Six Patomak Takeaways Regarding 2021 SEC Division of Examinations Risk Alert on Digital Assets


On February 26, 2021, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (formerly the Office of Compliance Inspections and Examinations) issued a Risk Alert highlighting observations made by Division staff during recent examinations of broker-dealers, investment advisers, national securities exchanges, and transfer agents with respect to “Digital Asset Securities.” The Alert provides insights into areas of focus for future exams and is intended to assist firms in developing or enhancing their compliance practices.

This post examines six important takeaways from the Risk Alert that management and compliance professionals at SEC- and non-SEC-regulated entities alike should consider when standing up compliance programs, building internal controls, and conducting reviews of business risks associated with activities involving assets “issued and/or transferred using distributed ledger or blockchain technology” (“Digital Assets”). Patomak expects SEC scrutiny of Digital Assets to grow dramatically in the year ahead, and is well-prepared to help firms respond by applying its deep expertise developing compliance programs, including designing controls, conducting risk assessments, and supporting due diligence to ensure that Digital Asset business activities comply with SEC rules and anti-money laundering (“AML”) regulations.

1) SEC staff are examining all Digital Asset -related activity, not just activities involving “Digital Asset Securities,” particularly with respect to investment advisers

The SEC’s Risk Alert defines a “Digital Asset Security” as a Digital Asset that the SEC determines is a security, and suggests that the SEC will continue to rigorously examine all Digital Asset Security-related activity conducted by investment advisers, broker-dealers, and transfer agents. Patomak notes that the line between Digital Assets and Digital Asset Securities remains blurry, determined on a facts-and-circumstances basis for each of the thousands of Digital Assets being traded. Our experts have observed that firms are increasingly formalizing the processes by which they determine whether or not a Digital Asset is a Digital Asset Security.

Yet despite the Risk Alert title’s focus on Digital Asset Securities, its scope extends to Digital Assets not classified as securities, potentially implicating all Digital Asset market participants. Specifically, the Risk Alert’s section on investment advisers notes that SEC staff are monitoring risks posed by activities involving Digital Assets that are not securities, as well as Digital Assets derivative products. In these instances, these products may be managed, sold, or part of an underlying asset in a portfolio at an investment adviser. Firms need to employ robust due diligence measures in providing services or undertaking transactions involving all types of Digital Assets, beyond just whether those assets might be Digital Asset Securities.

2) SEC-regulated entities should understand the mechanics of Digital Assets they transact and underlying networks

The Risk Alert indicates that an investment adviser investing client assets in a Digital Asset should “understand the digital asset, wallets, or any other devices or software used to interact with the relevant digital asset network or application, and the relevant liquidity and volatility of the digital asset.” Moreover, the Division of Examinations staff note that their reviews of an investment adviser that invests client assets in Digital Asset Securities and other Digital Assets will focus on assessing whether the adviser is: assessing the securities classification of each asset, evaluating and mitigating risks related to relevant trading venues, managing risks and complexities associated with “forks” or “airdrops” of Digital Assets, and ensuring the fulfillment of fiduciary duty across all types of clients. According to the Risk Alert, the reliability of Digital Asset trading platforms should also be considered when designing recordkeeping practices.

3) The SEC remains concerned about custodianship, valuation, and disclosure issues

With respect to custody, regardless of how Digital Assets are stored, SEC staff will likely continue examining multiple business practices related to controls at investment advisers around the safekeeping of Digital Assets, including: controls and processes related to the access to and loss of private keys, whether the storage of assets on trading platforms complies with the SEC’s custody rule, and security procedures related to wallets. Investment advisers’ disclosures and valuation practices must also adequately capture the risks and other unique factors associated with Digital Assets. Broker-dealers should take note of the Risk Alert’s focus on offering activity, conflicts of interest disclosures, and outside business activities related to Digital Assets. While the Risk Alert highlights that SEC staff will focus on the safekeeping of funds by broker-dealers, it does not go into detail about safekeeping requirements, which have been dealt with extensively elsewhere.

4) The SEC is focusing on the AML programs of broker-dealers

The Risk Alert includes a detailed overview of deficiencies in broker-dealer AML programs related to Digital Asset Securities, including inadequacies around searches to check against the U.S. Treasury Department’s Office of Foreign Assets Control sanctions list, as well as broker-dealer AML procedures, controls, and documentation regarding Digital Asset Securities. Staff will continue to focus on broker-dealer compliance with AML obligations.

5) Certain funds and investment vehicles may necessitate SEC registration

With regards to private funds or pooled vehicles managed by investment advisers, SEC staff will focus on assessing whether an investment adviser adequately understands how applicable exemptions from registration as an “investment company” is determined. Additionally, market participants involved with Digital Asset funds or investment vehicles should be aware that any pooled investment vehicle investing in Digital Assets could be required to register with the SEC as an investment company, unless it satisfies an exclusion or exemption from that definition.

6) Digital Asset trading platforms and fiat on-ramps may face heightened regulatory scrutiny

Given the continued ambiguity around what constitutes a “Digital Asset Security,” Patomak believes that firms engaged in Digital Asset-related activity that are not currently registered with the SEC should take particular note of the areas of focus requiring SEC registration. The Division explains that “staff will examine platforms that facilitate trading in Digital Asset Securities and review whether they meet the definition of an exchange.” Previous enforcement actions have left open the door that thousands of ERC-20-based Digital Assets could be classified as Digital Asset Securities. Companies facilitating the purchase and sale of numerous types of Digital Assets – particularly those accepting U.S. dollars in exchange for Digital Assets (also known as “fiat on-ramps”) – should ensure that appropriate controls and risk management frameworks are in place. Gary Gensler’s remarks at his March 2 confirmation hearing indicate that the SEC will continue to closely focus on institutions facilitating retail access to Digital Assets.


The Risk Alert highlights that Digital Assets (whether securities or not) will continue to be a hot regulatory topic in light of their relative novelty and increased use in the marketplace among retail and institutional clients of broker-dealers and investment advisers. As the popularity and use of Digital Assets continues to grow and services related to Digital Assets become a larger component of financial institutions’ offerings, firms should proactively assess related risks, and develop and enhance compliance programs to address such risks, with the SEC’s observations as a benchmark. Patomak has deep experience regarding compliance issues involving digital assets and is prepared to help firms address each of the six important takeaways we have set forth above by:

1)      Assisting Digital Asset market participants in building out policies and procedures to operationalize legal advice related to identifying Digital Asset Securities.

2)      Helping SEC-regulated entities build the technical expertise necessary to conduct the level of due diligence that the SEC expects firms have when transacting in Digital Assets.

3)      Applying robust experience building out AML procedures, controls, and documentation for broker-dealers.

4)      Advising clients on complex operational and regulatory issues related to Digital Asset custodianship.

5)      Supporting the build out of robust compliance programs and risk assessments at SEC-regulated national securities exchanges.

If you have questions about this alert, please reach out to your regular Patomak contact or Laura Magyar or Robert Greene.