Enforcement in Digital Asset Space Hits All-Time High – Is Your Firm Prepared for an Examination?

Preparing for a possible SEC exam revolving around digital assets requires meticulous attention to a variety of critical areas that Silver's Compliance Team covers in this article to help prepare private fund managers and investment firms for success under regulatory examination and investor due diligence.

As the SEC continues to increase its scrutiny with widespread enforcement, the rise in digital asset activity and emerging financial technology has introduced a complex regulatory compliance landscape, particularly for private fund managers in the digital asset space. 

The SEC isn’t just taking note; they are taking action. If you think this is just hyperbole, consider the number of enforcement actions that have been brought by the SEC in 2023 alone, which rang in at a staggering 46 cases by year-end. That represents a 50 percent increase from 2022 and is the highest number of enforcement actions by the SEC on record since 2013. Highlights include the following: 

For a digital asset private fund manager, preparing for a possible SEC examination requires attention to detail in several critical compliance areas, including custody, portfolio management, marketing, cybersecurity, anti-money laundering (AML) and record retention, among others. At Silver, our primary goal is to help prepare private fund managers and investment firms for success under regulatory scrutiny and investor due diligence. Our first step in achieving this goal is providing a game plan that outlines the following crypto-specific examination observations and considerations, which in turn assists firms in navigating the various requirements that crop up before, during and after a SEC examination. 

Build Crypto Specific Portfolio Management Policies and Procedures 

Tailored Compliance Programs

Firms must design and implement compliance programs that are specifically tailored to their crypto investment strategies. This involves creating policies and procedures that address the unique risks and regulatory requirements associated with digital assets. A tailored compliance program should cover all aspects of the firm’s operations, including custody of securities and digital assets, trading practices, AML compliance and cybersecurity measures. Regular training and updates are essential to keep a private fund manager’s staff informed about the latest regulatory developments and best practices.

Risk Management Frameworks

A comprehensive risk management framework is critical for managing the volatility and operational risks associated with digital assets. Firms should develop policies that identify, assess and mitigate risks related to market fluctuations, counterparty reliability and exposure, and technological vulnerabilities. This framework should include stress testing and scenario analysis to evaluate the potential impact of adverse market conditions and other risk factors of a portfolio.

Due Diligence Procedures

Digital asset advisers often use various digital exchanges, trading platforms and other counterparties each with different levels of security, liquidity and compliance protocols. A lack of a formal due diligence, review and approval process for these counterparties can expose firms to significant risks, including fraud, cybersecurity breaches and operational failures. Implementing a rigorous process to conduct due diligence, approve and regularly evaluate digital exchanges and other counterparties based on their regulatory risk profile is crucial, especially in the rapidly changing digital asset landscape.

Firms should establish detailed procedures for evaluating the security, operational resiliency and reliability of exchanges, trading platforms and other counterparties. This includes verifying the backgrounds of counterparties, assessing the technological integrity of digital assets traded and ensuring that exchanges meet the firm’s standards for security and operational resiliency.

Monitoring of Best Execution

Achieving best execution in digital asset trading requires a detailed review of counterparties and trading venues. The absence of a best execution process can lead to less than ideal trading outcomes and potential regulatory scrutiny during an examination. Firms should establish and document a best execution policy and procedure, incorporating factors such as price, liquidity and counterparty risk. Regular reviews and updates to this policy are necessary to adapt to market developments and adhere to regulatory obligations.

Investor Disclosures

Comprehensive disclosures are crucial for maintaining investor trust and passing regulatory scrutiny during an examination. Firms should ensure that all communications with investors, including marketing materials, prospectuses and financial reports, accurately reflect the risks and characteristics of their digital asset strategies. Clear disclosures about the firm’s approach to custody, risk management and regulatory compliance may mitigate the risk of follow up questions by regulators during the initial stage of an examination.

Ensure Custody is Air Tight

Failure to Use a Qualified Custodian

The SEC mandates that registered investment advisers deemed to have custody of client funds or securities must maintain those securities and assets with a qualified custodian, such as banks, registered broker-dealers, futures commission merchants and/or certain foreign financial institutions. A significant compliance issue arises when firms fail to use such custodians for certain digital assets, with the potential impact being asset loss, regulatory deficiencies which could lead to fines and reputational damage. The manner in which a digital asset adviser maintains custody of their digital assets will likely be highly scrutinized by regulators during an examination, so procedures to ensure compliance with the Custody Rule must be a priority.

Lack of a Portfolio Review Process to Identify Digital Assets Deemed Securities by the SEC

Digital assets often fall into a regulatory gray area, with some being classified as securities by the SEC (a list that is ever-changing). A broad portfolio review process is crucial to identify and properly handle this regulatory challenge. Without such a process through the adviser’s automated portfolio management system or otherwise, firms risk inadvertently managing securities without adhering to the necessary regulations, potentially resulting in significant a deficiency, fines or enforcement. A proactive approach involves regularly reviewing the SEC’s guidance and enforcement actions to identify which digital assets are deemed securities and ensuring compliance with relevant regulations.

