Subject: S7-04-23: Webform Comments from Anonymous
From: Anonymous
Affiliation:

Oct. 29, 2023

Please note the following comments I respectfully make
regarding potential issues with the proposed rule:

MONITORING DIFFICULTIES SUPPORT TAILORED CRYPTO ASSET CUSTODY
REQUIREMENTS

The SEC’s proposed custody rule amendments raise significant
monitoring difficulties for investment advisers seeking to hold crypto
assets on behalf of clients. While the SEC aims to enhance investor
protections, the proposal’s broad application to all crypto assets
exceeds what is required to reasonably safeguard client assets and
risks impairing advisers’ ability to manage crypto assets in
clients’ best interests. The SEC should tailor the final rule to
account for the novel features and risks of different types of crypto
assets.

For instance, the proposal could exempt advisers to hold stablecoins
and algorithmic stablecoins with qualified custodians, due to their
lower risks. Stablecoins aim to maintain a stable value, posing fewer
valuation and volatility risks. And major stablecoins like USDC
already employ robust auditing and disclosure requirements that
protect against fraud. See Centre Consortium, USDC Audit Reports,
https://www.centre.io/usdc-transparency. 

The SEC should thus tailor the final rule to exempt stablecoins and
other crypto assets with distinct risk profiles. This would
appropriately balance investor protections while enabling advisers to
efficiently manage diversified crypto asset portfolios. 
THE PROPOSED RULE LACKS CLEAR GUIDELINES FOR ENFORCEMENT PROGRAM
OPTIMIZATION REGARDING CRYPTO CUSTODY.

The SEC's proposed amendments to the custody rule under the
Investment Advisers Act seek to modernize custody requirements in
light of developments in the crypto asset marketplace. However, the
complexities of applying custody requirements to crypto assets warrant
clear guidelines from the SEC on enforcement priorities and program
optimization. Without such direction, the SEC risks inefficient
deployment of enforcement resources and inconsistent industry
compliance.

The SEC should provide transparent guidance on enforcing the amended
custody rule against crypto custodians. As the Proposal notes, proving
"exclusive possession or control" of crypto assets presents
unique challenges due to their intangible nature and transferability.
While the SEC cautions that crypto platforms likely cannot serve as
qualified custodians under the Proposal, it remains ambiguous whether
acceptable custody models could be devised, particularly by
state-chartered trusts. Rather than rely solely on enforcement actions
to delineate compliance standards on a case-by-case basis, the SEC
should clarify upfront the criteria and methods for demonstrating
exclusive crypto custody and qualified custodian status. Advanced
notice of enforcement priorities would allow the SEC to optimize its
oversight program by focusing on core risks identified through
industry engagement, while enabling crypto custodians to conform
business practices accordingly.

The SEC should also establish clear metrics and processes for
evaluating the amended custody rule’s effectiveness over time. As
crypto markets and related services continue evolving rapidly, custody
risks and regulatory concerns may shift. Periodic review based on
data-driven benchmarks would help the SEC recalibrate enforcement
efforts in response to market changes. The SEC could measure, for
example, change in reported incidents of crypto asset misappropriation
from advised accounts, fidelity bonding rates for crypto custodians,
and investor perceptions of custody safeguards. A transparent feedback
loop would optimize enforcement by targeting resources at emerging and
persistent compliance gaps.

Finally, the SEC should coordinate with other federal and state
regulators overseeing crypto custody and qualified custodian status.
As the Proposal notes, banks and trust companies may offer crypto
custody under separate charters and regimes. Close collaboration would
help reconcile overlapping agency mandates and streamline industry
oversight. The SEC could enter into memoranda of understanding to
delineate enforcement responsibilities or establish interagency
working groups to optimize coordination. A joint regulatory framework
with aligned priorities would enhance enforcement effectiveness and
reduce compliance burdens.

