The Workings of Institutional Crypto Custody
Why it could plug the 'trust' gap between the trad-Fi and de-Fi worlds
Hello everyone and welcome to the latest edition of GreySpark Insights.
Please do not hesitate to contact us with any questions or comments you may have. We are always happy to elaborate on the wider implications of these headlines from our unique capital markets consultative perspective. Happy reading!
As highlighted in our recent ‘chart of the day’, institutional investor interest toward crypto and, more specifically, Bitcoin may be piquing once again. With the approval of a spot Bitcoin ETF from US regulators looking ever more likely, the path to greater institutional Bitcoin adoption is becoming clearer. According to Bloomberg, digital assets AuM globally increased by around 15% since early September 2023.
With institutional interest rising once again, the need for compliant, secure, technology-driven crypto custody solutions is once again becoming apparent. Largely, up until 2021, specialist crypto custody solutions among traditional finance institutions were few and far between. However, the crypto bull market of 2021 brought with it a host of crypto custody service offerings by the world’s largest financial players seeking to stay relevant to the crypto trend, as the table below shows:
In part, a key regulatory development drove many custodian banks to launch crypto custody services in the US when the Office of the Comptroller of the Currency issued guidelines stating that chartered banks were permitted to hold crypto assets for safekeeping on behalf of their customers. This allowed any investment bank in the US to extend their traditional custody services to include holding unique cryptographic keys.
The storage of cryptographic keys is the main structural difference between traditional, fiat securities markets and crypto markets in terms of custody, even though the general concepts of custody in both types of market environments are similar. Crypto assets, which are underpinned by blockchain technology, utilise alphanumeric code to denote holdings — similar to a password — in the form of public and private keys. A public key allows the user to transact with cryptocurrencies and is typically a wallet address. Comparatively, private keys provide the ability to prove ownership of the crypto funds associated with a particular public address. It’s these keys that must be kept private, otherwise the crypto assets that the keys are linked to can be accessed.
What’s often overlooked is that crypto is built on highly securitised blockchain technology that is practically impossible to retroactively modify once a transaction is executed, but it isn’t invincible. Security breaches, hacks and network collapses are commonplace in the crypto world; for example, leaving any funds on collapsed intermediaries or exchanges such as FTX and Celsius would have ultimately seen the funds go down with them. Additionally, blockchain-based platform Ronin lost roughly $600 million from its platform in May 2022 after a hacker obtained and then used private keys to facilitate withdrawals. Typical wallets used among retail investors such as cold (offline) wallets and hot (online) wallets are also not completely bullet proof, especially if the user forgets their private keys, or if the owner of a key falls for a phishing scam that provides access to their wallet. For large financial institutions holding billions in cryptoassets, generic cold or hot wallets are not sufficiently secure.
However, institutional-grade crypto custody solutions provide an extra layer of protection, providing a safe haven for private crypto keys. Ultimately, their growing sophistication could finally instill a degree of trust toward crypto assets at an institutional level, which has largely been bereft since the FTX Exchange collapse in 2022.
Below depicts the architecture of a typical institutional crypto custody set-up:
Typically, custody architecture is comprised of four elements:
Banking System: On behalf of their customers, custodian banks can hold cryptoassets in public ledgers (blockchains) and operate the assets with the investor’s permission. Usually, existing core banking systems of custodian banks can already facilitate crypto assets. As highlighted in our 21 September 2023 article, some technology infrastructure is transferrable between crypto and fiat currency-centric assets. However, banks will need to seamlessly integrate wallet systems (see more below) into their custody stacks to allow for the transaction of crypto assets.
Crypto Vault: The crypto vault is mainly used for safekeeping the private keys of underlying crypto assets.
Research & Analysis Engine: A pricing and data lake for the cryptoassets holdings is required for analytics.
Business Application: Key features such as know-your-customer, customer onboarding, payments and trading are some critical business applications that allow an end-to-end crypto custody service. All of these solutions must be integrated with the banking and vault systems to enable crypto asset-related transactions.
Typically, institutional crypto custody solutions utilise multi-signature wallets and multi-party wallets. The former requires multiple parties with individual private keys to sign a transaction, although they are not compatible with all blockchains. In the latter, no single party holds the complete private key, with different parties involved in signing transactions holding two independent, mathematically-generated secret shares. Multi-party wallets also offer greater compatibility.
Additionally, financial institutions seeking to utilise digital asset custody need to give consideration to how they are going to implement and integrate it with their existing infrastructure:
Are they going to build it in-house, or utilise a third-party vendor solution?
If choosing a vendor, is it regulatory compliant in that specific jurisdiction?
Does the vendor meet custody cyber-security standards, such as SOC1 and SOC2 (with SOC standing for system and organisational controls)?
Ultimately, as acceptance toward crypto grows, financial institutions delving into the space must ensure that their digital asset custody roadmap is up to scratch if they are to realise the potential of crypto and, crucially, stay relevant to evolving customer demands.