The SEC believes that Galois Capital failed to comply with the custody rules in the Investment Advisers Act of 1940, especially in the management of digital assets when managing client assets, resulting in serious omissions.

By Aiying

Yesterday, the U.S. Securities and Exchange Commission (SEC) penalized Galois Capital Management LLC, a former registered investment adviser in Florida that primarily invests in digital assets. The SEC found that Galois Capital failed to comply with the custody rules in the Investment Advisers Act of 1940, especially in the management of digital assets, by failing to ensure that the managed digital assets were held by qualified custodians. Instead, these assets were placed on non-compliant cryptocurrency trading platforms, leading to significant losses during the collapse of the FTX exchange. Additionally, Galois misled investors by providing inconsistent redemption terms.

Aiying believes that such incidents will become more frequent in the field of digital asset management in the future. With the increasing popularity of digital assets, investment advisory firms are still in a state of self-regulation due to the early absence of regulation and the increasing compliance costs in the later stage. Therefore, the probability of future occurrence of black swan events or regulatory penalties due to reports will only increase.

I. Applicability and Expansion of U.S. Custody Rules

Origin and Purpose of Custody Rules

In simple terms, the U.S. custody rules are a set of legal provisions designed to protect investor assets. These rules originated from the Investment Advisers Act of 1940, with the aim of preventing any "tricks" by investment advisory firms when managing client assets. According to this provision, if an investment advisory firm has the authority to control or manage client assets, these assets must be held by a qualified custodian, such as a regulated bank or financial institution.

The core idea of the custody rules is simple: investment advisory firms cannot commingle client assets with their own funds and must manage them separately. If there are any changes to client assets, the custodian must promptly notify the client and provide regular asset status reports. These measures are all aimed at ensuring the security of investors' funds and preventing losses due to the mistakes or improper behavior of investment advisors.

Extension to Virtual Assets

With the popularity of virtual assets such as Bitcoin and Ethereum, the financial market has undergone significant changes. The decentralized, anonymous, and highly volatile nature of virtual assets has presented new challenges to traditional asset management. Recognizing this change, the SEC has realized the need to expand the protection scope of the custody rules to these emerging virtual assets.

In recent years, the SEC has explicitly stated that the custody rules not only apply to traditional financial assets such as stocks and bonds, but also to virtual assets. This means that if an investment advisory firm manages clients' cryptocurrencies, these assets must also be held by qualified custodians. Qualified custodians must not only meet traditional regulatory requirements but also have the technical capabilities to address the unique risks of virtual assets, such as preventing hacker attacks or the loss of cryptocurrencies.

II. Requirements for Qualified Custodians of Digital Assets in the United States

The United States has begun to focus on and regulate the emerging field of qualified custodians for digital currency assets, with the SEC and other relevant regulatory agencies setting key standards and requirements for qualified custodians of digital assets. Here are some key standards and requirements for qualified custodians of digital assets:

Types of Qualified Custodians for Digital Assets

Banks and Trust Companies: Banks and trust companies regulated by the federal or state government may provide custody services for digital assets. To meet the requirements of a qualified custodian, these institutions must have the technical capabilities and infrastructure to protect and manage digital assets.

Specialized Digital Asset Custody Companies: Some companies specialize in providing custody services for cryptocurrencies and other digital assets. These companies may already be registered at the state or federal level and are subject to strict regulation. For example, companies like Coinbase Custody and BitGo Trust have provided custody services for digital assets and obtained custodian qualifications in specific states or at the federal level.

Registered Broker-Dealers: Broker-dealers regulated by FINRA may provide custody services for digital assets, but they must ensure that they have the specialized technical capabilities required to manage digital assets.

Other Regulated Financial Institutions: Some regulated financial institutions, such as futures merchants or foreign financial institutions, may be considered qualified custodians if they meet the requirements for custody of digital assets.

Key Requirements for Custodians of Digital Assets

Secure Technical Infrastructure: Custodians of digital assets must have advanced network security technology to prevent hacker attacks and asset loss. This typically includes the use of cold storage, multi-signature technology, hardware security modules (HSM), and more.

Asset Segregation and Separate Accounts: Digital assets must be stored separately from the custodian's other assets, and clients' assets must be held in separate accounts and clearly identified as client assets.

Regular Audits and Reporting: Custodians of digital assets should undergo regular third-party audits to ensure the security of assets and the compliance of custody services. Additionally, they must provide regular asset status reports to clients.

Compliance Capabilities: Custodians of digital assets must comply with the same compliance requirements as traditional asset custodians, including anti-money laundering (AML), know your customer (KYC), and other applicable financial regulations. Additionally, they must adhere to specific digital asset compliance frameworks, such as the transparency and traceability of blockchain transactions.

Insurance and Safeguard Measures: To further protect client assets, custodians of digital assets typically purchase insurance to prevent asset losses due to hacker attacks or operational errors.

