January 16, 2019

Custody and Transfer of Digital Assets: Key U.S. Legal Considerations1

During the past half dozen years, Bitcoin and some other cryptocurrencies have been the
focus of countless articles and accusations, and some substantial trading and speculation.
Developments in blockchain, smart contracts, and other technological innovations have more
recently drawn widespread attention in financial services for their potential applications.
However, it is only in last couple of years that investors and investment managers have begun to
seriously consider how cryptocurrencies, initial coin offering (“ICO”) tokens, and other similar
financial assets (“Digital Assets”) could play a growing role as investment alternatives. The
development of more established cryptocurrency exchanges, regulated as state-chartered trust
companies, and the introduction of futures markets for cryptocurrencies have begun to provide
more confidence in market pricing and analytics. While price fluctuations in a relatively illiquid
and nascent market may forewarn many investors, even established institutional investors have
begun to create strategies and treat some Digital Assets as a growing asset class.

Further developments, of course, require an infrastructure that parallels the frameworks common
to other asset classes. Legal uncertainty about certain Digital Assets, as demonstrated by
enforcement actions by the Securities and Exchange Commission (“SEC”) involving some ICO
tokens as unregistered securities and by the Commodity Futures Trading Commission (“CFTC”)
for fraudulent activities, as well as definitional issues, remain obstacles. Greater clarity on the
applicable regulatory frameworks for Digital Assets will be a key factor in determining the
degree to which such assets become an accepted feature of institutional investment. Today, in
January 2019, the absence of such clarity remains a drag on investment in Digital Assets. Other
components of the market infrastructure also are key. Greater transparency and stability in the
market would draw investors rather than speculators.

Another critical element of the necessary market infrastructure is sound practices for the custody
and transfer of Digital Assets. This element is being solved as investment advisors respond to
the requirements of institutional investors. As with other financial assets, investors in Digital
Assets face the risk of theft or loss of their holdings. This risk can be especially pronounced in
connection with Digital Assets because transfers may not be easily reversible, today many
intermediaries can be lightly capitalized, and other market participants are frequently anonymous
or pseudonymous. These market characteristics underscore the importance of effective practices
for the custody and transfer of Digital Assets. Unfortunately, the legal framework for such
custody and transfer is evolving and not always well-understood.

This article provides an overview of the key legal issues that must be addressed in
providing a solid framework for custody and transfer for Digital Assets. First, it describes
certain aspects of how distributed ledgers operate that are relevant to the mechanics for holding
or transferring Digital Assets. It then describes the U.S. commercial and insolvency law
considerations relevant to custodial relationships and transfers involving Digital Assets. Next, it
summarizes the key U.S. regulatory frameworks currently applicable to Digital Asset custodians.

1
This article reflects legal developments as of January 7, 2019 and was prepared by Michael Krimminger,
Colin Lloyd, Sandra Rocks, Marc Rotter, Brandon Hammer, Reshama Patel, and Jim Wintering. The views
expressed in this paper are solely those of the authors and do not necessarily represent the policies or views
of Cleary Gottlieb or any of its partners. © 2019 Cleary Gottlieb Steen & Hamilton.
Finally, it describes the proposed Uniform Regulation of Virtual-Currency Businesses Act (the
“URVCBA”), which would make certain reforms in these areas.

1. Operation of Distributed Ledgers

The ownership and transfer of a Digital Asset commonly is recorded on a “blockchain” or

other distributed ledger. Typically, distributed ledgers operate through the use of public and
private keys.2 The distributed ledger shows which public key owns each Digital Asset. To effect
a transfer of a Digital Asset, the transferor needs to enter the private key that corresponds to the
public key that the ledger shows as the owner of the Digital Asset. Private keys are created in
mathematical relation to their public key pair and are unmodifiable. Participants in the
distributed ledger validate transactions by confirming that the transfer has been authorized by the
private key associated with the relevant public key.

