U.S. SEC issues guidance: Broker-dealers must control private keys when safekeeping crypto assets for clients

The process of integrating digital assets into the traditional financial system is entering a “standardization” phase. The U.S. Securities and Exchange Commission (SEC) released new guidelines on Wednesday, clarifying how broker-dealers should comply with customer protection rules when custodying “crypto asset securities”: although assets are stored on-chain, broker-dealers must still demonstrate “physical possession or control” over the assets, and holding the “private key” is the core standard required by this regulation.

This guideline aims to resolve the conflict between digital assets and the existing “Customer Protection Rules.” Traditional regulations require broker-dealers to have actual control over customer assets, but for tokens dispersed on the blockchain, defining “possession” has always been a legal gray area.

According to the SEC’s Division of Trading and Markets on Wednesday, the issued guidelines are considered “transitional measures,” primarily to address practical questions from market participants. Feedback will continue to be collected for future formal regulatory policies.

Under the SEC’s latest interpretation, if a broker-dealer has “exclusive access rights” to the private keys of tokens, allowing direct access to crypto assets and possessing the ability to transfer assets, it can be considered to have “physical possession or control” over the crypto asset securities.

At the same time, the SEC also requires broker-dealers to establish, maintain, and strictly enforce policies that adhere to industry best practices to prevent private keys from being stolen, lost, or used without authorization. They must also ensure that, apart from the broker-dealer itself, no other party (including customers or third parties) can access the private keys or transfer assets.

Additionally, the SEC emphasizes that if a broker-dealer is aware of serious security vulnerabilities or operational flaws in the underlying distributed ledger technology (DLT), or if custody of the asset poses a material risk to their business, they should not consider themselves to have possession of the asset.

The guidelines further require broker-dealers and custodians to plan contingency measures in advance to address potential emergencies, including blockchain failures, cyberattacks, and hard forks.

Furthermore, broker-dealers must also have the capacity to execute freezing, destruction, or confiscation of assets under legal or regulatory orders, ensuring compliance with judicial and regulatory directives.

The SEC also mandates that broker-dealers continuously monitor blockchain governance developments and protocol updates. Whenever relevant changes could impact the security of customer assets, broker-dealers must assess the risks beforehand and plan “appropriate actions” to reduce exposure.

_ Disclaimer: This article is for market information only. All content and viewpoints are for reference only and do not constitute investment advice. They do not represent the views or positions of Block. Investors should make their own decisions and transactions. The author and Block shall not be responsible for any direct or indirect losses resulting from investor transactions. _