Regulation and Certification

• State-Specific Certification: In the United States, some states such as New York have passed the New York State Financial Services Law, under which the BitLicense allows qualified companies to provide custody services for cryptocurrencies. This was detailed in Aiying's previous article "In-Depth Analysis: Two Major Licenses for Web3 Enterprises to Conduct Virtual Currency Business in New York State—BitLicense and Limited Purpose Trust Company License"
• Federal-Level Regulation: Although federal-level regulation has not fully covered all types of digital asset custody services, regulatory agencies such as the SEC and CFTC are gradually formulating relevant rules and supervising the market. This can be referenced in Aiying's previous article "[Payment Section] In-Depth Analysis of the Legal Basis and Requirements for Cryptocurrency Payment Licenses in the United States"

Currently, a total of 12 institutions have obtained custody licenses.

（Source: New York State Department of Financial Services NYDFS）

III. Policies in Other Regions

Hong Kong

1. Background

As an international financial center, Hong Kong has been gradually strengthening its regulation in the field of digital assets. With the widespread adoption of cryptocurrencies and blockchain technology, regulatory authorities in Hong Kong have begun to formulate corresponding regulations to standardize the custody and trading services of digital assets. The Trust or Company Service Provider (TCSP) license in Hong Kong is one of the licenses that providers of digital asset custody services must obtain. For more details, please refer to "Understanding the Latest Application Policies for Hong Kong Virtual Asset Custody Service Providers (TCSP) in 24 Years"

2. Specific Requirements

• TCSP License: In Hong Kong, companies providing cryptocurrency custody services need to apply for and hold a TCSP license. This license is regulated by the Hong Kong Companies Registry (CR) to ensure that institutions providing trust or company services comply with anti-money laundering (AML) and counter-terrorist financing (CFT) requirements.
• Asset Segregation and Separate Accounts: Custodians holding a TCSP license must ensure that clients' cryptocurrency assets are strictly segregated from their own assets and are typically required to be held in separate accounts. This practice helps prevent the custodian's financial issues from affecting the security of client assets.
• Security Technology and Compliance Requirements: Companies holding a TCSP license must also have robust network security measures in place to protect clients' digital assets. This includes the use of cold storage, multi-signature technology, and the establishment of strict compliance procedures to ensure asset security.
• Regular Audits and Reporting: Custodians need to undergo regular audits and provide detailed asset status reports to clients to ensure transparency and client awareness.

3. Regulatory Authorities

• Hong Kong Companies Registry (CR): The Companies Registry is responsible for issuing and supervising TCSP licenses to ensure that companies providing custody services comply with relevant laws and regulations. The main responsibilities of the CR include reviewing applications, conducting on-site inspections, and supervising licensed companies to comply with anti-money laundering and counter-terrorist financing legal requirements.

4. Industry Practices

• In Hong Kong, many fintech companies and traditional financial institutions have obtained TCSP licenses to legally provide cryptocurrency custody services. For example, companies such as OSL, BC Group, Hashkey, and others have conducted compliant custody operations in Hong Kong, providing secure digital asset management services to domestic and international institutional investors.

Singapore

1. Background

Singapore has attracted numerous digital asset companies with its open financial policies and innovative environment. The Monetary Authority of Singapore (MAS) is a key regulatory body overseeing digital asset custody and has formulated a series of regulations to ensure that cryptocurrency custody complies with international standards. For more details, please refer to "Comprehensive Interpretation of Singapore's Payment Service Regulation Framework and Digital Payment Token (DPT) License Requirements"

2. Specific Requirements

• Payment Services Act (PSA): Singapore implemented the Payment Services Act in 2020, which brought cryptocurrency services (including custody services) under regulatory oversight. Under the PSA, companies providing cryptocurrency custody services must obtain a "Digital Payment Token Service" license issued by MAS.
• Custodian Qualifications: In Singapore, custodians need to ensure that their technology and operational frameworks meet stringent security standards. MAS requires custodians to have sufficient capital, robust risk management systems, and strong network security measures.
• Compliance and Audits: Custodians must comply with anti-money laundering (AML) and counter-terrorist financing (CFT) regulations, establish robust know-your-customer (KYC) procedures, and undergo regular internal and external audits to ensure operational transparency and compliance.
• Protection of Client Assets: Custodians must segregate clients' cryptocurrency assets from their own assets and provide independent account management services. This requirement aims to ensure the security of client assets and protect them from the custodian's financial situation.

3. Regulatory Authority

• Monetary Authority of Singapore (MAS): MAS is Singapore's central bank and primary financial regulatory authority responsible for overseeing the compliance of cryptocurrency custody services. Through the implementation of the Payment Services Act, MAS has established a clear regulatory framework for cryptocurrency custody.

4. Industry Practices

• Singapore's digital asset custody market is rapidly developing, and many internationally renowned digital asset companies have established custody operations in Singapore. For example, Propine became the first digital asset custody company to receive a "Comprehensive Custody" license issued by MAS, marking Singapore's leading position in this field.

Reference: https://www.sec.gov/newsroom/press-releases/2024-111

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。