Through the possession and use of a private key to validate Digital Asset transfers, every
asset recorded on a specified distributed ledger may be transferred between different public keys.
Without a public key’s private key match, however, no assets held in connection with a public
key may be transferred at all. As a result, Digital Asset investors must be able to effectively
retain and protect such private key information, and thus control over all attached Digital Assets
to protect their investments. Without security and control over all private key information,
investors are susceptible to both malicious attacks intended to obtain access to their private
key—resulting in a malicious actor gaining the ability to transfer their Digital Assets and often
leaving investors without recourse—and to losing possession of the private key and the ability to
transfer their Digital Assets to or from any other person’s public key in the future.

On a rudimentary level, Digital Asset investors have often looked to solve this problem
with what are referred to as “wallets,” which hold a private key for those investors and often
require the use of a “passphrase” to subsequently access their private keys to transfer any Digital
Assets. If investors choose to store their private keys in a “hot” wallet that is connected to the
Internet, they face an increased risk of cyber-attack but may more quickly transfer Digital Assets
to other parties. By contrast, maintaining private keys in an off-line, hardware-based “cold”
wallet protects against cyber-hacking risks, but requires an investor’s continued maintenance and
possession of the hardware. Given some of the difficulties that investors may face in sufficiently
managing all of these risks on their own, Digital Asset investors have frequently looked to some
form of a centralized custodian to hold their assets.

Many investors have stored Digital Assets directly with the exchanges through which
they trade. Many exchanges often maintain those assets in pooled, hot wallets that always
remain connected to the Internet. While such storage solutions provide for faster access when an
investor is looking to execute Digital Asset transactions on the exchange, hackers have
increasingly succeeded at capitalizing on exchanges’ vulnerabilities, including hot wallets’
connections to the Internet, to steal large quantities of pooled Digital Assets from such
exchanges. In those instances, investors have faced challenges in recouping their assets from the
exchanges or otherwise. Other exchanges maintain both hot wallets for immediate transactions
2
This article describes the typical operation of publicly accessible distributed ledgers, such as the blockchain
used for Bitcoin. Other distributed ledger technologies, especially permissioned (i.e., “private”)
blockchains, can involve different mechanics for recording the ownership and transfer of Digital Assets.

2
and cold wallets for longer-term custody. The cold wallets are usually wholly disconnected from
the Internet and provide for far superior security.

Market participants have attempted to address these issues by providing Digital Asset
custody services.3 Such services often primarily or exclusively use cold storage wallets, holding
all Digital Asset private keys in pooled accounts that are entirely offline until an individual
investor wishes to withdraw or transfer their Digital Assets. This model provides investors with
increased assurances in the safety of their private keys and Digital Assets, while also removing
the additional work required of investors if they were to protect this information themselves.

2. Key U.S. Commercial and Insolvency Law Considerations

A. Custodial Relationships

The characterization of the relationship between a holder of a Digital Asset and its
custodian is a question of state law. Some key factors that may affect the characterization of the
relationship include:

 What service is the custodian providing?

o Is the custodian holding the holder’s private key or the Digital Asset itself?

o Has the custodian established a “multi sig” arrangement (i.e., an arrangement in

which more than one key is required to authorize a Digital Asset transaction)? If
so, does the custodian have all of the keys that are needed to allow the Digital
Asset transaction to take place?

 How does the parties’ agreement (if any) describe the relationship?

o Does it call the relationship a bailment or another similar relationship such as

some form of an agency?

o Does the documentation transfer any ownership of the private key or Digital Asset
to the custodian or does the customer retain all right, title, and interest in the
private key or Digital Asset?

o Does the custodian have the right to reuse the custodial assets?

o Is there an agreement to treat the private key or Digital Asset as a “financial

asset”?

3
See, e.g., Olga Kharif and Sonali Basak, Regulated Crypto Custody Is (Almost) Here. It’s a Game Changer,
Bloomberg (June 18, 2018), https://www.bloomberg.com/news/articles/2018-06-18/regulated-crypto-
custody-is-almost-here-it-s-a-game-changer.

3
 A custodial relationship could take many different forms, and the questions to consider
will depend on the facts at hand. While the documentation will likely be crucial, it is not
necessarily determinative.