In conclusion, adopting clear enforcement guidelines, metrics, and
coordination protocols would significantly strengthen the SEC's
crypto custody program under the amended rule. The SEC should optimize
oversight and industry compliance proactively rather than rely solely
on reactive enforcement measures. Concrete steps toward enforcement
transparency and accountability would ensure investor protection keeps
pace with crypto asset growth.
THE PROPOSED RULE IMPOSES REGULATORY BURDENS ON INTERNATIONAL
BUSINESSES
The proposed amendments to the investment adviser custody rule impose
undue regulatory burdens on international businesses in contravention
of principles established in caselaw and past SEC guidance. Requiring
advisers to enter written agreements with qualified crypto custodians
and mandating enumerated assurances creates unnecessary compliance
costs and legal uncertainty for global enterprises.

The proposed rule conflicts with the Supreme Court's clear
directive against the extraterritorial application of U.S. securities
laws absent clear Congressional intent. In Morrison v. National
Australia Bank, the Court held that sections of the Securities
Exchange Act do not apply extraterritorially based solely on conduct
in the United States. 561 U.S. 247, 267 (2010). Similarly, the custody
rule amendments should not dictate requirements for non-U.S.
custodians of non-U.S. clients' crypto assets held outside the
United States. Expanding the custody rule's reach beyond the
United States exceeds the SEC's authority and interferes with
foreign regulations. Imposing U.S. qualified custodian requirements on
non-U.S. advisers dealing with non-U.S. clients requires just such
extraterritorial analysis, which is absent from the proposal.

Courts disfavor agency interpretations that conflict with prior
representations. In Christopher v. SmithKline Beecham Corp., the
Supreme Court rejected deference to an agency's changed position
that contradicted its longtime, consistent practice. 567 U.S. 142, 155
(2012). The SEC should thus clarify that the custody rule does not
regulate offshore activity given its prior statements against
extraterritorial application of U.S. securities laws.

Subjecting non-U.S. custodians to U.S. requirements also contravenes
international comity principles counseling against unreasonable
interference with foreign sovereign authority. Requiring adherence to
qualified custodian standards fails to respect other nations'
prerogative to regulate business within their borders. The SEC should
avoid unnecessary intrusion into the affairs of other nations per the
Restatement (Fourth) of Foreign Relations Law § 405 (2018).

In sum, the proposed custody rule amendments inappropriately extend
U.S. law abroad absent clear Congressional authorization and against
SEC assurances. The SEC must tailor the rule to avoid unreasonable
burdens on international business.
THE SEC CANNOT INFRINGE UPON INDIVIDUAL RIGHTS RELATED TO
CRYPTOCURRENCY TRANSACTIONS WITHOUT VIOLATING THE NINTH AMENDMENT

The SEC's proposed rule to regulate cryptocurrency transactions
exceeds the Commission's authority and violates the Ninth
Amendment of the U.S. Constitution. The Ninth Amendment states that
the enumeration of certain rights in the Constitution shall not be
construed to deny or disparage other rights retained by the people.
Cryptocurrencies enable individuals to exercise their fundamental
economic liberties, including the rights to acquire and transfer
property, through a decentralized digital medium of exchange. By
imposing overly burdensome regulations that restrict how individuals
can transact in cryptocurrency, the SEC would infringe upon rights
guaranteed under the Ninth Amendment.

The SEC argues it has a compelling interest in protecting investors
from fraud and manipulation in the cryptocurrency markets. However,
the proposed regulations are not narrowly tailored to achieve those
goals without unduly restricting individual liberties. Less
restrictive alternatives exist, such as enforcing existing anti-fraud
laws, requiring clear disclosure of risks, and registering
cryptocurrency exchanges. The Ninth Amendment forbids the government
from disproportionately burdening citizens' rights merely because
those rights are not expressly enumerated.

