Tokenized stocks are advancing on public and permissioned blockchains, but U.S. securities regulators insist that control and custody remain a regulated function. The SEC’s Division of Trading and Markets has tied crypto-asset securities to broker-dealer custody rules via December 17, 2025 guidance, confirming that tokenized equities must sit inside existing “possession or control” frameworks rather than outside them.
Custody, control and tokenized securities
The SEC’s December 17, 2025 statement frames tokenized stocks as fully subject to broker-dealer custody obligations, reiterating that regulated intermediaries must protect private keys and prevent unauthorized transfers. By anchoring tokenized equities to Rule 15c3-3 as the operational standard for “physical possession or control,” the guidance pushes firms to implement written key-management policies, contingency plans for blockchain failures and controls that stop customers from moving assets without intermediary authorization.
Our Division of Trading and Markets issued a staff statement on the custody of crypto asset securities by broker-dealers. https://t.co/5u3mrAGmmu
— U.S. Securities and Exchange Commission (@SECGov) December 17, 2025
For VASP operators and custodians, the impact is structural rather than cosmetic. Service providers will need documented key-management frameworks, segregation of duties and incident-response processes that align on-chain custody with broker-dealer record-keeping, audit expectations and supervised segregation of client assets. Issuers that rely on tokenization must assume intermediated custody as the default model, not unrestricted self-custody by end investors, when designing compliant products in the U.S. market.
A December 11, 2025 no-action letter to The Depository Trust Company illustrates how regulators expect control to be preserved in tokenized market infrastructure. DTC’s pilot architecture retains a “root wallet” that can convert, transfer, mint or burn tokens without accessing a participant’s private key, allowing centralized remediation of erroneous entries or lost tokens while keeping on-chain records subject to traditional commercial-law remedies and supervisory intervention.
Operationally, this design choice reshapes how institutional actors must evaluate tokenized securities workflows. Treasury operations and custodians engaging with such structures need to assess counterparty control rights, the legal enforceability of overrides and the processes that reconcile on-chain transfers with off-chain legal title for audits, financial reporting and dispute resolution. Systemic custodians that hold designated control functions will attract heightened regulatory scrutiny and more demanding operational-audit requirements.
The SEC’s Project Crypto and its dedicated Crypto Task Force frame a modernization agenda that prioritizes transparency, accountability and the ability to intervene when required. Rescission of earlier staff positions and targeted staff guidance signal a policy preference for integrating tokenization into supervised market infrastructure, rather than endorsing unmediated decentralization as a default architecture. Market feedback remains divided: institutional stakeholders have urged regulators to insist on intermediated custody and strong investor protections, while decentralized-protocol advocates argue that custody-centric rules should not automatically apply to non-custodial systems and warn that tokenization must deliver “genuine market benefits” without opening regulatory gaps.
For compliance teams, the message is that tokenization does not dilute existing obligations. Legal classification, beneficial-owner records, travel-rule considerations and AML controls all remain central to service design, and firms must explicitly map blockchain key-control models to securities-custody rules and prepare for detailed process audits. The SEC’s recent staff actions and the DTC pilot demonstrate a regulatory approach that accepts on-chain token representations only where control mechanisms allow regulatory oversight and intervention, making custody architecture and governance documentation core design parameters for VASPs, custodians and issuers that want to operationalize tokenized securities in the U.S. framework.
