The Lone Ranger in a Town Full of Sheriffs: How the SEC’s Aggressive Agenda Interferes with the Business of Banking

The SEC has proposed significant changes to its regulations governing capital markets and investor protection. As others have noted, the breadth, scope and speed of these regulatory proposals are virtually without precedent.[1] Members of Congress of both parties have raised concerns with this ambitious and fast-paced regulatory agenda.[2]

This phenomenon is not limited to SEC-registered market participants — the SEC’s ambitious agenda also threatens to overhaul how banks conduct their business. Specifically, several of the SEC’s swing-for-the-fences regulatory proposals would interfere with how banks conduct traditional banking activities, like accepting deposits and providing custody services, as well as how banks manage the risks of their activities. But these traditional banking activities and risk management functions are already subject to a comprehensive regulatory and supervisory regime that is dedicated to ensuring the safety and soundness of individual banks and the banking system as a whole. While the federal bank regulatory regime is imperfect, it is comparatively well-resourced, possesses a comprehensive rulebook and includes the unique authority of bank regulators to supervise virtually every aspect of a bank’s business. This means banks are subject to a preexisting constellation of requirements, from activity limitations to prudential requirements (like quantitative capital and liquidity requirements) to ongoing supervision and examination by dedicated agency personnel.

Banks are — rightfully — subject to generally applicable securities laws and regulations, including antifraud provisions and rules applicable to public companies. But, as described further below, many of the SEC’s recent proposals reflect an expansive view of SEC authority and go beyond the SEC’s core mission to protect investors, facilitate capital formation and maintain fair, orderly and efficient capital markets. In doing so, these proposals risk curtailing traditional bank functions, including the core function of providing credit to individuals and businesses.

The Custody Proposal and the Attempt to Regulate Bank Deposits

In February, the SEC released a proposal to tighten the requirements for how registered investment advisers protect client assets. Statements by the SEC indicate the agency was concerned with how custodians protect digital assets.[3] But in proposing rules, the SEC went much further and sought to overhaul how banks hold cash deposits on behalf of customers.

Receiving deposits is among the most fundamental banking activities,[4] as is providing safekeeping for customer assets.[5] But the SEC’s proposal would require registered investment advisers to enter into extensive agreements dictating detailed business practices for qualified bank custodians, contrary to current market practice. These contracts would specify new requirements for bank custodians, including requirements that custodians (1) segregate all advisory client assets, including cash deposits; and (2) accept greater liability and responsibility for RIA investment decisions, including potentially for parties and actions outside of the custodian’s control.

As described at length elsewhere, segregating cash deposits is unworkable for banks. This is because, with very limited exceptions based in statute, deposits are treated as general, unsecured liabilities of a bank. Assuming it were possible for banks to design a new way of holding deposits that conforms to the SEC’s proposal, it would reduce the funding available to banks to provide other valuable services, such as trade settlement services and intraday extensions of credit. This, in turn, would lead to inefficiency, increased trade failures and market disruption. It would also have the surprising effect of prioritizing registered investment advisors’ clients over other bank depositors, including retail depositors, in the event of bank failure.

Separately, the proposal would also shift investment risks onto the regulated banking system. Thus, the SEC’s proposal, if finalized, would impose enormous costs on regulated bank custodians and would substantially affect banks’ risk profiles, all without any formal, public input from the federal agencies that are responsible for ensuring the safety and soundness of banks.

Despite these consequences, the proposal’s economic analysis does not discuss the most substantial costs the rule would impose on custodial banks, including how the proposal would affect bank funding. Nor does the SEC address fundamental questions on how the proposal would work with the FDIC’s existing bank resolution framework. These problems and gaps in the proposal illustrate the complexity and sensitivity of the existing bank regulatory framework — and the harmful outcomes that can occur if the SEC seeks to extend its rules beyond its mandate.

