As the SEC continues to increase its scrutiny with widespread enforcement, the rise in digital asset activity and emerging financial technology has introduced a complex regulatory compliance landscape, particularly for private fund managers in the digital asset space.
The SEC isn’t just taking note; they are taking action. If you think this is just hyperbole, consider the number of enforcement actions that have been brought by the SEC in 2023 alone, which rang in at a staggering 46 cases by year-end. That represents a 50 percent increase from 2022 and is the highest number of enforcement actions by the SEC on record since 2013. Highlights include the following:
- Fraud – Terraform Labs and its founder Do Kwon, Richard Heart and three entities that he controls, Hex, PulseChain, and PulseX, FTX CEO Samuel Bankman-Fried and other FTX executives
- Staking and Lending – crypto asset lending and/or staking programs serving as the basis for unregistered securities offerings included Genesis/Gemini, Celsius, Kraken and Nexo, and resulted in Kraken and Nexo agreeing to cease their offerings and paying $30 and $22.5 million in penalties
- NFTs – Impact Theory LLC and Stoner Cats 2 LLC were the first instances where NFT sales represented unregistered offerings of securities
- Intermediaries – enforcement actions alleging noncompliance in the crypto asset intermediary space included Beaxy, Bittrex, Binance and Coinbase
- Touting – Celebrities such as NBA Hall of Famer Paul Pierce, media personality Kim Kardashian, Lindsay Lohan, Jake Paul, Michele Mason (Kendra Lust), Miles Parks McCollum (Lil Yachty), Shaffer Smith (Ne-Yo), Aliaune Thiam (Akon), DeAndre Cortez Way (Soulja Boy) and Austin Mahone were charged with touting crypto asset securities without disclosing they were compensated for doing so
For a digital asset private fund manager, preparing for a possible SEC examination requires attention to detail in several critical compliance areas, including custody, portfolio management, marketing, cybersecurity, anti-money laundering (AML) and record retention, among others. At Silver, our primary goal is to help prepare private fund managers and investment firms for success under regulatory scrutiny and investor due diligence. Our first step in achieving this goal is providing a game plan that outlines the following crypto-specific examination observations and considerations, which in turn assists firms in navigating the various requirements that crop up before, during and after a SEC examination.
Build Crypto Specific Portfolio Management Policies and Procedures
Tailored Compliance Programs
Firms must design and implement compliance programs that are specifically tailored to their crypto investment strategies. This involves creating policies and procedures that address the unique risks and regulatory requirements associated with digital assets. A tailored compliance program should cover all aspects of the firm’s operations, including custody of securities and digital assets, trading practices, AML compliance and cybersecurity measures. Regular training and updates are essential to keep a private fund manager’s staff informed about the latest regulatory developments and best practices.
Risk Management Frameworks
A comprehensive risk management framework is critical for managing the volatility and operational risks associated with digital assets. Firms should develop policies that identify, assess and mitigate risks related to market fluctuations, counterparty reliability and exposure, and technological vulnerabilities. This framework should include stress testing and scenario analysis to evaluate the potential impact of adverse market conditions and other risk factors of a portfolio.
Due Diligence Procedures
Digital asset advisers often use various digital exchanges, trading platforms and other counterparties each with different levels of security, liquidity and compliance protocols. A lack of a formal due diligence, review and approval process for these counterparties can expose firms to significant risks, including fraud, cybersecurity breaches and operational failures. Implementing a rigorous process to conduct due diligence, approve and regularly evaluate digital exchanges and other counterparties based on their regulatory risk profile is crucial, especially in the rapidly changing digital asset landscape.
Firms should establish detailed procedures for evaluating the security, operational resiliency and reliability of exchanges, trading platforms and other counterparties. This includes verifying the backgrounds of counterparties, assessing the technological integrity of digital assets traded and ensuring that exchanges meet the firm’s standards for security and operational resiliency.
Monitoring of Best Execution
Achieving best execution in digital asset trading requires a detailed review of counterparties and trading venues. The absence of a best execution process can lead to less than ideal trading outcomes and potential regulatory scrutiny during an examination. Firms should establish and document a best execution policy and procedure, incorporating factors such as price, liquidity and counterparty risk. Regular reviews and updates to this policy are necessary to adapt to market developments and adhere to regulatory obligations.
Investor Disclosures
Comprehensive disclosures are crucial for maintaining investor trust and passing regulatory scrutiny during an examination. Firms should ensure that all communications with investors, including marketing materials, prospectuses and financial reports, accurately reflect the risks and characteristics of their digital asset strategies. Clear disclosures about the firm’s approach to custody, risk management and regulatory compliance may mitigate the risk of follow up questions by regulators during the initial stage of an examination.
Ensure Custody is Air Tight
Failure to Use a Qualified Custodian
The SEC mandates that registered investment advisers deemed to have custody of client funds or securities must maintain those securities and assets with a qualified custodian, such as banks, registered broker-dealers, futures commission merchants and/or certain foreign financial institutions. A significant compliance issue arises when firms fail to use such custodians for certain digital assets, with the potential impact being asset loss, regulatory deficiencies which could lead to fines and reputational damage. The manner in which a digital asset adviser maintains custody of their digital assets will likely be highly scrutinized by regulators during an examination, so procedures to ensure compliance with the Custody Rule must be a priority.
