Oct. 29, 2023
Please note the following comments I respectfully make regarding potential issues with the proposed rule: MONITORING DIFFICULTIES SUPPORT TAILORED CRYPTO ASSET CUSTODY REQUIREMENTS The SEC’s proposed custody rule amendments raise significant monitoring difficulties for investment advisers seeking to hold crypto assets on behalf of clients. While the SEC aims to enhance investor protections, the proposal’s broad application to all crypto assets exceeds what is required to reasonably safeguard client assets and risks impairing advisers’ ability to manage crypto assets in clients’ best interests. The SEC should tailor the final rule to account for the novel features and risks of different types of crypto assets. For instance, the proposal could exempt advisers to hold stablecoins and algorithmic stablecoins with qualified custodians, due to their lower risks. Stablecoins aim to maintain a stable value, posing fewer valuation and volatility risks. And major stablecoins like USDC already employ robust auditing and disclosure requirements that protect against fraud. See Centre Consortium, USDC Audit Reports, https://www.centre.io/usdc-transparency. The SEC should thus tailor the final rule to exempt stablecoins and other crypto assets with distinct risk profiles. This would appropriately balance investor protections while enabling advisers to efficiently manage diversified crypto asset portfolios. THE PROPOSED RULE LACKS CLEAR GUIDELINES FOR ENFORCEMENT PROGRAM OPTIMIZATION REGARDING CRYPTO CUSTODY. The SEC's proposed amendments to the custody rule under the Investment Advisers Act seek to modernize custody requirements in light of developments in the crypto asset marketplace. However, the complexities of applying custody requirements to crypto assets warrant clear guidelines from the SEC on enforcement priorities and program optimization. Without such direction, the SEC risks inefficient deployment of enforcement resources and inconsistent industry compliance. The SEC should provide transparent guidance on enforcing the amended custody rule against crypto custodians. As the Proposal notes, proving "exclusive possession or control" of crypto assets presents unique challenges due to their intangible nature and transferability. While the SEC cautions that crypto platforms likely cannot serve as qualified custodians under the Proposal, it remains ambiguous whether acceptable custody models could be devised, particularly by state-chartered trusts. Rather than rely solely on enforcement actions to delineate compliance standards on a case-by-case basis, the SEC should clarify upfront the criteria and methods for demonstrating exclusive crypto custody and qualified custodian status. Advanced notice of enforcement priorities would allow the SEC to optimize its oversight program by focusing on core risks identified through industry engagement, while enabling crypto custodians to conform business practices accordingly. The SEC should also establish clear metrics and processes for evaluating the amended custody rule’s effectiveness over time. As crypto markets and related services continue evolving rapidly, custody risks and regulatory concerns may shift. Periodic review based on data-driven benchmarks would help the SEC recalibrate enforcement efforts in response to market changes. The SEC could measure, for example, change in reported incidents of crypto asset misappropriation from advised accounts, fidelity bonding rates for crypto custodians, and investor perceptions of custody safeguards. A transparent feedback loop would optimize enforcement by targeting resources at emerging and persistent compliance gaps. Finally, the SEC should coordinate with other federal and state regulators overseeing crypto custody and qualified custodian status. As the Proposal notes, banks and trust companies may offer crypto custody under separate charters and regimes. Close collaboration would help reconcile overlapping agency mandates and streamline industry oversight. The SEC could enter into memoranda of understanding to delineate enforcement responsibilities or establish interagency working groups to optimize coordination. A joint regulatory framework with aligned priorities would enhance enforcement effectiveness and reduce compliance burdens. In conclusion, adopting clear enforcement guidelines, metrics, and coordination protocols would significantly strengthen the SEC's crypto custody program under the amended rule. The SEC should optimize oversight and industry compliance proactively rather than rely solely on reactive enforcement measures. Concrete steps toward enforcement transparency and accountability would ensure investor protection keeps pace with crypto asset growth. THE PROPOSED RULE IMPOSES REGULATORY BURDENS ON INTERNATIONAL BUSINESSES The proposed amendments to the investment adviser custody rule impose undue regulatory burdens on international businesses in contravention of principles established in caselaw and past SEC guidance. Requiring advisers to enter written agreements with qualified crypto custodians and mandating enumerated assurances creates unnecessary compliance costs and legal uncertainty for global enterprises. The proposed rule conflicts with the Supreme Court's clear directive against the extraterritorial application of U.S. securities laws absent clear Congressional intent. In Morrison v. National Australia Bank, the Court held that sections of the Securities Exchange Act do not apply extraterritorially based solely on conduct in the United States. 