On February 26, 2020, the Security and Exchange Commission’s (“SEC”) Division of Examinations (the “Division”) published a Risk Alert, “The Division of Examinations’ Continued Focus on Digital Asset Securities.” In the Risk Alert, the Division offered insight into its current examination focus with respect to the activities of market participants, including investment advisers, concerning digital assets that are securities (“Digital Asset Securities”) and distributed ledger technologies.

The Alert outlines the observations of the Division, which were the product of examinations of investment advisers, broker-dealers, and transfer agents and their use of Digital Asset Securities. At only eight pages, the Alert is not an exhaustive compliance document for market participants and does not detail explicitly how firms might remain in compliance with securities laws and regulations.  The Division’s outline of the risks it has observed from recent examinations is, however, a useful roadmap, outlining the areas of focus for the Division’s future examinations and compelling firms to take another look at their relevant compliance practices.  It also raises some questions about the scope of the applicability of federal securities to digital assets that have yet to be explored.

The Risk Alert is organized according to enforcement priorities for each particular market participant. The Risk Alert first puts forth the areas of focus regarding Investment Advisers, which this post will address. The Division stated that it will review policies, procedures and practices of investment advisers managing client portfolios in multiple areas, including the classification of digital assets (i.e., whether they are securities), due diligence on the technology and volatility of digital assets, and the data security, KYC/AML and related risks related to trading venues and trade execution or settlement facilities. The Division will also look to the management of risks and complexities associated with “forked” and “airdropped” digital assets, that is, how the event will effect or be allocated across client portfolios.

In addition, the Division also plans to review the risks and practices of investment advisers related to the custody of digital assets and compliance with the Advisers Act custody rule. It will review, among other things: the occurrence of unauthorized transactions and theft, the controls in place to safe-keep the assets, the security provided to protect private keys and how the adviser evaluates harm due to their loss, and the reliability and security of software used to interact with digital asset networks

The Division will monitor investment advisers regarding the keeping of accurate books and records, the disclosures given to investors regarding risks of digital assets, and the method used to value digital assets.  The Division stated that it will also examine the extent to which an adviser’s advisory activities concerning digital assets affects its or a related person’s registration obligations under both the Advisers Act and the Investment Company Act.

Although, by its terms, the Risk Alert is limited to Digital Asset Securities, the Advisers Act is not so limited.  Once a securities advisory relationship is formed with a client, the anti-fraud provisions extend to all client assets within the scope of that relationship. See Advisers Act Release No. 1092 (Oct. 8, 1987).  Moreover, the custody rule, by its terms, applies to both client securities and funds. Client positions in cryptocurrencies are likely one or the other. A more fundamental question one might ask is whether the Howey analysis cited by the Division always provides a reliable answer to whether a digital asset is a security under the relevant provisions of the Advisers Act or the Investment Company Act. Thus, advisers would be well-advised to read the Risk Alert more broadly than written.

Another question raised by the Alert is the suggestion that advisers have an obligation under the Advisers Act to police the anti-money laundering practices of the platforms through which they may purchase Digital Asset Securities for clients. The Department of Treasury has twice proposed regulations extending anti-money laundering rules to investment advisers, including advisers to hedge funds, but has never adopted them. It is unclear at best how the weakness of platforms’ anti-money laundering practices, even if known by an adviser, could adversely affect advisory clients and violate some provision of the Advisers Act. Moreover, it would not seem possible for an adviser to police money laundering in any meaningful way given the nature of many cryptocurrencies and their lack of transparency.

As we’ve previously written, state and federal regulators have begun to increasingly enforce securities laws in the digital asset space.  Much of the law is still evolving as the SEC seeks to apply laws that pre-date the digital revolution by many decades.  This is, of course, not unlike the challenge the SEC faced in the 1990s when it applied the same statutes to use of the internet. The key difference here is that the Risk Alert has been generated by the newly re-named Division of Examinations (formerly known as the Office of Compliance Inspections and Examinations) and may portend future instances in which that Division is ahead of its colleagues in the operating divisions.

Our experience suggests that more advisers have begun to enter the digital asset arena as clients look for alternative or uncorrelated investment opportunities.  Here, the Division has shared how it might apply existing securities law framework to these investments in the context of compliance examinations.  While the specifics of SEC positions may change, advisers should use this opportunity to assess their compliance and risks management practices related to the risks outlined in the Alert.  With a new administration in power, and its nominee for SEC Chairman having cryptocurrency expertise, more changes and developments can be expected in the next year, but, for now, the Division’s Risk Alert presents a view of examination priorities right now.