The SEC announced on August 23 that it would extend the comment period for this proposed change. The stated purpose of this move was to allow the public time to address the interaction between the custody proposal and the recent private fund adviser rule that the SEC recently finalized (and over which it has been sued). But that is far from the only regulatory interaction this sweeping proposal has produced. Because the significant impact on bank custodians was not fully described in the SEC’s proposal, or in its accompanying economic analysis, the SEC should withdraw its proposal until further analysis is conducted. Moreover, it is essential that the SEC seek input from the federal banking agencies — and ideally make such input available to the public — given the significant effects on bank operations, risk management and preexisting banking rules.

But this is just the latest in a pattern of SEC actions that impinge on traditional bank activities and risk management practices. While many of the SEC’s recent proposals are no doubt well-intentioned, in many cases, they are not properly scoped to accommodate the bank business model or the existing prudential rulebook.

Other SEC Proposals Interfering with the Prudential Framework

The following SEC actions similarly fail to consider or accommodate bank business models and the existing bank regulatory framework that already applies to banks.

  • Curtailing banks’ ability to utilize securitizations to manage credit risk. In January, the SEC proposed a rule to implement section 621 of the Dodd-Frank Act, which was intended to prohibit certain material conflicts of interest in asset-backed securities. But the SEC’s proposal implementing this provision is excessively broad, arguably exceeds Congress’s intent, could limit banks’ ability to manage risks with securitizations and would damage the asset-backed securities market. The Proposal is so broad that it suggests “credit risk transfer” transactions may be problematic simply because the sponsor and the investors are on different sides of the transaction — but for banks hedging their business risks, this is the entire purpose of a credit risk transfer. A broad rule that restricts this important risk management function would curtail banks’ ability to provide credit to homeowners and business owners.
  • Limiting banks’ use of the security-based swaps market for risk management. In June, the SEC reopened the comment period on proposed Rule 10b-1, which would require reporting and public disclosure of positions in security-based swaps (“SBSs ”) that exceed specified size thresholds. To provide access to credit and manage risk, banks frequently enter into single-name and narrow-based index credit default swaps (“CDSs”), which qualify as SBSs and would be subject to proposed Rule 10B-1. The Proposed Rule would require banks and dealers to make nearly instantaneous disclosure of their swap positions, which would likely raise costs and diminish the CDS market. In turn, this would diminish banks’ ability to utilize this market for risk management purposes. Staff at the Federal Reserve have published research supporting the view that banks use CDSs for efficient risk transfer and to comply with risk limits, including in situations where other risk-mitigation tools (such as loan sales) are not optimal.[6] However, the SEC proposal does not take account for the negative effect it would have on banks’ risk-management strategies.
  • Duplicating cybersecurity and privacy mandates. Since March 2022, the SEC has proposed several overlapping cybersecurity and privacy proposals that would require market participants to publicly disclose cybersecurity events and their risk management practices. In July, the SEC finalized the “Public Company Disclosure Rule,” which requires public companies to disclose material cybersecurity incidents to investors when a cybersecurity incident has occurred. This includes disclosing ongoing and un-remediated incidents, despite the increased risk that disclosure could create for impacted companies or other similarly situated entities. Another proposal, known as “Reg S-P,” would require broker-dealers, registered investment advisers and others to notify customers after a data breach. While these are undoubtedly appropriate and worthwhile subjects for the SEC to review, the SEC’s proposals are not well harmonized and in some cases directly conflict with existing banking agency requirements.[7] These duplicative and conflicting rules could create unnecessary cyber risk, cause customer and investor confusion and — at worst — jeopardize safety and soundness.  
  • Restricting permissible bank safeguarding services. In March 2022, the SEC published Staff Accounting Bulletin 121, which requires public companies that provide custody services for “crypto-assets” to record a liability and corresponding asset on their balance sheets at fair value, contrary to typical accounting practices for assets held in custody. This staff interpretation is particularly consequential for bank custodians because they are subject to prudential regulatory requirements; bringing these custodied assets on balance sheet would result in significant capital and liquidity costs. As a result, despite the fact that providing custody of crypto- and digital assets is legally permissible for national banks,[8] these activities are functionally prohibited by the SEC’s staff bulletin. This significantly limits investor options for regulated custodians that can provide crypto-asset custody services at scale.
  • Second-guessing other regulators. Recent statements suggest this pattern will continue. In May, Chairman Gensler gave a speech before the Investment Company Institute, mostly about fund liquidity requirements and pricing.[9] At the end of that speech, he shifted his focus to “similar products overseen by bank regulators.” He pointed out that funds managed by bank trust departments are not subject to identical requirements as SEC-registered funds. But this is not surprising — in fact, it is completely consistent with the statutory design. Funds managed by bank trust departments are expressly carved out of the Investment Company Act, provided they meet certain specifications determined by Congress.[10] This is in recognition of the fact that banks are subject to extensive prudential regulation and supervision — including specific laws and regulations governing trust powers.[11] But Gensler classified this as arbitrage and noted that he is discussing with the banking regulators. While it is encouraging that the SEC is consulting with the banking agencies in this instance, to the extent these discussions result in any changes to bank regulations, it is important that the content of the discussions be made available to the public to provide interested parties an opportunity to comment.

