On January 27, Salus GRC hosted Custody Unlocked, a webinar bringing together two nationally recognized custody experts: Robert E. Plaze, former Deputy Director of the SEC’s Division of Investment Management and author of the leading treatise on the custody rule (recently updated in November 2025), and Laura Grossman, Associate General Counsel at the Investment Adviser Association, who has been actively involved in custody rule matters for over 13 years. Jackie Hallihan, Chief GRC Officer at Salus GRC, moderated. The panel tackled the current regulatory landscape, emerging custody challenges, and the day-to-day compliance issues that continue to trip up advisers.
The Safeguarding Proposal Is Gone, But Change Is Coming
The SEC’s Safeguarding Proposal has been withdrawn, and the panelists agreed that any future rule would likely look nothing like it. As Grossman explained, crypto custody is now driving the regulatory agenda: the SEC’s staff is working to determine whether to amend the existing custody framework to accommodate digital assets or create a separate rule entirely. Plaze noted the irony that crypto is arguably the riskiest asset class from a custody standpoint: if a wallet is hacked, the assets are gone and cannot be reissued like traditional securities yet, the regulatory push may create lighter custody requirements for it. Both panelists cautioned that any changes should avoid disrupting the existing framework that has served the broader asset management industry well. Grossman urged attendees to get involved in advocacy efforts, noting that the IAA’s custody working group gives advisers a direct voice in shaping rulemaking. Meanwhile, Plaze noted that a number of changes could be made to the rule to simplify it and decrease compliance costs without eliminating the rule’s core protections, including the elimination of the surprise examination requirement and that standing letters of authorization (SLOAs) similarly to adviser fee debits which are— reported on quarterly statements rather than subject to seven detailed conditions.
Newer Challenges to Watch
The panel highlighted several emerging issues. A September 2025 no-action letter now permits advisers to treat certain state-chartered trust companies as qualified custodians for crypto which has resolved years of uncertainty. Plaze, however, flagged an open question: the letter only applies to crypto assets, and it remains unclear whether these trust companies can rely on the letter to custody other client assets. On credential sharing, Grossman warned that third-party platforms marketing “custody-free” access to held-away accounts may, in fact, give advisers the ability to move client funds, which would constitute custody regardless of how the service is marketed. Several state regulators have already issued cautionary guidance. Other emerging areas include custody implications of the executive order phasing out paper checks in favor of electronic payments, class action settlement vendors using lockbox arrangements (which may give the adviser custody if the vendor is acting at the adviser’s discretion), and custodians requiring advisers to approve money movement transactions electronically. On that last point, Plaze’s advice was straightforward: avoid getting into that business and let the custodian handle approvals.
Perennial Pain Points: SLOAs, Transfers, Checks, and Inadvertent Custody
A significant portion of the discussion focused on the issues advisers grapple with daily. On SLOAs, Grossman walked through the seven provisions of the IAA’s 2017 no-action letter, noting that the major broker-dealer custodians (Schwab, Fidelity, Pershing) have implemented the relief, but many bank custodians have not, leaving those advisers without surprise exam relief. On first- versus third-party transfers, Grossman offered a practical shortcut: if both sides of a transfer share the same tax ID, it’s clearly first-party; if not, you need to make the case. To do so, she recommended treating joint account withdrawals conservatively as third-party transactions to avoid potential liability if account holders later dispute the transfer. Plaze walked through the check scenarios in detail, noting that while checks drawn on a client’s account and payable to the custodian are clearly not custody, third-party checks payable to the client that arrive at the adviser’s office must be returned or forwarded within three business days. On inadvertent custody, Grossman noted that the SEC staff’s 2018 FAQ (II.11) largely settled the issue for advisers who don’t have copies of custodial agreements but flagged an unresolved concern around the treatment of transactions that are processed or settled on a non-payment (DVP) basis about which the IAA continues to advocate. Plaze added a practical dimension: inadvertent custody isn’t just an SEC exam risk if personnel gain password access to accounts and something goes wrong, the firm could face civil liability.
The full webinar recording is available on demand at salusgrc.com/events.