561 U.S. 247, 267 (2010). Similarly, the custody rule amendments should not dictate requirements for non-U.S. custodians of non-U.S. clients' crypto assets held outside the United States. Expanding the custody rule's reach beyond the United States exceeds the SEC's authority and interferes with foreign regulations. Imposing U.S. qualified custodian requirements on non-U.S. advisers dealing with non-U.S. clients requires just such extraterritorial analysis, which is absent from the proposal. Courts disfavor agency interpretations that conflict with prior representations. In Christopher v. SmithKline Beecham Corp., the Supreme Court rejected deference to an agency's changed position that contradicted its longtime, consistent practice. 567 U.S. 142, 155 (2012). The SEC should thus clarify that the custody rule does not regulate offshore activity given its prior statements against extraterritorial application of U.S. securities laws. Subjecting non-U.S. custodians to U.S. requirements also contravenes international comity principles counseling against unreasonable interference with foreign sovereign authority. Requiring adherence to qualified custodian standards fails to respect other nations' prerogative to regulate business within their borders. The SEC should avoid unnecessary intrusion into the affairs of other nations per the Restatement (Fourth) of Foreign Relations Law § 405 (2018). In sum, the proposed custody rule amendments inappropriately extend U.S. law abroad absent clear Congressional authorization and against SEC assurances. The SEC must tailor the rule to avoid unreasonable burdens on international business. THE SEC CANNOT INFRINGE UPON INDIVIDUAL RIGHTS RELATED TO CRYPTOCURRENCY TRANSACTIONS WITHOUT VIOLATING THE NINTH AMENDMENT The SEC's proposed rule to regulate cryptocurrency transactions exceeds the Commission's authority and violates the Ninth Amendment of the U.S. Constitution. The Ninth Amendment states that the enumeration of certain rights in the Constitution shall not be construed to deny or disparage other rights retained by the people. Cryptocurrencies enable individuals to exercise their fundamental economic liberties, including the rights to acquire and transfer property, through a decentralized digital medium of exchange. By imposing overly burdensome regulations that restrict how individuals can transact in cryptocurrency, the SEC would infringe upon rights guaranteed under the Ninth Amendment. The SEC argues it has a compelling interest in protecting investors from fraud and manipulation in the cryptocurrency markets. However, the proposed regulations are not narrowly tailored to achieve those goals without unduly restricting individual liberties. Less restrictive alternatives exist, such as enforcing existing anti-fraud laws, requiring clear disclosure of risks, and registering cryptocurrency exchanges. The Ninth Amendment forbids the government from disproportionately burdening citizens' rights merely because those rights are not expressly enumerated. The Constitution grants limited powers to the federal government for good reason – to prevent unrestrained intrusions into people’s lives. The SEC should adhere to its proper role of enforcing disclosure requirements and anti-fraud laws. It cannot use investor protection as carte blanche to control how individuals choose to transact. Cryptocurrency empowers people to exercise their economic freedom and personal financial responsibility. By dictating how private citizens can transfer their own cryptocurrency, the SEC would exceed its authority and violate the Ninth Amendment. CYBERSECURITY RISKS FACED BY FINANCIAL INSTITUTIONS HOLDING CRYPTO ASSETS The SEC's proposed amendments to the Custody Rule do not adequately address the unique cybersecurity risks faced by financial institutions that hold crypto assets on behalf of clients. While the proposed enhancements to custody standards are a positive step, more must be done to mitigate cyber threats when dealing with this new asset class. As outlined in the proposing release, crypto assets have features that present distinct security vulnerabilities compared to traditional financial assets. The immutability of blockchain transactions, the irrevocability of transfers initiated with private keys, and the widespread availability of malware targeting crypto holders demonstrate the heightened cyber risks involved. Recent hacks of crypto companies underscore the seriousness of these threats. The core of the issue is that controlling the private keys to a crypto wallet is equivalent to controlling the assets within it. Whoever holds the private keys has total power over the contents of the wallet. This is very different from holding traditional assets like stocks and bonds in a custodial account, where multiple steps and safeguards are involved in initiating transfers or asset movements. With crypto private keys, a single cyber breach can result in immediate and irreparable loss of all assets. To adequately address this risk, the Custody Rule should require detailed cybersecurity standards tailored to institutions holding crypto keys. These standards should mandate: Use of