The Constitution grants limited powers to the federal government for
good reason – to prevent unrestrained intrusions into people’s
lives. The SEC should adhere to its proper role of enforcing
disclosure requirements and anti-fraud laws. It cannot use investor
protection as carte blanche to control how individuals choose to
transact. Cryptocurrency empowers people to exercise their economic
freedom and personal financial responsibility. By dictating how
private citizens can transfer their own cryptocurrency, the SEC would
exceed its authority and violate the Ninth Amendment.
CYBERSECURITY RISKS FACED BY FINANCIAL INSTITUTIONS HOLDING CRYPTO
ASSETS

The SEC's proposed amendments to the Custody Rule do not
adequately address the unique cybersecurity risks faced by financial
institutions that hold crypto assets on behalf of clients. While the
proposed enhancements to custody standards are a positive step, more
must be done to mitigate cyber threats when dealing with this new
asset class.

As outlined in the proposing release, crypto assets have features that
present distinct security vulnerabilities compared to traditional
financial assets. The immutability of blockchain transactions, the
irrevocability of transfers initiated with private keys, and the
widespread availability of malware targeting crypto holders
demonstrate the heightened cyber risks involved. Recent hacks of
crypto companies underscore the seriousness of these threats.

The core of the issue is that controlling the private keys to a crypto
wallet is equivalent to controlling the assets within it. Whoever
holds the private keys has total power over the contents of the
wallet. This is very different from holding traditional assets like
stocks and bonds in a custodial account, where multiple steps and
safeguards are involved in initiating transfers or asset movements.
With crypto private keys, a single cyber breach can result in
immediate and irreparable loss of all assets.

To adequately address this risk, the Custody Rule should require
detailed cybersecurity standards tailored to institutions holding
crypto keys. These standards should mandate:

Use of robust cold wallet storage and multi-party computation systems
to safeguard private keys
Implementation of hardware security modules and biometric controls on
key access
Rigorous key generation, encryption and management protocols
Regular auditing of crypto asset holdings, transfers and access logs
Incident response plans focused on containing crypto asset breaches
Cyber insurance policies covering risks unique to crypto custody
Crypto assets represent the future of finance, but also introduce
novel cyber risks. The Custody Rule presents an opportunity to
implement forward-looking standards that will protect consumers and
promote responsible crypto asset growth. The SEC should seize this
opportunity by directly addressing the cybersecurity challenges of
crypto custody.
INEFFECTIVE DISPUTE RESOLUTION PROCEDURES FOR DIGITAL ASSETS UNDER THE
PROPOSED QUALIFIED CUSTODIAN FRAMEWORK

The SEC's proposed amendments to the custody rule under Rule
206(4)-2 fail to provide for effective dispute resolution procedures
to address issues unique to digital asset custody. The immutable and
irreversible nature of blockchain transactions makes it impossible to
reverse erroneous or fraudulent transactions, recover lost assets, or
correct errors. However, the proposed rule does not adequately address
how clients can obtain meaningful legal recourse in the event their
digital assets are misappropriated or subject to unauthorized
transactions while in the custody of a qualified custodian.

The SEC should modify the proposal to require qualified custodians to
implement dispute resolution procedures tailored to digital assets,
such as compulsory arbitration, to provide clients an avenue for
recovery. Requiring qualified custodians to implement effective
dispute resolution procedures is necessary to prevent fraud and
protect investors as contemplated under Section 206. In addition, the
Advisers Act authorizes the SEC to require investment advisers to
adopt recordkeeping and operational standards as necessary or
appropriate in the public interest or for investor protection (15
U.S.C. § 80b-11). Mandating dispute resolution procedures for digital
asset custody serves the public interest and protects investors by
providing a means for clients to recover lost assets or be made whole
for custodian negligence or misconduct.
DECREASED INNOVATION IN THE DIGITAL ASSET MARKET DUE TO PROPOSED SEC
CUSTODY RULE

The proposed amendments to the SEC's custody rule for registered
investment advisers, which would expand the definition of
"assets" to include digital assets, may have the unintended
consequence of stifling innovation in the digital asset market. By
imposing strict, blanket requirements on the custody of digital assets
without accounting for their unique technological properties, the
proposed rule fails to foster the continued growth and maturation of
this nascent asset class.

