On September 30, 2025, the Office of the Chief Counsel of the Securities and Exchange Commission’s (SEC) Division of Investment Management (the Division) issued a no-action response (the No-Action Letter) stating that it would not recommend enforcement against registered investment advisers (RIAs) or certain regulated funds (i.e., registered investment companies and business development companies) for maintaining crypto assets and related cash and cash equivalents with certain state-chartered financial institutions (state trust companies) so long as particular conditions are met.[1] In doing so, the No-Action Letter permits regulated funds and RIAs to treat state trust companies as “banks” for purposes of the custody requirements of Investment Company Act of 1940, as amended (the 1940 Act), the Investment Advisers Act of 1940, as amended (the Advisers Act) and the rules thereunder.

Custody Requirements Under the 1940 Act and Advisers Act

The custody requirements established by the 1940 Act and Advisers Act are designed to prevent the theft, loss, and misappropriation of investor assets. Sections 17(f) and 26(a) of the 1940 Act require registered funds to place and maintain securities and similar investments with certain qualified custodians. Similarly, RIAs who have custody of their client’s funds and securities must maintain such items with a “qualified custodian” pursuant to Rule 206(4)-2 of the Advisers Act. Qualified custodians include entities that meet the definition of “bank” under §2(a)(5) of the 1940 Act or §202(a)(2) of the Advisers Act.

Typically, national and state-chartered banks qualify as a custodian for registered funds and RIAs by meeting the definition of a bank under the 1940 Act and the Advisers Act. State trust companies, however, are legal entities organized under state law that are: (i) supervised and examined by a state authority having supervision over banks and (ii) permitted to exercise fiduciary powers under applicable state law.[2] For a state trust company to meet the definition of “bank” under the 1940 Act and Adviser Acts, it must also satisfy the requirement that “a substantial portion of the business of which consists of receiving deposits or exercising fiduciary powers similar to those permitted to national banks under the authority of the Comptroller of the Currency.” The interpretation of this portion of the definition was the subject of the No-Action Letter.

State Trust Companies as “Banks”

The No-Action Letter permits regulated funds and RIAs to maintain crypto assets (and cash and/or cash equivalents reasonably necessary to effect transactions in crypto assets) with state trust companies, if the following conditions are met:

  1. Authorization and Policies: The RIA and/or regulated fund must verify that the state trust company is authorized by the relevant State Banking Authority to provide custody services for crypto assets and has policies to safeguard these assets, focusing on private key management and cybersecurity.  
  2. Financial and Control Reports: The RIA and/or regulated fund must review the state trust company’s latest audited financial statements and internal control reports to ensure controls are effective and meet custodial service objectives.  
  3. Custodial Services Agreement: A written agreement must be in place, ensuring that the state trust company cannot lend or pledge the crypto assets without prior consent and that these assets are segregated from the company’s own assets.  
  4. Risk Disclosure: The RIA and/or regulated fund must disclose any material risk of using state trust companies as custodians to their clients or board members.  
  5. Best Interest Determination: The RIA and/or regulated fund must determine that using the state trust company’s custody services is in the best interest of their clients or shareholders, as applicable.  

In an atypical response to staff no-action letters, two SEC commissioners commented on the issuance of the No Action Letter — one voicing support, and one expressing a more cautionary view.[3]

Conclusion

The Division’s No-Action Letter marks the latest development in the regulatory landscape for crypto asset custody, allowing crypto assets to be placed and maintained at state trust companies, potentially broadening the universe of eligible providers for custody services. Maintaining crypto asset requires a complex web of technology and operational systems to protect digital assets from misappropriation, making it particularly challenging for compliance. As the RIA and fund industries navigate these complexities, participants remain hopeful that the SEC will provide further guidance on crypto asset custody issues, as evidenced by recent comment letters to the SEC’s Crypto Task Force.[4] Stay up to date with the latest on crypto asset regulatory and market developments by subscribing to our Financial Services Blog, our Consumer Financial Services Law Monitor, and to our podcast, The Crypto Exchange, via Apple podcast, Google Play, Stitcher, or your preferred platform.


[1] Simpson Thacher & Bartlett LLP, SEC No-Action Letter, Sept. 30, 2025, available here.

[2] Id.

[3] Commissioner Hester M. Pierce, Statement on “Out of the Gray Zone: Statement on The Division of Investment Management’s No-Action Letter Relating to the Custody of Crypto Assets with State Trust Companies” U.S. Sec. & Exch. Comm’n (Sept. 30, 2025) available here; Commissioner Caroline A. Crenshaw, Statement on “Poking Holes: Statement in Response to No-Action Relief for State Trust Companies Acting as Crypto Asset Custodians” U.S. Sec. & Exch. Comm’n (Sept. 30, 2025) available here.

[4] For example, see the SEC comment letter submitted by National Society of Compliance Professionals on September 8, 2025, which underscores the need for additional guidance on crypto asset custody, available here.


Mike Matthews also contributed to this article. He is not licensed to practice law in any jurisdiction; bar admission pending.