Investment Advisers Act of 1940: Rule 206(4)-2
“The Custody Rule is a key investor protection under the Advisers Act. When investment advisers have “custody,” or access to client funds or securities, there is an increased risk of misappropriation or misuse of these assets. The Custody Rule provides that it is a fraudulent, deceptive or manipulative act, practice or course of business for an investment adviser that is registered or required to be registered under the Advisers Act to have “custody” of client funds or securities unless they are maintained in accordance with the requirements of the Custody Rule. In 2003, the Securities and Exchange Commission (“Commission”) amended the definition of “custody” in the Custody Rule to include, among other things, “[a]ny arrangement (including a general power of attorney) under which [an investment adviser is] authorized or permitted to withdraw client funds or securities maintained with a custodian upon [the investment adviser’s] instruction to the custodian[.]” Custody includes authority and access to client securities and funds, not just physical possession.”
 See, e.g., GW & Wade, LLC, Release No. IA-3706 (Oct. 28, 2013).
 Rule 206(4)-2.
 Rule 206(4)-2(d)(2)(ii). See Custody of Funds or Securities of Clients by Investment Advisers, Release No. IA-2176 (Sept. 25, 2003) (“2003 Release”).
“Through this dialogue, staff and market participants have discussed, among other things, whether and how characteristics particular to digital assets affect compliance with the Custody Rule. These characteristics include, for example, the use of DLT to record ownership, the use of public and private cryptographic key pairings to transfer digital assets, the “immutability” of blockchains, the inability to restore or recover digital assets once lost, the generally anonymous nature of DLT transactions, and the challenges posed to auditors in examining DLT and digital assets.”
THE DIFFERENCE THAT MAKES THE DIFFERENCE
There are some major assumptions regulators make with regard to blockchain. The first and most obvious one is there is only one method and they all inherit the same major characteristics. Bitcoin, started in 2009 and its approach is one way: https://bitcoin.org/bitcoin.pdf. A lesser known approach, ONLI, started in 2010, is another way: http://www.academia.edu/35284830. As with any technology, new approaches are emerging all the time. Onli, for example, has no ledger, ownership like real cash is the result of actual possession, ownership transfer is centralized therefore there are no cryptographic key pairings to transfer ownership, trading is peer to peer, while it is still subject to the “immutability of blockchains”, it is private not anonymous, the system is audit-able. The only thing it has in common with The Bitcoin Approach to digital assets is the inability to restore assets once lost. Onli has all the benefits of Bitcoin with none of the problems. Onli was built, from the start, to fit within regulatory frameworks. For us, Ownership & Identity was job one. Custody was job two. Bitcoin was expressly built to operate outside a central authority. This is the difference that makes Onli, different.
The point is that blockchain is a technology that proposes a different use for the internet. The internet is not the web. The web is a network of documents, The internet is a network of computers. They are two very different things. This is important in thinking about regulation you don’t want to create laws for a narrow use case that applies to a technology as a whole. The Open Data Economy built on the micro-work [https://en.m.wikipedia.org/wiki/Microwork] of users. This economy emerged from inherent characteristics of the technology used to create the web. In order to be efficient the web has to be open and public by default. This openness has certain economic benefits: https://en.m.wikipedia.org/wiki/Economics_of_open_data. The eco system that developed as a result has led to many successful business models. However this is not the only use for the internet.
It is my opinion, we are witnessing the emergence of a new sector of the internet where data is private by default. The need for privacy has always been there but the limitation has been the attempts to crowbar privacy into an inherently public architecture. Understanding the difference that makes the difference will help us grow the industry responsibly and not cripple it before it starts.