Digital assets and their underlying blockchain technology enable new
models of asset transfer, custody, and utilization that are not
feasible with traditional assets like stocks and bonds. Multi-party
computation cryptography allows for decentralized, distributed custody
solutions that provide security advantages over traditional custodial
models relying on a single third party. Smart contracts allow
programmatic automation of asset transfers, trades, and other
transactions according to predefined parameters. New consensus
mechanisms like proof-of-stake permit novel means of asset utilization
and value generation, including staking and other strategies not
available in traditional markets.

By declining to recognize these technological innovations, the
proposed rule mandates custodial models that do not map well onto many
digital asset activities. The requirement for "exclusive
possession or control" at all times would preclude advisers from
leveraging decentralized custody solutions, engaging with
decentralized financial protocols, or employing staking and other
strategies reliant on temporary deposit of assets. While intended to
increase security, this blanket approach will instead force digital
asset custody into legacy constructs incompatible with many of the
most promising applications of the technology.

The proposed rule risks significantly curtailing investment in and
development of new digital asset projects, services, and protocols,
depriving American investors of opportunities for returns and economic
growth. Startups and entrepreneurs may shy away from digital asset
markets with heightened regulatory uncertainty and barriers to
innovation. Talent and capital may migrate overseas to more
accommodating jurisdictions. The result will be reduced U.S.
competitiveness and leadership in what is projected to become a $5
trillion market within the next five years.

Rather than impose outdated custodial models on digital assets, the
SEC should take care to craft rules that account for unique
technological capabilities and promote responsible innovation. Doing
so will allow digital asset markets to continue maturing while
maintaining rigorous investor protections. This more tailored, nuanced
approach will best serve the long-term interests of investors and
ensure U.S. competitiveness in the growing digital economy.
THE PROPOSED AMENDMENTS TO THE CUSTODY RULE DO NOT PROVIDE ADEQUATE
OPPORTUNITY FOR PUBLIC PARTICIPATION AND COMMENT 

The SEC's proposed amendments to the custody rule, Rule 206(4)-2,
significantly expand the scope of assets covered by the rule to
include all crypto assets and impose stringent requirements on
advisers with custody of crypto assets. While the goals of investor
protection and safeguarding client assets are laudable, the SEC has
not provided the public with sufficient opportunity to meaningfully
participate in the rulemaking process as required by the
Administrative Procedure Act (APA). 

Specifically, the APA requires federal agencies to publish notice of
proposed rules in the Federal Register and provide interested parties
the opportunity to submit written comments (5 USC 553(b) and (c)). The
purpose is to allow for meaningful public participation before rules
take effect. However, in this case, the SEC has not given the public
adequate time to digest the complexities of the proposal and provide
thoughtful feedback. The proposing release is hundreds of pages and
raises complex questions about the application of the custody rule to
emerging technologies like crypto assets. Yet, the initial comment
period was only 60 days. While the SEC subsequently reopened the
comment period, it is still insufficient for proper analysis of the
nuances and implications of the amendments across various business
models. The public needs more time to respond to such an expansive
rule change.

In addition, the APA requires agencies to consider and respond to
significant public comments in promulgating final rules. This allows
the public to see their feedback was considered. Extending the comment
period would result in more thoughtful input for the SEC to consider.

Further, the DC Circuit has held that agencies must remain open-minded
and cannot finalize rules that are not a logical outgrowth of the
proposed rule. Here, the SEC has signaled pre-judgment by stating in
the proposing release that crypto platforms cannot qualify as
custodians, which discourages good-faith public input. 

