Staff Letter: Simpson Thacher & Bartlett LLP, September 30, 2025

Sections 17(f) and 26(a) of the Investment Company Act of 1940 and rules thereunder
Section 206(4) of the Investment Advisers Act of 1940 and Rule 206(4)-2 thereunder

September 30, 2025

Your letter dated September 30, 2025 requests our assurance that we would not recommend enforcement action to the Securities and Exchange Commission (the "Commission") under (i) Section 206(4) of the Investment Advisers Act of 1940, as amended (the "Advisers Act"), and Rule 206(4)-2 thereunder or (ii) Sections 17(f) and 26(a) of the Investment Company Act of 1940, as amended (the "1940 Act"), and the rules thereunder (such statutory provisions and rules in clauses (i) and (ii) of this sentence, the "Custody Provisions") against investment advisers registered under the Advisers Act (the "Registered Advisers") or issuers registered as investment companies under the 1940 Act, or that have elected to be regulated as business development companies under the 1940 Act (such issuers, collectively, the "Regulated Funds"), respectively, for treating a State Trust Company[1] as a "bank," as defined in the Advisers Act and the 1940 Act (and, therefore, an institution permitted to custody assets), with respect to the placement and maintenance of Crypto Assets[2] and cash and/or cash equivalents reasonably necessary to effect transactions in Crypto Assets ("Related Cash and/or Cash Equivalents").

ANALYSIS

Sections 17(f) and 26(a) of the 1940 Act and the rules thereunder generally provide that Registered Funds must place and maintain securities and similar investments with certain specified custodians, which include most banks[3] as defined in Section 2(a)(5) of the 1940 Act.[4] Similarly, among other things, Rule 206(4)-2 under the Advisers Act requires that any Registered Adviser that has custody of client funds or securities maintain those funds and securities with a qualified custodian, where "qualified custodian" is defined to include "a bank as defined in Section 202(a)(2) of the Advisers Act."

Under both statutes, the term "bank" is defined to include, among other things, a "banking institution" or "trust company" "whether incorporated or not, doing business under the laws of any State or of the United States, a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency," and which is "supervised and examined by State or Federal authority" having supervision over banks, and which is "not operated for the purpose of evading the provisions" of the 1940 Act or Advisers Act, as applicable.[5]

You represent that the definition of "bank" presents uncertainty as to whether a "substantial portion" of a given State Trust Company's business consists of receiving deposits or exercising "fiduciary powers similar to those permitted to national banks under the authority of the [OCC]" and inherently involves a facts and circumstances analysis. You further represent that State Trust Companies are critical providers of custody services for Crypto Assets and Related Cash and/or Cash Equivalents and that demand for Crypto Asset investment strategies has grown considerably over the last decade. In support of your contention, you state that State Trust Companies that provide Crypto Asset custody services have implemented sophisticated controls to ensure safekeeping of Crypto Assets, which typically include, among others: (i) so-called "deep" cold storage of Crypto Assets; (ii) third-party annual audits of financial statements; (iii) third-party reports regarding financial, governance, and information technology processes and controls, including system and organization controls reports (e.g., SOC-1 and/or SOC-2 reports); (iv) cybersecurity, physical security, and business continuity policies and procedures; (v) complex encryption protocols and Crypto Assets movement verification controls; and (vi) policies and procedures concerning private key generation and storage.

You also represent that these controls have been developed within state regulatory frameworks that generally include: (i) eligibility requirements for licensing and comprehensive reviews of licensing applications; (ii) ongoing supervision and periodic examination by a state authority having supervision over banks (each, a "State Banking Authority"); (iii) minimum capital requirements; (iv) restrictions on activities and balance sheet investments; (v) periodic reporting requirements as to its financial condition and/or business operations; (vi) comprehensive recordkeeping requirements; and (vii) supervision by State Banking Authorities having authority to bring enforcement proceedings for non-compliance with minimum financial conditions and other regulatory requirements.

Based upon the facts and representations set forth in your letter, the Division of Investment Management (the "Division") would not recommend enforcement action to the Commission under the Custody Provisions against a Registered Adviser or Regulated Fund for treating a State Trust Company as a "bank" with respect to the placement and maintenance of Crypto Assets and Related Cash and/or Cash Equivalents, provided that:

