Nothing encapsulates the regulatory no man’s land that is digital custody than this past week.

It started with the Financial Industry Regulatory Authority and the Securities and Exchange Commission’s Division of Trading and Markets providing broker-dealer with little guidance on digital custody and ended with the latest crypto exchange hack in which thieves made off with $32 million in digital assets.

The theft could not have reinforced the regulators’ concern that digital assets provide a raft of security and operational risks that typical securities do not have, such as lacking a claw-back mechanism if someone stole them or received them inadvertently.

The regulators noted in their guidance that “market participants wishing to custody digital asset securities may find it challenging to comply with the broker-dealer financial responsibility rules without putting in place significant technological enhancements and solutions unique to digital asset securities.”

And therein lies the rub. Digital custody must have a secure technological foundation that will permit the SEC and FINRA to impose their existing regulatory framework on top of it before they are willing to approve proposed digital custody models.

The challenge is finding that viable technological foundation. Regulators historically have been horrible at prescribing technology standards. By the time the regulators investigates, proposes, puts out for comment, re-works, puts out for comment again, and eventually approves such a standard, it would be out of date.

A principle-based approach would be a much easier lift for the SEC and FINRA, but the arms race between those designing secure custody solutions and those wanting to frustrate those solutions is evolving too quickly.

What could be considered best practices today could be obsolete within a year, a month, or even a day, all of which is a blink of the eye for regulators.

The Division of Trading and Markets and FINRA threw broker-dealers that want to jump into the digital asset space a bit of a bone in their guidance.

“Noncustodial activities involving digital asset securities do not raise the same level of concern among the Staffs, provided that the relevant securities laws, SRO rules, and other legal and regulatory requirements are followed,” wrote the regulators.

The model certainly is a tiny subset of what broker-dealers and alternative trading platform operators have discussed and filed with the regulators, but it is better than nothing.