The public needs more time and opportunity to comment on this
impactful rule change. The SEC should extend the comment period by a
minimum of 60 additional days. Doing so will lead to better rulemaking
and comply with the APA's requirements for public participation.
THE PROPOSED RULE FAILS TO ENSURE SUFFICIENT ACCOUNTABILITY FOR
REGULATORS THEMSELVES

The Securities and Exchange Commission's proposed amendments
regarding investment adviser custody of digital assets, while seeking
to enhance investor protections, fail to provide for adequate
accountability of the regulators themselves. The administrative
process lacks sufficient checks and balances, raising concerns about
potential overreach or arbitrary decision-making by regulators.

To withstand judicial scrutiny, agency action must not be
"arbitrary, capricious, an abuse of discretion, or otherwise not
in accordance with law.". While courts grant deference to agency
expertise, that deference is not unlimited. Agency action can be
invalidated where the agency "entirely failed to consider an
important aspect of the problem" or "offered an explanation
for its decision that runs counter to the evidence before the
agency." Motor Vehicle Mfrs. Assn. v. State Farm Mut. Auto. Ins.
Co., 463 U.S. 29, 43 (1983).

Here, the SEC's proposal fails to adequately consider the due
process implications of granting regulators broad, unchecked authority
over digital asset custody arrangements. The proposal would empower
SEC staff to make determinations regarding "possession and
control" of crypto assets without sufficient regulatory
oversight. Chairman Gensler's stated view that "investment
advisers cannot rely on [crypto platforms] as qualified
custodians" prejudges the issue rather than making an objective,
evidence-based determination.

To pass judicial muster, the final rule should include safeguards to
prevent arbitrary or unfair actions by SEC staff and preserve
advisers' due process rights. For example, the rule could provide
advisers an internal appeals process to challenge adverse possession
and control determinations. It could also impose a higher burden of
proof on SEC staff to show a lack of "possession and
control." Clear definitions and objective criteria for digital
asset custody would further restrain arbitrary enforcement.

Additional accountability measures like required regulatory impact
analyses and retrospective reviews of rules could also help protect
regulated entities against overreach while still advancing investor
protections. See Exec. Order No. 12866; Exec. Order 13563. As Justice
Brandeis famously warned, "Experience should teach us to be most
on our guard to protect liberty when the government's purposes
are beneficent." Olmstead v. United States, 277 U.S. 438, 479
(1928) (dissenting opinion). The SEC should heed those words and
implement appropriate safeguards.
INADEQUATE RATIONALE FOR MASSIVE EXPANSION OF CUSTODY RULE

The SEC's proposed rule to expand the custody rule to cover
"all crypto assets" is flawed because the SEC fails to
provide an adequate rationale to justify this massive expansion in
scope. The current custody rule in Rule 206(4)-2 applies only to
"funds and securities." The SEC provides no evidence of
significant investor losses in crypto assets that are not
"securities" under the federal securities laws that would
justify this sweeping expansion in scope.

The SEC's justifications are speculative and conclusory, failing
to identify actual harms or provide data demonstrating concrete
investor protection needs that support applying the custody rule to
non-security crypto assets. The SEC claims crypto assets raise
"heightened risk of loss" but provides no empirical data
showing investors have suffered losses due to lack of protections. See
SEC v. Chenery Corp., 332 U.S. 194, 196 (1947) ("[A]n
administrative order cannot be upheld unless the grounds upon which
the agency acted . . . were those upon which its action can be
sustained."); Motor Vehicle Mfrs. Ass'n v. State Farm Mut.
Auto. Ins. Co., 463 U.S. 29, 43 (1983) (agency must examine relevant
data and articulate satisfactory explanation for action).