• Prior to engaging the State Trust Company and on an annual basis, the Registered Adviser or Regulated Fund, as applicable, has a reasonable basis, after due inquiry, for believing that:
  • the State Trust Company is authorized by the relevant State Banking Authority to provide custody services for Crypto Assets and Related Cash and/or Cash Equivalents; and
  • the State Trust Company maintains and implements written internal policies and procedures reasonably designed to safeguard Crypto Assets and Related Cash and/or Cash Equivalents from the risk of theft, loss, misuse, and misappropriation, with such policies and procedures addressing, among other topics, private key management and cybersecurity. In making such a determination, the Registered Adviser or Regulated Fund:
    • receives and reviews the State Trust Company's most recent annual financial statements and confirms that such financial statements have been subject to an audit by an independent public accountant and have been prepared in accordance with Generally Accepted Accounting Principles (GAAP);[6] and
    • receives and reviews the State Trust Company's most recent written internal control report prepared by an independent public accountant during the current or prior calendar year (e.g., SOC-1 report or SOC-2 report) and confirms that such internal control report contains an opinion of such independent public accountant that controls have been placed in operation as of a specific date and are suitably designed and are operating effectively to meet control objectives relating to custodial services, including the safeguarding of Crypto Assets and Related Cash and/or Cash Equivalents during the year;
• The Registered Adviser or Regulated Fund, as applicable, enters into, or causes an RIA Client[7] to enter into, as applicable, a written custodial services agreement with the State Trust Company, which provides that:
  • the State Trust Company will not, directly or indirectly, lend, pledge, hypothecate, or rehypothecate any Crypto Assets (or Related Cash and/or Cash Equivalents) held in custody for the RIA Client or Regulated Fund, as applicable, without the prior written consent of the RIA Client or Regulated Fund, and then only for the account of such RIA Client or Regulated Fund; and
  • all Crypto Assets (and Related Cash and/or Cash Equivalents) held in custody for the RIA Client or Regulated Fund, as applicable, will be segregated from the State Trust Company's assets;
• The Registered Adviser discloses to its RIA Clients (in the case of a Registered Adviser) or the Regulated Fund discloses to the members of its board of directors or trustees (in the case of a Regulated Fund, as applicable) any material risks associated with using State Trust Companies as custodians of Crypto Assets (and Related Cash and/or Cash Equivalents); and
• The Registered Adviser (with respect to an RIA Client) or the Regulated Fund (and, as applicable, its board of directors or trustees), reasonably determines that the use of the State Trust Company's custody services is in the best interest of the RIA Client or Regulated Fund and its shareholders, as applicable.

Our letter provides our position on enforcement action only and does not provide any legal conclusions on the issues presented. For the avoidance of doubt, all requirements of the respective Custody Provisions continue to apply.[8] Because our position is based on all of the facts and representations made in your letter, you should note that any different facts or circumstances might require a different conclusion.

This letter reflects the views of the staff of the Division. It is not a rule, regulation, or statement of the Commission, and the Commission has neither approved nor disapproved its content. This letter, like all staff statements, has no legal force or effect; it does not alter or amend applicable law, and it creates no new or additional obligations for any person.

Taylor Evenson
Senior Counsel

[1] As used in this letter, the term "State Trust Company" refers to a legal entity organized under state law that is: (i) supervised and examined by a state authority having supervision over banks and (ii) permitted to exercise fiduciary powers under applicable state law.

[2] As used in this letter, the term "Crypto Assets" refers to assets that are digital representations of value that are recorded on a cryptographically secured distributed ledger. For the avoidance of doubt, the no-action assurances provided in this letter are limited to Crypto Assets and Related Cash and/or Cash Equivalents.

[3] To qualify as a custodian under Section 17(f), a bank must meet the qualifications of being a trustee for a unit investment trust: the possession of not less than $500,000 in aggregate capital, surplus, and undivided profits. See Sections 17(f)(1) and 26(a)(1) of the 1940 Act.

[4] Section 59 of the 1940 Act provides that Section 17(f) applies to a business development company to the same extent as if it were a registered closed-end investment company.

[5] Under both the 1940 Act and the Advisers Act, the definition of "bank" also includes, among other things, member banks of the Federal Reserve System, including, for example, a member national trust bank. For the avoidance of doubt, a Regulated Fund or Registered Adviser may custody Crypto Assets (or Related Cash and/or Cash Equivalents) with such banks. See generally Office of the Comptroller of the Currency ("OCC") Interpretive Letter 1183 (Mar. 2025) (reaffirming that national banks may provide crypto-asset custody services under applicable statutory authority).

[6] Alternatively, in the event that the State Trust Company's financial statements are presented on a consolidated basis with its parent and other affiliates that have substantive activities, the Registered Adviser or Regulated Fund obtains a written certification or representation from the State Trust Company that the most recent annual financial statements of its parent have been subject to an audit by an independent public accountant and have been prepared in accordance with GAAP. The written certification or representation should include information regarding results of the audit.

[7] Registered Advisers serve as investment advisers to a variety of clients, including Regulated Funds, natural persons, pooled investment vehicles that are private funds (as such term is defined in Section 202(a)(29) of the Advisers Act) or are otherwise not required to register as investment companies under the 1940 Act, corporations, foundations, trusts, and other types of individual and institutional accounts (such clients other than Regulated Funds, collectively, "RIA Clients").

[8] The Commission is considering rulemaking regarding the custodial requirements applicable to Registered Advisers or Registered Funds as to Crypto Assets. See generally Spring 2025 Unified Agenda of Regulatory and Deregulatory Actions, available at: https://www.reginfo.gov/public/do/eAgendaMain.