Crypto Asset Developments
NEW FOR 2024
Background and Related Considerations
Crypto assets—also known as digital assets—are assets issued or transferred using distributed ledger or blockchain technology.
Member firms seeking to engage in crypto asset-related activity should identify and address the relevant regulatory and compliance challenges and risks. This would include, for example, reviewing and evaluating their supervisory programs and controls, and compliance policies and procedures, in areas such as cybersecurity, AML compliance, communications with customers, manipulative trading, performing due diligence on crypto asset private placements1 and supervising their associated persons' involvement in crypto asset-related outside business activities (OBAs) and private securities transactions (PSTs).2
FINRA Member Firms’ Crypto Asset Activities
FINRA’s Membership Application Program (MAP) follows the SEC’s guidance in assessing a firm’s proposed crypto asset securities business line under applicable rules, such as the SEC’s financial responsibility rules and customer protection rule.3 FINRA’s MAP has approved firms to engage in crypto asset securities business, including:
- serving as placement agent in the private placement of crypto asset securities;
- operating an Alternative Trading System (ATS) for crypto asset securities; and
- providing custodial services for crypto asset securities, under the SEC’s December 23, 2020, statement regarding Custody of Digital Asset Securities by Special Purpose Broker-Dealers (the “SPBD Policy Statement”).4
In addition to these firms that have been specifically approved to engage in crypto asset securities business, FINRA has asked member firms to notify us if they or their affiliates engage or plan to engage in crypto asset-related activities, including activities related to crypto assets that are not securities. (For example, some member firms have established relationships with affiliates or other third parties to grant their customers access to crypto asset-related (non-securities) activities.) FINRA has also asked member firms to complete a questionnaire related to their and their affiliates’ activities in the crypto asset space (and will publish any helpful observations from this questionnaire at a later date, as appropriate).5
Additionally, FINRA has identified associated persons engaged in a range of crypto asset-related activities through OBAs or PSTs. Examples of crypto asset-related OBAs and PSTs include, but are not limited to, proprietary trading, operating investment funds that invest in crypto assets, selling private placements or crypto asset offerings, and participating in crypto mining operations.
- If your firm is considering submitting a New Member Application (NMA) or Continuing Membership Application (CMA) to operate as a crypto asset ATS or Special Purpose Broker-Dealer, does your proposed business plan comport with SEC guidance under applicable rules (e.g., the SEC’s financial responsibility rules and customer protection rule)? This includes, but is not limited to:
- Custody of Digital Asset Securities by Special Purpose Broker-Dealers (December 23, 2020);
- ATS Role in the Settlement of Digital Asset Security Trades (September 25, 2020); and
- Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities (July 8, 2019).
- Has your firm established written policies, procedures and controls related to any crypto asset activities being conducted by the firm and its associated persons that are reasonably designed to achieve compliance with applicable securities laws and regulations, as well as with applicable FINRA rules? This may include policies, procedures and controls, as applicable, related to:
- due diligence when recommending the sale of unregistered crypto asset securities through private placements;
- trading of crypto assets, including crypto asset securities, with customers and counterparties;
- the use of distributed ledger or blockchain technology in the offering of cash management, investment or other products;
- business lines operated through an agreement the firm has in place with a crypto asset exchange, Virtual Asset Service Provider (VASP) or other third-party crypto asset intermediary to enable its customers to trade or invest in crypto assets;
- custody of crypto asset securities in line with guidance provided by the SEC in its December 2020 statement on Custody of Digital Asset Securities by Special Purpose Broker-Dealers; and
- registered persons’ OBAs and associated persons’ PSTs involving crypto assets?
- Has your firm established written policies, procedures and controls that enable the firm to:
- reasonably determine, where necessary, whether a crypto asset is a security (e.g., when assessing whether an activity is a PST);
- confirm whether any crypto asset securities offered or sold by the firm are subject of an effective registration statement or sold pursuant to an applicable exemption from registration; and
- issue retail communications to customers that have a fair and balanced presentation of the risks associated with these assets and are free from unwarranted or misleading content?6
- Does your firm’s AML compliance program7 incorporate, for example, the crypto asset orders and trading activity occurring by, at or through the broker-dealer?
- Has your firm tested for potential weaknesses in the cybersecurity controls8 for your firm’s crypto asset-related business lines, including any business that operates through an agreement the firm has in place with a crypto asset exchange, VASP or other third-party crypto asset intermediary?
Crypto Asset-Related Market Abuse
- Bad actors are taking advantage of investor interest in crypto assets and blockchain technology by engaging in manipulative schemes similar to those that exist in the equities market, including those that are commonly associated with low-priced securities (e.g., pump-and-dump schemes).
- These manipulative schemes may also be amplified by social media promotions, including those that suddenly and frequently appear across social media platforms, contain unverifiable information or both.
- Additional forms of market abuse involving crypto assets may result from differences in their market structure (e.g., centralized and decentralized exchanges, the ability to trade every day and at any time).
- For additional guidance related to preventing market abuse in crypto assets, please see:
Surveillance Themes and Effective Practices
While not exhaustive, themes identified with respect to potential violations by FINRA members and associated persons involving crypto assets include:
- 2210 (Communications with the Public):
- Failing to appropriately and accurately address relevant risks and include appropriate disclosures in communications with the public.
