Oct. 16, 2023
To Whom It May Concern: I am writing to provide comments on the Securities and Exchange Commission's proposed rule release for "Safeguarding Advisory Client Assets" as it relates to digital assets and cryptocurrencies. I appreciate the SEC's efforts to adapt its regulatory framework to emerging technological innovations like blockchain-based assets. However, I have several substantive concerns about the rule's application to digital asset service providers. First, the definition of "client assets" subject to the rule's protections is overly broad when it comes to digital assets. As written, the definition could be interpreted to apply prescriptive security requirements to the underlying blockchain networks and smart contracts that power decentralized finance (DeFi) platforms. However, these public blockchain protocols do not have centralized administrators to implement controls. Attempting to force centralized security models onto decentralized networks could severely inhibit innovation. I urge narrowing the definition of covered client assets to apply only to custodied funds specifically under the adviser's control. The integrity of public blockchain networks should be considered outside the rule's scope. Second, the 48-hour breach notification requirement may be technically infeasible to implement for smart contract-based incidents on public blockchains. Breaches may be identifiable only through on-chain analytics rather than clear incident reports. Disclosure could also potentially draw more attention to vulnerabilities. I suggest clarifying that notification timelines correspond to discovery and assessment of an incident. Finally, aspects such as access controls, multi-factor authentication, and encryption may be difficult or even impossible to institute across decentralized protocols. While essential for custodied assets, flexibility is needed when applying these to smart contracts with no central server or administrator. I recommend principles-based guidance that recognizes the unique nature of decentralized technical infrastructure. With certain modifications to avoid regulatory overreach into decentralized networks, I believe the rule could meaningfully enhance protections for digital asset investors. I appreciate the opportunity to provide comments to help tailor regulations for the unique case of cryptocurrencies and blockchain-based finance. Please feel free to contact me with any questions.