Quiero saber acerca de...

11630

Federal Register / Vol. 86, No. 37 / Friday, February 26, 2021 / Rules and Regulations
khammond on DSKJM1Z7X2PROD with RULES

and associated network 13 prior to undertaking to maintain custody of the digital asset security and at reasonable intervals thereafter. The assessment could examine at least the following aspects of the distributed ledger technology and its associated network, among others: 1 Performance i.e., does it work and will it continue to work as intended; 2 transaction speed and throughput i.e., can it process transactions quickly enough for the intended applications; 3 scalability i.e., can it handle a potential increase in network activity; 4 resiliency i.e., can it absorb the impact of a problem in one or more parts of its system and continue processing transactions without data loss or corruption; 5
security and the relevant consensus mechanism i.e., can it detect and defend against malicious attacks, such as 51% attacks 14 or Denial-of-Service attacks, without data loss or corruption;
6 complexity i.e., can it be understood, maintained, and improved;
7 extensibility i.e., can it have new functionality added, and continue processing transactions without data loss or corruption; and 8 visibility i.e., are its associated code, standards, applications, and data publicly available and well documented. The assessment also could examine the governance of the distributed ledger technology and associated network and how protocol updates and changes are agreed to and implemented. This would include an assessment of impacts to the digital asset security of events such as protocol upgrades, hard forks, airdrops, exchanges of one digital asset for another, or staking.15 Such assessments would allow a broker-dealer to be able to identify significant weaknesses or other operational issues with the distributed ledger technology and associated network utilized by the digital asset security, or other risks posed to the broker-dealers business by the digital asset security, which would 13 For the purposes of this statement, a digital asset securitys distributed ledger technology and associated network includes the protocols and any smart contracts or applications integral to the operation of the digital asset security.
14 For the purposes of this statement, a 51%
attack is an attack on a blockchain or distributed ledger in which an attacker or group of attackers controls a majority of the networks hash rate, mining or computing power, allowing the attacker or group of attackers to prevent new transactions from being confirmed.
15 For purposes of this statement, hard forks refer to backward-incompatible protocol changes to a distributed ledger that create additional versions of the distributed ledger, potentially creating new digital assets. Airdrops refer to the distribution of digital assets to numerous addresses, usually at no monetary cost to the recipient or in exchange for certain promotional services. Staking refers to the use of a digital asset in a consensus mechanism.

VerDate Sep<11>2014

16:49 Feb 25, 2021

Jkt 253001

allow a broker-dealer to take appropriate action to identify and reduce its exposure to such risks. Accordingly, if there are significant weaknesses or other operational issues with the distributed ledger technology and associated network, the broker-dealer would be able to determine whether it could or could not maintain custody of the digital asset security.
A fourth step the broker-dealer could take is to establish, maintain, and enforce reasonably designed written policies, procedures, and controls for safekeeping and demonstrating the broker-dealer has exclusive possession or control over digital asset securities that are consistent with industry best practices to protect against the theft, loss, and unauthorized and accidental use of the private keys necessary to access and transfer the digital asset securities the broker-dealer holds in custody. These policies, procedures, and controls could address, among other matters: 1 The on-boarding of a digital asset security such that the brokerdealer can associate the digital asset security to a private key over which it can reasonably demonstrate exclusive physical possession or control; 2 the processes, software and hardware systems, and any other formats or systems utilized to create, store, or use private keys and any security or operational vulnerabilities of those systems and formats; 3 the establishment of private key generation processes that are secure and produce a cryptographically strong private key that is compatible with the distributed ledger technology and associated network and that is not susceptible to being discovered by unauthorized persons during the generation process or thereafter; 4 measures to protect private keys from being used to make an unauthorized or accidental transfer of a digital asset security held in custody by the broker-dealer; and 5 measures that protect private keys from being corrupted, lost or destroyed, that backup the private key in a manner that does not compromise the security of the private key, and that otherwise preserve the ability of the firm to access and transfer a digital asset security it holds in the event a facility, software, or hardware system, or other format or system on which the private keys are stored and/or used is disrupted or destroyed. These policies, procedures, and controls for safekeeping and demonstrating the broker-dealer has exclusive possession or control over digital asset securities should serve to protect against the theft, loss, and unauthorized and accidental use of the
PO 00000

Frm 00028

Fmt 4700

Sfmt 4700

private keys and therefore the customers digital asset securities.
A fifth step the broker-dealer could take is to establish, maintain, and enforce reasonably designed written policies, procedures, and arrangements to: 1 Specifically identify, in advance, the steps it intends to take in the wake of certain events that could affect the firms custody of the digital asset securities, including blockchain malfunctions, 51% attacks, hard forks, or airdrops; 2 allow the broker-dealer to comply with a court-ordered freeze or seizure; and 3 allow the transfer of the digital asset securities held by the broker-dealer to another special purpose broker-dealer, a trustee, receiver, liquidator, a person performing a similar function, or another appropriate person, in the event the broker-dealer can no longer continue as a going concern and self-liquidates or is subject to a formal bankruptcy, receivership, liquidation, or similar proceeding. These policies and procedures should include measures for ensuring continued safekeeping and accessibility of the digital asset securities, even if the broker-dealer is wound down or liquidated, and thus would provide a reasonable level of assurance that a broker-dealer has developed plans to address unexpected disruptions to the broker-dealers control over digital asset securities.
A sixth step the broker-dealer could take is to provide written disclosures to prospective customers about the risks of investing in or holding digital asset securities. The disclosures could include, among other matters: 1
Prominent disclosure explaining that digital asset securities may not be securities as defined in SIPA 16and in particular, digital asset securities that are investment contracts under the Howey test 17 but are not registered with the Commission are excluded from SIPAs definition of securitiesand thus the protections afforded to securities customers under SIPA may not apply with respect to those securities; 2 a description of the risks of fraud, manipulation, theft, and loss associated with digital asset securities;
3 a description of the risks relating to valuation, price volatility, and liquidity associated with digital asset securities;
and 4 a description of the processes, software and hardware systems, and any other formats or systems utilized by the broker-dealer to create, store, or use the broker-dealers private keys and protect them from loss, theft, or unauthorized or accidental use including, but not limited to, cold storage, key sharding, 16 15

U.S.C. 78lll14.
SEC v. W.J. Howey Co., 328 U.S. 293 1946.

17 See
E:FRFM26FER1.SGM

26FER1