- Disseminating promotional materials that contain material misstatements or omissions in connection with securities offerings.
- 3110 (Supervision): Failing to conduct appropriate due diligence on crypto asset private placements recommended to customers.
- 3310 (Anti-Money Laundering Compliance Program):
- Failing to establish and implement AML programs reasonably designed to detect and cause the reporting of:
- suspicious crypto asset transactions occurring by, at or through the broker-dealer; and
- suspicious trading involving issuers with a purported involvement in crypto asset-related activities.
- Failing to establish and implement AML programs reasonably designed to detect and cause the reporting of:
Targeted Examination on Crypto Asset Retail Communications
- Crypto asset-related retail communications reviewed by FINRA’s Advertising Regulation Department have had a non-compliance rate that is significantly higher than that of other products.
- As a result, in November 2022, FINRA launched a targeted exam to review practices of certain member firms that actively communicate with retail customers concerning crypto assets and crypto asset-related services.
- FINRA is working to complete this review and publish an update on findings and effective practices.
- Due Diligence of Unregistered Offerings: Before recommending crypto asset securities to customers through an unregistered offering, confirming that investments can be issued in the form of crypto assets and, if so, understanding:
- where the assets will be maintained;
- who will have access to the wallet(s);
- how the funds or assets will be returned in the event of a contingent offering not meeting the minimum contingency;
- how the raised proceeds will be used; and
- the specific mechanics associated with the crypto asset security, including:
- the blockchain protocol used to issue the security;
- any smart contract features or functionalities;
- how and when the security will be delivered to customers; and
- how the security will be custodied by or for the customers.9
- On-Chain Reviews: Conducting risk-based on-chain assessments when the firm or its associated persons are accepting, trading or transferring crypto asset securities and non-securities, and establishing procedures that address when and how these on-chain reviews should be performed and documented based on the product or services being offered.
- Customer Outreach: Ensuring customers clearly understand the differences between their brokerage account and any linked/affiliated crypto account, including differences in:
- protections of the accounts via SIPC under SIPA;
- regulatory oversight;
- firm supervision; and
- avenues of communications for customers’ concerns, questions or complaints.
- 2023 FINRA Annual Conference: Crypto Asset Developments
- An Inside Look into FINRA’s Crypto Asset Work (August 3, 2023)
- MAP Guidance for Digital Asset Applications (June 28, 2023)
- Industry Risks and Threats – Resources for Member Firms
- Targeted Exam Letter on Crypto Asset Communications (November 2022)
- Report Topics:
- Regulatory Notices:
- Regulatory Notice 21-25 (FINRA Continues to Encourage Firms to Notify FINRA if They Engage in Activities Related to Digital Assets)
- Regulatory Notice 21-03 (FINRA Urges Firms to Review Their Policies and Procedures Relating to Red Flags of Potential Securities Fraud Involving Low-Priced Securities)
- Regulatory Notice 20-23 (FINRA Encourages Firms to Notify FINRA if They Engage in Activities Related to Digital Assets)
- FINRA Unscripted Podcasts:
- FINRA’s Blockchain Lab: Regulation and Innovation for the Future (September 19, 2023)
- A Closer Look at Crypto: The Crucial Role of FINRA’s CAI Team (September 5, 2023)
- An Introduction to FINRA’s Crypto Asset Work and the Crypto Hub (August 8, 2023)
- 2023 Senior Investor Protection Conference: The Latest Trends, Scams and Schemes (April 18, 2023)
- Membership Application Program: Reviewing and Approving Digital Asset Firms (November 1, 2022)
- Custody of Digital Asset Securities by Special Purpose Broker-Dealers (December 23, 2020)
- ATS Role in the Settlement of Digital Asset Security Trades (September 25, 2020)
- Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities (July 8, 2019)
1 See the Private Placements topic for additional findings and effective practices relevant to crypto asset-related private placements.
2 See the Report’s Outside Business Activities and Private Securities Transactions topic for additional findings and effective practices applicable to reviewing and supervising crypto asset-related OBAs and PSTs.
3 See, e.g., Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities (July 8, 2019), and Letter to Ms. Kris Dailey, FINRA, ATS Role in the Settlement of Digital Asset Security Trades (September 25, 2020) (the SEC Staff ATS No-Action Letter).
5 See, e.g., Regulatory Notice 20-23 (FINRA Encourages Firms to Notify FINRA if They Engage in Activities Related to Digital Assets) and Regulatory Notice 21-25 (FINRA Continues to Encourage Firms to Notify FINRA if They Engage in Activities Related to Digital Assets).
6 See the Report’s Communications With the Public topic for findings and effective practices concerning crypto asset-related retail communications.
7 See the Report’s AML, Fraud and Sanctions topic for additional guidance related to developing and implementing a reasonably designed AML compliance program.
8 See the Report’s Cybersecurity and Technological Management topic, and FINRA’ Cybersecurity Key Topics page and Industry Risks and Threats – Resources for Member Firms webpages, for additional guidance related to effective cybersecurity practices and controls.
9 See the Report’s Private Placements topic for additional guidance related to conducting reasonable due diligence on unregistered offerings.