products and new rules.”[xiv]

Both regulators have also announced that digital assets are among their examination priorities for this year.[xv]


Stepping back, it has been nearly two years since the Securities and Exchange Commission issued its report on The DAO, announcing that digital assets can be securities.[xvi] Since then, industry participants have clamored for the SEC (and other regulators) to approve industry participants’ efforts to build digital assets businesses that comply with existing federal securities laws. In addition to broker-dealer applications,[xvii] there have been applications to register certain tokens as securities[xviii] and to operate an alternative trading system (“ATS”),[xix] among other roles. There also have been several high-profile applications to launch crypto-based exchange traded funds (“ETFs”).[xx] So far, only a select few of the applications in any of these categories have achieved formal approval from the SEC.

In a sign that the SEC may have grown more comfortable with at least one path toward approval related to digital asset activities, last week the SEC staff formally qualified the first two initial coin offerings (“ICOs”) ever to proceed as registered securities. The two projects, Blockstack[xxi] and YouNow[xxii], both won approval for their respective tokens through the SEC’s Regulation A+, an abbreviated registration option originally designed for raising money through crowdfunding.

But those two approvals are unlikely to herald an impending flood of other sign-offs on proposed token offerings. Similarly, many crypto firms’ applications for other approvals under securities laws remain on hold as the SEC and fellow regulators continue to work through the nuances of how evolving digital asset business models fit within the already complex requirements of securities laws. The new Joint Guidance may, however, signal that regulators intend to develop and offer clearer paths for registering a broker-dealer to handle digital asset securities.


While the Joint Guidance revealed a number of issues that the SEC and FINRA staffs are grappling with as they look at crypto-related broker-dealer applications, it ultimately did not provide bright-line instructions on how a specific applicant can structure its business to achieve compliance. That said, it should be abundantly clear by now that regulatory guidance on how securities laws apply to digital assets will be incrementally rolled out.

This latest guidance signals that regulators are moving further beyond threshold questions related to whether a digital asset is a security, to plot out how the rest of securities laws apply to digital asset securities. Despite the SEC having now approved the first two token offerings under Regulation A+, any crypto-euphoria must be tempered somewhat by the secondary-market concerns articulated in the Joint Guidance.

We look forward to working with the SEC and FINRA as they develop additional guidance on digital assets—and perhaps to more approvals of digital asset securities, broker-dealers, ATSs, ETFs, and other applications down the line.


[i] Public Statement, “Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities,” SEC/FINRA (July 8, 2019), available at

[ii] Public Statement, “Statement on Digital Asset Securities Issuance and Trading,” SEC Divisions of Corporation Finance, Investment Management, and Trading and Markets (Nov. 16, 2018), As a technical matter, FINRA is the body that actually approves applications for new or expanded broker-dealer licenses. FINRA operates under authority delegated to it by the SEC, however, and so the two work together closely on topics related to broker-dealer registration and oversight.

[iii] In the Matter of Tokenlot, LLC, et. al, SEC Admin. Proc. File No. 3-18739 (Sept. 11, 2018),

[iv] There are 40 applications reportedly pending for approval, with companies waiting as long as 14 months. Nikhilesh De, “Stonewalled by FINRA, Up to 40 Crypto Securities Wait in Limbo for Launch,” CoinDesk (June 17, 2019), available at

[v] Securities Exchange Act of 1934 (“Exchange Act”) Rule 15c3-3, which FINRA also enforces as part of its authority delegated from the SEC, requires a broker-dealer to physically hold customers’ fully paid and excess margin securities or maintain them free of lien at a good control location.

[vi] See Exchange Act Rule 15c3-3(c)(7).

[vii] See Exchange Act Rules 17a-3, 17a-4, and 17a-5.

[viii] Id.

[ix] SIPA established the Securities Investor Protection Corporation (“SIPC”), a nonprofit corporation that actually performs the work to restore investors’ cash and securities when their brokerage firm fails. See “About SIPC,” SIPC, available at

[x] 15 U.S. Code § 78lll.

[xi] Regulatory Notice, “FINRA Encourages Firms to Notify FINRA if They Engage in Activities Related to Digital Assets,” FINRA (July 6, 2018), available at

[xii] Public Statement, Divisions of Corporation Finance, Investment Management, and Trading and Markets, Statement on Digital Asset Securities Issuance and Trading (Nov. 16, 2018),

[xiii] Press Release, “SEC Staff Announces Agenda for May 31 FinTech Forum,” SEC (April 24, 2019), available at

[xiv] Press Release, “SEC and FINRA to Hold National Compliance Outreach Program for Broker-Dealers on June 27, 2019,” SEC (April 16, 2019), available at

[xv] See “2019 Risk Monitoring and Examination Priorities Letter,” FINRA (Jan. 22, 2019), available at; 2019 Examination Priorities, SEC Office of Compliance Inspections and Examinations, available at

[xvi] This report followed an investigation of The DAO, a decentralized autonomous organization that sold digital asset tokens to investors. In its report, the SEC determined that The DAO’s tokens were securities. Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO, SEC Rel. No. 81207 (Jul. 25, 2017) (“DAO Report”), available at

[xvii] See, e.g., Leigh Cuen, Gemini to Apply for Broker-Dealer License in Bid to Trade Crypto Securities, CoinDesk (July 2, 2019), available at

[xviii] Molly Jane Zuckerman, Praetorian Group Files To Be First ICO To Sell Registered Security Tokens in US, Cointelegraph (March 9, 2018), available at

[xix] JD Alois, Here is the List of SEC Approved Alternative Trading Systems, Crowdfund Insider (April 23, 2019), available at

[xx] Daniel Palmer, A New Crypto ETF Has Just Been Filed With the U.S. SEC, CoinDesk (May 10, 2019), available at

[xxi] Paul Vigna, SEC Clears Blockstack to Hold First Regulated Offering, Wall Street Journal (July 10, 2019), available at

[xxii] Daniel Kuhn, SEC Gives YouNow’s Ethereum Token ‘Props’ Reg A+ Approval, CoinDesk (July 11, 2019), available at