SEC Reinforces Investor Protection Rules for Digital Asset Custody

The U.S. Securities and Exchange Commission is tightening the rules around how broker-dealers handle digital assets, making it clear that crypto custody must meet the same investor protection standards that apply to traditional securities.

In new guidance, the SEC clarified that registered broker-dealers holding customer cryptocurrencies must retain direct and continuous control over those assets. In practical terms, that means firms cannot outsource or partially delegate access to the private keys tied to customer funds.

Control of Keys, Control of Assets

At the heart of the clarification is a simple principle: if a broker-dealer holds customer crypto, it must be able to access and return those assets at any time without relying on third parties. The SEC’s position leaves little room for shared custody arrangements or structures where private key access could be interrupted.

This approach treats private keys as the functional equivalent of possession. Without full control of them, a firm cannot claim it properly safeguards customer property.

Crypto Falls Squarely Under Existing Protection Rules

Rather than introducing a new crypto-specific framework, the SEC anchored its guidance in Rule 15c3-3, the long-standing Customer Protection Rule. That rule governs how broker-dealers must segregate and protect client assets, particularly in scenarios involving financial distress or insolvency.

By explicitly extending this rule to digital assets, the SEC is reinforcing that crypto held by regulated firms is not a special case. From a custody standpoint, it must be handled with the same rigor as stocks, bonds, or customer cash.

No Lending or Reuse of Customer Crypto

The guidance also draws a firm boundary around asset usage. Broker-dealers are prohibited from lending, pledging, or otherwise reusing customer-owned cryptocurrencies for their own benefit. This ban on rehypothecation is designed to ensure that customer assets remain fully available at all times.

The restriction reflects lessons learned from past crypto failures, where firms blurred the line between customer property and operational capital, leaving users exposed when liquidity dried up.

Closing Gaps Exposed by Past Failures

The SEC’s move addresses structural weaknesses that became apparent during earlier market crises. In several high-profile cases, customers discovered that assets they believed were securely held were either inaccessible or had been encumbered through complex custody arrangements.

By removing ambiguity around who controls crypto assets and how they must be held, the agency aims to reduce the risk of shortfalls during periods of stress.

Raising the Operational Bar

SEC Chair Paul Atkins emphasized that while digital tools may offer new security and efficiency benefits, investor protection remains the regulator’s primary mandate. As a result, firms offering crypto custody services will be expected to meet higher standards around governance, infrastructure, and operational resilience.

For broker-dealers and exchanges operating within the SEC’s jurisdiction, compliance may require significant changes – from reworking custody models to strengthening internal controls around key management.

Overall, the guidance signals a clear direction of travel. Rather than carving out a separate rulebook for crypto, the SEC is folding digital assets into the existing regulatory framework, reinforcing the message that innovation does not come at the expense of basic customer protections.