Institutional crypto custody: How banks are housing digital assets

As crypto and NFTs go mainstream, how are large institutions preparing to serve their digital assets savvy clients through custody services?
As crypto and NFTs go mainstream, how are large institutions preparing to serve their digital assets savvy clients through custody services?

Until 2020, most of the crypto market action was largely driven by retail enthusiasm. It was only around August 2020 that institutions started to participate meaningfully in this asset class. As the United States Federal Reserve unleashed trillions of dollars of liquidity into the market during the COVID-19 pandemic, retail and institutional investors jumped onto the cryptocurrency bandwagon.

While crypto loyalists claim large-scale institutional adoption over the last couple of years, the entire asset class is only around $1 trillion in size. That is quite small when compared to the gold market of $11 trillion and the bond market of over $100 trillion. There is still a long way to go for the institutional adoption of crypto and blockchain-based digital assets.

A quick look at Coinbase’s trading volumes below shows the rise of institutional capital in crypto. But, it is also clear that the institutional numbers are quite modest when compared to other asset classes.

Some institutions, particularly top-tier banks and fintech, have started building capabilities to offer digital asset products and services to their clients. This is because banks and fintech are starting to see crypto, nonfungible tokens (NFTs) and other digital assets as a systemically important asset class. Not offering these products and services to their clients would be leaving a pot of money on the table.

These clients that banks serve vary from hedge funds, asset managers, family offices, corporations, small and medium enterprises, to even retail customers. However, it is easier for banks to serve their institutional clients first, as they would have to go through lower regulatory hurdles than when serving a retail audience.

Financial institutions have focused on a few capabilities that have lower regulatory hurdles such as custody and data analytics within the crypto space. While this is largely true with banks, fintech have taken a more retail-friendly approach. For instance, Revolut offers crypto services to its customers.

As the first article in a series focusing on institutional involvement in digital assets, we will look into institutional custody solutions for digital assets.

What is digital asset custody?

Digital asset custody is the process of storing crypto, NFTs and other forms of digital assets safely and securely.

For the many things that Web3 and cryptocurrencies have got right, the user experience behind onboarding and self-custody is still lacking. A new user typically creates an account on an exchange like Coinbase or Binance and buys crypto there. These cryptocurrencies sitting in their exchange account are under the custody of the exchange.

However, if a user wants to take custody of their digital assets holdings, they would typically move them to a wallet like MetaMask or Phantom. This is called self-custody. This can be intimidating for users as it requires remembering a private key. To date, about four million Bitcoin (BTC) have been lost due to owners losing their private keys.

Self-custody may not be a solution for everyone. At the same time, institutions that provide custodial services to clients have had their dark days, too. For instance, Celsius, a centralized crypto lending platform, held custody of their client assets and have had trouble servicing its customers.

As markets hit peak crisis through the Terra episode, Celsius wasn’t able to return the crypto assets of their customers due to poor liquidity management practices. Therefore, institutions offering custodial services must have high-risk management standards to ensure their clients’ digital assets holdings are safe and liquid.

How do financial institutions approach digital asset custody?

Banks have been custodians of retail and institutional money for decades and have done a pretty good job. Particularly after the Great Depression, the self-custody of assets was considered too risky, and that led to the rise of banking institutions.

According to the Bank for International Settlements (BIS), reporting banks across the world held over $101 trillion in assets in 2022. The U.S. accounted for about 20% of that, at just over $20 trillion. This demonstrates that banks have historically been trusted with holding custody of both institutional and retail assets.

As a result, it is only natural that institutional and retail investors rely on banks to offer digital asset custody solutions. However, unlike custody of conventional money, digital assets require a new set of considerations from a bank.

What are banks’ custody considerations?

Banks looking to set up digital asset custody typically look at two broad approaches: building and buying capability.

Banks can choose to organically build custody capability. For instance, Nomura’s Komainu and Standard Chartered’s Zodia custody platforms are examples where major banks used their in-house technology to build digital asset custody solutions.

These banks can use these solutions for their own clients and offer custody platforms for other banks to use, too.

However, banks are not in the technology business. When a bank chooses to buy custody capability, it may just acquire a custody provider or the technology from an external vendor. Once they acquire the technology capability from a vendor, they can offer custody services to their clients.

Recent: Ethereum post-Merge hard forks are here — Now what?

Other alternatives are investing in a digital asset custody provider for long-term strategic synergies and/or partnering with a custody provider. In summary, they will look to inorganically create custody capability through strategic investments and acquisitions.

Where a bank chooses to buy or inorganically bring in the digital asset custody capability from an external vendor, there are certain product considerations:

Regulatory approvals

Banks must seek regulatory clarity and ensure compliance before choosing a custody provider. The custody platform under consideration must demonstrate compliance with regional regulatory policies around crypto custody. 

The Office of the Comptroller of the Currency in the U.S. and the Markets in Crypto-Assets in Europe drive custody regulations for their respective regions. As custody providers, banks will hold private keys on behalf of their clients. This adds additional operational risks and banks must demonstrate that suitable controls are in place to ensure safekeeping.

