Crypto Custody Breakthrough: SEC Staff Grants Relief for Registered Funds, Advisers

The US Securities and Exchange Commission Division of Investment Management Staff issued a no-action letter permitting registered investment advisers and registered investment companies, including business development companies, to use state trust companies to custody crypto assets and related cash and/or cash equivalents, provided certain conditions are met.

For years, registered investment advisers (RIAs) and registered investment companies (Registered Funds) have navigated significant ambiguity when seeking qualified custodians for crypto assets. The US Securities and Exchange Commission (SEC) Division of Investment Management Staff’s (Staff) September 30, 2025 no-action letter (the Letter) provides clarity for RIAs and Registered Funds seeking to use state trust companies (STCs) as qualified custodians for crypto assets, and for STCs seeking to offer crypto asset custody services to RIAs and Registered Funds. [1]

The Letter defines the term “Crypto Assets” broadly as assets that are “digital representations of value that are recorded on a cryptographically secured distributed ledger,” and notes the relief applies to Crypto Assets and cash or cash equivalents reasonably necessary to effect transactions in Crypto Assets. Despite this broad definition, the Letter does not state that the current custody provisions of the Investment Company Act of 1940, as amended (1940 Act) or the Investment Advisers Act of 1940, as amended (Advisers Act) would be expanded to include those Crypto Assets not already in scope. [2]

CLARIFYING THE DEFINITION OF A ‘BANK’

The definition of a “bank” serves as a core criterion for a “qualified custodian” as defined in Rule 206(4)-2 (Custody Rule) under the Advisers Act and a “specified custodian” as defined in Sections 17(f) and 26(a) under the 1940 Act. Under both acts, a “bank” includes:

[…] (C) any other banking institution, savings association, as defined in section 1462(4) of title 12, or trust company, whether incorporated or not, doing business under the laws of any State or of the United States, a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency, and which is supervised and examined by State or Federal authority having supervision over banks or savings associations, and which is not operated for the purpose of evading the provisions of [the Advisers Act.]

Therefore, an STC will meet the definition of “bank” if the STC’s business consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks. However, determining whether an STC meets this “substantial portion” requirement involves a complex analysis of facts and circumstances which has led to industry ambiguity. In the Letter, the Staff notes that they would not recommend enforcement action to the Commission under the Advisers Act Custody Rule or 1940 Act if an RIA or Registered Fund treats an STC as a “bank” custodian for Crypto Assets and related cash/cash equivalents, provided that certain conditions are met.

CONDITIONS FOR RELIEF

The Staff’s no-action position permitting RIAs and Registered Funds to treat an STC as a “bank” for crypto asset custody is subject to the following conditions:

• Authorization and Due Diligence Requirements: Prior to engaging the STC and on an annual basis, the RIA or Registered Fund must have a reasonable basis, after due inquiry, for believing that the STC is authorized by the relevant State Banking Authority to provide custody services for Crypto Assets and related cash and/or cash equivalents.
  • The STC must maintain and implement written internal policies and procedures reasonably designed to safeguard Crypto Assets and related cash and/or cash equivalents from the risk of theft, loss, misuse, and misappropriation, addressing topics such as private key management and cybersecurity.
• Audited Controls and Financial Review: The RIA or Registered Fund must receive and review the STC’s most recent annual financial statements, confirming they have been audited by an independent public accountant and prepared in accordance with Generally Accepted Accounting Principles (GAAP).
  • The RIA or Registered Fund must also receive and review the STC’s most recent written internal control report prepared by an independent public accountant, confirming that controls are suitably designed and operating effectively to meet control objectives related to custodial services.
• Strict Custody Agreement Requirements: A written custodial services agreement must be entered into, stipulating that the STC will not lend, pledge, hypothecate, or rehypothecate any Crypto Assets or related cash and/or cash equivalents without prior written consent, and that all such assets will be segregated from the STC’s assets.
• Disclosure and Fiduciary Duty: The RIA must disclose to its clients, or the Registered Fund must disclose to its board of directors or trustees, any material risks associated with using STCs as custodians of Crypto Assets and related cash and/or cash equivalents. Additionally, the RIA or Registered Fund must reasonably determine that using the STC’s custody services is in the best interest of the RIA client or Registered Fund and its shareholders.

