The Landscape for Digital Asset Custodial Services in 2022
Digital assets have seen unprecedented growth across both retail and institutional channels in the last few years. Traditional asset managers need to understand the basics of this emerging class of assets as well as the unique manners in which custody of these investment products is maintained.
The term “digital asset” is defined by the IMF as “digital representations of value, made possible by advances in cryptography and distributed ledger technology. They are denominated in their own units of account and can be transferred peer-to-peer without an intermediary.”
Over the course of the last five years, the number of blockchain wallet users worldwide has skyrocketed from 15.2 million to over 81 million today. In the past year alone, global cryptocurrency adoption has jumped over 880%, particularly driven by use cases in emerging markets. Total crypto market capitalization has reached record highs of $3T dollars, with an average trading volume estimated to be ~$93B per day. Companies like Tesla have invested $1.5B in bitcoin, followed by significant ventures from MicroStrategy, Galaxy Digital, Square, Ruffer Investments, and others. In other words, crypto has gone mainstream and is showing no signs of slowing down.
Risks and Benefits
Given its widespread and rapid adoption, digital assets pose security-related challenges. Users access their crypto funds through a unique private key, which verifies proof of ownership on the blockchain. Like the keys of a home, private keys are only accessible by the owner of a crypto wallet. It is extremely difficult to recover a private key if it is lost or stolen, due to the decentralized nature of the entire crypto ecosystem. Crypto transactions themselves are not reversible unless initiated by a receiving party. Chainalysis, a leading blockchain data analytics company, reports that ~20% of all existing bitcoins appear to be in lost wallets (~$205.8B). In addition, 47 cryptocurrency exchanges are known to have been hacked, resulting in $2.95B in stolen funds to date. All in all, there is roughly $14B worth of illicit activity today, which represents a significant risk to investors.
Even within the traditional realm of capital markets, there are notable risks in the custody of assets. That’s why the SEC mandates investment advisors to have client assets held under a “qualified custodian.” These entities are responsible for the safeguarding of assets like stocks, bonds, commodities, cash, etc., and helping to perform various functions such as accounting and bookkeeping. Large players like BNY Mellon, JPMorgan Chase, State Street Bank and Citigroup lead the market with approximately $114T assets under custody. Centralized clearing and settlement systems work today, performing important functions in validating and authenticating identity. The main drawback to this legacy model is the speed and complexity of transferring assets. The emergence of digital assets promises greater speed and efficiency, but instant execution and settlement on a distributed ledger system fundamentally changes the economic model as we know it.
There is a clear need for digital asset custody due to security risks, but there are several barriers to entry in this space. Asset management firms should carefully consider the capabilities required as they are different from traditional custody.
Within crypto itself, each asset has its own governance and set of protocols. Crypto custodians inherit the complexity of differences in signing systems, methods of use, proof of stake vs. proof of work, consensus mechanisms and smart contract languages. Hence, there is a highly specialized set of skills and technological infrastructure required to ensure account security and safe key management.
Currently, there are three major key storage mechanisms: hot storage, warm storage and cold storage.
- Hot storage refers to solutions that require internet connectivity. This option allows ease of access to move digital assets quickly, but it presents significant security vulnerabilities. In 2021, BitMart, a popular crypto exchange, reportedly lost ~$200M after attackers stole a key to two of their hot wallets.
- Warm storage combines both hot and cold storage philosophies; internet connectivity is required but most of the funds are stored in cold storage.
- Lastly, pure cold storage is the safest option of the three. It utilizes offline digital vaults, where private keys and seed phrases to re-generate keys are physically stored in designated locations. Other important security measures include two-factor authentication, whitelisting of wallet addresses, multi-signature wallets, geographical distribution, time locks and multi-party computation.
Complexity in storage types is only the beginning. Each client category presents different challenges based on their individual needs. Typically, institutional investors seek to store digital assets over a longer time horizon. Clients of these institutions don’t require frequent access to crypto funds, so they are looking for low-maintenance asset services. On the other hand, hedge funds and crypto VC funds require greater flexibility, speed, and liquidity management. The extent of custodial services varies based on a client’s needs, but it encompasses offerings such as accounting, KYC/AML integrations, prime brokerage services, DeFi integrations and staking.
Digital asset custodians must also adhere to regulatory requirements that are constantly evolving. New initiatives and laws are being introduced to foster responsible growth and innovation. Legal bodies like the OCC, FINRA, SEC, and the U.S. Treasury Department want to ensure that custodians have adequate risk controls in place before granting approval to conduct activities.
Major developments in this area include the OCC statement in November 2021 (OCC Interpretive Letter 1179), which permits national banks to provide cryptocurrency custody services as long they have risk management frameworks to allow the bank to operate in a safe and sound manner. Even when approvals are granted, companies undergo annual audits to ensure that standards are being met (SOC audit). Regulations are now requiring enhanced KYC/AML procedures, which adds further complexity for new entrants. Other items to consider are the classification of new digital asset listings, and whether they are deemed to be securities/non-securities.
Amid all the complexity and uncertainty, there are different custody options that are available based on an investor’s risk profile and channel (retail vs. commercial).
- Self-custody is an option used by many retail investors, where users can manage their own hardware wallet and storage of private keys. This option is also used by some crypto-native businesses with unique liquidity requirements.
- Another popular option for the average retail investor is an exchange wallet, which is managed by an exchange that holds several pooled assets. These exchanges are often unregulated custodians that either use their own technology or outsource it from another vendor.
- The last option is third-party/managed custody, which offers the highest level of security required for institutional investors. These types of providers store and manage digital assets in their own vaults and provide additional capabilities like DeFi and staking.
Furthermore, the landscape for digital asset custodians can be broken down into three major categories: technology service providers, custodians, and hybrid custodians.
- Technology service companies provide the software and hardware infrastructure to store private keys (i.e., Fireblocks). They provide a plug-and-play environment for custodians to fine-tune according to their business needs.
- Custodians are often traditional players that want to store digital assets on behalf of their clients, but don’t have the in-house expertise to launch their own technology infrastructure, so they leverage technology providers (i.e., BNY Mellon).
- Hybrid custodians can provide custodial services to clients using their own security infrastructure (i.e., Coinbase).
Clearly, the landscape for digital asset custodial services should be viewed as a critical, emerging consideration for financial institutions that must be planned for sooner rather than later. Failure on the part of asset managers to plan appropriately could result in an inability to comply with future industry regulations, security risks, lost revenue opportunities and other negative ramifications.