SEC’s Crypto Custody Update: How Broker-Dealers Like Morgan Stanley & Goldman Sachs Navigate New Rules
The Securities and Exchange Commission (SEC) recently refreshed its Frequently Asked Questions (FAQs) regarding crypto asset activities, sending ripples through the financial industry. This update clarifies how broker-dealers – including giants like Morgan Stanley and Goldman Sachs – can meet custody and capital requirements for crypto asset securities. Crucially, the guidance addresses the implications for Bitcoin and Ethereum ETF activity, a rapidly evolving landscape. The revised FAQs, updated on December 17, 2025, provide a current reference point as custody design becomes a critical factor for distributing tokenized securities and facilitating market-making for Exchange Traded Products (ETPs). This article dives deep into the SEC’s updated custody guidance, exploring how it reshapes broker control of crypto assets and what it means for the future of digital asset integration into traditional finance.
Understanding the SEC’s Updated Custody Guidance
The core of the SEC’s update revolves around clarifying the application of Rule 15c3-3, a key regulation governing customer protection. The staff reiterates that the “possession or control” requirement of Rule 15c3-3(b) does not apply to non-security crypto assets held by broker-dealers. This is a significant distinction, keeping non-security cryptocurrencies outside the stringent Customer Protection Rule mechanics designed for securities custody. For crypto asset securities, however, the rules are more nuanced.
Establishing “Control” Under Rule 15c3-3(c)
The SEC staff states that broker-dealers can establish “control” under Rule 15c3-3(c) – even for instruments that aren’t traditionally certificated – by utilizing qualifying control locations. This approach is designed to reduce reliance on the special-purpose broker-dealer (SPBD) safe harbor, which has been a primary route for demonstrating control over these securities. This shift is a major development, opening up more avenues for traditional broker-dealers to participate in the crypto space without the complexities of establishing an SPBD.
Capital Requirements and “Readily Marketable” Assets
The SEC’s guidance also addresses capital requirements, specifically regarding Bitcoin and Ether. The staff indicated they would not object to broker-dealers treating proprietary positions in Bitcoin or Ether as “readily marketable” for net capital purposes when facilitating in-kind creations and redemptions. This means applying the 20% commodity haircut under Rule 15c3-1 Appendix B when calculating deductions.
This is a crucial point for capital efficiency. For example, if a broker-dealer holds an average intraday inventory of $50 million in BTC or ETH to support creations and redemptions, the 20% haircut translates to a net capital deduction of approximately $10 million. This demonstrates why some firms have preferred cash workflows and why the SEC’s stance can make in-kind operations more viable, especially for firms operating on tight margins.
Withdrawal of the 2019 SEC/FINRA Joint Staff Statement
The SEC’s withdrawal of the 2019 joint staff statement on broker-dealer custody of digital asset securities further clarifies the regulatory landscape. This withdrawal effectively narrows the “north star” for broker-dealer custody to the FAQ framework and its emphasis on existing control-location concepts for crypto asset securities. The focus now is squarely on demonstrating control within the established regulatory framework.
The Challenge of “Control” on the Blockchain
A key operational challenge remains: satisfying the Rule 15c3-3(c) concept of “control” when securities are recorded on a blockchain. The FAQ doesn’t mandate that broker-dealers hold private keys, but control under 15c3-3(c) is intrinsically linked to safeguarding and directing the movement of customer securities at a recognized control location.
For on-chain instruments, this often translates to identifying who can sign transactions or compel signing through the custody stack. Examples include:
- Broker-dealer-held key material in a Hardware Security Module (HSM).
- A bank control location where the broker-dealer has documented directive rights.
- A multisignature arrangement where the broker-dealer’s signatory authority and procedures meet control-location expectations.
Expanding Paths to Control: Beyond SPBDs
Law firms like Sullivan & Cromwell and Sidley Austin have emphasized that the SEC’s approach expands the pathways for regular broker-dealers to demonstrate control without relying on SPBD status as the default. This shift increases the importance of robust contract language, key governance, and a comprehensive audit trail to demonstrate control over time.
Impact on ETP Rails and Intraday Inventory Economics
The “readily marketable” posture for proprietary Bitcoin and Ether positions has direct implications for authorized participants and market makers supporting in-kind baskets within ETPs. This impacts intraday inventory economics and can significantly improve capital efficiency.
Bank Partnerships and Supervisory Changes
The Federal Reserve’s withdrawal of earlier supervisory letters on April 24, 2025, regarding crypto-asset and dollar token activities is also relevant. This move shifts bank engagement toward more routine supervisory channels, potentially streamlining the process for broker-dealers relying on bank sub-custody as a control-location pathway.
Looking Ahead: The Next 12-18 Months
Over the next 12-18 months, the custody market is likely to coalesce around structures that provide repeatable evidence of control while mitigating cyber and operational risks. The central decision for broker-dealers will be whether to directly control key material or prove directive control through a qualifying third-party control location. Each option presents trade-offs in terms of governance burden, incident response design, and examiner comfort.
Here’s a scenario breakdown:
| Scenario | Where Control Sits (Signing or Directive Authority) | Primary Operational Benefit | Main Execution Risk |
|---|---|---|---|
| Broker-Dealer Self-Custody | Broker-Dealer-Controlled Keys (HSM or Multisig) | Direct evidence trail for 15c3-3(c) control | Cyber controls, insurance limits, auditability at scale |
| Bank Sub-Custody with Broker-Dealer Directive Rights | Bank as Control Location, Broker-Dealer Directs Movements | Familiar custody perimeter for incumbents | Contract terms and playbooks must prove control in incidents |
| Crypto Custodian Tech with Bank or Trust Wrapper | Specialist Tooling, Control Framed via Agreements | Integration speed for tokenized security workflows | Control-location qualification and supervision consistency |
| Smart-Contract Escrow with Transfer-Agent Co-Sign | Multisig between Broker-Dealer and Transfer Agent | Programmable controls for corporate actions | Complexity and reliance on smart contract security |
How Exam Teams Will Test “Control” and Recordkeeping
The SEC’s December 17th refresh also clarifies that non-security crypto held at a broker-dealer remains outside Rule 15c3-3(b). Firms still need to provide clear disclosures regarding which protections apply and which do not. Commissioner Hester Peirce has characterized the FAQs as incremental, but acknowledges their potential to reduce friction for market participants navigating existing rule sets.
For compliance teams, key indicators to watch include further edits to the SEC FAQ index and the evolution of FINRA interpretations toward standardized examiner checklists for on-chain control evidence and books and records.
The SEC’s updated guidance represents a significant step towards integrating crypto assets into the traditional financial system. By clarifying the rules around custody and capital requirements, the SEC is paving the way for greater institutional participation and innovation in the digital asset space. Broker-dealers like Morgan Stanley and Goldman Sachs are now better equipped to navigate this evolving landscape and offer crypto-related services to their clients.