Bailment or Similar Relationship. One possible way to frame the relationship between an
owner of a Digital Asset and its custodian is as a bailment or similar relationship such as some
form of an agency. A number of Digital Asset market participants have characterized their
relationship as a bailment or similar agency relationship in order to ensure application of certain
rights and duties discussed in greater detail below. A written or express agreement, however, is
not necessarily required for a bailment or agency to be created. A court may conclude that the
facts and circumstances demonstrate that a bailment or agency relationship was created. Such
characterizations are more likely when the owner does not transfer to the custodian its rights in
the private key or Digital Asset.

If the custodian is recognized as the bailee or agent of the customer, then the custodian
would owe certain duties to the bailor or principal. Such duties include, if the custodian is
recognized as a bailee, a duty to exercise ordinary care in keeping and safeguarding property of
the bailor and if instead the custodian is recognized as the customer’s agent, then the duties of
obedience, loyalty, and care.

Although the rules governing the distribution of custodial assets upon the custodian’s
insolvency will depend on the applicable insolvency regime, many U.S. regimes, including the
U.S. Bankruptcy Code, look to state law in the first instance to see whether the property is
considered property of the custodian or instead property of the customer. If the latter, the assets
will generally not be subject to claims of the custodian’s general creditors. The way state law
views property held subject to a bailment or similar relationship will depend on whether the
property is fungible or not. For non-fungible property, the assets would be considered property
of the customer and therefore, as long as the customer can substantiate the bailment or similar
relationship and identify the relevant assets, its claim for the return of the asset will not be
subject to the claims of the custodian’s general creditors. State law also provides that fungible
property held subject to a bailment or similar relationship is the property of the bailor, but that if
there is a shortfall in the amount of a particular fungible asset relative to the claims of all bailors,
the bailors will share pro rata.

While it appears unlikely that private keys would be considered fungible assets, the
analysis is less clear for the Digital Assets themselves. For example, Digital Assets carried on
particular blocks that make them sufficiently non-interchangeable may be non-fungible.
However, if a custodian were to hold the Digital Assets in bulk with each customer owning a
portion thereof, such Digital Assets could be considered fungible.

Securities Intermediary-Entitlement Holder Relationship. Another possible way to

describe the customer-custodian relationship is as one between an entitlement holder and its
securities intermediary within the purview of Article 8 of the Uniform Commercial Code as in
effect in the applicable state (“UCC”).

In the United States, the relationship between securities broker-dealers and their
customers in respect of the customers’ securities is generally subject to Article 8 of the UCC.

4
However, a broader range of relationships can fall within the scope of Article 8 if the asset being
maintained is a “financial asset.” An ICO token would likely be a financial asset by virtue of its
status as a security.4 Article 8 also allows parties to agree to treat an asset that is not a security as
a financial asset so long as it “makes sense to apply the [duties in Part 5 of Article 8 of the UCC
(“Part 5 duties”)] to the relationship.”5 It is likely appropriate to apply the Part 5 duties to the
custody of cryptocurrencies. For other assets recorded on a distributed ledger, one would have to
analyze whether it would make sense to apply the Part 5 duties to the relationship based on the
nature and properties of the asset, including whether the asset is transferable, generates payments
or distributions, or provides holders with certain rights such as voting rights.

Overall, the benefit of electing to treat custodial assets as “financial assets” and thereby
subject to Article 8 is that parties would then be able to have their relationship governed by a
well-established legal regime that governs a very large market.

If the custodial relationship is subject to Article 8, then Part 5 of Article 8 imposes certain
duties on the custodian as the securities intermediary, including a duty to maintain a sufficient
quantity of the custodial assets to satisfy customer entitlements, a duty to comply with a
customer’s instructions, and a prohibition on granting security interests in the custodial assets
without consent. In the absence of an agreement between the custodian and its customer as to
which standard applies to the custodian in the exercise of its Part 5 duties, the custodian must
exercise “due care in accordance with reasonable commercial standards.”6

As in the context of a bailment or similar relationship, the rights of a customer in the

event of the custodian’s insolvency will depend on the applicable insolvency regime.7 As
mentioned above, most U.S. insolvency regimes look to state law to determine who has an
interest in certain assets. However, the Securities Investor Protection Act (“SIPA”), which will
likely govern the insolvency of a securities broker-dealer, provides that a securities customer will
have a claim against the debtor based on its “net equity,” which generally reflects all of the
customer’s securities positions and associated customer cash. To the extent this distribution rule
applies, which it may in the case of ICO tokens held with a broker-dealer, a Digital Asset
customer’s claim for the return of its securities will share ratably with the claims of other
securities customers and in priority to the broker-dealer’s general creditors.

