Member Firms’ Nexus to Crypto

Background

Crypto assets—also known as digital assets—are assets issued or transferred using distributed ledger or blockchain technology. While many kinds of market participants engage in crypto asset activities, FINRA has jurisdiction only over its member firms and their associated persons. Federal securities laws and FINRA rules generally apply to member firm activities involving crypto assets that are securities, including those that are offered and sold as an investment contract (which is a type of security). In addition, certain FINRA rules apply to the activities of firms and their associated persons irrespective of whether the activity involves a security.

Findings and Effective Practices

Findings

While not exhaustive, themes identified with respect to violations by member firms and associated persons involving crypto assets or crypto asset ETPs include:

2210 (Communications with the Public):
- Not appropriately and accurately addressing relevant risks and including appropriate disclosures in communications with the public.
- Disseminating promotional materials that contain false and misleading statements or omissions in connection with securities offerings involving crypto assets, including:¹
  - Failing to clearly differentiate in communications, including those on mobile apps, between crypto assets offered through an affiliate of the firm or another third party, and products and services offered directly by the firm itself.
  - Making false statements or falsely implying that crypto assets functioned like cash or cash-equivalent instruments, or making other false or misleading statements or claims regarding crypto assets.
  - Comparing crypto assets to other assets (e.g., stock investments or cash) without providing a sound basis to compare the varying features and risks of these investments.
  - Providing misleading explanations of how crypto assets work and their core features and risks.
  - Failing to provide a sound basis to evaluate crypto assets by omitting explanations of how crypto assets are issued, held, transferred or sold.
  - Misrepresenting that the protections of the federal securities laws or FINRA rules applied to the crypto assets.
  - Making misleading statements about the extent to which certain crypto assets are protected by SIPC under the Securities Investor Protection Act (SIPA).
3110 (Supervision): Not conducting appropriate due diligence on crypto asset private placements offered to customers.
3310 (Anti-Money Laundering Compliance Program): Not establishing and implementing AML programs reasonably designed to detect and cause the reporting of suspicious crypto asset transactions occurring by, at or through the broker-dealer, including suspicious trading involving issuers with a purported involvement in crypto asset-related activities.

Effective Practices

Due Diligence of Unregistered Offerings: Before crypto assets that are securities or that are offered and sold as securities are made available to customers through an unregistered offering, understanding:
- the exemption from registration on which the unregistered offering will rely;
- where the assets will be maintained;
- who will have access to the wallet(s);
- how the funds or assets will be returned in the event of a contingent offering not meeting the minimum contingency;
- how the raised proceeds will be used;
- token governance and ownership rights or allocations related to owning a token; and
- the specific mechanics associated with the crypto asset that is a security or that is offered or sold as a security, including:
  - the blockchain protocol used to issue the security (including related cybersecurity risks);
    - any smart contract features or functionalities;
    - how and when the security will be delivered to customers; and
    - how the security will be custodied by or for the customers.²
On-Chain Reviews: Conducting risk-based on-chain assessments when the firm or its associated persons are accepting, trading or transferring crypto assets, and establishing procedures that address when and how these on-chain reviews should be performed and documented based on the product or services being offered.
Customer Outreach: Ensuring customers clearly understand:
- the differences between their brokerage account and any linked/affiliated crypto account, including differences in:
  - protections of the accounts via SIPC under SIPA;
  - regulatory oversight; and
  - firm supervision; and
- avenues of communications for customers’ concerns, questions or complaints.
Reviewing Retail Communications: Ensuring that retail communications concerning crypto assets provide a fair and balanced presentation of the risks associated with these assets, including:
- the speculative nature of crypto assets (e.g., their significant volatility, the potential for investors to lose the entire amount they invest);
- that certain legal or regulatory protections that are normally available for traditional securities are not available for most crypto assets (e.g., SIPC protections apply only to cash and securities held for an investor for certain purposes in a customer securities account at a SIPC-member broker-dealer and do not apply to crypto assets that do not qualify as SIPA “securities”);
- the extent to which the protections provided by transacting through a SEC-registered entity will or will not apply³;
- regulatory uncertainty concerning the crypto assets; and
- fraud risks that may be present.
Differentiating Crypto Asset Products Communications From Broker-Dealer Products Communications: Identifying, segregating and differentiating firms’ communications related to broker-dealer products and services from those related to offerings by affiliates or third parties, including crypto asset affiliates; and clearly and prominently identifying in communications non-broker-dealer affiliates or other third parties responsible for non-securities crypto assets businesses (and explaining that such services were not offered by the broker-dealer or subject to the same regulatory protections as those available for securities).

Crypto Asset-Related Market Abuse UPDATED FOR 2025

Bad actors are taking advantage of investor interest in crypto assets and blockchain technology by engaging in manipulative schemes similar to those that exist in the equities market, including those that are commonly associated with low-priced securities (e.g., pump-and-dump schemes).

These manipulative schemes may also be amplified by social media promotions, including those that suddenly and frequently appear across social media platforms, contain unverifiable information, or both.
Additional forms of market abuse involving crypto assets may result from differences in their market structure (e.g., centralized and decentralized exchanges, the ability to trade every day and at any time).