Blockchains and assets supported

When banks look at a potential custody platform, one of the key considerations would be the blockchains that the platform supports. Often these custody solutions support blue chip assets like BTC and Ether (ETH). 

However, with more chains growing in stature, user base and transaction volume locked, clients may demand custody support for chains like Solana, Avalanche and others. Also, it may not be enough for custody platforms to just support crypto anymore.

NFTs have started to make a mark, particularly within the art space. The most expensive NFT yet, The Merge, was sold for $91.8 million. As a result, private banking and wealth clients of banks may soon demand support for NFT custody too. This would be a key consideration for a bank looking to choose a custody platform.

Tech only vs. custody vendors

Another key criterion for a bank is to choose between custody platforms and custody service providers. With the former, banks would treat them just as a technology vendor. In this scenario, the banks would still be responsible for owning the operating model behind the custody service.

On the other hand, banks could also choose to partner with custody service providers, where they get the technology and the entire custody capability out of the box. Banks would just be white labelling the entire service.

Fireblocks and Copper are custody platforms that provide the technology capabilities, whereas, Coinbase and Gemini offer out-of-the-box “custody as a service” solutions.

Cybersecurity standards and audits

Cybersecurity is perhaps the biggest risk for a digital asset custody provider. As a result, custody vendors must show that they have been examined by auditors across key dimensions such as security, availability, processing integrity, confidentiality and privacy. 

There are two commonly used examinations that custody vendors go through. They are SOC1 and SOC2, where SOC stands for System and Organisational Controls. Gemini announced clearing both SOC1 and SOC2 examinations in January 2021.

While these are point-in-time examinations, periodic audits are essential to ensure cyber standards are kept up to date.

Wallet types

Custodians offer clients different wallet capability types. The choice of wallet types decides the level of security, recoverability, seamlessness and compatibility with various blockchains.

Hot wallets are connected to the internet and are a lot easier to use as they integrate with applications for decentralized finance (DeFi) and NFTs more seamlessly.

Cold wallets are mostly offline and are only connected to the internet through a controlled mechanism. Therefore cold wallets offer secure custody of digital assets. Due to the controls in place to make them secure, cold wallets are not the most seamless experience for buying and selling digital assets.

Multisignature (multisig) wallets are used to increase the security of transactions as they require multiple parties with individual private keys to sign a transaction. Although they make custody and transactions more secure, multisig wallets are not compatible with all chains. They can only support the custody of a limited number of digital assets.

Multi-party computation (MPC) wallets are an alternative to multisig wallets and offer the same level of security but better compatibility. With MPC, no single party holds the complete private key. Different parties involved in signing transactions hold two independent mathematically generated secret shares.

As a result, the security levels rely on multiple parties signing transactions while still being able to support different blockchains more seamlessly.

Custody platforms and service providers. Source: Blockdata

Segregation of client funds

Custody providers should be able to service clients who want their funds held separately from other clients. This functionality is critical for banks to consider when they are choosing their custody partners to serve their institutional clients.

Pricing 

Custody providers have different pricing models that they charge to their banking partners. The custody providers/platforms charge the banks a licensing fee, often based on the features that the banks want to roll out to their clients. Banks typically charge a percentage of assets under custody to their clients.

Pricing often depends on the nature of the service or product that the custody providers offer. For instance, if the custody provider is just providing the technology platform, pricing would be a licensing fee model. However, if a bank chooses to go for a complete “custody as a service” provider, they may incur an “assets under custody” commission. They would pass on this fee to their clients.

Integration with apps for staking

Most crypto users expect to use the crypto positions in their wallets to make passive income through DeFi solutions. As DeFi solutions scale, this is another application for custody platforms to support. Therefore, compatibility with multiple chains, assets and their decentralized applications (DApps) is a critical functionality.

Integration and Interfaces

Custody platforms must provide various interfaces like mobile, PC, Mac and browser compatibility. This is another key consideration for banks when they roll out these solutions to their institutional clients.

Integration with tax and Anti-Money Laundering solutions are critical features that custody platforms must offer. Banks would want to provide seamless tax calculation integration to their clients based on the digital assets transactions they have made and the tax regime that their institutional clients fall under.

Recent: El Salvador's Bitcoin decision: Tracking adoption a year later

Custody platforms like Fireblocks offer integration with on-chain analytics solutions, Elliptic or Chainalysis, for example. This integration offers the intelligence to spot any money laundering activities that banks must be aware of.

Banks and digital assets: The future

In summary, digital assets will grow into a significant focus area for banks and financial institutions in the future. The convergence of conventional financial market participants and futuristic ones has just begun. 

The first set of capabilities that banks have been focused on are infrastructure, compliance and regulatory capabilities. This is evident from their investments and partnership focus areas within the digital assets space.

However, as regulatory frameworks become clearer, we should see more innovative digital asset sub-verticals being embraced by financial services.