STCs PROVIDE CUSTODY SERVICES FOR CRYPTO ASSETS

The letter requesting the Staff’s no-action relief (the Request) asserts that, given the increased demand for Crypto Asset investment strategies over the past decade, STCs are critical providers of custody services for Crypto Assets. The Request notes that STCs generally have sophisticated controls in place to ensure the safekeeping of Crypto Assets, such as the following:

• “Deep” cold storage of Crypto Assets
• Third-party annual audits of financial statements and third-party reports regarding controls (e.g., SOC-1 and/or SOC-2 reports)
• Cybersecurity, physical security, and business continuity policies and procedures
• Complex encryption protocols and Crypto Assets movement verification controls
• Policies and procedures concerning private key generation and storage

The Request further provides that STC controls have been developed within state regulatory frameworks and are supervised and examined by the state authority with supervision over banks. This means that STCs operate within established state regulatory frameworks that impose licensing requirements, ongoing supervision, periodic examination, minimum capital requirements, and comprehensive recordkeeping, and that STCs meet the definition of a “bank” under the Advisers Act and the 1940 Act.

COMMISSIONER COMMENTARY

After releasing the Letter, Commissioners Caroline Crenshaw and Hester Peirce both released statements. Commissioner Peirce expressed support for the Letter, [3] describing it as an “encouraging development” for RIAs and Registered Funds interested in investing in Crypto Assets, and welcomed clarity to a longstanding “regulatory gray zone” that has historically left market participants uncertain about whether STCs are permissible custodians under the Advisers Act and the 1940 Act.

Although supportive, Commissioner Peirce’s statement stressed that the scope of the Letter was key, noting the specific application of the Custody Rule and custody provisions of the 1940 Act, and her view that the Letter was indicative of an opportunity for further modernization of custody requirements, potentially via principles-based rules in the future, rather than providing sweeping changes on its own.

Conversely, Commissioner Crenshaw sharply criticized the Letter, [4] asserting that it “degrades” the custody framework designed to protect US investors from the risks of theft, loss, or misappropriation. She noted particular concern that issuing the Letter erodes statutory protections by introducing a new class of custodians that, she argued, do not meet the current federal standards.

Commissioner Crenshaw described the Staff action as lacking both factual support and legal justification and based her criticism on the assertion that the only cited rationale is a “false narrative” of a lack of other viable custodians for Crypto Assets. She also noted that issuing the Letter circumvents proper rulemaking and public comment and jumps ahead of the Commission’s ongoing and planned regulatory work. [5]

TAKEAWAYS

The no-action relief provided by the Letter presents both opportunities and challenges for RIAs and Registered Funds seeking to utilize STCs as qualified custodians for Crypto Assets.

• Business Implications: The relief expands the pool of qualified custodians for Crypto Assets, addressing the gap left by traditional banks and broker-dealers that have been reluctant to offer broad crypto custody services. However, the relief is limited to Crypto Assets and related cash equivalents, potentially necessitating split custody arrangements for multi-asset programs, potentially increasing operational complexity and reconciliation risks.
• Compliance and Regulatory Issues: RIAs must enhance their due diligence frameworks to meet the Staff's conditions, including obtaining audited GAAP financials and independent internal control reports from STCs. Further, requiring a written custody agreement and risk disclosure updates may necessitate updates to client agreements and fund prospectuses.
• Definitional Questions: The Letter provides a definition for STCs, but it does not clarify how to measure a "substantial portion" of business in terms of deposit-taking or fiduciary powers.
• Audit Requirements: The Letter requires audited GAAP financials from the STC, without adopting the flexibility suggested in the Request that would permit audits to occur at the parent level.
• SOC Report Scope: The requirement for a SOC report implies a Type II opinion covering key custody controls. RIAs must ensure an STC’s SOC report meets these standards or seek additional assurances prior to using the STC as a custodian for Crypto Assets.

The Letter also represents an evolution in the Staff’s recent views on the Custody Rule since the SEC’s 2023 “Safeguarding Rule” proposal, [6] which was not adopted. That proposal would have significantly broadened RIAs’ custodial requirements, including with respect to non-security crypto assets. According to the Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, the Commission appears to be focusing on revisiting the custody requirements of both RIAs and Registered Funds, so the Letter may portend additional useful changes with respect to the custody of Crypto Assets.

Although the Letter is not a statement of the Commission and could be subject to change, it supplies a workable path for RIAs and Registered Funds that seek to offer crypto exposure by using STCs to custody Crypto Assets. As far as next steps, RIAs and Registered Funds should consult the new guidance and consider revisiting how they plan to custody Crypto Assets to ensure compliance with the Letter’s conditions.