| Americas | Articles
If your advisory firm touches digital assets, one of the single largest regulatory questions is still “Who is allowed to hold the keys?” Under the current Custody Rule (Rule 206(4)-2), RIAs that can access client assets must keep them with a qualified custodian (QC), notify clients where those assets are kept and arrange the appropriate audits. The rule predates crypto, yet examiners increasingly treat tokens like any other “funds or securities.” That leaves advisers scrambling to prove their custodians are truly “qualified” and their controls are exam-ready.
Three fresh developments from the SEC now promise to reshape those obligations:
- Re-thinking its 2023 “safeguarding” overhaul.
- It has revoked SAB 121, inviting big banks back into crypto custody.
- A public roundtable on 25 April which signals more guidance — and maybe a new rule — later this year.
The 2023 Safeguarding Rule proposal – broad ambitions meet reality
In February 2023, the SEC, under then Chair Gary Gensler, tried to resolve some of this ambiguity, but in a way that alarmed much of the industry. The Commission proposed a new Safeguarding Rule for RIAs, effectively an overhaul of the Custody Rule. This proposal explicitly extended the rule’s coverage to all client assets under an adviser’s control, “including crypto assets”, and imposed additional obligations. RIAs would not only have to maintain crypto with qualified custodians, but they’d also need to ensure those custodians have “possession or control” of the assets (a phrasing interpreted as requiring robust custody agreements and perhaps technological control of private keys). Advisers would have to obtain written assurances from custodians about protections in the event of the custodian’s insolvency, among other new contractual requirements. In essence, the SEC sought to modernize the custody framework to catch up with crypto, closing loopholes so that no matter what the asset type, it would be kept safe by a regulated custodian.
However, this well-intentioned sweep of the net caught some very concerned fish. Public comments on the 2023 proposal were resoundingly critical of its scope, with even Commissioner Hester Peirce (who leads the Crypto Task Force) expressing concerns that the proposal would expand custody requirements to crypto assets while potentially “shrinking the ranks of qualified crypto custodians,” thereby increasing risks for investors.
Industry groups questioned whether traditional qualified custodians could even comply for certain digital assets. For example, some crypto assets (like certain tokens) simply had no readily available custodian solution at the time and the proposal offered no clear path for how an RIA could invest client assets in such tokens without running afoul of the rule.
Commissioner Mark T. Uyeda, in fact, raised this very issue back in 2023 when he was a dissenting voice: he warned that the SEC’s approach “appears to mask a policy decision to block access to crypto as an asset class” by making it nearly impossible for an adviser to satisfy the custody requirements. This skepticism from within the SEC has proven prescient.
Fast forward to today, that sweeping custody proposal is on ice. With a new administration in Washington and new leadership at the SEC, the agency has signaled it is rethinking the 2023 plan. In March 2025, Former Acting SEC Chair Mark Uyeda revealed that the Commission is considering “withdrawing it entirely” in favor of a different approach. He noted that commenters had serious concerns that the proposal’s “broad scope” was unworkable. Rather than rush forward, the SEC is working on alternatives. The SEC has made a significant change in approach, and RIAs are likely to benefit from that shift. It is highly anticipated that the feared new custody rule will not land imminently as written. For now, the existing Custody Rule remains in place unchanged. That said, the decision to hit pause on rulemaking doesn’t solve the underlying issues; it simply avoids making them worse. The SEC still faces the challenge of how to update custody regulations for crypto in a way that protects investors without “blocking” legitimate access. The ultimate replacement for the Safeguarding proposal will likely emerge after further deliberation. In the meantime, RIAs should stay vigilant: the lack of a new rule is not a license to relax, but rather an opportunity to engage with regulators on crafting a better solution.
SAB 121’s repeal—banks are back in the game
One of the most immediate game-changers for crypto custody came from an accounting policy shift. In 2022, the SEC’s staff issued Staff Accounting Bulletin No. 121 (SAB 121), which dictated that any public company holding crypto assets for customers must record a liability equal to those assets (at fair value) on its balance sheet. In practice, this meant large banks and custodians would take a significant balance-sheet hit if they offered crypto custody. SAB 121 was widely seen as “too punitive” – the American Bankers Association (ABA) argued it “curbed the ability” of banks to develop digital asset services at scale. In mid-2023, Congress even passed a bipartisan resolution to overturn SAB 121, warning it would hamper innovation, but that effort was vetoed by President Biden. Until this year, SAB 121 stood as a major deterrent: many banks simply stayed away from crypto custody rather than face the unfavorable accounting treatment and its capital implications.
