On February 26, 2021, the Securities and Exchange Commission’s (“SEC”) Division of Examinations’ released a new risk alert, titled “Continued Focus on Digital Asset Securities”.
In this release, the Division of Examinations’ addresses its continued focus on the activities related to the offer, sale, and trading of securities known as “Digital Asset Securities”. The Division makes it clear to investment advisors that digital assets along with use of distributed ledger technologies will be a focus area for future examinations and discloses the related risks identified during recent examinations. RIA firms can use the components from the release that are listed below to assess and strengthen their compliance programs.
In this risk alert, the Division staff notes:
This statement represents the views of the staff of the Division of Examinations (formerly known as the Office of Compliance Inspections and Examinations). It is not a rule, regulation, or statement of the U.S. Securities and Exchange Commission (“Commission”). The Commission has neither approved nor disapproved its content. This statement, like all staff guidance, has no legal force or effect: it does not alter or amend applicable law, and it creates no new or additional obligations for any person.
The key compliance components highlighted in the release that will be assessed during investment advisors’ future examinations are as follows:
- Portfolio Management: A firm’s policies and procedures related to advising clients on digital assets will be examined closely. Specifically, the following list includes areas of focus:
- Classification of digital assets
- Due diligence on digital assets (i.e. the knowledge and understanding of the digital assets, technology involved, and volatility)
- Evaluation and mitigation of risks related to trading venues and trade execution or settlement facilities (e.g. security breaches, fraud, insolvency, market manipulation)
- Management of risks and complexities associated with “forked” and “airdropped” digital assets
- Fulfillment of advisor’s fiduciary duty
- Books and records: Advisors will be held to their recordkeeping requirements with respect to trading activity and should take into account the varying record and notification systems in place for different trading platforms when developing their own records retention process.
- Custody: The custody of digital assets will be examined for risks, practices, and compliance with Rule 206(4)-2 under the Adviser’s Act, where applicable. Division staff are said to plan on reviewing the following factors:
- Occurrences of unauthorized transactions, including theft of digital assets
- Controls around safekeeping of digital assets
- Business continuity plans where key personnel have exclusive access to private keys
- How the adviser evaluates harm due to the loss of private keys
- Reliability of software used to interact with relevant digital asset networks
- Storage of digital assets on trading platform accounts and with third party custodians
- Security procedures related to software and hardware wallets
- Disclosures: Advisors can expect investor disclosures to be examined closely, including any media such as solicitations, marketing materials, and fund documents. The disclosures must highlight all the following elements: 1) the unique risks associated with digital assets, 2) the complexities of technologies involved, 3) price volatility, 4) valuation methodology, 5) illiquidity, and 6) conflicts of interest.
- Pricing Client Portfolios: It is noted that investment advisors will face challenges with digital asset valuation methods due to market fragmentation, illiquidity, volatility, and vulnerabilities to manipulation. Examiners will analyze the valuation methodologies, including those used to indicate principal markets, fair value, valuation following significant events, and advisor’s detection of forked and airdropped digital assets.
- Registration Issues: With respect to proper registration, examiners will assess how firms determine their regulatory assets under management, the status of their clients, and how digital assets are characterized in pooled vehicles.
It is important to note that this eight-page release is not exhaustive, and it does not fully detail all the factors that could be considered for each RIA firm’s unique operations and compliance program.