Yesterday, the US Securities and Exchange Commission (SEC) imposed a penalty on Galois Capital Management LLC, a former registered investment adviser from Florida that primarily invests in Crypto Assets. The SEC found that Galois Capital failed to comply with custody rules under the Investment Advisers Act of 1940, particularly in the management of encryption assets. Specifically, Galois Capital failed to ensure that the encryption assets it managed were held in qualified custodial institutions, instead placing these assets on non-compliant Cryptocurrency trading platforms, resulting in the loss of most assets during the FTXexchange crash. In addition, Galois also misled investors by providing inconsistent redemption terms.

Aiying believes that such events will occur frequently in the field of encryption asset management in the future. With the increasing popularity of encryption assets, investment advisory companies are still in a self-regulatory state due to the lack of early regulation and the increasing compliance costs in the later stage. Therefore, the probability of encountering a Black Swan Event or being reported and punished by regulation in the future will only become higher and higher.

1. Applicability and Extension of US Custody Rules

The Origin and Original Intention of Custody Rules

United States custody rules, simply put, are legal provisions used to protect investors' assets. These rules are derived from the Investment Advisers Act 1940, when the goal was to prevent any "tricks" in the management of client assets by investment advisers. Under this rule, if an investment adviser has the authority to control or manage a client's assets, those assets must be held by a qualified custodian, such as a regulated bank or financial institution.

The core idea of custody rules is simple: investment advisory firms cannot mix client assets with their own money and must manage them separately. If there are any changes in client assets, the custodian must notify the client in a timely manner and provide regular reports on the status of the assets. These measures are designed to ensure the safety of investors' funds and prevent losses due to the mistakes or improper behavior of investment advisors.

Expanded to virtual assets

With the popularity of virtual assets such as Bitcoin and Ethereum, the financial market has undergone significant changes. Due to their characteristics of decentralization, anonymity, and price fluctuation, virtual assets have brought new challenges to traditional asset management. Seeing this change, the SEC realized that it was necessary to expand the scope of protection of custody rules to these emerging virtual assets.

In recent years, the SEC has clearly stated that custody rules are not only applicable to traditional financial assets such as stocks and bonds, but also to virtual assets. In other words, if an investment advisory firm manages clients' Crypto Assets, these assets must also be placed with a qualified custodian. A qualified custodian must not only comply with traditional regulatory requirements, but also have the technical ability to deal with the unique risks of virtual assets, such as preventing Hacker attacks or the loss of Crypto Assets.

2. Requirements for US Qualified Custodian License

The United States, SEC and other relevant regulatory agencies have begun to follow and regulate the qualified custodians of Virtual Money assets in this emerging field. Qualified custodians of digital assets need to meet the requirements of traditional custodians, and also have specialized capabilities to manage and protect these digital assets. Here are some key standards and requirements for qualified custodians of digital assets:

Types of qualified custodians for digital assets

1. Banks and Trust Companies:

• Banks and trust companies regulated by federal or state governments may offer custody services for digital assets. In order to meet the requirements of qualified custodians, these institutions must have the technology and infrastructure to protect and manage digital assets.

2. Dedicated Digital Asset Custodian Company:
   • Some companies specialize in providing custody services for Crypto Assets and other digital assets. These companies may have been registered at the state or federal level and are subject to strict regulation. For example, companies like Coinbase Custody and BitGo Trust have provided custody services for digital assets and have obtained custodial qualifications in specific states or at the federal level.
3. Register as a proprietary trader:

• Broker-dealers regulated by FINRA may offer digital asset custody services, but they must ensure that they have the specialized technical expertise to manage digital assets.

4. Other regulated Financial Institutions:

• Some regulated Financial Institution, such as futures brokers or foreign Financial Institution, if they meet the requirements for digital asset custody, can also be considered as qualified custodians.

Key Requirements for digital asset Custodians

1. Security Technology Infrastructure:
   • The custodian of digital assets must have advanced network security technology to prevent Hacker attacks and asset loss. This typically includes the use of cold storage, multisignature technology, hardware security modules (HSM), etc.
2. Asset separation and independent account:
   • digital asset must be stored separately from the custodian's other assets, and the client's assets must be placed in a separate account and clearly identified as client assets.
3. Regular Auditing and Reporting:

• The digital asset custodian shall undergo regular third-party audits to ensure the security of the assets and the compliance of the custodial services. In addition, they are also required to provide regular asset status reports to clients.

4. Compliance capability:
   • The digital asset custodian must comply with the same Compliance requirements as traditional asset custodians, including Anti-Money Laundering (AML), Know Your Customer (KYC), and other applicable financial regulations. In addition, they must also adhere to specific digital asset Compliance frameworks, such as the transparency and traceability of blockchain transactions.
5. Insurance and Security Measures: To further protect customer assets, digital asset custodians usually purchase insurance to prevent asset losses caused by Hacker attacks or operational errors.