For additional guidance related to addressing market abuse in crypto assets please see:

the Manipulative Trading topic in the 2025 Report
Regulatory Notice 22-08 (FINRA Reminds Members of Their Sales Practice Obligations for Complex Products and Options and Solicits Comment on Effective Practices and Rule Enhancements)
Regulatory Notice 21-03 (FINRA Urges Firms to Review Their Policies and Procedures Relating to Red Flags of Potential Securities Fraud Involving Low-Priced Securities)
Regulatory Notice 15-09 (Guidance on Effective Supervision and Control Practices for Firms Engaging in Algorithmic Trading Strategies)
Regulatory Notice 09-31 (FINRA Reminds Firms of Sales Practice Obligations Relating to Leveraged and Inverse Exchange-Traded Funds)

Additional Resources

FINRA
- The Communications with the Public topic
- Crypto Assets Key Topics Page, including:
  - FINRA Provides Update on Member Firms’ Crypto Asset Activities (August 13, 2024)
  - FINRA Provides Update on Targeted Exam: Crypto Asset Communications (January 23, 2024)
  - Guidance for Digital Asset Applications (June 28, 2023)
- FINRA Unscripted Podcasts:
  - An Update on FINRA’s Crypto Asset Work and the Crypto Hub (July 23, 2024)
  - Compliance and Communication: An Update on FINRA’s Crypto Asset Targeted Exam (January 23, 2024)
SEC
- Custody of Digital Asset Securities by Special Purpose Broker-Dealers (Dec. 23, 2020)
- ATS Role in the Settlement of Digital Asset Security Trades (Sept. 25, 2020)
- Joint Staff Statement on Broker-Dealer Custody of Digital Asset Securities (July 8, 2019)

FINRA Rules Concerning Remote Inspections Pilot Program and Residential Supervisory Location Designation

Over the years, advances in technology and communications in the financial industry have significantly changed the way in which firms and their associated persons conduct business. In recognition of these changes, FINRA adopted FINRA Rules 3110.18 (Remote Inspections Pilot Program) and 3110.19 (Residential Supervisory Location), which reflect a measured, modernized approach to supervision while preserving investor protection objectives.

Remote Inspections Pilot Program

Effective July 1, 2024, Rule 3110.18 sets forth the terms of a voluntary, three-year Remote Inspections Pilot Program (Pilot Program) to allow eligible firms the option of fulfilling their Rule 3110(c)(1) (Supervision) obligations by conducting remote inspections of some or all branch offices, including offices of supervisory jurisdiction (OSJs) and non-branch locations (i.e., unregistered offices or non-registered locations).
The Pilot Program provides FINRA the opportunity to gauge, through the information Pilot Program participants will provide to FINRA, the effectiveness of remote inspections as an additional approach for firms to meet their supervision obligations that may help shape potential rule amendments or update guidance about inspections generally.
Pilot Year 1, covering July 1, 2024, through December 31, 2024, has concluded. Pilot Year 2 is underway, running from January 1 to December 31, 2025, and firms had until December 27, 2024, to affirmatively opt in for Pilot Year 2.
Opt-in timelines for other Pilot Years are as follows:
- Pilot Year 3 is scheduled for January 1 to December 31, 2026, and firms may affirmatively opt in for Pilot Year 3 on or before December 27, 2025.
- Pilot Year 4 is scheduled for January 1 to June 30, 2027, and firms may affirmatively opt in for Pilot Year 4 on or before December 27, 2026.
Firms that opt in for a Pilot Year agree to participate in the Pilot Program for the duration of the Pilot Year under the terms of the rule and will be automatically deemed to have elected to participate in the Pilot Program for subsequent Pilot Years.
For additional information concerning the Pilot Program, please see FINRA’s Remote Inspection Pilot Program Key Topics page.

Residential Supervisory Location Rule

Effective June 1, 2024, Rule 3110.19 establishes a new non-branch location called the “residential supervisory location” (RSL)—generally defined as a private residence at which an associated person engages in supervisory activities (including those described under FINRA Rule 3110(f)).
To use the RSL designation, a firm and the associated person at each location must meet specified eligibility requirements and conditions as detailed in the rule.
As firms determine which offices or locations may be eligible for the RSL designation, FINRA reminds them of their obligations to:
- identify their RSLs through Form U4 (Uniform Application for Securities Industry Registration or Transfer) by answering the “RSL Question” (see File No. SR-FINRA-2024-015); and
- submit Form BR (Uniform Branch Office Registration Form) to register or close their branch offices (as applicable).
For additional information concerning RSLs, including RSL identification through Form U4 and Form BR submissions to account for the RSL designation, please see FINRA’s Residential Supervisory Locations (RSLs) Key Topics page.

Previous:
Crowdfunding Offerings: Broker-Dealer and Funding Portals

Up:
Member Firms’ Nexus to Crypto

Next:
Communications and Sales

1 See the Report’s Communications with the Public topic for additional guidance related to spot crypto asset ETP communications.

2 See the Report’s Private Placements topic for additional guidance related to conducting reasonable due diligence on unregistered offerings.

3 See 15 U.S.C. 78 lll (14). See also SIPC Investor FAQs, Questions About SIPC. FINRA reminds firms that a violation of any rule of the Securities Investor Protection Corporation (SIPC) applicable to firm communications will be deemed a violation of Rule 2210. See FINRA Rule 2210(g) and Article 10 of the Bylaws of the Securities Investor Protection Corporation.