We recommend balancing innovation with trust by developing a strategy that addresses the three critical challenges of crypto custody — reconciliation, security and compliance.
Building out a reconciliation of your crypto activity
Blockchain can make many things easier, but reconciliation isn’t one of them. To accomplish a reconciliation of your and your clients activity, you may need to gather huge volumes of data for each blockchain you operate on. You may also find (if you’re prepared) highly detailed data, such as the source and purpose of many transactions on the blockchain and the history of many assets involved.
The right software can help address many of these challenges. A custom indexer, for example, can be configured to monitor the blockchain for relevant data and put it in a form you can use. But software can’t automate everything. You may, for example, need to hire or upskill personnel to execute three-way reconciliations, which matches blockchain data against internal systems and has strict rules on when a transaction is clean and should be accepted.
Enforcing security in a world where a loss is irretrievable
In the digital asset space, if it’s gone, it’s probably gone for good. Blockchain transactions are irreversible, so if a digital asset is misplaced or stolen, there’s likely no recourse. That makes security more important than ever. Besides up-to-date cyber defense, it’s also critical to secure private keys, the strings of numbers and letters (like a password) that enable clients to access their digital assets. If a malicious actor gets hold of that key, those assets can be lost.
To address this new threat, consider a holistic operations risk management framework centered on security measures and controls such as:
- Non-text (SMS) based multi-factor authentication (MFA), such as external keyfobs
- Segregation of duties
- Limits on the number accounts that each key can access
- Maker/checker processes inside your institution
- Maker/checker processes when clients request transactions
- Asset segregation
- Identity and intent verification
- Strict transaction processing rules
Keep in mind that these are just some of the measures required, and both the technology and the related threats are evolving quickly. You’ll need to stay up to date on the latest in digital asset security.
Following both new and old rules through a modern compliance strategy
Digital assets are subject to both existing and evolving regulations. You’ll need to comply with Bank Secrecy Act and Anti-Money Laundering (BSA/AML) measures, for one, as well as transaction monitoring and operational controls, complaint and fraud processes and capital adequacy, among others. And new rules are being proposed all the time.
Your traditional controls and software probably aren’t able to monitor blockchain activity for illicit behavior, so you’ll likely need new, specialized on-chain analytics software. The right software can provide automated, configurable thresholds and alerts, establish transaction provenance and perform forensics analysis. It can also help you meet the BSA’s travel rule mandate — which obliges custodians to obtain, hold and transmit information on participants in certain transactions involving large transfers. Some capital requirements are new for digital assets. For example, many regulators demand more reserves for assets held in hot wallets (which are online and largely automated) than in cold wallets (offline and dependent on human approval).
Regulators also want to see you protect consumers from insider trading and market manipulation. Leading practices here include consumer education (to help reduce the risk of criminals manipulating consumers into revealing their private keys), processes to investigate suspected fraud, role-based access to sensitive information and a framework to help confirm that consumer complaints will be heard, tracked and acted upon.
Proceed by either building, partnering or joining a consortium
Many firms will need to stand up new operations specifically designed for digital asset custody. Here are three options for entering the digital asset custody market.
It’s not easy, but it is urgent
None of the options for entering digital asset custody are easy. The reconciliation, security and compliance challenges are real, and experience with traditional custody isn’t enough. But digital assets are here to stay and crypto-based products and services that require custody are growing quickly. If you act now, establishing a trusted brand for digital asset custody could help make you a leader in the financial services at the center of the metaverse, web3 and more. If you wait, you may find this market consolidated around a few leaders, making it very hard to break in.