That barrier has now been removed. In one of the early crypto-related moves of the new administration, the SEC rescinded SAB 121 via SAB 122, issued in January 2025. The new bulletin eliminated the requirement for banks to treat client crypto holdings as on-balance-sheet liabilities. Effectively, regulators acknowledged that forcing banks to back customer crypto assets with an equivalent liability was overkill, especially if those assets are fully segregated and safeguarded. The impact on institutional custody is immediate: banks and large trust companies can once again step into the crypto custody space without the accounting burden that previously held them back. The change was applauded by banking leaders. ABA’s CEO Rob Nichols noted that allowing banks as custodians “ensures that consumers won’t be left only with unsupervised, poorly regulated options” for safeguarding crypto assets. In other words, bringing banks back into the fold gives RIAs (and their clients) access to custodial partners that are highly regulated and experienced in protecting client assets.
For RIAs, the reversal of SAB 121 is welcome news on multiple fronts. First, it means more choice: you’re no longer limited to a handful of crypto-specialist firms for qualified custody. Mainstream financial institutions, from global custodian banks to regional trust companies, are now far more likely to expand into digital asset custody. Some, like BNY Mellon and Fidelity, had already dipped a toe into crypto, and we can expect those efforts to accelerate. Second, banks re-entering crypto means potentially stronger risk management and oversight. Many RIAs and their clients will take comfort in knowing assets can be held at an institution that also safe-keep traditional securities under a robust regulatory regime. This could also translate to better insurance coverage for custody and more standardization of internal controls (for instance, stringent SOC reports and audited controls that banks routinely provide).
However, it’s important to temper expectations: the mere removal of an obstacle doesn’t mean every bank will immediately launch crypto custody services. Many banks will continue to move cautiously, assessing market demand and awaiting further regulatory clarity from the SEC on what standards will apply to crypto custodians. Nonetheless, the trendline is clear: the pool of qualified custodians for digital assets is poised to grow, perhaps significantly, in the coming year. For RIAs, that could be a turning point, bridging the gap between the crypto world and traditional finance infrastructure.
The SEC’s crypto custody roundtable – a glimpse into the future
The SEC’s April 25, 2025 roundtable on digital asset custody is a strong signal that regulators are not just undoing previous policies but actively mapping out a new path forward. Convened by the SEC’s newly formed Crypto Task Force, the event is pointedly titled “Know Your Custodian: Key Considerations for Crypto Custody.” The framing is telling. “Know Your Custodian” suggests that due diligence and clarity in custodial relationships will be at the heart of future regulatory expectations. In her announcement of the roundtable, Commissioner Hester Peirce emphasized that custody issues are “some of the most challenging” as the SEC works to integrate crypto into the regulatory structure. This candid acknowledgment from a senior regulator underscores that there are no easy answers, and it justifies the collaborative approach of a public roundtable.
What can we expect from this roundtable?
While the full outcome will unfold in time (the session includes several hours of panels and discussions with industry experts), we can anticipate a few upcoming insights. The agenda features discussions on custody through broker-dealers and other models, suggesting the SEC is exploring a wide range of custodial frameworks beyond the traditional bank trust model. One likely focal point is the question of what entities should qualify as custodians for crypto. Should the definition of “qualified custodian” be revisited or tightened? Conversely, should the SEC provide more flexibility by recognizing new custodial models or charters? These questions will undoubtedly be front and center, given that the earlier Safeguarding Rule proposal had sought to make it tougher for certain firms (like state trust companies) to serve as QCs.
Another key topic is the technological aspect of custody – how to ensure safekeeping of digital assets. Crypto custody comes with unique risks (e.g. theft of private keys, smart contract bugs in custody solutions, etc.). The roundtable will likely delve into how custodians can demonstrate rigorous controls, such as multi-signature wallets, insurance against hacks, and robust operational security. RIAs in the audience or tuning in will be keen to hear how future SEC rules might require or incentivize such controls. It’s noteworthy that Commissioner Peirce, as well as some industry participants, have floated the idea of limited relief or sandboxes in other crypto areas to allow innovation while rules are being developed. We might see a similar openness when it comes to custody: the SEC could consider temporary no-action relief or exemptions if an RIA is using an unorthodox custody solution that provides comparable protection, at least until formal rules catch up.
Looking ahead: A moment to prepare, not pause
As the regulatory landscape evolves, RIAs should treat this moment not as a pause, but as a preparation period. The SEC’s softened posture on custody, reflected in the rollback of SAB 121, the shelving of the 2023 proposal, and the open dialogue of the April roundtable, signals a shift toward a more workable regime. But that work is still underway. In the months ahead, firms that take proactive steps, by reassessing their custody relationships, documenting robust due diligence, and staying close to policy developments, will be best positioned to adapt. Whether the next chapter brings a scaled-back rule, formal guidance, or something entirely new, RIAs who engage now will help shape a custody framework that’s both compliant and future-ready.
How can Bovill Newgate help you navigate crypto custody regulations?
As the crypto and digital asset landscape rapidly changes under the new administration, we’re here to help you seize opportunities while minimizing risks. Our expert team ensures that your RIA remains compliant, competitive, and confident in navigating the shifting regulatory currents of crypto and digital assets.
Get in touch if you need support in strengthening your digital asset security systems and processes.
Get in touch
