Remarks At The Third Crypto Roundtable – Know Your Custodian: Key Considerations For Crypto Custody, SEC Commissioner Caroline A. Crenshaw, Washington D.C., April 25, 2025

Good afternoon. Before I begin, I would like to take this opportunity to welcome our new Chairman, Paul Atkins, to the Commission. I am looking forward to working with him and my fellow commissioners in furtherance of the agency’s important mission.

The concept of custody in the federal securities laws is based on the idea of trust. In our everyday lives, relationships involving trust are everywhere. For example, when we fly, we generally trust that we can give an airline our luggage and they won’t steal it and will deliver it to our destination safely. Of course, luggage gets lost sometimes and that’s inconvenient and frustrating. Maybe you lose some clothes and your vacation gets off to a stressful start.

For just a moment, imagine that a significant portion of your savings is actually in the luggage. Would you ask the airline a few more questions before checking your bag into their care? Would you want assurances that they are required to take certain protective measures to safeguard your luggage? That they have robust policies and procedures designed to prevent loss and damage? And, that they bear accountability in the event that they do not follow those policies and procedures and your savings is lost?

Trust is particularly important in our relationships with financial institutions. That is why our custody regulations are so important. We have seen the harm that befalls investors when their money is in the hands of untrustworthy actors. The worst of those cases are infamous.[1] Beyond trust, history has taught us that even the most responsible actors need regulatory standards to effectively safeguard customer assets.[2]

So, the questions that bring us here today are: whom can we trust to safeguard client assets? What basic standards should we apply to ensure that we can trust our custodians? And, should those rules be any different for crypto assets? Are there features of crypto assets, distinct from more traditional assets, that warrant distinct rules?

Some believe that differences from traditional assets justify exemptions or disparate treatment for custody of crypto assets under our rules. But if we are to consider implementing an alternative custody regime for crypto assets – something the SEC has not done wholesale for another asset class without good reason – we must keep in mind some guiding principles.

Existing SEC custody rules are a gold standard of investor protection. Our registrants attract customers, and our markets draw stability, from the strength of this regulatory framework. If the SEC were to create a dual-regime, how do we ensure the crypto regime is as robust as the current regime? Additionally, how could the Commission address increased risks to investors and the broader financial system that may stem from different crypto custody rules? For example:

• How would the rules address risks associated with holding assets on a blockchain, such as those stemming from protocol or smart contract operations or failures? And what about hacking? Also, the nature of the blockchain means that custodians cannot establish exclusive control over digital assets with the same mechanisms used in connection with traditional securities. Can we effectively hold custodians accountable for mitigating such risks? If so, how?
• How would we ensure that investors have clarity regarding the differences between the risks associated with traditional custodians and the risks associated with crypto asset custodians? What steps would we need to take to help investors understand that these entities do not offer the same protections? What investor disclosures would be required under applicable fiduciary standards?
• What protections would exist for investors if their custodian becomes insolvent or declares bankruptcy? Existing securities law provides protections against this risk, for example, by providing for SIPC to step in when a brokerage firm fails and customer assets are missing, so that SIPC may work to return customers’ assets.[3] Will such protections be available for crypto assets if there are different standards of custody?

I understand today’s roundtables will be separated into two segments, one focused on investment adviser and investment company custody issues and the other on custody in a broker-dealer context. There are important distinctions between these two frameworks that should be considered today.

For the asset management industry, the Custody Rule gives us a clear answer on who advisers must trust with custody of advisory client assets: a qualified custodian.[4] The Rule does not intend for just anyone to meet this definition. It is meant to be a high bar accompanied by robust protections. In its recent Safeguarding Proposal, the SEC acknowledged the ways in which custody of crypto assets and the use of blockchain technology present unique considerations and risks.[5]

I expect today’s discussion will raise ideas like adviser self-custody for crypto assets and potential expansions to the types of entities that could meet the definition of a qualified custodian. I hope you will think through the ramifications of those possibilities. For example:

• What are the risks of self-custody generally? Would these risks be heightened with self-custody of crypto assets? Would a hypothetical exemption from the Custody Rule for crypto assets invite easier opportunities for fraud, theft, or misappropriation – even with additional protections? Are most investment advisers operationally capable of safely engaging in self-custody of crypto assets?
• What are the barriers to crypto asset custodians seeking the licenses or registrations that would allow them to be considered qualified custodians under the Custody Rule?
• How should we think about state-chartered trust companies? How do these entities vary across states? Do they all offer comparable protections? In what ways must we engage with our fellow financial regulators on these and related questions?
• Should we require different or additional policies and procedures of advisers who custody crypto assets at crypto-asset custodians?[6] What should these important requirements, such as independent verification of assets, look like in the context of crypto assets? Does an adviser’s fiduciary duty require additional due diligence for these assets?

While registered broker-dealers operate under a different set of custody rules, some of the most prominent crypto market players are large platforms, not registered with the SEC, which function as integrated brokerages and exchanges. They require customers to transfer their crypto assets into a wallet held by the exchange in order to trade on the platform or utilize other platform services such as lending or staking. One pressing custody question is this: if these platforms will be transacting in securities and be regulated by the SEC in some way, how should the SEC address the predominant practice of holding customers’ crypto assets in omnibus wallets?

• This question has been considered by several thought-leaders in the space, some of whom we are lucky enough to have with us as panelists today. They have pointed out that with omnibus wallets, customer transactions are largely tracked using books and records rather than through on-chain transactions. In that context, where a majority of customer transactions are happening off-chain, what if any justification is there for different custody rules?
• Omnibus wallets also pose increased risks as compared to segregated wallets, such as exposing the assets to greater operational and external risks such as hacking and theft. Given that, should exchanges or broker-dealers be allowed to custody crypto asset securities in omnibus wallets at all? What are other risks and benefits of custodying customer crypto assets in omnibus versus segregated wallets?

As you can tell, I am deeply concerned about the potential for eroding the high standards required under our existing custody rules. While we have been, and should continue to be, open to innovative and new products or technologies, such advancements do not require us to forsake fundamental, statutorily mandated principles – like safeguarding client assets. How can we bridge that gap so that investors are afforded consistent protections regardless of asset class?

As with all the roundtables to date, these are hard questions. I hope you will help us grapple with these issues so that we can preserve the trust that investors have put in our markets. There is a lot more than lost luggage at stake. Thank you for your participation in today’s roundtable.