The U.S. Securities and Exchange Commission has clarified how registered broker-dealers must custody customer crypto assets, reinforcing strict control requirements under existing investor protection rules.
The guidance states that firms must maintain control of the private keys associated with any customer-owned digital assets they hold.
The move brings crypto custody more closely in line with long-standing standards applied to traditional securities and cash.
Private Key Control Becomes A Regulatory Requirement
At the center of the SEC’s guidance is the concept of custody and control. Broker-dealers that hold customer crypto assets must treat those assets as fully subject to customer protection rules, which requires sole possession or control of the relevant private keys.
The guidance emphasizes that firms must be able to access private keys without interruption, ensuring they can meet customer withdrawal requests at any time.
Rule 15c3-3 Applies To Digital Assets
The SEC confirmed that the requirements stem from the Customer Protection Rule, formally known as Rule 15c3-3. This rule is designed to safeguard customer assets from misuse and to protect them in the event of a firm’s insolvency.
By explicitly applying the rule to crypto assets, the SEC is signaling that digital assets held by broker-dealers are not treated differently from other customer property in regulated environments.
Rehypothecation Of Customer Crypto Is Prohibited
A critical element of the guidance is the prohibition on rehypothecation. Broker-dealers are not permitted to lend, pledge, or otherwise use customer-owned crypto assets for their own purposes.
This restriction is intended to prevent situations where firms lack sufficient assets to satisfy customer claims, a risk that has been highlighted during past market disruptions in the crypto sector.
Addressing Structural Risks Exposed In Prior Crises
The SEC’s position responds directly to concerns that some crypto firms may not hold enough underlying assets to meet customer redemptions. Market failures in previous years exposed weaknesses in custody practices, particularly where firms relied on third parties or complex arrangements to manage private keys.
The guidance seeks to eliminate ambiguity around responsibility by making custody obligations explicit.
Aligning Crypto With Traditional Custody Standards
SEC Chair Paul Atkins noted that while technological tools exist to enhance security and privacy, the agency’s primary obligation remains investor protection. As a result, digital assets held by broker-dealers must meet the same safeguarding standards applied to traditional financial instruments.
For large broker-dealers and exchanges offering custodial services, the guidance raises the bar for infrastructure, governance, and operational resilience.
Implications For The Industry
The clarification will require affected firms to review and, where necessary, upgrade their custody frameworks. Ensuring uninterrupted private key access, eliminating rehypothecation practices, and maintaining clear segregation of customer assets will be central to compliance.
The guidance represents another step in the SEC’s effort to integrate digital assets into existing regulatory structures rather than creating a parallel system for crypto.
