Note: This post is not intended to be a comprehensive summary of the Safeguarding Rule. Rather, it is intended to highlight some of the key requirements for fund managers should the SEC adopt the rule, as well as immediate concerns raised by SEC statements in the proposing release.
After five years on the Securities and Exchange Commission’s rulemaking agenda, the proposed amendments to registered investment advisers’ custody rule finally came out for public comment last week. While the proposing release includes hundreds of questions regarding the proposed amendments, the most relatable question for venture capital firms that invest in crypto assets – especially firms that have recently switched from being exempt reporting advisers (ERAs) to registered investment advisers (RIAs) – might be the one posed by Commissioner Mark Uyeda in his statement on the proposed rule: “How could an adviser seeking to comply with this rule possibly invest client funds in crypto assets after reading this release?” In fact, there are a number of statements in the proposing release that prompt particular frustration for crypto fund managers. In the words of Commissioner Hester Peirce: “These statements encourage investment advisers to back away immediately from advising their clients with respect to crypto.”
Proposed Rule 223-1 (Safeguarding Rule) would replace current Rule 206(4)-2 (Custody Rule) under the Investment Advisers Act of 1940. Unlike the Custody Rule, which applies only to funds and securities, the Safeguarding Rule would apply to all assets, including crypto assets, whether or not they are funds or securities. Moreover, the Safeguarding Rule would apply to all client assets, even those for which the RIA receives no compensation. To be clear, the Safeguarding Rule would not apply to ERAs, nor would it apply to non-US RIAs with respect to their non-US funds, although these advisers may receive questions from their investors regarding how their crypto assets are held.
Under the Safeguarding Rule, a RIA with “custody” of a private fund’s assets, which would include serving as the general partner of the fund or having discretionary authority, would need to comply with the following requirements:
- Engage a qualified custodian (QC) to maintain possession or control of client assets.
- “Qualified custodian” is a defined term that includes certain banks, savings associations and registered broker-dealers. A crypto custodian that does not meet the definition of QC – no matter how superior its systems and protocols and notwithstanding the lack of any alternative options – could not custody client assets.
- To have “possession or control,” the QC must be required to participate in any change in beneficial ownership of assets, its participation must effectuate the transaction involved in the change in beneficial ownership, and its involvement must be a condition precedent to the change in beneficial ownership.
- Enter into a written agreement with the QC that provides for all of the following provisions and reasonably believe they have been implemented:
- The QC will promptly provide records to the SEC or an independent public accountant engaged by the RIA to perform custody audits.
- The QC will obtain, and provide to the RIA, an annual written internal control report that includes an opinion of an independent public accountant as to whether controls have been placed in operation as of a specific date, are suitably designed and are operating effectively.
- The parties will specify the agreed-upon level of authority of the RIA to effect transactions in the account.
- Obtain reasonable assurances in writing from the QC that:
- The QC will exercise due care and implement appropriate measures to safeguard client assets.
- The QC will indemnify the client – and have insurance to adequately protect the client – against the risk of loss in the event of the QC’s own negligence, recklessness or willful misconduct.
- The QC’s obligations to the client will not be excused by the existence of any sub-custodial, securities depository or other similar arrangements.
- The QC will clearly identify the client’s assets as such, hold them in a custodial account and segregate all client assets from the QC’s proprietary assets and liabilities.
- The QC will not subject client assets to any right, charge, security interest, lien or claim in favor of the QC or its creditors, except to the extent authorized in writing by the client.
- Engage a Public Company Accounting Oversight Board-registered independent public accountant to prepare annual audited financial statements in accordance with US generally accepted accounting principles and distribute the audited financial statements to investors within 120 days of the fund’s fiscal year-end. (Like under the Custody Rule, this “audited financial statements approach” would be an alternative to engaging an independent public accountant to conduct surprise examinations, and funds of funds would have additional time to deliver the financial statements.)
- Enter into a written agreement with the independent public accountant providing that the accountant will notify the SEC within one business day of issuing an audit that contains a modified opinion, and within four business days of resignation or termination of engagement.
For a RIA to satisfy these requirements, it would effectively need to enforce the requirements of the Safeguarding Rule on its service providers – namely, the QCs and the independent public accountants. Setting aside the challenge of compelling a QC to meet the rule’s requirements, for crypto fund managers, the primary challenge may be finding a QC in the first instance that has the capability to maintain possession or control of the different crypto assets that the RIA’s clients own. As indicated above, the custodian most qualified to custody a crypto asset may not be a QC. To be a QC, the custodian would need to be a US bank, an SEC-registered broker-dealer, a registered futures commission merchant or a state-chartered trust company. A financial institution formed under non-US laws would not be a QC unless it satisfied seven conditions specified in the Safeguarding Rule – including that it is a foreign regulated entity, it is legally required to comply with anti-money laundering provisions similar to those in the Bank Secrecy Act, and it is legally required to implement internal controls designed to ensure the exercise of due care with respect to safekeeping client assets. In addition, the SEC and the RIA engaging the foreign financial institution would need to be able to enforce judgments against it.
Like the Custody Rule, the Safeguarding Rule would include various exceptions. For example, there would be an exception for certain assets unable to be maintained with a QC. However, this exception, which would apply to privately offered securities and physical assets, is unlikely to apply to crypto assets (if at all), either because they are not securities or because they are recorded on public, permissionless blockchains (rather than on the nonpublic books of the issuer or its transfer agent).
In proposing to expand the scope of assets that would need to be held by a QC, the SEC cites an investment adviser’s fiduciary duty and how that duty “extends to the entire relationship between the adviser and client regardless of whether a specific holding in a client account meets the definition of funds or a security.” The SEC also reminds advisers that “as additional financial institutions become available to custody assets, advisers must continue to exercise their fiduciary duties to clients in connection with selection and monitoring of the qualified custodian.”
For crypto fund managers, these statements by the SEC pose a fiduciary dilemma. If in exercising the due care necessary to satisfy its fiduciary obligations a RIA determines that the custodian most qualified to safekeep a client’s crypto asset is not a QC, must the RIA use a custodian that is less qualified but is a QC? If in managing a client’s investments a RIA determines that it would be in the client’s best interest – and consistent with the client’s investment objectives – to invest in crypto assets that can only be held by custodians that are not QCs, must the RIA forego such investments on behalf of the client?
As firms become more familiar with the proposed rule, they may discover additional challenges and questions. We encourage firms to share their concerns and take advantage of the comment process. Comments on the Safeguarding Rule will be due 60 days after the proposed amendments are published in the Federal Register. Anyone interested in submitting comments directly can do so via the SEC’s online form.