In each of these cases, the activities that the SEC seeks to address are also subject to supervision and regulation by the federal banking agencies and state chartering authorities. And in each case, aspects of the SEC’s action may be at cross purposes with banks’ risk management or the prudential agencies’ regulations or supervisory expectations.


Regulatory turf wars are nothing new in Washington, or in financial regulation specifically. But the SEC’s recent venture into bank regulation is concerning because of the detrimental effect it can have on banks and the already complex regulatory framework. As the custody proposal starkly illustrates, banks have unique business models and authorities, and are uniquely supervised and regulated by three federal banking agencies as well as state chartering authorities. Banks are subject to regulation and supervision in nearly every aspect of their banking business — including limits on their powers, capital and liquidity requirements, risk management expectations and a unique resolution regime. Given the SEC’s limited resources, it should focus its efforts on its statutory mandate to protect investors, facilitate capital formation and maintain fair, orderly and efficient capital markets — not on second-guessing and duplicating the role of the banking regulators.

[1] See SIFMA, SEC Rulemaking Agenda,; Committee on Capital Markets Regulation, The Unprecedented Pace of SEC Proposed and Final Rulemakings Continues (Aug. 31, 2023),

[2] See Letter from U.S. Senators Thom Tillis, Mike Crapo, Tim Scott , Mike Rounds, Bill Hagerty and Steve Daines to SEC Chairman Gary Gensler, dated Oct. 27, 2022, available at; Declan Harty, Politico, Senate Dems press SEC chair to slow Wall Street rules (Oct. 10, 2022), available at

[3] See SEC Press Release, SEC Proposes Enhanced Safeguarding Rule for Registered Investment Advisers (Feb. 15, 2023) (“[T]hrough this expanded custody rule, investors working with advisers would receive the time-tested protections that they deserve for all of their assets, including crypto assets…”); SEC Proposing Release, Safeguarding Advisory Client Assets, 88 Fed. Reg. 14672, 14676 (Mar. 9, 2023) (“[S]ince the Commission last amended the current rule, there have been significant developments with respect to crypto assets…)

[4] Receiving deposits was codified as a power of national banks in the National Bank Act of 1863. See also Section 96 of the New York Banking Law.

[5] See, e.g., OCC, Comptroller’s Handbook, Custody Services (Jan. 2002).

[6] See Cecilia Caglio, R. Matt Darst, and Eric Parolin, “Half-full or Half-empty? Financial Institutions, CDS Use, and Corporate Credit Risk” (Jan. 9, 2020), available at

[7] Further, the Reg S-P proposal would extend SEC requirements to bank transfer agents that are not registered with the SEC because they are regulated by another agency. The SEC has long applied its information security requirements only to transfer agents registered with the SEC, but the March proposal breaks from this precedent. Remarkably, the proposal acknowledges that these transfer agents are already likely to be sufficiently regulated by other agencies with appropriate jurisdiction. Nevertheless, the SEC proposes to subject these non-SEC registered bank transfer agents to duplicative and potentially conflicting compliance requirements.  

[8] OCC Interpretive Letter No. 1170 (July 22, 2020).


[10] 15 U.S. Code § 80a–3(c)(3) and (11).

[11] See, e.g., 12 USC 92a; 12 CFR Part 9.