In the event the SIPA distribution rules do not apply and the insolvency regime points to
state law, Section 8-503 of the UCC provides that financial assets held by a securities
intermediary are not property of the securities intermediary and Section 8-511 of the UCC
provides that the claims of entitlement holders would have priority over creditors except when
the creditors have “control” over the financial asset. Section 8-503(b) further provides that each

4
UCC § 8-102(a)(9) defines a “financial asset” as, in relevant part, “(i) a security; [or] “(ii) an obligation of a
person or a share, participation, or other interest in a person or in property or an enterprise of a person,
which is, or is of a type, dealt in or traded on financial markets, or which is recognized in any area in which
it is issued or dealt in as a medium for investment.”
5
See UCC § 8-102 cmt. 9.
6
See UCC §§ 8-504(c)(2), 8-505(a)(2), 8-506(2), 8-507(a)(2) and 8-508(2).
7
See UCC § 8-503 cmt. 1.

5
entitlement holder’s property interest is a pro rata property interest in all interests of the
securities intermediary in the particular type of financial asset that is being held for the
entitlement holder by the securities intermediary.

Other Relationship Characterizations. If there is no bailee-bailor or similar relationship

and no securities intermediary-entitlement holder relationship, then there might only be a
contractual relationship. In the context of such other relationships, the custodian may not have
any special duties, and if it enters into insolvency proceedings, the customer might only have an
unsecured monetary claim (and not a claim to the actual custodial assets). However, this does
not exclude the possibility that there are other relationships with legal import that might exist
between the custodian and its customer.

B. Transfers of Digital Assets to Third Parties

In addition to determining the rights and obligations of a custodian of a Digital Asset and
the Digital Asset owner, how a Digital Asset is held and the agreement governing the Digital
Asset may have significant implications for the rights of any transferee of the Digital Asset. This
is because the UCC’s rules concerning perfection and priority differ for different asset categories
and the nature and documentation of the custodial relationship may dictate which category a
Digital Asset falls into. Most notably, while many Digital Assets would, absent an agreement to
the contrary, likely be considered “general intangibles” for purposes of Article 9 of the UCC, an
effective agreement between a custodian and customer to treat a Digital Asset as a financial asset
would cause such asset to be “investment property” under Article 9, which is subject to very
different priority and perfection rules.

Pledging. Perfecting a security interest in a general intangible requires filing a UCC

financing statement, and the pledgee must be the first to file in order for its security interest in
the Virtual Asset to have priority over the rights or interests of most third parties. In contrast, a
security interest in investment property can be perfected by “control,” and control affords
enhanced priority. A secured party can obtain control by: (1) becoming the entitlement holder;
(2) being the securities intermediary; or (3) entering into a control agreement.8

Sales. Whereas there are no commercial rules that provide for adverse claim cutoff
protection for general intangibles in the context of sales, UCC Sections 8-502 and 8-510 provide
that if a transferee of a financial asset gives value, acquires its interest without notice of any
adverse claims and obtains “control,” it will acquire its interest free of adverse claims.

3. Key U.S. Regulatory Considerations

Analyzing the regulatory status of a Digital Asset custodian begins with a categorization
of the underlying Digital Asset. Generally speaking, as a matter of U.S. federal law, Digital
Assets are viewed as either “securities” (as appears to be the case with most ICO tokens),9 and

8
See UCC §§ 8-106(c), 9-106(a).
9
See Virtual Currencies: The Oversight Role of the U.S. Securities and Exchange Commission and the U.S.
Commodity Futures Trading Commission, 115th Cong. (Feb. 6, 2018) (Testimony of Chairman Clayton

6
thus subject to regulation by the Securities and Exchange Commission (“SEC”), or non-security
“commodities” (as appears to be the case with Bitcoin and certain other cryptocurrencies),10 and
thus subject to regulation by the Commodity Futures Trading Commission (“CFTC”). In
addition, certain state laws can apply to Digital Asset custodial activities.

