The U.S. Securities and Exchange Commission (SEC) maintains that tokenized stocks remain securities and are subject to existing custody rules, notably Rule 15c3-3. This stance immediately frames tokenized stocks as requiring regulated intermediaries to hold exclusive control of the cryptographic private keys that enable on-chain transfers, a constraint that reshapes product design, custody models and compliance roadmaps.
The SEC treats the technological format of an asset as irrelevant to its regulatory status; tokenized stocks are securities under the established legal framework. Rule 15c3-3, the customer protection rule, requires broker-dealers to maintain “possession or control” of customer securities. In the digital context, the regulator has interpreted physical possession to include exclusive control of the private keys needed to move tokenized securities on a blockchain. (A custody rule defines who must hold assets and how those assets must be segregated and protected.)
Broker-dealers therefore must demonstrate operational control that prevents any third party or the customer from moving tokens without the broker-dealer’s authorization. That requirement compels firms to adopt robust written policies and procedures for key management, incident response, and segregation of client assets from firm holdings.
The SEC has signposted practical pathways—through staff guidance, FAQs and selective no-action relief—to align tokenization with these existing custody obligations.
SEC custody rule applied to tokenized stocks
Making broker-dealers the gatekeepers of private keys narrows the practical space for pure self-custody models within regulated retail and institutional offerings. Firms that pursue tokenized stock products must invest in specialized custody engineering, continuous blockchain monitoring and contingency plans for protocol-level events such as hard forks, 51% attacks or coordinated network disruptions.
They must also be able to comply with legal orders to freeze or transfer assets on-chain, which may require on-chain tooling and coordination with other infrastructure providers.
The custody requirement reinforces traditional separation of safekeeping from trading and asset management, limiting commingling risk and preserving investor protections in insolvency scenarios. At the same time, the fragmented nature of blockchain protocols and the absence of universal interoperability create integration challenges for reporting, transfer finality and cross-platform settlement.
Market infrastructure actors are therefore likely to emphasize standardized custody interfaces and contractual clarity to reconcile on-chain mechanics with existing cleared-market workflows.
Impact for product teams and compliance units is concrete: tokenization projects will need formal custody architectures, audited key-management processes, and granular segregation and reconciliation controls to meet the SEC’s interpretation.
Legal teams should expect negotiation with regulators where technical realities make prescriptive legacy rules impractical; industry groups have recommended narrow, targeted adjustments while preserving core investor protections.
