By Alex Batlin is Founder & CEO of Trustology
Last month, US officials gave the go-ahead for all nationally chartered banks in the US to provide custody services for cryptocurrencies, previously reserved for specialist firms. Now national banks will be able to hold digital assets for their clients, as well as hold onto the unique cryptographic keys for a cryptocurrency wallet. So what does this mean for both crypto and traditional investors? How does this now impact the business models of entrenched institutions — a beneficial revenue stream or too costly? And what can specialized crypto custodians offer that banks can’t? Alex Batlin, CEO of Trustology, explores.
The green light for bank-based crypto custody came in an interpretive letter from The Office of the Comptroller of the Currency (OCC) in July. In a significant milestone for the crypto industry, the OCC stated that federally regulated banks could start providing banking services to cryptocurrency startups, as well as custody of private keys. However, banks have a long way to go until they can meet the standards required of the cryptocurrency industry. Crypto, after all, is an entirely different ball game to traditional fiat custody.
Getting Accustomed to Custody
No two cryptocurrencies are created equally. The ecosystem contains a diverse range of tokens and coins with different use cases, features, and characteristics. Not only can you tokenize existing asset classes like securities, but there is also a whole new set of asset classes such as virtual currencies that banks’ compliance teams will need to grapple with. Add to that the fact that crypto assets are typically cross-border with a mix of regulated and unregulated participants, and it only heightens the complexity. And then there is settlement risk which currently poses a significant hurdle for market participants. This is where banks hold an advantage. They can adapt existing clearing and settlement processes to crypto assets — especially when it comes to trading hours.
What could be problematic for traditional banks, however, are traditional asset servicing functions which are turned upside down in crypto markets. Much of the crypto sector’s operational procedures are automated via smart contracts posing a new challenge to banks alongside that of key management, transaction signing, and operating blockchain infrastructure, such as nodes.
And then there’s the matter of business models. The entire value proposition for digital assets differs drastically from fiat. The crypto sector’s favoring of disintermediation means that many traditional revenue streams, such as charging interest on fiat loans and fees for services provided, may no longer be viable in the new regime and ecosystem. If the success of crypto continues, then these old revenue streams may disappear entirely. This is especially being evidenced today with quantitative easing and fiat devaluation.
A major hurdle, however, is that digital asset technology goes slightly beyond what traditional banks are accustomed to with fiat custody. Key pair management, encryption, and cybersecurity controls are just some of the fundamental safeguarding measures expected of crypto custody that banks are accustomed to — but blockchain is a game-changer when it comes to the way the data is recorded, with many complex nuances that banks will need to readjust to in order to successfully transition.
When faced with new opportunities like crypto and blockchain, banks are left with a few options — namely build, partner or buy. Either they build infrastructure in house from scratch, acquire it, or integrate with an already established crypto custodian and make use of their infrastructure. The latter is the most likely route, simply because it’s the most cost-effective and requires the least amount of lead time. Build options tend to require long lead times for entrenched banks.
Integration also allows banks to harness the years of experience of existing crypto custodians, as well as the safeguards and controls they allow. Given the acceleration of the sector and a projected market cap of $3.6 trillion by 2028, it’s a highly competitive market segment. This being the case, partnering to combine custodial technology already in operation with the existing systems and processes of banks, may be the ideal scenario for first movers.
Taking Custody of Crypto
Akin to cryptocurrencies, not all crypto custody is born equal either.
There are several different methods of securing private keys. The leading distinction between crypto custodians is the choice between cold wallet storage and hot wallet storage. Cold wallets provide more physical security, as they’re held offline, but often render a slow rate of transfer. A hot wallet, meanwhile, provides almost instantaneous access but has greater propensity for cyber attacks due to internet connectivity.
And then there’s the choice between different security technologies, such as simply storing private keys in an offline vault, i.e. cold storage, or more sophisticated solutions, such as hardware security modules (HSM), multi-party computation (MPC) or smart contract-based wallets. Each of these technologies comes with its own set of pros and cons and is at a different stage of maturity.
