Noah Perlman is Gemini’s Chief Operating Officer.Previously he was a Managing Director and Head of Financial Crimes at Morgan Stanley.
The topic of financial asset custody is not one that typically garners headlines or triggers heated debate — and this is for good reason: Market participants in most developed economies are confident that well-regulated financial institutions are capable of safeguarding their most valuable assets.
Perhaps this is why the concept of “digital wallets” or “digital custody” has been recently and readily suggested as a component of new financial infrastructure models that hope to transform how we transact tokenized instruments, including securities, commodities, cryptocurrencies and even fiat currency.Recently, the Office of the Comptroller of the Currency (OCC) confirmed that banking institutions have the authority to provide cryptocurrency custody services for customers.
Custody of digital (tokenized) assets is a critical new function, however, and one that requires careful attention and requirements to be sure we get it right — the future of, and people’s trust in, a digitized economy depends on it.
To get digital custody right, it’s critical to understand the expectations and requirements of key stakeholders.For example, when the Financial Action Task Force “Travel Rule” was imposed — which set requirements on crypto exchanges and market participants when crypto assets are sent between virtual asset service providers — the crypto industry learned firsthand that trying to incorporate new requirements after a system has been built can pose tremendous challenges.
To prevent this from happening again with digital asset custody, I propose three proactive measures for regulators and those of us in the crypto industry.
First, it is crucial to precisely define digital custody.
A provider that custodies a truly digital, tokenized asset is performing a very different function than an intermediary managing an account-ledger and related book entries.The custody of a tokenized asset cryptographically signed with a private key involves unique technological, security, operational and governance considerations — something our exchange has learned over the years of providing our own custodial services.Mitigating associated risks is the core function of any financial custody solution, but given the novelty of the technologies at play, we should not assume that all solutions are capable of satisfying users’ expectations for safety.
Second, we must carefully differentiate hosted or managed third-party custodial solutions from a range of other options, including self-custody hardware, technology or process solutions.The first set of services are offered by intermediaries that can vary in their levels of governance and security from lax to strict regulatory oversight.
They assume degrees of ongoing responsibility for the active safekeeping of a digital asset on behalf of a customer and serve important functions, including identifying users and flagging suspicious financial activity that may indicate a financial crime.
Self-custody hardware solutions, however, are not designed to serve such a function.Rather, they enable an individual to manage his or her own custody system, much like individuals can store their money in a safe instead of a bank.
This leaves open the question of whether self-custody hardware solutions can work at scale if individuals across the globe increasingly seek to transact (and safeguard) tokenized assets.Are we willing to have individuals bear the complete risk of loss if their self-custody solutions fail?
The final — and perhaps most important step we can take — is to determine how these two measures should drive the regulatory requirements for digital asset custody solutions.
Third-party service providers, end-users, policymakers and regulators alike should carefully consider how we can set requirements for the technology, security, governance and operations of a digital asset custodian today to allow for the development of solutions that satisfy users’ expectations for safety and soundness now and in the future.
Some regulators like the New York State Department of Financial Services, the U.S.Commodity Futures Trading Commission, the U.S.Securities and Exchange Commission and now the OCC have taken proactive steps to understand the novel nature, and mitigate the challenges, of digital asset custody, but we should not assume that all digital asset custody solutions and custodial regulatory regimes are capable of safeguarding users’ financial assets.
Cavalier expectation that digital asset custody is as well understood as traditional financial asset custody will lead to inevitable loss and a related loss in trust.
The crypto industry and regulators can, and should, work together to identify the right requirements today to correctly build the infrastructure of the future — for the benefit of customers, institutions and the crypto industry at large..