The SEC also fails to tailor the proposal to address legitimate areas
of concern. For example, the SEC does not limit the expanded custody
rule to high-risk crypto activities like staking and lending that
raise custody concerns, but proposes to sweep in all transactions and
holdings. Nor does the SEC exempt certain investors who may benefit
from other protections. By failing to narrowly target actual problem
areas, the SEC exceeds its authority under the Investment Advisers
Act. See Loving v. IRS, 742 F.3d 1013, 1021-22 (D.C. Cir. 2014)
(agency must craft narrow rule to address specific problems).

In sum, the SEC's proposed custody rule expansion lacks adequate
justification and exceeds the scope needed to address concrete
investor protection needs as required by the APA and Supreme Court
precedent. The SEC should withdraw the proposal and conduct further
study to develop a narrowly tailored approach targeting specific
harms.
THE SEC FAILED TO ADEQUATELY CONSULT WITH THE STATES ON ITS PROPOSAL
TO CURTAIL STATE-CHARTERED TRUST CRYPTO CUSTODY SERVICES

The SEC's proposed amendments to the Rule 206(4)-2 custody rule
fail to adequately consult with state regulators. The custody rule
amendments would severely restrict the ability of state-chartered
trusts to act as qualified custodians for registered investment
advisers’ crypto assets. However, the SEC did not properly consult
with state regulators before proposing rules that would directly
impact state-chartered institutions and override state law.

The SEC's failure to properly consult with state regulators on
the proposed crypto custody restrictions undermines principles of
cooperative federalism and represents an unlawful preemption of state
law. The proposed amendments aim to curtail this without input from
state regulators.

This lack of consultation violates the SEC’s obligations under the
Exchange Act. The SEC must conduct additional consultation with state
regulators and reconsider any proposed restrictions on state-chartered
crypto custody services in light of states' views. Otherwise, the
SEC risks adopting unlawful rules that infringe on states'
authority over their own state-chartered institutions.
FAIRNESS CONCERNS WITH PROPOSED SEC SAFEGUARDING RULE

Mandatory Contract Terms May Disadvantage Certain Qualified Custodians
The proposed rule would require investment advisers to reasonably
believe that qualified custodians have contractually agreed to certain
mandatory terms, such as maintaining insurance policies and providing
indemnification. While major custodial institutions may readily agree
to these terms, they could pose a barrier to entry for smaller or
niche qualified custodians seeking to provide innovative digital asset
custody solutions. Imposing prescriptive one-size-fits-all contractual
requirements without regard to the type of qualified custodian or
asset involved risks unfairly disadvantaging certain market
participants. The SEC should consider a more principles-based approach
that provides advisers and custodians flexibility to negotiate
appropriate safeguards based on the risks and circumstances.

Illiquid Asset Transfer Notice Requirements Are Overly Burdensome
The proposed amendments would also require investment advisers to
notify an independent public accountant within one business day of any
transfer of ownership of illiquid assets that cannot be held by a
qualified custodian. See
https://viewpoint.pwc.com/dt/us/en/pwc/in_briefs/2023/2023/secrulechangesonsafeguarding.html#pwc_topic.
For advisers dealing in assets like real estate or artwork where
ownership transfer formalities move slowly, a 1-day notice requirement
is needlessly burdensome compared to the risks. It would be fairer to
provide a notice period that realistically reflects transfer timelines
for illiquid asset classes.

Crypto Trading Platform Restrictions Could Harm Market Efficiency
The SEC has suggested that crypto trading platforms cannot serve as
qualified custodians under the proposed rule. However, precluding
advisers from using such platforms absent custodian participation in
transactions could severely inhibit efficient crypto trading and
unfairly disadvantage digital asset investors. The SEC should clarify
how advisers can execute trades in a compliant manner or provide
platforms a path to becoming qualified custodians.

While the Safeguarding Rule aims to enhance fairness for advisory
clients, the SEC must also consider fairness for market participants
and avoid unduly burdening specific custodians, advisers, or
investors. With refined provisions to ease compliance burdens where
appropriate, the rule can achieve its investor protection goals while
ensuring smooth market functioning.