The 10 Foundational Principles of a Licensed Digital Asset Custodian

The 10 Foundational Principles of a Licensed Digital Asset Custodian

August 10, 2022

Custodians play an important role in the institutional adoption of digital assets. They safekeep the digital assets of financial institutions, digital asset organizations, and corporations. These are the 10 Foundational Principles that highlight the importance of licensed professional custodians.

1. Asset Segregation

What is it? 

Asset segregation is the best practice to protect clients’ assets. A professional custodian will always keep clients’ assets completely segregated from its own. 

Why is it important?

Clients who hold assets with a non-custodian firm (for example, trading, investment and passive-income generating crypto firms) will bear the risk of their assets being commingled with the organization’s, meaning the assets can be used for purposes which the client is unaware of.

In a bankruptcy scenario where the firm does not segregate its clients' assets from its own, the commingled assets will go into the bankruptcy estate that the general creditors will share. Conversely, by keeping assets segregated with a professional custodian, clients’ entitlement to their assets can be acknowledged by the court shielding the clients’ assets from the general creditors of the bankrupt.

Blockchain technology offers unprecedented transparency, so clients storing assets in on-chain segregated custodial wallets can directly verify asset locations using public network explorers – meaning, they have full visibility of wallet holdings.

2. Flexible Approvals

What is it? 

A professional custodian will normally offer approval methodologies designed to match clients’ preferences regarding segregation of duties, transaction limits, and approval types.

Why is it important?

Clients are able to specify and assign different user roles to the individuals with access to the custody account, the type and value of transaction that an approver can authorize, as well as the number of approvers needed to authorize a transaction.

By setting flexible approval methodologies that suit their security needs, clients can ensure any single person or group of persons will not be able to transfer funds independently. For example: the person initiating a fund transfer cannot also be part of the approval of the same transfer.

Should some approvers be unavailable, transactions can still be processed promptly by a designated number or subset of the appointed approvers e.g. 3 approvers out of 5 are required to authorize a transaction. 

By distributing signing capabilities across multiple approvers, no single person can transfer assets on their own which enables clients to maintain security across complex and distributed teams.

3. Tailored Client Support

What is it? 

Professional custodians have a strong focus on tailored client support, always seeking a deeper understanding of its clients’ needs and business model. It should become the client’s trusted partner in the digital asset space and provide services across all locations - adapted to the regulatory requirements of the jurisdictions in which it operates.

Why is it important?

By getting to know a client and understanding their business model, a custodian can maximize the effectiveness of interactions between them. Communication can then be focused on the key issues that are most important to the client.

Adopting a consultative approach and having a clear understanding of the client’s requirements, a custodian can tailor the services it provides, leading to highly positive outcomes and streamlined interactions. Equally, it enables the custodian to align its development priorities with those of its clients.

In today’s connected world, it is also essential to provide clients with access to information and support whenever they require it. Crypto never sleeps - it takes place 24 hours per day, 7 days per week without breaks or holidays. Custodians need to be able to provide custody related support to clients at any time of the day, anywhere in the world.

4. Extensive Reviews of Value-added Services

What is it? 

Use cases in the decentralized economy multiply at a speed unmatched by traditional finance. Professional custodians provide value-added services that tap into these opportunities such as staking, borrowing, and lending protocols. Before being offered to clients, services are subject to extensive internal reviews.

Why is it important?

For some services, clients’ assets need to be transferred to collateral, trading, or pledge accounts which are still maintained by the custodian but without the full safeguards of a custodian account. Such asset transfers are always fully transparent, and only undertaken upon clients’ specific authorized instructions.

Value-added services connected to staking, borrowing, and lending protocols within the jurisdictions the custodian operates in undergo extensive reviews as part of systematic and structured processes covering areas such as Risk, Operations, IT, Legal, and Compliance. 

The review process aims to provide assurance that new products and services comply with the regulatory requirements within the jurisdictions the custodian operates in. Robust operational procedures that are scalable also need to be developed in order to control and manage the services once they are launched, with all IT changes fully tested and signed-off. Lastly, risks to the service providers and clients need to be identified, managed, and communicated clearly.

5. Bank-grade Processes & Asset Insurance

What is it? 

Banks move trillions of dollars of money every day - they have ultra robust processes in place to safeguard these assets. Similarly, professional custodians have robust processes in place to safeguard clients’ crypto assets, supplemented by an insurance safety net to cover the unlikely event of asset loss.

Why is it important?

Bank-grade processes greatly reduce the possibility of deliberate fraud and accidental errors, providing clients with peace of mind that transactions proceed as expected. For example, all functions and processes follow a dual-key or maker-checker principle whereby no single person is able to move assets - oversight and approval of actions is always required.

Furthermore, blockchain technology itself can be leveraged to enhance security. A good example is on-chain segregated wallets which enables clients to safekeep digital assets across multiple wallets, fully segregated on the blockchain, so that in the unlikely event that one wallet gets compromised, the others could still be safe.

However, despite best efforts and the most exacting security measures, risk of asset loss cannot be 100% eliminated. Insurance helps to provide coverage for replacement of assets kept under the custodian’s storage in the unlikely event of loss. As a prudent custodian, Hex Trust holds insurance coverage against a variety of risks, including loss of assets kept under Hex Trust’s storage, with a major, reputable insurance provider.

6. Third-Party Due Diligence

What is it? 

Virtually every company outsources some aspects of its business to third-party providers. Professional custodians ensure that a detailed due diligence process is followed before appointing such providers.

Why is it important?

