Institutional Grade Digital Asset Custody: Enabling Trust in the Digital Asset Megatrend
For institutional investors, the principal motivation for investing in the digital asset space is exposure to the digital asset megatrend.
According to Sygnum’s Future Finance report, they see investing in digital assets as an opportunity to participate in the market’s future upside potential as well as to secure a macro hedge and safe haven for their assets. However, almost half of the institutional respondents highlighted security and custody concerns as a barrier to market entry.
This is unsurprising due to the relative newness of the asset class and its inherently technical nature. These concerns were heightened by the various centralised finance (CeFi) exchange collapses like FTX that involved co-mingled funds, and the almost 50 crypto exchange hacks between 2012 and 2023 that led to over USD 3.45 billion in lost assets.
Self-custody – the personal storage of digital assets on hardware and software wallets – is a common approach for those wanting direct control and privacy. However, this strategy, where the holder is fully responsible for securing their private keys, also has significant risks. To date, over 2.5 million Bitcoins (worth c. USD 110 billion today) have gone missing simply due to human error – lost private keys, recovery phrases and wallets, inheritance planning not done and irreversible transactions made. For institutional investors, self-custody can be seen as insecure (more open to hacks), operationally complex (when moving funds and storing/backing up keys) and legally risky (lack of audits, insurance and recourse for lost funds).
Institutional custodians, in contrast, manage private keys on behalf of their clients and operate as a trusted intermediary between investors and blockchain networks. To investors, in addition to highly secure custody, they offer fiat-on ramps, personal service and a gateway to regulated services like staking, Lombard loans and asset management. They also provide the platform and blockchain expertise to settle the capital owners’ transactions directly with a range of blockchain networks.
Choosing an institutional custodian is a strategic move and one of the most fundamental decisions asset managers make when entering the digital asset market. This article looks at the three key elements they must carefully evaluate and align with their business strategy and risk appetite in order to be successful: security, risk management frameworks and scalability.
Multi-Layer Security
Security is the first – and last – role of an institutional custody platform. Private keys sit at the core of a multi-layer institutional-grade custody platform and are held in a high-security facility that is stable both environmentally and politically. Private keys are surrounded by a number of additional security layers to discourage and prevent the most sophisticated attempts to access them. These layers include physical protection with hardware isolation technologies such as Hardware Security Modules (HSMs), transactional security in the form of multi-signature protocols, security applications, perimeter controls like encryption, firewalls and Multi-Factor Authentication (MFA).
Governance processes like key ceremonies, where cryptographic keys are generated, securely stored and managed, are a central component of a multi-layer security system. These processes ensure full regulatory compliance as well as the integrity, complete security and availability of the private keys at all times.
Robust Risk Management Frameworks
Choosing a custodian located in a jurisdiction with a clear crypto regulatory framework is an essential adjunct to institutional-grade security. Crypto regulatory frameworks have specific requirements in terms of Know Your Customer (KYC), Anti Money Laundering (AML) processes and transaction monitoring that provide enhanced levels of risk management and trust for all financial market participants. Institutional custodians are required to demonstrate their full compliance with all regulatory and governance frameworks to obtain relevant licenses.
A jurisdiction that has all these capabilities is Abu Dhabi Global Market. From dedicated custodians to AML and KYC guidelines within a risk-based framework for various sectors including virtual assets, ADGM’s ecosystem has proven to be progressive, innovative and thorough when introducing amendments and new regulations.
Conducting regular audits is an additional important element of a custodian’s risk management strategy and regulatory responsibilities. These independent audits should meet the industry’s highest standards, for example, the ISAE 3402 Type 2 assurance report, which certifies the suitability of the design and the operating effectiveness of the custody solution.
A good example of progressive crypto regulatory frameworks enhancing risk management is Switzerland which significantly expanded its crypto regulations in 2021 with a series of amendments dubbed the “Swiss DLT Law”. It addressed a number of key aspects of digital asset custody, notably the introduction of a new category of ledger-based securities. Another example is the introduction of the world’s first DLT Foundation Regime by the Registration Authority (RA) of ADGM in November 2023. The recently introduced regime is an innovative, purpose-built regime that addresses the unique legal requirements of Blockchain Foundations, Decentralised Autonomous Organisations (DAOs), and the broader crypto industry, enabling them to operate and issue tokens.
Swiss-regulated digital asset banks like Sygnum were then able to fully segregate client-owned digital assets by holding them off-balance sheet. This meant that even in the unlikely event of its insolvency, client assets would not form part of the bankruptcy estate and remain under their ultimate control at all times. Furthermore, Sygnum has also officially launched its Abu Dhabi office and has been fully operational in ADGM since March 2023, leveraging the various progressive regulations that ADGM has to offer.
Platform Scalability
In 2023, the total market cap of the digital asset market doubled to USD 1.72 trillion, driven by higher institutional fund flows and market maturity and supported by increased regulatory clarity. The ability of institutional custodians to scale their platforms, transactions and client base – while maintaining institutional grade security – is becoming ever more critical. However important, scaling capacity is only one of the challenges faced by institutional custodians seeking to be truly future-ready.
The profusion of innovations in the digital asset space over the past years has added considerable complexity to institutional custody. Defi protocols that enable users to lend, borrow, trade and generate yield from their wallets have grown in number and sophistication. One of the key challenges to the growing institutional engagement with DeFi is enabling access to these innovations while at the same time ensuring regulatory compliance. The Non-Fungible Token (NFT) space has seen similar growth, and like DeFi, presents challenges to custodians to enable access and functionality across different blockchains.
To be more agile, institutional custodians should avoid a monolithic approach and instead embrace a multi-platform custody strategy. By expanding their platform in a modular fashion, custodians can continually expand the universe of available tokens, launch new services on fast timescales, deliver seamless client experiences – and stay compliant as new regulations come into force.
Counterintuitively, an institutional digital asset custody platform also needs to be open to be truly future-proof. Custodians cannot operate behind walled gardens and need to embrace the spirit of open Distributed Ledger Technology (DLT) networks and constantly contribute to and learn from the rapidly evolving ecosystem. This future-ready mindset – along with security, risk management and scalability – are the essential ingredients for empowering investors to invest in the emerging digital asset megatrend with complete trust.