Delivering Late Audited Financial Statements to Investors

Timely delivery of audited financial statements is fundamental for compliance with the Custody Rule and to help maintain investor confidence. However, the complexity of auditing digital asset strategies can lead to late delivery of these statements, which typically frustrates regulators and investors, thus potentially triggering investigations and penalties. To reduce this risk, firms should work closely with auditors who specialize in digital assets and develop streamlined processes to ensure timely completion of audits and delivery of audited financial statements.

Substantiate Boastful Marketing

Lack of Backup to Support Claims and Statements in the Crypto Space

Compliance with the new Marketing Rule is a top priority for examiners. Marketing in the digital asset space may involve a firm’s statements meant to demonstrate their confidence and experience, such as being “one of the first in the space,” to the market. Without proper substantiation, these claims can attract regulatory attention and appear to mislead investors. The SEC requires that all marketing materials be truthful and not misleading, so firms must ensure they have adequate documentation and evidence to back up any claims made in their marketing materials. This includes maintaining detailed records of methodologies, research and data used to support statements about performance, market position, unique firm characteristics and other claims.

Maintain Robust Cybersecurity Controls

Lack of Security Controls for Digital Assets

Digital assets are particularly vulnerable to cyber threats, making comprehensive information security controls even more essential for digital asset advisers. A lack of enhanced security around private keys for private wallets can lead to asset theft, operational disruptions and significant financial losses. Firms must implement comprehensive data security measures, including multi-factor authentication, cold storage solutions and regular security audits, to protect digital assets from cyber threats. Additionally, staff should be regularly trained on best practices for handling private keys and recognizing potential cyber threats.

Lack of an Incident Response Plan

An incident response plan is crucial for quickly addressing and mitigating the impact of cybersecurity incidents. The absence of such a plan can lead to prolonged disruptions, a decrease in investor trust and loss of both money and investors. Firms should develop, regularly update and test a detailed incident response plan that outlines procedures for detecting, responding to, and recovering from cyber incidents. This plan should include clear roles and responsibilities, communication protocols and steps for reporting incidents to relevant authorities and, above all else, ongoing training.

Monitor Anti-Money Laundering Risks

In-Kind Crypto Asset Contributions

In-kind contributions of crypto assets, as opposed to cash contributions, are common in the digital asset space but pose certain AML risks. These contributions may be difficult to trace and verify, increasing the potential for money laundering. Firms must implement rigorous AML policies and procedures to address these risks, including thorough due diligence on contributors, thorough transaction monitoring and regular risk assessments. To mitigate AML risks associated with in-kind crypto contributions a digital asset adviser should follow AML best practices, including adhering to Financial Action Task Force guidelines.

Implement Extensive Record Retention

Electronic Communications

The SEC requires firms to maintain comprehensive records of all communications related to their advisory business, but digital asset advisers often use various electronic communication platforms, which can be challenging to retain in archiving platforms. To comply with these requirements, firms should implement systems and procedures to capture, archive and retrieve electronic communications across every platform they use, or restrict usage to just email and instant message, as an example. Regular audits of these systems can help ensure that all required communications are being properly retained and are accessible when needed.

Investment/Trade Documentation

Maintaining a comprehensive trade blotter that meets the SEC’s requirements can be challenging in the fast-paced and consistently changing digital asset market. Accurate and detailed trade documentation is crucial for demonstrating adherence to investment guidelines and regulatory requirements. Firms should develop robust processes for recording and reconciling all trading activity, including timestamps, counterparty information and transaction details. A firm’s use of automated technology solutions designed for the digital asset space can help streamline this process and ensure that all necessary information is captured and retained.

Conclusion

For private fund managers and others in the digital asset space, preparing for an SEC examination requires a thorough understanding of the unique challenges and risks associated with this emerging asset class. It requires getting, and staying, ahead of the SEC by implementing thorough policies, procedures and controls that help meet SEC requirements while also fostering investor trust and confidence in the firm’s operations. As the digital asset landscape continues to evolve, Silver will stay informed and proactive in sharing essential regulatory developments to help private fund managers prepare for SEC examinations and achieving long-term success in this dynamic market.

Please feel free to contact us at [email protected] with any questions or concerns you might have regarding anything mentioned above and how Silver can help prepare your firm for a possible SEC examination.

Share the Post:

SilverVision Archive

The Corporate Transparency Act: Compliance Update for Private Fund Managers

The Corporate Transparency Act (CTA) represents a significant shift in corporate accountability, with potential implications for businesses nationwide. While enforcement is currently on hold, companies should proactively monitor developments, review compliance systems, and gather necessary information to ensure readiness and avoid future penalties.

Read More »