robust cold wallet storage and multi-party computation systems to safeguard private keys Implementation of hardware security modules and biometric controls on key access Rigorous key generation, encryption and management protocols Regular auditing of crypto asset holdings, transfers and access logs Incident response plans focused on containing crypto asset breaches Cyber insurance policies covering risks unique to crypto custody Crypto assets represent the future of finance, but also introduce novel cyber risks. The Custody Rule presents an opportunity to implement forward-looking standards that will protect consumers and promote responsible crypto asset growth. The SEC should seize this opportunity by directly addressing the cybersecurity challenges of crypto custody. INEFFECTIVE DISPUTE RESOLUTION PROCEDURES FOR DIGITAL ASSETS UNDER THE PROPOSED QUALIFIED CUSTODIAN FRAMEWORK The SEC's proposed amendments to the custody rule under Rule 206(4)-2 fail to provide for effective dispute resolution procedures to address issues unique to digital asset custody. The immutable and irreversible nature of blockchain transactions makes it impossible to reverse erroneous or fraudulent transactions, recover lost assets, or correct errors. However, the proposed rule does not adequately address how clients can obtain meaningful legal recourse in the event their digital assets are misappropriated or subject to unauthorized transactions while in the custody of a qualified custodian. The SEC should modify the proposal to require qualified custodians to implement dispute resolution procedures tailored to digital assets, such as compulsory arbitration, to provide clients an avenue for recovery. Requiring qualified custodians to implement effective dispute resolution procedures is necessary to prevent fraud and protect investors as contemplated under Section 206. In addition, the Advisers Act authorizes the SEC to require investment advisers to adopt recordkeeping and operational standards as necessary or appropriate in the public interest or for investor protection (15 U.S.C. § 80b-11). Mandating dispute resolution procedures for digital asset custody serves the public interest and protects investors by providing a means for clients to recover lost assets or be made whole for custodian negligence or misconduct. DECREASED INNOVATION IN THE DIGITAL ASSET MARKET DUE TO PROPOSED SEC CUSTODY RULE The proposed amendments to the SEC's custody rule for registered investment advisers, which would expand the definition of "assets" to include digital assets, may have the unintended consequence of stifling innovation in the digital asset market. By imposing strict, blanket requirements on the custody of digital assets without accounting for their unique technological properties, the proposed rule fails to foster the continued growth and maturation of this nascent asset class. Digital assets and their underlying blockchain technology enable new models of asset transfer, custody, and utilization that are not feasible with traditional assets like stocks and bonds. Multi-party computation cryptography allows for decentralized, distributed custody solutions that provide security advantages over traditional custodial models relying on a single third party. Smart contracts allow programmatic automation of asset transfers, trades, and other transactions according to predefined parameters. New consensus mechanisms like proof-of-stake permit novel means of asset utilization and value generation, including staking and other strategies not available in traditional markets. By declining to recognize these technological innovations, the proposed rule mandates custodial models that do not map well onto many digital asset activities. The requirement for "exclusive possession or control" at all times would preclude advisers from leveraging decentralized custody solutions, engaging with decentralized financial protocols, or employing staking and other strategies reliant on temporary deposit of assets. While intended to increase security, this blanket approach will instead force digital asset custody into legacy constructs incompatible with many of the most promising applications of the technology. The proposed rule risks significantly curtailing investment in and development of new digital asset projects, services, and protocols, depriving American investors of opportunities for returns and economic growth. Startups and entrepreneurs may shy away from digital asset markets with heightened regulatory uncertainty and barriers to innovation. Talent and capital may migrate overseas to more accommodating jurisdictions. The result will be reduced U.S. competitiveness and leadership in what is projected to become a $5 trillion market within the next five years. Rather than impose outdated custodial models on digital assets, the SEC should take care to craft rules that account for unique technological capabilities and promote responsible innovation. Doing so will allow digital asset markets to continue maturing while maintaining rigorous investor protections. This more tailored, nuanced approach will best serve the long-term interests of investors and ensure U.S. competitiveness in the growing digital economy. THE PROPOSED AMENDMENTS TO THE CUSTODY RULE DO NOT PROVIDE ADEQUATE OPPORTUNITY FOR PUBLIC PARTICIPATION AND COMMENT The SEC's