On December 17, 2025, the Staff of the Division of Trading and Markets (the “Division”) of the U.S. Securities and Exchange Commission (“SEC”) issued a statement explaining its views on the application of paragraph (b)(1) of SEC Rule 15c3-3 to broker-dealers seeking to establish custody of crypto asset securities.  The statement focuses on broker-dealers’ “physical possession” of such securities and is an “interim step” while the SEC continues to consider issues relating to broker-dealer custody of crypto asset securities and the feedback it has received.

SEC 15c3-3(b)(1) requires a broker-dealer to promptly obtain and thereafter maintain physical possession or control of all fully paid and excess margin securities carried for the account of customers.  The Division will not object to a broker-dealer deeming itself to have “physical possession” of crypto asset securities in circumstances where the broker-dealer takes the following measures:

  1. Access to Crypto Asset Securities and Transfer Capability.  A broker-dealer must have direct access to the crypto asset security and the ability to transfer it on the relevant distributed ledger technology (“DLT”).
  2. Assessment of DLT.  A broker-dealer must establish, maintain, and enforce reasonably designed written policies and procedures to assess and document the characteristics and governance of the DLT and the associated network where transfers of ownership of a crypto asset security are recorded prior to, and at reasonable intervals after, undertaking to maintain possession of the security.  This assessment should identify any significant weaknesses or other operational issues that could affect the broker-dealer’s ability to maintain possession.
  3. Security and Operational Risks.  A broker-dealer must not deem itself to possess a crypto asset security if it is aware of any material security or operational problems or weaknesses with the DLT or associated network used to access and transfer the security, or if other material risks to the broker-dealer’s business arise from custodying the security (i.e., risks stemming from the possession of the relevant crypto asset security and not from market or reputational risk).
  4. Protection of Private Keys.  A broker-dealer must establish, maintain, and enforce reasonably designed written policies, procedures, and controls consistent with industry best practices to protect against theft, loss, or unauthorized use of private keys required to access and transfer crypto asset securities.  These controls should ensure that only the broker-dealer has access to the relevant private keys, and no other person, including a customer or a third-party (including an affiliate of the broker-dealer), has access to, or the ability to transfer, them without the authorization of the broker-dealer.
  5. Contingency Planning In the Event of Disruptions.  A broker-dealer must establish, maintain, and enforce reasonably designed written policies, procedures, and arrangements to:
    • Identify, in advance, the steps it will take in the wake of certain events that could affect the firm’s possession of crypto asset securities, including blockchain malfunctions, 51% attacks, hard forks, or airdrops;
    • Allow for compliance with lawful orders regarding the seizing, freezing, burning or prevention of transfer of crypto asset securities; and
    • Facilitate the transfer of crypto asset securities held by the broker-dealer to another broker-dealer, trustee, receiver, liquidator, or other appropriate party if the broker-dealer cannot continue as a going concern and self-liquidates or is subject to a formal bankruptcy, receivership, liquidation, or similar proceeding.

The Division emphasizes that the statement does not address the “control” prong of SEC Rule 15c3-3(b)(1) and does not address any other federal securities laws, including the broker-dealer financial responsibility rules.