A. Federal Securities Law Considerations

The Securities Exchange Act of 1934 (the “Exchange Act”) generally requires any person
engaged in the business of effecting transactions in securities for the account of others (a
“broker”) to register with the SEC as a broker-dealer.11 The SEC views handling customer funds
or securities as a type of brokerage activity.12 Accordingly, a person acting as custodian for
Digital Assets that are securities typically must register with the SEC as a broker-dealer. Among
other regulations, registered broker-dealers are subject to extensive requirements related to the
handling of customer funds and securities (which would include these Digital Assets),
maintenance of minimum net capital, creation and maintenance of books and records, and anti-
money laundering requirements.13

An exception from broker-dealer registration exists, however, for certain federal or state
chartered or licensed banks engaged in custody or safekeeping activities.14 These custodians are
instead subject to banking law regulation of their custodial activities. Banking regulation for
custodial or fiduciary activities by state and federal banks and trust companies, whether insured
by the Federal Deposit Insurance Corporation (“FDIC”) or not, is designed to preserve the
customer’s interest in the property held by the bank or trust company for safekeeping. The trust
departments of banks and trust companies are examined by the appropriate supervisory agency in

before the Senate Committee on Banking, Housing, and Urban Affairs, Washington D.C.) (“I believe every
ICO I’ve seen is a security.”)
10
See In re Coinflip, Inc., CFTC Docket No. 15-29 (Sep. 17, 2015) (“Bitcoin and other virtual currencies are
encompassed in the definition [of commodity under Section 1a(9) of the CEA] and properly defined as
commodities.”). Questions have been raised, however, regarding whether all Digital Assets qualify as
commodities, or just those (such as Bitcoin) that underlie listed futures contracts. See e.g. Defs.’ Opp’n. to
Pl.’s Mot. for Prelim. Inj., CFTC v. My Big Coin Pay, Inc., 1:18-cv-10077-RWZ at 7-10 (D. Mass. Apr. 3,
2018). However, the court in CFTC v. My Big Coin Pay, Inc. ultimately held that all virtual currencies are
commodities within the meaning of the CEA. See CFTC v. My Big Coin Pay, Inc., 1:18-cv-10077-RWZ
(D. Mass. Sept. 26, 2018).
11
Section 15(a)(1) of the Exchange Act.
12
See Definition of Terms in and Specific Exemptions for Banks, Savings Associations, and Savings Banks
Under Sections 3(a)(4) and 3(а)(5) of the Securities Exchange Act of 1934, SEC Release No. 34- 44291
(May 11, 2001).
13
The application of these regulations to Digital Assets is not clear in many cases. For a high-level summary,
see Financial Industry Regulatory Authority, Distributed Ledger Technology: Implications of Blockchain
for the Securities Industry, https://www.finra.org/sites/default/files/FINRA_Blockchain_Report.pdf.
14
See Section 3(a)(4)(B)(viii) of the Exchange Act. Although most U.S. depository institutions clearly
qualify for this exception, the status of other types of banks, such as state-licensed non-depository trust
companies, is not as clear in all cases.

7
order to require segregation and recordkeeping for trust assets, and those assets are treated
exclusively as customer assets even in a failure of the bank or trust company.