proposed amendments to the custody rule, Rule 206(4)-2, significantly expand the scope of assets covered by the rule to include all crypto assets and impose stringent requirements on advisers with custody of crypto assets. While the goals of investor protection and safeguarding client assets are laudable, the SEC has not provided the public with sufficient opportunity to meaningfully participate in the rulemaking process as required by the Administrative Procedure Act (APA). Specifically, the APA requires federal agencies to publish notice of proposed rules in the Federal Register and provide interested parties the opportunity to submit written comments (5 USC 553(b) and (c)). The purpose is to allow for meaningful public participation before rules take effect. However, in this case, the SEC has not given the public adequate time to digest the complexities of the proposal and provide thoughtful feedback. The proposing release is hundreds of pages and raises complex questions about the application of the custody rule to emerging technologies like crypto assets. Yet, the initial comment period was only 60 days. While the SEC subsequently reopened the comment period, it is still insufficient for proper analysis of the nuances and implications of the amendments across various business models. The public needs more time to respond to such an expansive rule change. In addition, the APA requires agencies to consider and respond to significant public comments in promulgating final rules. This allows the public to see their feedback was considered. Extending the comment period would result in more thoughtful input for the SEC to consider. Further, the DC Circuit has held that agencies must remain open-minded and cannot finalize rules that are not a logical outgrowth of the proposed rule. Here, the SEC has signaled pre-judgment by stating in the proposing release that crypto platforms cannot qualify as custodians, which discourages good-faith public input. The public needs more time and opportunity to comment on this impactful rule change. The SEC should extend the comment period by a minimum of 60 additional days. Doing so will lead to better rulemaking and comply with the APA's requirements for public participation. THE PROPOSED RULE FAILS TO ENSURE SUFFICIENT ACCOUNTABILITY FOR REGULATORS THEMSELVES The Securities and Exchange Commission's proposed amendments regarding investment adviser custody of digital assets, while seeking to enhance investor protections, fail to provide for adequate accountability of the regulators themselves. The administrative process lacks sufficient checks and balances, raising concerns about potential overreach or arbitrary decision-making by regulators. To withstand judicial scrutiny, agency action must not be "arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.". While courts grant deference to agency expertise, that deference is not unlimited. Agency action can be invalidated where the agency "entirely failed to consider an important aspect of the problem" or "offered an explanation for its decision that runs counter to the evidence before the agency." Motor Vehicle Mfrs. Assn. v. State Farm Mut. Auto. Ins. Co., 463 U.S. 29, 43 (1983). Here, the SEC's proposal fails to adequately consider the due process implications of granting regulators broad, unchecked authority over digital asset custody arrangements. The proposal would empower SEC staff to make determinations regarding "possession and control" of crypto assets without sufficient regulatory oversight. Chairman Gensler's stated view that "investment advisers cannot rely on [crypto platforms] as qualified custodians" prejudges the issue rather than making an objective, evidence-based determination. To pass judicial muster, the final rule should include safeguards to prevent arbitrary or unfair actions by SEC staff and preserve advisers' due process rights. For example, the rule could provide advisers an internal appeals process to challenge adverse possession and control determinations. It could also impose a higher burden of proof on SEC staff to show a lack of "possession and control." Clear definitions and objective criteria for digital asset custody would further restrain arbitrary enforcement. Additional accountability measures like required regulatory impact analyses and retrospective reviews of rules could also help protect regulated entities against overreach while still advancing investor protections. See Exec. Order No. 12866; Exec. Order 13563. As Justice Brandeis famously warned, "Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficent." Olmstead v. United States, 277 U.S. 438, 479 (1928) (dissenting opinion). The SEC should heed those words and implement appropriate safeguards. INADEQUATE RATIONALE FOR MASSIVE EXPANSION OF CUSTODY RULE The SEC's proposed rule to expand the custody rule to cover "all crypto assets" is flawed because the SEC fails to provide an adequate rationale to justify this massive expansion in scope. The current custody rule in Rule 206(4)-2 applies only to "funds and securities." The SEC provides no evidence of significant investor losses in crypto assets that are not "securities" under the federal securities laws that would justify this sweeping expansion in scope. The SEC's justifications are speculative and conclusory, failing to identify actual harms or