Professional custodians conduct detailed due diligence and ongoing monitoring of its third-party providers to ensure they maintain the required standards of quality, security, cost-effectiveness and efficiency.

Examples include: performing Know Your Customer (KYC) on selected providers; extensive review of their technology, processes and business practices; and background checks.

Applying such practices delivers value across the whole digital asset ecosystem as the end-clients experience higher quality products and services; reputable providers develop stronger profile and visibility; and collaboration between professional providers leads to innovation and progress in the industry.

7. Applicable Regulation

What is it? 

A professional custodian will benefit from operating in jurisdictions where there is an applicable regulatory framework to which it can conform.

Why is it important?

Clients can be confident that licensed custodians conform to the local applicable rules, having been through an extensive and ongoing licensing process.

Independent registration, licensing and ongoing oversight by local Regulators ensures the licensed services are in compliance with the applicable laws, whether for KYC/AML or for the products and services offered by the custodian. In some jurisdictions, regulations may require the custodian to maintain sufficient capital to support its business model.

But licensed custodians don’t just adhere to the regulations - they will also typically engage with Regulators and contribute to making the market a better place for all participants.

8. Internal & External Risk Management

What is it? 

A professional custodian will maintain its own team of risk management and security specialists, analyzing and assessing both internal and external risks to ensure that customer assets are protected with the commensurate level of security.

Why is it important?

Organizations are under constant threats from cyber criminals, and as professional custodians control volumes of clients’ assets, their approach to cyber security protection must be uncompromising. Cyber criminals Tactics, Techniques, and Procedures are constantly evolving with every change in technology - a dedicated team of in house cyber security professionals works to ensure that the evolving threats are mitigated and managed. 

Additionally, professional custodians should have fail safe procedures in place for events outside of an organization’s control such as natural disasters and other force majeure incidents.

Enforcing and maintaining the strongest levels of security for a client’s asset, while ensuring its functionality is critical to a custodian's success. For example, if a client wanted to frequently trade their digital assets, but had secured them in a 24-hour frozen wallet, the needs of the client have not matched their functional needs. A Custodian must work with each client to build the right product to meet a client's needs and risk tolerance.

External verification of controls is an important additional safeguard, with achievement of SOC2 accreditation the recognised industry standard. This ensures custodians are constantly challenged by perceived biases or how they are applying their controls as they relate to market conditions, legal frameworks, technology & security or other outside forces.

Furthermore, professional custodians should offer platforms and services that are transparent, robust, easy to use and secure. This secure component is the result of countless months of design and redesign to ensure client assets are protected and fail safe. Ensure that when selecting a Custodian their systems are independently penetration tested assessed by a CREST certified cyber security company.

Effectively managing risk includes being active in networking events, business forums, and industry bodies, ensuring that it is connected into the risk ecosystems. Hex Trust is a proud Star One member of the Cloud Security Alliance.

9. Flexible Wallet Options

What is it? 

Professional custodians will normally offer different wallet options and account structures in which to hold clients’ assets, depending on the nature of their business and the way in which they use their assets.

Why is it important?

It is important for clients to be able to choose the most appropriate option according to their business model, requirements, and risk appetite.

Clients with relatively static asset holdings and little trading activity can hold their assets in a cold wallet, i.e. offline in an air-gapped environment disconnected from internal and external networks. This offers the highest level of security among all wallets and reduces the risk of the assets being compromised.

More active trading clients might need to hold some or all digital assets in a warm wallet which is still subject to strong security but is connected to trading networks and is therefore not as secure as an air-gapped wallet.

Professional custodians may also offer multi-wallet and multi-account structures so that clients requiring both cold and warm/hot wallets can benefit from such a comprehensive offering under one account.

10. Robust Contingency Measures

What is it? 

A professional custodian will ensure it can maintain business continuity even if its principal business location is unavailable for any reason such as natural disaster, power outage, or other force majeure incidents.

Why is it important?

24-hour global trading requires clients’ assets to be available at all times. Hex Trust maintains its systems in the Cloud, meaning they can be accessed from any location.

It has a multi-hub operations strategy which will cover different time zones located across Asia, Europe, and the Americas. This means there would be no single-location dependency - each location will function as a contingency location for the others, should the need arise.

Further to that, fail safe procedures are in place for events outside of an organization’s control such as natural disasters and other force majeure incidents.

Hex Trust
Hex Trust
Marketing
More from Hex Trust
Extending the Runway: The Opportunities for Fashion Brands in the Metaverse
September 21, 2022
Extending the Runway: The Opportunities for Fashion Brands in the Metaverse
The metaverse represents one of the biggest growth opportunities over the coming years across several industries - and many iconic fashion brands have started making big moves. What are fashion brands currently doing & what are the building blocks of an effective metaverse strategy?
Read More ⟩
Family Offices: Navigating Digital Assets & the Decentralized Economy
August 30, 2022
Family Offices: Navigating Digital Assets & the Decentralized Economy
This report aims to provide an overview of the blockchain ecosystem and highlight some of the available investment opportunities. It also includes guidance on how family offices can allocate their portfolios, and ensure safe and secure custodial ownership of digital assets.
Read More ⟩
The Custody 3.0 Era: Institutional Participation in the Decentralized Economy
June 22, 2022
The Custody 3.0 Era: Institutional Participation in the Decentralized Economy
Our Managing Director, Calvin Shen, shares his views on Custody 3.0: how the evolution of digital asset markets and growing demand for institutional participation in the decentralized economy is shaping the role of the digital asset custodian.
Read More ⟩