In addition, federal securities law regulation of investors can obligate them to use certain
regulated institutions as custodians for client assets. For example, Rule 206(4)-2 (the “Custody
Rule”) under the Investment Advisers Act of 1940 (the “Advisers Act”) generally requires SEC-
registered investment advisers that have custody15 of client funds or securities16 to maintain such
funds or securities with a “qualified custodian,” such as a bank or broker-dealer.17 The qualified
custodian must maintain an adviser’s client funds and securities either in a separate account for
each client in the client’s name, or in one or more accounts containing only funds and securities
of the client in the name of the investment adviser as agent or trustee for the client. Also, as
investment advisers must have a “reasonable basis, after due inquiry, for believing that the
qualified custodian sends an account statement, at least quarterly”18 to each of the adviser’s
clients, such account statements are implicitly demanded of qualified custodians as well. 19

The Custody Rule does not apply to accounts of SEC-registered investment companies.20
Rather, a separate set of requirements under Section 17(f) of the Investment Company Act of
1940 (the “Investment Company Act”) and related rules governs how assets of SEC-registered
investment companies must be held. Like the Advisers Act, the Investment Company Act
requires either that registered investment companies use a regulated intermediary as a custodian
or that they self-custody assets. Self-custody subjects registered investment companies to
significant additional regulatory burdens, including surprise physical inspections by an
independent public account and procedures that must be followed for the deposit and withdrawal
of securities,21 as well as recordkeeping requirements and the need to develop systems to

15
Custody is broadly defined as “holding, directly or indirectly, client funds or securities, or having any
authority to obtain possession of them,” and includes (i) possession of client funds or securities, (ii) any
arrangement under which an adviser is authorized or permitted to withdraw client funds or securities held
by a custodian upon instruction to the custodian, and (iii) access to client funds by virtue of an adviser’s
dual role as both general partner and investment adviser to a limited partnership or other such capacity.
Rule 206(4)-2(d)(2) under the Advisers Act.
16
The SEC has not yet addressed whether or under what circumstances Digital Assets that are not securities
remain subject to the Custody Rule as “funds.”
17
The term “qualified custodian” is defined in the Custody Rule to include: banks or savings associations
with deposits insured by the FDIC; broker-dealers registered with the SEC; futures commission merchants
registered with the CFTC; and non-U.S. financial institutions that customarily hold financial assets for their
customers, so long as they keep the advisory assets separate from their own.
18
Rule 206(4)-2(a)(3) under the Advisers Act.
19
Additionally, investment advisers that also serve as qualified custodians themselves must be subject to an
annual surprise examination from an independent public accountant that is registered with and regularly
inspected by the Public Company Accounting Oversight Board. Furthermore, that adviser must also obtain
or receive from its affiliate an annual report prepared by such an accountant that covers all internal controls
the adviser uses relating to providing custody services for client assets.
20
Rule 206(4)-2(b)(5) under the Advisers Act.
21
Rule 17f-2 under the Investment Company Act.

8
facilitate trading. Section 17(f) of the Investment Company Act and the related rules allow
registered investment companies to use, among other custodians, U.S. banks,22 certain foreign
banks,23 and members of national securities exchanges.24

B. Federal Commodities Law Considerations

Unlike the federal securities laws, the Commodity Exchange Act (“CEA”) generally does
not impose registration or licensing requirements on intermediaries, including custodians,
providing services in connection with cash commodities, including Digital Assets traded on a
spot or forward basis. Instead, substantive regulation under the CEA and CFTC rules thereunder
typically extends solely to parties transacting in commodity-related derivatives, with CFTC
jurisdiction over cash commodity market participants mostly limited to the enforcement of anti-
fraud and anti-manipulation provisions of the CEA.25

Aspects of a custodial arrangement for Digital Assets can affect whether the CFTC views
transactions in the Digital Asset to be cash market transactions or derivatives. For example, in
the retail context, the CFTC has proposed to treat certain leveraged or margined transactions as a
type of derivative if certain liens or transfer restrictions apply to the Digital Asset.26 The CFTC
has not finalized this interpretation, however, and a recent court decision (currently on appeal)
casts doubt on it.27 The CFTC has also not yet addressed how its other precedents distinguishing
cash market transactions from derivatives apply to Digital Asset transactions.28

CFTC regulations can also apply to the custody of Digital Assets if they serve as
collateral for CFTC-regulated derivatives. In particular, a party accepting customer funds or

