An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock
()
or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Please find written input submissions to the Crypto Task Force below. The written input is posted without modification. We hope sharing the submissions will help encourage productive dialogue and continued engagement. Please note that the “Key Points” and “Topics” are AI generated. AI can make mistakes, and the Key Points and Topics are not a replacement for you reading the submissions. The Crypto Task Force has not reviewed these AI-generated summaries for accuracy or completeness. If you believe a Key Point or Topic is inaccurate, please email the Crypto Task Force at crypto@sec.gov. The written input provided to the SEC and posted on this page does not necessarily reflect the views of the Crypto Task Force or others in the U.S. Securities and Exchange Commission.
The SEC should use its exemptive authority and staff guidance to enable tokenized securities trading under clear, principles-based conditions while formal rulemaking is developed.
A technology-neutral regulatory approach is essential to avoid rules that become obsolete and to ensure fair competition without favoring specific technologies.
Interim measures like pilot programs and conditional relief are critical to gather data, address investor protection and oversight concerns, and inform comprehensive rulemaking.
OTCM’s ST22 Security Token model fully satisfies SEC Category 1 requirements, including direct issuer board authorization, SEC-registered transfer agent custody, CUSIP assignment, and 1:1 preferred share backing.
The submission advocates targeted regulatory relief and safe harbor provisions for issuer-authorized tokenization models serving abandoned OTC markets, emphasizing qualified custody and verifiable 1:1 backing.
OTCM integrates protective conversion triggers and programmable compliance controls (e.g., circuit breakers, wallet concentration limits) to mitigate counterparty and bankruptcy risks identified by the SEC.
The proposed Digital Markets Restructure Act of 2026 establishes a uniform federal framework for the issuance, trading, custody, and supervision of digital assets, preempting inconsistent state laws and eliminating duplicative registration requirements for entities operating under joint SEC and CFTC oversight.
Regulatory jurisdiction over digital assets is determined by a risk-based classification model: enterprise risk falls under SEC, exposure risk under CFTC, and market risk is subject to joint oversight, with hybrid instruments supervised collaboratively and lead supervisor designation rotating as risk profiles change.
The Act introduces proportionate, technologically adaptive regulation, recognizing that digital assets may modularize economic rights and risks, and mandates that regulatory requirements scale according to residual risk rather than asset form or label, with safe harbor provisions for innovation and privacy-preserving compliance mechanisms.
The SEC’s exemptive authority under Section 36 of the Exchange Act allows exemptions only if “necessary or appropriate in the public interest” and consistent with investor protection, requiring consideration of efficiency, competition, and capital formation.
Exempting DeFi trading venues and order-entry firms from registration could disapply core investor protections (e.g., best execution, trade reporting, financial responsibility), creating a parallel regulatory regime for the same securities.
Granting exemptions based solely on technological differences risks regulatory arbitrage, undermining market integrity and potentially impairing liquidity, transparency, and resiliency across U.S. equity markets.
Miller Whitehouse-Levine and Patrick Wilson, Solana Policy Institute
The SEC should adopt a technology-neutral framework that distinguishes true intermediaries (those holding funds or controlling execution) from developers of non-custodial, non-discretionary software tools.
Interpretive guidance should confirm that publishing or maintaining non-custodial software (wallets, smart contracts, passive interfaces) does not constitute operating an exchange, clearing agency, or effecting transactions for others.
The definition of “exchange” should exclude non-custodial, non-discretionary software that does not perform marketplace functions, ensuring communication layers and read-only tools remain outside regulatory scope.
The SEC should apply existing statutory definitions of “exchange,” “broker,” and “dealer” to DeFi participants and assess compliance under the Securities Exchange Act of 1934.
The SEC lacks authority and policy basis to grant broad exemptive relief from these definitions, as doing so would undermine investor protections and market resiliency measures.
Instead of disapplying the regulatory framework, the SEC should conduct rule-by-rule analysis and address impediments through notice-and-comment rulemaking to preserve investor protections.
Securities Industry and Financial Markets Association (SIFMA)
Activities involving native, wrapped, or entitlement tokens qualify as securities transactions, triggering broker-dealer, exchange, and registration requirements under the Securities Act and Exchange Act.
Issuers of tokenized securities must comply with Securities Act §§ 5, 6, 7, 10, including filing registration statements and delivering prospectuses. Additional disclosures may be needed to address unique tokenization risks.
Sections 12, 13, 15, 17, and 23 of the Securities Act and §§ 9, 10, and 20 of the Exchange Act prohibit manipulative practices and impose liability for material misstatements or omissions, regardless of whether securities are tokenized.
The proposed modernization advocates amending the Custody Rule to allow registered investment advisers (RIAs) to safeguard client crypto assets using non-qualified custodian (non-QC) solutions under a reasonableness standard, ensuring assets remain secure and fiduciary duties are met.
Introducing flexibility to permit both QC and non-QC safeguarding solutions mitigates operational frictions, reduces concentration risk, and aligns custody practices with the unique properties of crypto assets, while maintaining compliance with the Custody Rule’s core tenets.
The model framework leverages multi-signature/multi-party computation (MS/MPC) technology, contractual agreements (MPA), and operational security standards to satisfy policy objectives of segregation, safeguarding, and independent verification without mandatory third-party custody.
SIFMA refuted claims by DeFi Education Fund that it previously supported broad exemptive relief for emerging technologies, clarifying that its advocacy focused on structured regulatory reform through formal rulemaking and statutory authority.
SIFMA opposed the SEC’s 2022 Proposal to redefine “exchange” under Rule 3b-16, citing concerns that the inclusion of undefined terms like “communication protocol systems” would improperly expand regulatory scope to systems operated by broker-dealers and investment advisers.
SIFMA recommended a limited volume exemptive framework under the Exchange Act, tailored to address specific market challenges, rather than blanket exemptions for DeFi platforms.
Zack Tickman, Claude & Friends: Risk Analytics Research Group
Custody, RFI Responses, Safe Harbor, Security Status
Zcash and Aleo rely on zkSNARKs requiring a “trusted setup,” which introduces a permanent trust assumption. If the setup’s entropy (“toxic waste”) is not securely destroyed, it could allow undetectable token counterfeiting, undermining supply integrity.
Zcash’s opt-in privacy model results in most transactions being transparent, enabling deanonymization through statistical analysis. This undermines its claim to privacy-preserving status and exposes users to surveillance risks.
Aleo’s programmable privacy increases protocol complexity, which has led to real-world data leaks (e.g., unencrypted KYC data). This complexity heightens the likelihood of implementation flaws, expanding the attack surface and compromising user privacy.