provide data demonstrating concrete investor protection needs that support applying the custody rule to non-security crypto assets. The SEC claims crypto assets raise "heightened risk of loss" but provides no empirical data showing investors have suffered losses due to lack of protections. See SEC v. Chenery Corp., 332 U.S. 194, 196 (1947) ("[A]n administrative order cannot be upheld unless the grounds upon which the agency acted . . . were those upon which its action can be sustained."); Motor Vehicle Mfrs. Ass'n v. State Farm Mut. Auto. Ins. Co., 463 U.S. 29, 43 (1983) (agency must examine relevant data and articulate satisfactory explanation for action). The SEC also fails to tailor the proposal to address legitimate areas of concern. For example, the SEC does not limit the expanded custody rule to high-risk crypto activities like staking and lending that raise custody concerns, but proposes to sweep in all transactions and holdings. Nor does the SEC exempt certain investors who may benefit from other protections. By failing to narrowly target actual problem areas, the SEC exceeds its authority under the Investment Advisers Act. See Loving v. IRS, 742 F.3d 1013, 1021-22 (D.C. Cir. 2014) (agency must craft narrow rule to address specific problems). In sum, the SEC's proposed custody rule expansion lacks adequate justification and exceeds the scope needed to address concrete investor protection needs as required by the APA and Supreme Court precedent. The SEC should withdraw the proposal and conduct further study to develop a narrowly tailored approach targeting specific harms. THE SEC FAILED TO ADEQUATELY CONSULT WITH THE STATES ON ITS PROPOSAL TO CURTAIL STATE-CHARTERED TRUST CRYPTO CUSTODY SERVICES The SEC's proposed amendments to the Rule 206(4)-2 custody rule fail to adequately consult with state regulators. The custody rule amendments would severely restrict the ability of state-chartered trusts to act as qualified custodians for registered investment advisers’ crypto assets. However, the SEC did not properly consult with state regulators before proposing rules that would directly impact state-chartered institutions and override state law. The SEC's failure to properly consult with state regulators on the proposed crypto custody restrictions undermines principles of cooperative federalism and represents an unlawful preemption of state law. The proposed amendments aim to curtail this without input from state regulators. This lack of consultation violates the SEC’s obligations under the Exchange Act. The SEC must conduct additional consultation with state regulators and reconsider any proposed restrictions on state-chartered crypto custody services in light of states' views. Otherwise, the SEC risks adopting unlawful rules that infringe on states' authority over their own state-chartered institutions. FAIRNESS CONCERNS WITH PROPOSED SEC SAFEGUARDING RULE Mandatory Contract Terms May Disadvantage Certain Qualified Custodians The proposed rule would require investment advisers to reasonably believe that qualified custodians have contractually agreed to certain mandatory terms, such as maintaining insurance policies and providing indemnification. While major custodial institutions may readily agree to these terms, they could pose a barrier to entry for smaller or niche qualified custodians seeking to provide innovative digital asset custody solutions. Imposing prescriptive one-size-fits-all contractual requirements without regard to the type of qualified custodian or asset involved risks unfairly disadvantaging certain market participants. The SEC should consider a more principles-based approach that provides advisers and custodians flexibility to negotiate appropriate safeguards based on the risks and circumstances. Illiquid Asset Transfer Notice Requirements Are Overly Burdensome The proposed amendments would also require investment advisers to notify an independent public accountant within one business day of any transfer of ownership of illiquid assets that cannot be held by a qualified custodian. See https://viewpoint.pwc.com/dt/us/en/pwc/in_briefs/2023/2023/secrulechangesonsafeguarding.html#pwc_topic. For advisers dealing in assets like real estate or artwork where ownership transfer formalities move slowly, a 1-day notice requirement is needlessly burdensome compared to the risks. It would be fairer to provide a notice period that realistically reflects transfer timelines for illiquid asset classes. Crypto Trading Platform Restrictions Could Harm Market Efficiency The SEC has suggested that crypto trading platforms cannot serve as qualified custodians under the proposed rule. However, precluding advisers from using such platforms absent custodian participation in transactions could severely inhibit efficient crypto trading and unfairly disadvantage digital asset investors. The SEC should clarify how advisers can execute trades in a compliant manner or provide platforms a path to becoming qualified custodians. While the Safeguarding Rule aims to enhance fairness for advisory clients, the SEC must also consider fairness for market participants and avoid unduly burdening specific custodians, advisers, or investors. With refined provisions to ease compliance burdens where appropriate, the rule can achieve its investor protection goals while ensuring smooth market functioning.