The SEC’s Custody Rule dates back to 1962. Ethereum launched in 2015. And now registered investment advisers are supposed to figure out how to squeeze DeFi yield strategies through a compliance framework that was designed when “onchain” wasn’t even a word.
Galaxy Asset Management published a perspective piece on June 18 tackling exactly this friction point. Co-authored by venture legal counsel Ian Irlander and legal intern Nora Joyce, the piece lays out why RIAs face structural barriers when trying to deploy client capital into decentralized finance protocols, and what they can actually do about it.
The core problem: qualified custodians meet smart contracts
The Custody Rule, formally known as Rule 206(4)-2, exists to protect client assets managed by investment advisers. It requires RIAs to hold client funds with “qualified custodians,” a category that includes banks, broker-dealers, and certain trust companies.
When an RIA wants to deploy capital into a DeFi protocol, the interaction happens directly onchain through smart contracts. There’s no bank sitting in the middle holding assets. There’s no traditional custodian signing off on each transaction. The assets move through code, governed by protocol rules rather than institutional intermediaries.
This creates what Galaxy describes as a structural compliance gap. RIAs who want to participate in DeFi strategies find themselves stuck between a regulatory requirement for qualified custodians and a technology stack that doesn’t accommodate one.
The SEC tried to address parts of this in 2023 with a proposed Safeguarding Rule that would have extended the Custody Rule framework to explicitly cover digital assets. That proposal was never implemented. The original framework remains unchanged.
Galaxy’s proposed solutions
The firm highlights MPC-based key management as a potential path forward. Multi-party computation, or MPC, distributes the control of private keys across multiple parties so that no single entity has unilateral access to client funds.
Galaxy also points to self-custody technologies as emerging alternatives to the traditional custodian model. Additionally, the firm recommends independent PCAOB audits as a best practice, giving regulators and clients a verifiable assurance layer when assets aren’t sitting with a traditional custodian.
Regulatory signals point toward flexibility
The SEC issued a no-action letter in the September to October 2025 timeframe that permitted certain state-chartered trust companies to act as qualified custodians for crypto assets under specific conditions. It didn’t rewrite the rules, but it created a narrow pathway for crypto assets to be held within the qualified custodian framework without requiring a full-service bank or broker-dealer.
SEC Chair Paul Atkins has also signaled openness to change. In a 2025 speech, Atkins advocated for accommodating crypto self-custody practices, framing the issue around what he called foundational American values.
What this means for investors
The SEC hasn’t taken any immediate enforcement action in response to Galaxy’s publication, and no significant market moves have been tied to it. The dialogue around compliance continues to emphasize the need for innovative governance and technical practices to align DeFi activities with traditional investor protections.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

1 hour ago
12









English (US) ·