SEC's SPBD License Opens Door to Regulated Crypto Custody

SEC's SPBD License Opens Door to Regulated Crypto Custody

June 14, 2023

The SEC recently approved the first special purpose broker-dealer (SPBD) allowed to custody digital asset securities on behalf of its customers: Prometheum Ember Capital, a New York-based crypto start-up and subsidiary of Prometheum Inc., was awarded the first SPBD license approved by the Financial Industry Regulatory Authority (FINRA). It is the first crypto firm that is subject to the Securities and Exchange Act (SEA) 15c3-3 Customer Protection Rule (“15c3-3” or “Customer Protection Rule”).

In the wake of the recent banking failures of early 2023 and crypto-winter of 2022, the protection to customers required by Rule15c3-3 could provide additional stability, enhanced investor confidence, and continued institutional adoption of crypto-based products. While the SPBD license has its limitations, it is a key step toward creating the first federally regulated end-to-end ecosystem for digital asset securities.

In this article, we will delve into the unique challenges and regulatory obligations that these new broker-dealers must adhere to and tips for those wishing to establish an SPBD in this space.

What Is a Special Purpose Broker-Dealer?

To adapt to emerging technologies and products like cryptocurrencies, the U.S. Securities and Exchange Commission (SEC) introduced the concept of digital asset securities SPBDs and developed regulatory frameworks to govern their operations, providing guidelines and exemptions to ensure investor protection and market integrity.

Customer protection is paramount to the SEC and its regulation of broker-dealers. Historically, existing rules designed to protect the public (such as Rule 15c3-3 under the Securities Exchange Act of 1934) effectively prevent traditional broker-dealers from becoming a digital asset securities broker-dealer. As written, 15c3-3 requires a broker-dealer to demonstrate “possession or control” of its customers’ securities through mechanisms that don’t exist within the cryptocurrency ecosystem.

SPBDs are financial institutions that operate within the securities industry and have been authorized by the SEC to engage in specific activities or cater to particular types of securities. While the term “special purpose broker-dealer” is not a defined category explicitly outlined by the SEC, it generally refers to broker-dealers with unique permissions or capabilities related to specific securities or market segments.

In the case at hand, Prometheum’s SPBD has the authorization to hold digital asset securities1 on behalf of both retail and institutional customers.2 The business activities of this SPBD are limited to only those involving digital assets that are also securities. This excludes traditional non-digital asset securities or non-security digital assets such as Bitcoin. The Prometheum SPBD is also not currently allowed to perform clearing or settlement services, but the SEC’s rules do provide a potential pathway for the operation of an alternative trading system (ATS) that trades only in digital asset securities.3

Why Is Prometheum’s Licensing Significant?

The development of a special purpose broker-dealer authorized to hold digital asset securities is a step along the path of bringing crypto currency into the world of traditional finance. Traditional market structures will have to change to keep up with technological advances, and the SEC and other regulatory bodies will need to adapt their oversight to protect customers and stabilize capital markets.

From a regulatory perspective, these new SPBDs must comply with regulatory requirements imposed by entities such as FINRA and the SEC. Like traditional broker-dealers, they are subject to scrutiny to maintain accurate and timely financial records, submit regular financial reports, and demonstrate compliance with the Financial Responsibility Rules4 (including 15c3-3 Customer Protection), thereby promoting transparency and protecting customers in the evolving digital asset landscape.

How Does a Digital Asset Securities SPBD Comply With the Customer Protection Rule?

The Customer Protection Rule requires broker-dealers to safeguard customer assets, including digital asset securities, and keep them separate from the firm’s assets. However, custodying digital asset securities poses specific challenges. While the Customer Protection rule has not changed, the SEC issued a statement effective for five years beginning April 27, 2021 (the “Statement”), that provides for SPBDs to meet Customer Protection through a set of nine requirements,5 as summarized below.

  1. Access and Transfer
    The broker-dealer has access to the digital asset securities and can transfer these securities using distributed ledger technology.
  2. Limited Business
    The broker-dealer focuses on activities solely related to digital asset securities, such as dealing, transaction execution, custody, and operating an alternative trading system. The broker-dealer can hold and trade traditional securities only for its own account to meet Net Capital requirements per Rule 15c3-1.
  3. Securities Registration Compliance Analysis
    The broker-dealer has written and enforces policies and procedures to analyze whether a digital asset security has met relevant registration or exemption requirements, and the broker-dealer ensures compliance with federal securities laws for transactions and custody.
  4. Assessment of Technology
    Before — and periodically after — taking custody of a digital asset security, the broker-dealer evaluates the characteristics of the associated distributed ledger technology and its network.
  5. Security and Operational Concerns
    The broker-dealer refrains from custodying a digital asset security if there are significant security or operational issues with the associated distributed ledger technology or if it poses material risks to the broker-dealer’s business.
  6. Safeguarding Practices
    The broker-dealer implements written policies, procedures, and controls aligned with industry best practices to maintain exclusive control over digital asset securities and protect against theft, loss, and unauthorized use of private keys.
  7. Contingency Planning
    The broker-dealer establishes plans, policies, and arrangements for various events that could impact custody, including blockchain malfunctions, 51% attacks, hard forks, or airdrops.6 It also allows compliance with court-ordered freezes or seizures and facilitates the transfer of digital asset securities to appropriate entities during self-liquidation or bankruptcy.
  8. Customer Disclosures
    The broker-dealer provides written disclosures to customers, informing them that the firm considers itself in possession or control of digital asset securities. It also highlights risks associated with investing in or holding digital asset securities, including limited protections under the Securities Investor Protection Act (SIPA), fraud, manipulation, theft, valuation, volatility, liquidity, and security protocols. They are not expected to disclose specific security protocols, but disclosures should emphasize how security measures safeguard the broker-dealer’s private keys against loss, theft, or unauthorized or accidental use.
  9. Written Agreements
    The broker-dealer enters into written agreements with customers, outlining terms and conditions for various activities related to digital asset securities, such as receiving, purchasing, holding, selling, transferring, custodying, and liquidating.

