Why Crypto Fund Managers Are Worried About SEC’s Newly Proposed Safeguard Rule – TheFundLawyer
Note: This post is not intended to be a comprehensive summary of the Safeguards Rule. Rather, it is intended to highlight some of the key requirements for fund managers should the SEC adopt the rule, as well as immediate concerns raised by SEC statements in the proposed release.
After five years on the Securities and Exchange Commission’s rulemaking agenda, the proposed changes to the Registered Investment Advisers Custody Rule were finally released for public comment last week. While the proposed release includes hundreds of questions regarding the proposed changes, perhaps the most relevant question for venture capital firms investing in cryptoassets—especially firms that have recently switched from being exempt reporting advisers (ERAs) to registered investment advisers (RIAs)—may be the one that In his statement on the proposed rule, Commissioner Mark Uyeda stated: “How can an advisor seeking to comply with this rule invest client funds in cryptoassets after reading this release?” In fact, there are a number of statements in the proposed release that are causing particular frustration for crypto fund managers. In the words of Commissioner Hester Peirce: “These statements encourage investment advisors to withdraw immediately from advising their clients with respect to crypto.”
Proposed Rule 223-1 (Security Rule) would replace current Rule 206(4)-2 (Custodian Rule) under the Investment Advisers Act of 1940. Unlike the Custodian Rule, which applies only to funds and securities, the Safeguard Rule would apply to all assets, including cryptoassets, whether they are funds or securities. In addition, the protection rule will apply to all client funds, including those for which the RIA receives no compensation. To be clear, the Safeguard Rule will not apply to ERAs, nor will it apply to non-US RIAs with respect to their non-US funds, although these advisers may receive questions from their investors regarding how their crypto assets are held.
Under the Safeguards Rule, an RIA with “custodianship” of a private fund’s assets, which would include serving as the fund’s general partner or having discretionary authority, would meet the following requirements:
- Engage a Qualified Custodian (QC) to maintain possession or control of client funds.
- “Eligible custodian” is a defined term that includes certain banks, savings associations and registered broker-dealers. A crypto custodian that does not meet the definition of QC – no matter how superior its systems and protocols and despite the lack of alternative options – could not custodian its client’s assets.
- To have “possession or control”, QC must be required to participate in any change in beneficial ownership of assets, its participation must effect the transaction involved in the change in beneficial ownership, and its involvement must be a precedent for the change in beneficial ownership .
- Enter into a written agreement with QC that provides for all of the following provisions and reasonably believes that they have been implemented:
- The QC will promptly provide documents to the SEC or an independent public auditor engaged by the RIA to perform custody audits.
- The QC will obtain, and provide to the RIA, an annual written internal control report that includes an opinion from an independent public accountant as to whether controls are in place as of a particular date, are appropriately designed, and are operating effectively.
- The parties will specify the agreed level of authority of the RIA to carry out transactions on the account.
- Obtain reasonable written assurances from QC that:
- QC will exercise due care and take appropriate measures to protect the client’s assets.
- QC will indemnify the Client – and have insurance to adequately protect the Client – against the risk of loss in the event of QC’s own negligence, recklessness or willful conduct.
- QC’s obligations to the customer will not be excused by the existence of any sub-custodian, securities custody or other similar arrangement.
- QC will clearly identify the Client’s assets as such, hold them in a custodial account and separate all Client funds from QC’s proprietary assets and liabilities.
- QC will not subject Client Assets to any lien, charge, security interest, lien or claim in favor of QC or its creditors, except to the extent authorized in writing by Client.
- Engage a Public Accounting Oversight Board-registered independent public accountant to prepare annual audited financial statements in accordance with US GAAP and distribute the audited financial statements to investors within 120 days of the Fund’s fiscal year-end. (As under the custody rule, this “revised accounting approach” would be an alternative to engaging an independent accountant to conduct surprise audits, and funds of funds would have additional time to deliver the accounts.)
- Enter into a written agreement with the independent public accountant that provides that the public accountant will notify the SEC within one business day of issuing an audit containing a modified opinion, and within four business days of resignation or termination of the engagement.
In order for an RIA to satisfy these requirements, it must effectively enforce the requirements of the Safeguards Rule on its service providers—namely, the quality auditors and the independent public accountants. Setting aside the challenge of forcing a QC to meet the rule’s requirements, for crypto fund managers, the primary challenge may be finding a QC in the first place who has the ability to maintain possession or control of the various crypto assets owned by the RIA’s clients. As noted above, the custodian most qualified to hold a crypto-asset may not be a QC. To be a QC, the custodian must be a US bank, an SEC-registered broker-dealer, a registered futures commission dealer or a state-chartered trust company. A financial institution formed under non-US law will not be a QA unless it satisfies seven conditions specified in the Safeguards Rule – including that it is a foreign regulated entity, it is legally required to comply with anti-money laundering provisions similar to those in the Bank Secrecy Act, and it is required by law to implement internal controls to ensure the exercise of due diligence with regard to the safekeeping of client funds. In addition, the SEC and RIA engaging the foreign financial institution must be able to enforce judgments against it.
Like the custody rule, the protection rule will include various exceptions. For example, there will be an exception for certain assets that cannot be maintained with a QC. However, this exemption, which would apply to privately offered securities and physical assets, is unlikely to apply to cryptoassets (if at all), either because they are not securities or because they are registered on public, permissionless blockchains (rather than on non -public books of the issuer or its transfer agent).
In proposing to expand the scope of assets that must be held by a QC, the SEC cites an investment adviser’s fiduciary duty and how that duty “extends to the entire relationship between the adviser and the client regardless of whether a specific holding in a client account meets the definition of funds or a securities.” The SEC also reminds advisers that “as more financial institutions become available for custodian assets, advisers must continue to exercise their fiduciary duties to clients in selecting and monitoring the qualified custodian.”
For crypto fund managers, these statements from the SEC pose a fiduciary dilemma. If an RIA, exercising due diligence necessary to fulfill its fiduciary obligations, determines that the custodian most qualified to hold a client’s cryptoassets is not a QC, the RIA must use a custodian who is less qualified but is a QC ? If, in managing a client’s investments, an RIA determines that it would be in the client’s best interest – and consistent with the client’s investment objectives – to invest in cryptoassets that can only be held by custodians who are not QCs, the RIA must disclaim such investments on its behalf by the client?
As businesses become more familiar with the proposed rule, they may discover additional challenges and questions. We encourage firms to share their concerns and take advantage of the comment process. Comments on the safeguards rule will be due 60 days after the proposed changes are published in the Federal Register. Anyone interested in submitting comments directly can do so via the SEC’s online form.