“Digital securities” are distributed ledger-based representations of value that have the underlying characteristics of traditional securities and are subject to regulation under U.S. securities laws. Transactions involving such digital securities must comply with the securities laws and regulations, just like any security in the United States. As we have written before, digital securities have the potential to create more inclusive and efficient financial markets, yet regulations not designed to address distributed ledger-based systems are impeding the use and adoption of digital securities. In particular, certain regulators have refused to apply rules governing the custody of traditional securities to distributed ledger-based securities, and therefore no broker-dealers have been granted authorization to custody digital securities, stagnating the potential of the industry.
Since digital securities emerged, a surge of broker-dealers have submitted applications to receive clearance to provide services involving digital securities. However, these applications have been held up for years because of issues related to custodial requirements under Rule 15c3–3 in the Securities Exchange Act of 1934 (the “Exchange Act”). In fact, many applicants were asked to withdraw their applications until the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) could sort out the application of custodial requirements to digital securities. According to the SEC, the purpose of Rule 15c3–3 is to “safeguard customer securities and funds held by a broker-dealer, to prevent investor loss or harm in the event of a broker-dealer’s failure, and to enhance the Commission’s ability to monitor and prevent unsound business practices.” In short, the Rule intends to separate broker-dealers’ assets from their customers’ so that customers’ assets are safe and recoverable to them should the broker-dealer fail.
Cryptographic assets based on blockchains, such as digital securities, are controlled through the use of “private keys,” which are essentially “passwords” that grant holders control over assets stored on distributed ledgers. These private keys can themselves be stored in a variety of ways, from being written on a piece of paper to being stored electronically.
Regulators are concerned that the use of private keys by broker-dealers to control digital securities may create unique risks and have therefore declined to grant broker-dealers the ability to custody digital securities. More specifically, regulators are concerned that broker-dealers facilitating digital securities transactions may be unable to comply with the “exclusive control” and “transaction reversibility” requirements of Rule 15c3–3.
Indeed, the SEC and FINRA have stated that “the fact that a broker-dealer (or its third party custodian) maintains the private key may not be sufficient evidence by itself that the broker-dealer has exclusive control of the digital asset security (e.g., it may not be able to demonstrate that no other party has a copy of the private key and could transfer the digital asset security without the broker-dealer’s consent). In addition, the fact that the broker-dealer (or custodian) holds the private key may not be sufficient to allow it to reverse or cancel mistaken or unauthorized transactions. These risks could cause securities customers to suffer losses, with corresponding liabilities for the broker-dealer, imperiling the firm, its customers, and other creditors.”
While these concerns may be relevant to some cryptographic assets, digital securities based on blockchains (such as those built using smart contracts on Ethereum) can and have been designed to minimize the risk of theft and unauthorized use. It is here the regulators confuse “reversible” and “remediable”. Simply because a blockchain provides an inalterable ledger doesn’t mean that transfers cannot be traced, values cancelled and reinitiated. Unlike “permissionless” cryptographic assets like Bitcoin, digital securities must be distributed by an issuer, which can be given control over the issued digital securities. For example, in the event of theft or mistaken transactions, the issuer could essentially “cancel” the stolen securities and reissue the securities to their rightful owner. Moreover, because every transaction involving digital securities is recorded on a blockchain, issuers could quickly and easily identify mistaken or fraudulent transactions and remedy them. Finally, in the event an investor loses a private key, and therefore, in effect, the security, the issuer could replace them, resulting in no harm to the investor.
Furthermore, the potential of third parties or bad actors obtaining a private key is not unique to digital securities. Unauthorized access is a risk at every level of the existing financial system. The ability to secure private keys in a more robust way than traditional passwords may actually mitigate these risks.
The application of distributed ledger technology to securities has created novel regulatory issues. However, there are a growing number of solutions to these problems that, if implemented, could spur greater use of digital securities. It is critical that regulators like the SEC allow current rules to be applied to these novel technologies so that they do not inadvertently harm customer interests or capital formation more broadly. If issues regarding digital securities can be worked through thoughtfully, securities markets could be improved in terms of speed, efficiency, and profitability.