22
Section 17(f)(1) if the Investment Company Act
.
23
Rule 17f-5 under the Investment Company Act.
24
Rule 17f-1 under the Investment Company Act. In addition, SEC-registered investment companies are able
to deposit securities in securities depositories that meet certain requirements and hold assets with futures
commission merchants and commodity clearing organizations in amounts necessary to effect certain types
of transactions. See Rules 17f-4, 17F-6, and 17f-7 under the Investment Company Act.
25
For example, CFTC Regulation § 180.1 prohibits fraud and manipulation in connection with any contract
of sale of any commodity in U.S. interstate commerce.
26
See Retail Commodity Transactions Involving Virtual Currency, 82 Fed. Reg. 60335 (Dec. 20, 2017).
27
Commodity Futures Trading Comm'n v. Monex Credit Co., 311 F. Supp. 3d 1173 (C.D. Cal. 2018). The
case on appeal is Commodity Futures Trading Comm’n v. Monex Credit Co., case number 18-55815, in the
U.S. District Court of Appeals for the Ninth Circuit.
28
For example, some of this precedent depends on whether a commodity is “nonfinancial,” which in turn
depends on whether ownership of the commodity can be conveyed in some manner and the commodity can
be consumed. See Further Definition of “Swap,” “Security-Based Swap,” and “Security-Based Swap
Agreement”; Mixed Swaps; Security-Based Swap Agreement Recordkeeping, 77 Fed. Reg. 48208, 48233
(Aug. 13, 2012). However, this precedent was intended to address environmental commodities, such as
emission allowances, that do not provide good analogies for many Digital Assets.

9
other property (such as Digital Assets) to secure a CFTC-regulated derivatives (other than an
uncleared swap) typically must register with the CFTC as a futures commission merchant and
satisfy CFTC customer segregation rules.29 These segregation rules, in turn, require the futures
commission merchant to deposit its customer’s funds or other property in a segregated account
held by a permissible depository, such as a bank, trust company, another futures commission
merchant, or a derivatives clearing organization.30

C. State Law Considerations

At the state level, many jurisdictions similarly require that custodial services for
customers’ financial assets can only be provided by certain regulated persons. Many states
similarly require some form of a bank, trust company, or other fiduciary charter to act as a
fiduciary in performing such custodial duties. Additionally, many state laws limit such fiduciary
powers either to federally-chartered entities or to entities chartered or regulated by that state.
While reciprocity may be provided to out-of-state trust companies for certain activities, the
regular conduct of custodial and fiduciary activities typically requires separate licensing by the
state where the customers reside.

In addition, New York requires licensing and oversight for custodial activities through
the relatively extensive “BitLicense” framework introduced in 2015 or through its oversight of
banks and trust companies. Persons who are “storing, holding, or maintaining custody of virtual
currency on behalf of others” within the New York market are conducting “virtual currency
business activity” within the jurisdiction,31 and must either obtain a BitLicense from the New
York Department of Financial Services (“NYDFS”), or otherwise fit an exemption by being
chartered under New York Banking Law and approved by NYDFS to engage in such activity.32
Persons operating as BitLicensees (as opposed to exempt, chartered institutions) are required to
maintain a trust account with a “qualified custodian”—defined to extend only to a broad number
of federal and New York banking entities in the state’s relevant regulations—and must also hold
Digital Assets of the same type and amount as any “owed or obligated” to another person for
whom it is providing such custodial services. Thus, for any person seeking to provide Digital
Asset custodial services of any kind involving New York markets, this additional regulatory
hurdle is imposed.

In addition to state laws governing custodial relationships, it is important to note the

central role played to date by state money transmitter laws in governing transactions in Digital
Assets. State money transmitter licensing is frequently required for many Digital Asset
activities, particularly for serving as an intermediary in fiat currency, virtual currency, and
related transactions. While custodial activities may not be subject to the money transmitter laws,

29
See Section 4d of the CEA and CFTC Regulations §§ 1.20-1.30 (futures segregation rules), 30.7 (foreign
futures segregation rules) and Part 22 (cleared swaps segregation rules).
30
See CFTC Regulations §§ 1.20(b), 22.4, and 30.7(b).
31
23 NYCRR § 200.2(q).
32
See 23 NYCRR § 200.3(a)-(c).