Cold storage was initially used by many exchanges and custodian wallet providers as it was the only option that could be insured, but its reliance on physical access to private keys for every transaction made it too slow and too expensive as high-frequency margin trading replaced long-only strategies. Also, the use of omnibus versus segregated account structures — forced by the high cost of physically managing keys — led to a lack of transparency as owners could not independently audit their balance and so reintroduced accounting reconciliation costs and balance sheet ambiguity.
Smart contract wallets support multisig, but only by using smart contract code, which means they are limited to specific blockchains, e.g. Ethereum. They also don’t support KYC/AML due to privacy issues, e.g. exposure of private data on the blockchain. For institutional investors and funds looking to stay compliant or scale, this wouldn’t be the ideal solution. In principle, one could build a smart contract wallet utilizing an oracle network, but this exposes even more data on the blockchain, such as whether the account is custodied or not.
HSMs, as their name suggests, differ from MPC in that they involve physical hardware devices. Perhaps the most ubiquitous of all custody solutions, HSMs create and store the private key within secure element chips to isolate and protect from attack vectors, such as man-in-the-middle attacks. While extremely shielded, HSMs do have some inherent latency issues due to their need to connect devices when transacting. This is exactly the same technology used by SWIFT networks and banks for several decades now.
Some firms choose to evade the individual pitfalls of these methods and consolidate both hot and cold wallet characteristics with HSM or MPC. By employing an amalgam of front-end software combined with end-to-end hardware security, custodians can provide a fully automated process that both lessens third-party risk and reduces transfer delays. Combined with multi-sig and other controls such as whitelists, biometric verification, and insurance, some custodians go the extra mile to ensure that not only are private keys secured but that users have the utmost control.
Custodians are even starting to dip their toes into the decentralized finance (DeFi) sector. The division has blossomed into a $7 billion industry in the past few years — with most of that value captured in the past few months of 2020 alone.
Now, with interest burgeoning, custodians are starting to offer users secure access to the sector, supporting investors across the entire spectrum of activity — be it within safekeeping assets, transacting on-chain, on-exchanges, facilitating settlement, or when using DeFi protocols across blockchain ecosystems.
Entry to DeFi enables brokers access to the sector’s liquidity, lending, and borrowing capabilities. And banks would be remiss if they didn’t follow suit.
Though, once again, the existing technology of established custodians will play a major role here. Expertise beyond managing keys and transactions is required to support a wide variety of financial protocols for a large spectrum of crypto assets inclusive of the DeFi sector, which is where custodians hold an advantage. At present, custodying private keys across separate blockchains is a logistical nightmare. Some custodians offer multi-chain support, overcoming the issue via re-signing technology, which enables fluid transactions between multiple DeFi ecosystems.
With the technology and regulatory obligations in place, the impacts of bank-based digital asset custody on the crypto sector are likely to be vast and wholly positive. One major blessing for the nascent space comes in the form of legitimacy via regulation. As traditional institutions ready to enter the market, we can expect a significant uptick in regulatory development. We have already witnessed this via a raft of new regulations, such as 5MLD, which has freed up opportunities for German financial institutions in offering crypto services. And now, with affirmation from the US SEC, American banks are looking to follow suit.
Consequently, as regulation matures, the more risk-averse banks, reticent to enter at the beginning, will join the fray. As a knock-on effect, traditional buy-side companies, such as hedge funds, endowments, and family offices, will likely feel comfortable enough to allocate a percentage of their assets to crypto and even test the waters of DeFi themselves.
As crypto custody becomes a reality for US banks, eyes will undoubtedly be set on the South Korean institutions already in the process of unrolling crypto-asset custody. Kookmin Bank (KB), one of South Korea’s largest commercial banks, unveiled plans for a digital asset custody subsidiary, dubbed KBDAC. Their nearest rivals, Nonghyup Bank (NH), has also announced it will launch custody services for institutional investors, following a new legislation amendment introduced in March 2020.
However, as KBDAC inches closer to launch, South Korea’s new stringent anti-money laundering laws threaten to hinder operations as the costs of compliance leans against profitability. This issue could resonate in the States as well, particularly impacting small and medium enterprises looking to hop on the custody train.
In any case, for effective custody to be pulled off, banks, both big and small, will need an established tech-focused custodian to ensure safe entry — especially if the goal is to maintain both safeguarding and control, as it should be.