Lack of a Portfolio Review Process to Identify Digital Assets Deemed Securities by the SEC
Digital assets often fall into a regulatory gray area, with some being classified as securities by the SEC (a list that is ever-changing). A broad portfolio review process is crucial to identify and properly handle this regulatory challenge. Without such a process through the adviser’s automated portfolio management system or otherwise, firms risk inadvertently managing securities without adhering to the necessary regulations, potentially resulting in significant a deficiency, fines or enforcement. A proactive approach involves regularly reviewing the SEC’s guidance and enforcement actions to identify which digital assets are deemed securities and ensuring compliance with relevant regulations.
Delivering Late Audited Financial Statements to Investors
Timely delivery of audited financial statements is fundamental for compliance with the Custody Rule and to help maintain investor confidence. However, the complexity of auditing digital asset strategies can lead to late delivery of these statements, which typically frustrates regulators and investors, thus potentially triggering investigations and penalties. To reduce this risk, firms should work closely with auditors who specialize in digital assets and develop streamlined processes to ensure timely completion of audits and delivery of audited financial statements.
Substantiate Boastful Marketing
Lack of Backup to Support Claims and Statements in the Crypto Space
Compliance with the new Marketing Rule is a top priority for examiners. Marketing in the digital asset space may involve a firm’s statements meant to demonstrate their confidence and experience, such as being “one of the first in the space,” to the market. Without proper substantiation, these claims can attract regulatory attention and appear to mislead investors. The SEC requires that all marketing materials be truthful and not misleading, so firms must ensure they have adequate documentation and evidence to back up any claims made in their marketing materials. This includes maintaining detailed records of methodologies, research and data used to support statements about performance, market position, unique firm characteristics and other claims.
Maintain Robust Cybersecurity Controls
Lack of Security Controls for Digital Assets
Digital assets are particularly vulnerable to cyber threats, making comprehensive information security controls even more essential for digital asset advisers. A lack of enhanced security around private keys for private wallets can lead to asset theft, operational disruptions and significant financial losses. Firms must implement comprehensive data security measures, including multi-factor authentication, cold storage solutions and regular security audits, to protect digital assets from cyber threats. Additionally, staff should be regularly trained on best practices for handling private keys and recognizing potential cyber threats.
Lack of an Incident Response Plan
An incident response plan is crucial for quickly addressing and mitigating the impact of cybersecurity incidents. The absence of such a plan can lead to prolonged disruptions, a decrease in investor trust and loss of both money and investors. Firms should develop, regularly update and test a detailed incident response plan that outlines procedures for detecting, responding to, and recovering from cyber incidents. This plan should include clear roles and responsibilities, communication protocols and steps for reporting incidents to relevant authorities and, above all else, ongoing training.
Monitor Anti-Money Laundering Risks
In-Kind Crypto Asset Contributions
In-kind contributions of crypto assets, as opposed to cash contributions, are common in the digital asset space but pose certain AML risks. These contributions may be difficult to trace and verify, increasing the potential for money laundering. Firms must implement rigorous AML policies and procedures to address these risks, including thorough due diligence on contributors, thorough transaction monitoring and regular risk assessments. To mitigate AML risks associated with in-kind crypto contributions a digital asset adviser should follow AML best practices, including adhering to Financial Action Task Force guidelines.
Implement Extensive Record Retention
Electronic Communications
The SEC requires firms to maintain comprehensive records of all communications related to their advisory business, but digital asset advisers often use various electronic communication platforms, which can be challenging to retain in archiving platforms. To comply with these requirements, firms should implement systems and procedures to capture, archive and retrieve electronic communications across every platform they use, or restrict usage to just email and instant message, as an example. Regular audits of these systems can help ensure that all required communications are being properly retained and are accessible when needed.
Investment/Trade Documentation
Maintaining a comprehensive trade blotter that meets the SEC’s requirements can be challenging in the fast-paced and consistently changing digital asset market. Accurate and detailed trade documentation is crucial for demonstrating adherence to investment guidelines and regulatory requirements. Firms should develop robust processes for recording and reconciling all trading activity, including timestamps, counterparty information and transaction details. A firm’s use of automated technology solutions designed for the digital asset space can help streamline this process and ensure that all necessary information is captured and retained.
Conclusion
For private fund managers and others in the digital asset space, preparing for an SEC examination requires a thorough understanding of the unique challenges and risks associated with this emerging asset class. It requires getting, and staying, ahead of the SEC by implementing thorough policies, procedures and controls that help meet SEC requirements while also fostering investor trust and confidence in the firm’s operations. As the digital asset landscape continues to evolve, Silver will stay informed and proactive in sharing essential regulatory developments to help private fund managers prepare for SEC examinations and achieving long-term success in this dynamic market.
Please feel free to contact us at [email protected] with any questions or concerns you might have regarding anything mentioned above and how Silver can help prepare your firm for a possible SEC examination.