Beyond Howey: Navigating Digital Asset Compliance in a shifting SEC Landscape

Executive Summary

The Securities and Exchange Commission (SEC) has announced the creation of the President’s Digital Assets Group (PDAG) and signaled a shift in the treatment of digital assets under federal securities laws. Chair Paul Atkins’ recent remarks suggest that very few tokens will be treated as securities, with such classification relying more on the context of issuance, marketing, and distribution than on the inherent nature of the token itself.

This represents a meaningful recalibration of the SEC’s posture. For advisers, broker-dealers, and compliance professionals, the pivot underscores the need for frameworks that integrate the Howey Test with practical compliance considerations around custody, conflicts, suitability, and disclosure. The regulatory perimeter is shifting, but compliance challenges are not diminishing.

The Howey Test and Digital Assets

The Howey Test remains the cornerstone for determining whether an instrument is a security under U.S. law. Its four elements: (1) an investment of money, (2) in a common enterprise, (3) with an expectation of profits, (4) derived from the efforts of others, have guided decades of securities classification.

Applied to digital assets, Howey has often yielded inconsistent outcomes. Courts and the SEC have debated whether tokens themselves are securities and whether it is the transactional context (initial coin offerings, staking programs, promotional activity) that gives rise to security status.

The SEC’s new approach does not abandon Howey, but rather, reframes its application. By suggesting that most tokens are not securities, the agency is effectively recognizing that the presence of a token is not dispositive; what matters is how it is sold, marketed, and integrated into economic arrangements.

What This Means for Advisers

For registered investment advisers (RIAs), the shift carries several immediate implications:

• Fiduciary Duty and Disclosure: Even if tokens fall outside securities classification, advisers remain bound by fiduciary duty. Recommending or allocating client assets into digital assets requires disclosure of risks, conflicts of interest, and limitations of oversight.
• Custody Rule: The Advisers Act Custody Rule presents one of the greatest unresolved issues. Safekeeping standards for digital assets remain uncertain. Advisers must continue to engage only with qualified custodians and carefully document due diligence over digital asset custodians.
• Periodic Reassessment: Advisers should integrate formalized Howey analyses into compliance manuals. Each asset should be assessed not only at acquisition, but on a recurring basis, with findings documented for examination readiness.

Implications for Broker-Dealers

For broker-dealers, the issues are no less complex:

• Product Due Diligence: As fewer tokens are designated securities, broker-dealers must still conduct rigorous due diligence on digital assets offered on platforms. This includes analysis of token structure, promotional practices, and operational risk.
• Regulation Best Interest (Reg BI): Regardless of whether a token is a security, Reg BI imposes obligations to consider costs, risks, and reasonably available alternatives in retail recommendations. Supervisory systems must adapt to include digital asset considerations.
• Compensation and Conflicts: Payment arrangements, revenue-sharing, and promotional incentives tied to digital assets remain sensitive. Even in a lighter-touch regulatory regime, firms must ensure transparency and supervisory oversight of compensation practices.

Cross-Cutting Compliance Challenges

Custody

Both advisers and brokers confront a custody environment that is still fragmented and underdeveloped. Insurance, valuation, and chain-of-ownership verification lag behind traditional standards. Regulators are unlikely to relax expectations around safeguarding assets, even if classification boundaries shift.

Recordkeeping and Surveillance

The SEC and FINRA will continue to expect robust recordkeeping, surveillance, and supervisory systems to detect fraud, manipulation, and AML/OFAC risks. The fact that an asset is “not a security” will not relieve firms from obligations under BSA/AML frameworks or from reputational and operational risks.

Vendor Oversight

Reliance on custodians, trading platforms, pricing vendors, and blockchain analytics providers introduces risk. Compliance frameworks must ensure that vendor management programs address digital-asset–specific vulnerabilities.

Challenges in a Fragmented Regulatory Environment

This recalibration by the SEC does not resolve the broader regulatory fragmentation that surrounds digital assets. The CFTC, banking regulators, state regulators, and Congress continue to pursue their own approaches. For firms, this means:

• Overlapping Obligations: Compliance officers must navigate inconsistent definitions and conflicting standards across agencies.
• Litigation Risk: Even as the SEC narrows its scope, private litigants may pursue misrepresentation, fraud, or contract claims tied to token sales.
• Dynamic Risk Profile: Supervisory frameworks must be nimble enough to absorb ongoing regulatory evolution without requiring complete redesign each time policy shifts.

Best Practices for Firms Moving Forward

1. Embed Howey Analyses: Create written processes for analyzing each token against Howey, updated periodically and documented in compliance files.
2. Strengthen Custody Oversight: Apply conservative standards for digital asset custody, including due diligence of custodians, insurance coverage, and chain-of-ownership verification.
3. Enhance Disclosures: Revise Form ADV brochures, offering documents, and client communications to account for evolving classification and regulatory ambiguity.
4. Refine Supervisory Systems: Ensure that Reg BI, fiduciary duty, and AML systems incorporate digital asset activities even where classification is uncertain.
5. Prepare for Divergence: Anticipate further fragmentation in U.S. regulatory oversight. Build frameworks that are modular and capable of adapting quickly.
6. Partner with Pros: A regulatory consultancy can provide critical support as firms navigate this evolving landscape. By conducting Howey-based classification reviews, developing bespoke supervisory procedures, and enhancing custody oversight frameworks, consultants help firms maintain defensible compliance positions. They can also design and test disclosure language, conflicts reporting, and Reg BI/ fiduciary duty protocols tailored to digital asset exposure. Finally, consultancies can facilitate regulatory change management, ensuring firms remain agile as policy continues to shift while minimizing disruption to core business operations.

Final Thoughts

The SEC’s announcement that most tokens will not be treated as securities signals a pivotal moment for digital asset regulation. But it is not a conclusion. Compliance professionals should treat this development as a call to harden supervisory systems, reinforce custody practices, and document their analyses with rigor.

The Howey Test remains central, but its application is evolving. For advisers, broker-dealers, and compliance officers, the path forward lies in treating digital assets with the same diligence, skepticism, and control structures applied to traditional instruments, while remaining flexible enough to adapt to ongoing regulatory change.

How CRC-Oyster Can Support Your Compliance Program Amid Evolving Digital Asset Expectations

The regulatory treatment of digital assets continues to shift with every new SEC statement, White House directive, enforcement action, or court ruling. Firms are left balancing opportunity against uncertainty, all while ensuring they remain aligned with fiduciary duties, Reg BI, custody considerations, AML/CIP proposals, and evolving disclosure standards.

CRC-Oyster helps firms stay ahead of this moving target. We partner with RIAs, broker-dealers, and private fund advisers to:

• Interpret regulatory developments and translate them into practical, tailored compliance obligations.
• Conduct readiness reviews, including Howey test frameworks, custody risk assessments, and advertising/marketing reviews specific to digital assets.
• Develop policies, procedures, and controls that are nimble enough to evolve with regulatory expectations.
• Train your team to understand risks, document decision-making, and recognize red flags.
• Test and monitor your compliance program so you can evidence good faith and adaptability during an exam.

In a landscape where expectations can change faster than rules are finalized, CRC-Oyster provides the structure, clarity, and foresight your compliance program needs to remain resilient.