#How Does the SEC’s Custody Rule Affect Investment Advisers in the Era of DeFi?
The SEC’s Custody Rule has its roots back in 1962, and with Ethereum emerging in 2015, investment advisers are now at a crossroads. They must navigate a compliance framework that was established long before the advent of decentralized finance, or DeFi, which operates fundamentally differently from traditional financial institutions.
Galaxy Asset Management addressed these challenges in a perspective piece published on June 18, detailing the significant structural hurdles that registered investment advisers, or RIAs, face when attempting to deploy client capital into decentralized finance protocols. The commentary emphasizes the mismatch between regulatory requirements and modern financial technology.
#What Is the Main Challenge for RIAs in DeFi?
The primary complication arises from the interaction between qualified custodians and smart contracts. The Custody Rule, formally known as Rule 206(4)-2, mandates that investment advisers hold client funds with institutions labeled as qualified custodians. These custodians include entities such as banks, broker-dealers, and select trust companies.
In contrast, when RIAs engage in DeFi strategies, they are interacting directly on the blockchain through smart contracts. This means there is no traditional bank or custodian overseeing the movement of these assets. Instead, the technology dictates transaction flow, governed by code and protocol rules rather than the traditional roles of intermediaries. This situation creates what Galaxy Asset Management describes as a compliance gap, where RIAs find themselves caught between rigid regulatory requirements and a technology landscape that does not accommodate such protocols.
#Are There Any Regulatory Developments Addressing This Gap?
In an attempt to bridge this compliance gap, the SEC proposed a Safeguarding Rule in 2023 aimed at updating the Custody Rule to cover digital assets explicitly. However, this proposal has not been enacted, leaving the existing framework unchanged.
Galaxy suggests several solutions moving forward. They propose using multi-party computation (MPC) for key management. MPC divides control of private keys among multiple stakeholders, ensuring no single party has sole access to client assets. Moreover, they encourage the adoption of self-custody technologies as viable alternatives to traditional custodial models. Additionally, recommending independent PCAOB audits could offer clients and regulators reassurance when assets are not held by conventional custodians.
#What Signals of Change Are Emerging from the SEC?
Recently, the SEC provided some guidance in the form of a no-action letter during the timeframe of September to October 2025. This letter allowed certain state-chartered trust companies to act as qualified custodians for cryptocurrency assets under specific conditions. Although it did not alter the existing rules, it did open a narrow pathway for crypto assets to be maintained within the qualified custodian framework without requiring the involvement of full-service banks or broker-dealers.
Furthermore, SEC Chair Paul Atkins has expressed openness to change, particularly in support of accommodating self-custody practices within crypto. In a 2025 discussion, he framed the need for flexibility around what he described as foundational American values.
#How Should Investors Interpret These Developments?
While the SEC has not yet taken any immediate enforcement actions regarding Galaxy's analysis, the ongoing dialogue emphasizes the importance of innovative governance and technical strategies. This is crucial for aligning DeFi activities with the protective measures that investors depend on.