Regulation and Certification

• Authentication in specific states: In the United States, some states such as New York have passed the 'New York Financial Services Law' (NYDFS), under which the BitLicense allows qualified companies to provide custody services for encryption assets. Aiying艾盈 has previously detailed in an article 'In-depth analysis: Two major licenses for Web3 enterprises to conduct Virtual Money business in New York State - BitLicense and Limited Purpose Trust Company License'.
• Federal regulation: Although federal regulation has not yet fully covered all types of digital asset custody services, regulatory agencies such as the SEC and CFTC are gradually developing relevant rules and regulating the market. This can be referenced in Aiying's previous article "In-depth analysis of the legal basis and requirements of US cryptocurrency payment license".

Currently, there are a total of 12 institutions that have obtained custody licenses:

(Source: New York State Department of Financial Services NYDFS)

3. Policies in other regions

Hong Kong

1. Background Introduction

As an international financial center, Hong Kong is gradually strengthening its regulation in the field of digital assets. With the popularity of cryptocurrencies and blockchain technology, regulatory agencies in Hong Kong are starting to formulate corresponding regulations to regulate the custody and trading services of encryption assets. The Trust or Company Service Provider (TCSP) license in Hong Kong is one of the licenses that digital asset custodial service providers must obtain. For more details, please read "Understanding the Latest Application Policy for Hong Kong Virtual Asset Custodial Service Providers (TCSP) in 24 Years".

2. Specific Requirements

• TCSP License: In Hong Kong, companies providing asset custody services for encryption need to apply for and hold a TCSP license. This license is regulated by the Companies Registry (CR) of Hong Kong, aimed at ensuring that institutions providing trust or company services comply with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) requirements.
• Asset segregation and independent account: Custodians obtaining TCSP licenses must ensure that clients' encryption assets are strictly separated from their own assets and are typically required to be held in separate accounts. This practice can prevent custodians from affecting the security of client assets in the event of financial issues.
• Security Technology and Compliance Requirements: Companies holding TCSP licenses must also have strong network security measures to protect customers' digital assets. This includes the use of cold storage, multisignature technology, and the establishment of strict Compliance procedures to ensure the security of assets.
• Regular Audit and Reporting: Custodial service providers need to conduct regular audits and provide clients with detailed asset status reports to ensure transparency and client awareness.

3. Regulatory Authorities

• Hong Kong Companies Registry (CR): The Companies Registry is responsible for the issuance and supervision of TCSP licenses, ensuring that companies providing custodial services comply with relevant laws and regulations. The CR's main responsibilities include reviewing applications, conducting on-site inspections, and supervising licensed companies to comply with legal requirements for anti-Money Laundering and anti-terrorist financing.

4. Industry Practice

• In Hong Kong, many financial technology companies and traditional Financial Institutions have obtained TCSP licenses to legally provide encryption asset custody services. For example, companies such as OSL, BC Group, Hashkey, etc. have already launched Compliance custody services in Hong Kong, providing safe digital asset management services for domestic and foreign institutional investors.

Singapore

1. Background Introduction

Singapore has attracted many digital asset companies with its open financial policies and innovative environment. The Monetary Authority of Singapore (MAS) is an important institution regulating the custody of digital assets, and it has established a series of regulations to ensure the custody of encryption assets complies with international standards. For more details, please read the Comprehensive Interpretation of Singapore's Payment Services Regulatory Framework and the Requirements for Digital Payment Token (DPT) Licenses

2. Specific Requirements

• Payment Services Act (PSA): Singapore implemented the Payment Services Act (PSA) in 2020, which brings encryption asset services (including custody services) under regulation. Under the PSA, companies providing encryption asset custody services must obtain a 'Digital Payment Token Service' license issued by MAS.
• Custodian Qualification: In Singapore, custodians need to ensure that their technical and operational frameworks comply with strict security standards. MAS requires custodians to have sufficient funds, a sound Risk Management system, and strong network security measures.
• Compliance and Audit: Custodians must comply with the requirements of Anti-Money Laundering (AML) and Combatting the Financing of Terrorism (CFT) regulations, and establish robust Know Your Customer (KYC) procedures. Custodians are also required to conduct regular internal and external audits to ensure transparency and compliance in their operations.
• Customer Asset Protection: The custodian must keep the customer's encryption assets separate from its own assets and provide independent account management services. This requirement aims to ensure the security of customer assets and is not affected by the custodian's financial condition.

3. Regulatory Authorities

• Monetary Authority of Singapore (MAS): MAS is Singapore's central bank and primary financial regulatory authority, responsible for overseeing the compliance of asset custody services. MAS has established a clear regulatory framework for asset custody by implementing the Payment Services Act.

4. Industry Practice

• The digital asset custody market in Singapore is growing rapidly, and many internationally renowned digital asset companies have set up custody operations in Singapore. For example, Propine became the first digital asset custody company to receive a "full custody" license from MAS, marking Singapore's leading position in this area.

Reference information: https://www.sec.gov/newsroom/press-releases/2024-111

Statement:

1. This article is reproduced from AiYing Compliance, the original author of the vesting copyright [AiYing Compliance]. If you have any objections to the reprint, please contact the [Gate Learn] (https://www.gate.io/questionnaire/3967) team, and the team will handle it as soon as possible according to the relevant process.

2. Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.

3. The other language versions of the article are translated by the Gate Learn team. Copying, disseminating, or plagiarizing translated articles without mentioning Gate.io is not allowed.