SEC FAQ Update Lets Broker-Dealers Show Control Over On‑Chain Securities

What changed (in plain speak)

The SEC quietly refreshed its staff FAQ about crypto activities, and while it’s not a blockbuster rule change, it’s a practical map for broker-dealers trying to fit on-chain stuff into old-school rules. The big takeaway: for tokenized securities, broker-dealers have a clearer path to showing “control” without necessarily being shoehorned into the special-purpose broker-dealer route.

Concretely, the staff clarified that the possession-or-control test that lives in Rule 15c3-3 works differently depending on whether the token is a security. Non-security crypto held by broker-dealers stays outside the customer-protection mechanics of 15c3-3(b). But for crypto asset securities, firms can meet Rule 15c3-3(c) control by using recognized control locations and documented practices — even if the security is recorded on a blockchain and not a physical certificate.

Also worth noting: an earlier joint staff statement from 2019 that tried to guide broker-dealer custody of digital-asset securities has been pulled back, narrowing the “north star” to the new FAQ framework and its focus on control-location concepts. Around the same time, some supervisory guidance from the Federal Reserve was withdrawn, nudging banks and broker-dealers toward routine supervisory channels instead of special advance-notice processes.

Why this actually matters (and how firms are reacting)

If you like operational puzzles, this is one. The FAQ doesn’t demand brokers hold private keys on behalf of customers, but the practical test for control often comes down to who can sign or force a signing on-chain. That means custody design — HSM-held key material, bank control locations with written directive rights, or multisig setups where the broker has clear signing authority — becomes the evidence exam teams will look for.

Lawyers and compliance teams have cheered (quietly) that the path to “regular” broker-dealer custody is less binary now: you don’t have to be a special-purpose shop to show control. But that just shifts the work: contracts, key governance, audit trails, incident response and examiner-friendly documentation become the new battlegrounds.

There’s also a money angle. The staff said it wouldn’t object if broker-dealers treating proprietary bitcoin or ether holdings used a “readily marketable” approach for net capital purposes — which in practice means applying the 20% commodity haircut from Rule 15c3-1 Appendix B when calculating deductions. For desks holding large intraday inventories to support in-kind ETF creations and redemptions, that haircut can translate into significant capital drag and influence whether firms prefer cash-based workflows over in-kind baskets.

For retail-facing firms, the FAQ keeps one line very clear: non-security crypto at a broker-dealer still isn’t covered by the customer-protection mechanics of 15c3-3(b). Translation: firms need to be transparent about what protections apply (and which ones don’t) so customers aren’t comforted by a false sense of safety.

What comes next? Watch two signals: whether the SEC tweaks the FAQ further and whether FINRA evolves examiner guidance into standardized checklists for proving on-chain control. Over the next year or so, custody vendors and broker-dealers will likely cluster around the approaches that produce repeatable, testable evidence of control while keeping cyber and operational risk in check.

In short: the update is less a legal sea change than an operational touchdown — it opens doors for mainstream firms but makes the compliance and engineering homework much more visible. Everyone now needs to show the path from policy to cold, testable evidence — with a paper trail, a plan for incidents, and maybe a spare HSM or two.