How Do You Get a Digital Asset Securities SPBD License?

As one may expect, the process of obtaining federal sanction of a digital asset securities SPBD is not easy. Entities seeking to engage in broker-dealer activities involving digital asset securities must comply with relevant securities laws, register with the SEC as a broker-dealer, and become a member of FINRA.

In addition to the normal rigor and process of a broker-dealer registration,7 those wishing to obtain a custodial SPBD license will need to demonstrate additional or specialized procedures in several areas to address the nuanced risk created by crypto-currency and its related technology. Examples are included below:

  1. Broker-Dealer Registrations
    Similar to Prometheum, the broker-dealer registration may be limited to exclude non-custodial activities such as an alternative trading system. This may require firms to either wait for registration or to set up multiple broker-dealer entities to provide services desired by their customers.
  2. Business Plan and Application
    When applying for a digital asset securities SPBD license, firms must focus on describing the proposed business activities consistently and with the right level of detail. The application is very complex. Firms can leverage a business plan to show how their business model and transaction flows comply with the available guidance provided by the SEC. Applicants will need to demonstrate their capability to comply with FINRA rules and federal securities laws and regulations.
  3. Talent and Training
    To demonstrate their ability to comply with FINRA and SEC rules, firms should employ talent that is familiar with the traditional broker-dealer regulatory regime and talent that is well-versed in the cryptocurrency ecosystem, including blockchain technology. Cross-training should be performed to develop an understanding across functions of how the various domains interact with and impact each other, and ultimately, comply with appropriate regulations.
  4. Customer Protection Rule 15c3-3 
    Additional written policies and procedures must be created, documented, and enforced to demonstrate compliance with requirements of the SEC’s Statement, with an emphasis on Securities Registration Compliance Analysis, Assessment of Technology, and Security and Operational Concerns.
  5. Net Capital Rule 15c3-1
    Broker-dealers are required to always have enough liquid assets to promptly satisfy the claims of customers if the broker-dealer goes out of business. Under this rule, broker-dealers must maintain minimum net capital levels based upon the type of securities activities they conduct and based on certain financial ratios. A digital asset securities SPBD can satisfy this rule using non-digital asset securities but must ensure that these securities are held for its own account (owned by the SPBD) and not on behalf of its customers. Robust policies and procedures should be created to address complexities that may arise when considering the valuation of proprietary digital asset securities and formulas to calculate relevant market or credit risk charges for the net capital calculation.
  6. FINRA Examinations
    As this is an area of enhanced scrutiny, firms can expect rigorous oversight and exam procedures. Firms can prepare by leveraging such things as their business plan, registration application, and written supervisory procedures to make sure that policies and procedures are followed and exceptions or areas of judgment are documented fully.

Toward a Regulated Crypto Ecosystem

The approval of the first SPBD authorized to custody digital asset securities is a significant milestone in bridging the gap between traditional finance and the crypto world, as this paves the way for a federally regulated end-to-end ecosystem in the crypto space. Those interested in standing up SPBDs holding digital asset securities should prepare for the demanding process of obtaining a license by understanding compliance requirements, training or acquiring knowledgeable talent, and being prepared to demonstrate detailed procedures to meet the SECs customer protection rules.


  1. According to the SECs statement on Custody of Digital Asset Securities by Special Purpose Broker-Dealers, the term digital asset” refers to an asset that is issued and/or transferred using distributed ledger or blockchain technology (distributed ledger technology), including, but not limited to, so-called virtual currencies, coins, and tokens.
  2. Prometheum Ember Capital is licensed as a special purpose digital asset broker-dealer and was approved by FINRA on May 17, 2023, per FINRA's broker-check.
  3. While Prometheums SPBD is not an ATS, Prometheum ATS, another subsidiary of Prometheum Inc., is currently licensed as an ATS per FINRA's broker-check.
  4. Broker-dealers must meet certain financial responsibility requirements (Financial Responsibility Rules), including the following: maintaining minimum amounts of liquid assets, or net capital; taking certain steps to safeguard the customer funds and securities; and making and preserving accurate books and records. The Financial Responsibility Rules include the following: Net Capital Rule (Rule 15c3-1); Use of Customer Balances (Rule 15c3-2); Customer Protection Rule (Rule 15c3-3); Required Books, Records, and Reports (Rules 17a-3, 17a-4, 17a-5, 17a-11); and Risk Assessment Requirements (Rules 17h-1T and 17h-2T).
  5. Please note that this summary is a condensed version, and specific details from the original text may have been omitted for brevity. Read Custody of Digital Asset Securities by Special Purpose Broker-Dealers.
  6. These terms (51% attack, hard forks, and airdrops) are all potential threats specific to crypto currency. The SECs statement defines the following terms as shown below:
    51% attack - an attack on a blockchain or distributed ledger in which an attacker or group of attackers controls a majority of the network's hash rate, mining or computing power, allowing the attacker or group of attackers to prevent new transactions from being confirmed.
    Hard forks - refers to backward-incompatible protocol changes to a distributed ledger that create additional versions of the distributed ledger, potentially creating new digital assets.
    Airdrops - refers to the distribution of digital assets to numerous addresses, usually at no monetary cost to the recipient or in exchange for certain promotional services.
    Staking - refers to the use of a digital asset in a consensus mechanism.
  7. See the SEC's Guide to Broker-Dealer Registration for more information