An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
()
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Please find written input submissions to the Crypto Task Force below. The written input is posted without modification. We hope sharing the submissions will help encourage productive dialogue and continued engagement. Please note that the “Key Points” and “Topics” are AI generated. AI can make mistakes, and the Key Points and Topics are not a replacement for you reading the submissions. The Crypto Task Force has not reviewed these AI-generated summaries for accuracy or completeness. If you believe a Key Point or Topic is inaccurate, please email the Crypto Task Force at crypto@sec.gov. The written input provided to the SEC and posted on this page does not necessarily reflect the views of the Crypto Task Force or others in the U.S. Securities and Exchange Commission.
Activities involving native, wrapped, or entitlement tokens qualify as securities transactions, triggering broker-dealer, exchange, and registration requirements under the Securities Act and Exchange Act.
Issuers of tokenized securities must comply with Securities Act §§ 5, 6, 7, 10, including filing registration statements and delivering prospectuses. Additional disclosures may be needed to address unique tokenization risks.
Sections 12, 13, 15, 17, and 23 of the Securities Act and §§ 9, 10, and 20 of the Exchange Act prohibit manipulative practices and impose liability for material misstatements or omissions, regardless of whether securities are tokenized.
Securities Industry and Financial Markets Association (SIFMA)
Custody, Public Offerings, Security Status, Tokenization, Trading
Across the SEC’s Investment Advisers Act, Investment Company Act, Securities Act, and Exchange Act rules, the legal and regulatory requirements generally apply equally to traditional and tokenized assets. The rules governing registration, disclosure, custody, recordkeeping, anti-fraud, and investor protection are not fundamentally altered by the use of tokenization or digital asset formats. Where tokenized assets are securities, they are subject to the same substantive regulatory regime as their non-tokenized counterparts.
For investment advisers and investment companies, custody rules (e.g., IAA Rule 206(4)-2, ICA Rules 17f-1 through 17f-7) require that client assets—including tokenized securities—be held with qualified custodians and subject to the same segregation, audit, and reporting requirements as traditional securities. Self-custody of tokenized assets by advisers is not subject to lesser requirements, and banks acting as custodians for tokenized assets must meet the same standards as for other securities.
The core disclosure, reporting, and anti-fraud provisions of the federal securities laws (including the Securities Act, Exchange Act, and related SEC rules) apply to offerings, trading, and custody of tokenized securities. This includes requirements for registration statements, prospectus delivery, periodic reporting, proxy rules, and prohibitions on manipulative or deceptive practices. The SEC’s authority and investor protections are not diminished by the use of tokenized or digital asset technology.
The proposed modernization advocates amending the Custody Rule to allow registered investment advisers (RIAs) to safeguard client crypto assets using non-qualified custodian (non-QC) solutions under a reasonableness standard, ensuring assets remain secure and fiduciary duties are met.
Introducing flexibility to permit both QC and non-QC safeguarding solutions mitigates operational frictions, reduces concentration risk, and aligns custody practices with the unique properties of crypto assets, while maintaining compliance with the Custody Rule’s core tenets.
The model framework leverages multi-signature/multi-party computation (MS/MPC) technology, contractual agreements (MPA), and operational security standards to satisfy policy objectives of segregation, safeguarding, and independent verification without mandatory third-party custody.
SIFMA refuted claims by DeFi Education Fund that it previously supported broad exemptive relief for emerging technologies, clarifying that its advocacy focused on structured regulatory reform through formal rulemaking and statutory authority.
SIFMA opposed the SEC’s 2022 Proposal to redefine “exchange” under Rule 3b-16, citing concerns that the inclusion of undefined terms like “communication protocol systems” would improperly expand regulatory scope to systems operated by broker-dealers and investment advisers.
SIFMA recommended a limited volume exemptive framework under the Exchange Act, tailored to address specific market challenges, rather than blanket exemptions for DeFi platforms.
All pilot participants—including broker-dealers, custodians, and technology providers—must undergo structured conformance testing and certification to validate adherence to operational playbooks and reference implementation profiles. Certification is a prerequisite for participation and includes baseline and enhanced tiers with annual recertification requirements.
The pilot establishes a multi-tiered governance framework, including a Pilot Steering Committee and Change Control Board, with defined authority over standards evolution, incident coordination, and regulatory engagement. Supervisory access is governed by tiered models (Tier 0–2) to ensure due process, privacy, and non-surveillance principles.
The Operationalization Track is strictly limited to U.S. domestic institutional markets and does not create new legal obligations beyond those required for pilot participation. It complements existing federal securities laws and SRO rules, focusing on operational specificity for tokenized securities without replacing existing infrastructure or extending to retail or cross-border markets.
Zack Tickman, Claude & Friends: Risk Analytics Research Group
Custody, RFI Responses, Safe Harbor, Security Status
Zcash and Aleo rely on zkSNARKs requiring a “trusted setup,” which introduces a permanent trust assumption. If the setup’s entropy (“toxic waste”) is not securely destroyed, it could allow undetectable token counterfeiting, undermining supply integrity.
Zcash’s opt-in privacy model results in most transactions being transparent, enabling deanonymization through statistical analysis. This undermines its claim to privacy-preserving status and exposes users to surveillance risks.
Aleo’s programmable privacy increases protocol complexity, which has led to real-world data leaks (e.g., unencrypted KYC data). This complexity heightens the likelihood of implementation flaws, expanding the attack surface and compromising user privacy.
Securities Industry and Financial Markets Association (SIFMA)
Tokenized securities traded via DeFi or CeDeFi platforms must comply with U.S. securities laws, including the Exchange Act, regardless of claims of decentralization or minimal intermediary involvement.
A clear and nuanced taxonomy is essential to distinguish between natively issued digital securities, wrapped tokens, SBS, and non-security instruments, ensuring proper application of securities laws and investor protections.
Fragmentation between tokenized and traditional securities markets poses risks to market integrity, and regulators must ensure fungibility, consistent trade reporting, and integration with existing infrastructures like Reg NMS, CAT, and SIPC.
The framework enforces strict adherence to the Illinois Biometric Information Privacy Act (BIPA) and California Consumer Privacy Act (CCPA/CPRA) by implementing local-only biometric processing, purpose limitation, and secure destruction protocols for biometric data.
It aligns institutional authentication procedures with the Uniform Commercial Code Article 4A by incorporating phishing-resistant authentication, dual control, and hardware-backed cryptographic protocols, establishing a benchmark for commercially reasonable security procedures.
The framework embeds appealable, time-bounded attestations and dispute resolution pathways, ensuring representatives can challenge erroneous integrity flags and maintain employment rights, consistent with regulatory expectations for procedural fairness.
The "Chains of Trust" model enables cryptographic self-certification of digital identities and data, which can enhance customer due diligence and reduce synthetic identity fraud in digital asset markets.
Institutions can use VDCs to attest to a customer’s compliance status without transmitting sensitive personal data repeatedly, supporting privacy and interoperability across financial institutions.
Linking legal entity identifiers to VDCs provides cryptographic proofs of beneficial ownership, while immutable provenance records offer regulators and law enforcement reliable audit trails for supervisory and enforcement purposes.
The SEC has jurisdiction over leveraged crypto ETFs and related securities products, and has previously blocked filings for extreme 5x leveraged ETFs to protect investors.
Leveraged crypto instruments offered to U.S. persons via unregistered platforms may fall under SEC oversight, especially when tied to assets potentially classified as securities.
Joint SEC-CFTC efforts in 2025 have initiated regulation of onshore perpetual contracts with leverage limits, but offshore platforms remain largely unregulated, posing risks to U.S. retail investors.