10
it is important to carefully consider the applicable statutory and regulatory language as well as
any interpretative rulings by individual state regulators to define what is within the ambit of that
state’s money transmitter law.

4. Looking Ahead: the URVCBA and UCC Article 8 Companion Act to the URVCBA

The URVCBA and the UCC Article 8 Companion Act to the URVCBA (the “Companion
Act”) are an initiative of the Uniform Law Commission intended to provide a state-level
regulatory framework similar to that created by state money transmitter laws for entities that
offer virtual currency33 transfer, exchange, or storage services. The URVCBA has not yet been
enacted by any state, although it has been introduced in Connecticut, Hawaii, and Nebraska.

A. The URVCBA

In order for a person to exchange, transfer or store a virtual currency for purposes of the
URVCBA, such person must have “control” over that virtual currency, which means the “power
to execute unilaterally or prevent indefinitely a virtual-currency transaction.”34 In the context of
a “multi sig” arrangement, a custodian may only have one of several private keys that are needed
to effectuate a transaction in the relevant virtual currency, in which case such custodian would
not have “control” over such virtual currency for the purposes of the URVCBA. However,
certain entities are exempt from the URVCBA’s requirements, including (1) federally- or state-
chartered depository institutions; (2) broker-dealers or futures commission merchants provided
that their virtual currency activities are ancillary to their securities or commodities business and
they comply with Section 502 of the URVCBA (discussed below); and (3) governments.

A person within the scope of the URVCBA needs to obtain a license from state
authorities if the value of such person’s virtual currency business activities exceeds a $5,000 de
minimis threshold. The URVCBA, however, also creates an “on-ramp” or “lite” regime for
entities whose virtual currency business activity is below a $35,000 threshold. Such persons still
need to register with the relevant authorities, but are subject to less onerous licensing
requirements.

Obligations applicable to licensees and registrants are similar to those imposed under
money transmitter laws and include recordkeeping, disclosure, and business continuity planning
obligations. Unlike money transmitter laws, however, Section 502 of the URVCBA requires
licensees and registrants that have “control” over customers’ virtual currencies to “maintain an
amount of each type of virtual currency sufficient to satisfy the aggregate entitlements of the
persons to each type of virtual currency for the benefit of its resident customers.” While this
obligation is similar to that imposed on securities intermediaries under Part 5 of Article 8 of the
UCC, Part 5 permits a securities intermediary and its customer to agree that a different rule will
apply and also provides that this obligation will be displaced to the extent addressed by another
statute or regulation. Section 502 also provides that virtual currency held by a licensee or
registrant for a customer is not property of the licensee or registrant and will not be available to

33
The URVCBA uses the term “virtual currency” throughout, which is very broadly defined. See URVCBA
§ 102(23).
34
URVCBA § 102(3)(A).

11
satisfy the claims of such licensee’s or registrant’s creditors. Customers will share pro rata in
the virtual currencies to which they are entitled.

B. The Companion Act

The Companion Act requires entities subject to the URVCBA to agree with their
customers that virtual currencies controlled by such entities for such customers are to be treated as
financial assets, which would mean that the commercial law rules for financial assets discussed
above would apply to such virtual currencies. Notably, the Companion Act also provides that the
agreement between a licensee or registrant and their customers cannot provide for a standard for
the licensee or registrant to comply with its Part 5 duties that is less protective of the customer
than the standard that applies under Part 5 when there is no agreement between the parties as to
which standard applies (i.e., “due care in accordance with reasonable commercial standards”).
The Companion Act further requires that the agreement between a licensee or registrant and its
customer must state that the licensee or registrant will not grant a security interest in the virtual
currency it is maintaining on behalf of its customer.

4. Conclusion

As with many issues involving Digital Assets, the laws and interpretations governing
their custody and transfer continues to evolve. Current law generally was not designed to
address Digital Assets and, as a result, is being adapted to fit this new asset class that, in some
areas, fits imperfectly within existing legal frameworks and interpretations. Perhaps the only
sure prediction is that the law will continue to evolve and, less certainly, continue to develop to
promote greater certainty as Digital Assets themselves continue to evolve and play an
increasingly significant role in the markets.

12