For anyone working in the digital assets space — be it cryptocurrencies or asset tokenisation — the question of how the custody industry can evolve to support digital assets is still unresolved. The starting point perhaps should be: What do we actually mean by digital custody?
In its advice on crypto assets published in January, ESMA, the European securities regulator, stated that “having control of private keys on behalf of clients could be the equivalent to custody/safekeeping services, and the existing [regulatory] requirements should apply to the providers of those services.” aMore recently , the draft German law to implement the fourth EU Money Laundering Directive would define custody of crypto assets as “the safekeeping, administration and safeguarding of crypto assets or private cryptographic keys used to hold, store or transfer crypto assets for others.”
What is common to these definitions is that when it comes to digital assets, custody services no longer concerns the simple safekeeping of “assets” but rather the storage of cryptographic keys that control those assets.
But does digital custody really equate to just storing private keys? It’s unlikely to be that simple, for a number of reasons. However, let’s recap where this argument comes from:
- Permissionless blockchain networks typically assume that digital assets are a form of bearer instrument, i.e., the private key controls the ability to spend the assets (“unspent output”). Consequently, a loss of those private keys would imply the loss of the asset itself.
- There is no concept of a nominee wallet, i.e., blockchains in the crypto world do not support the concept of an intermediary (every private key is assumed to belong to a beneficiary).
- Crypto exchanges offering digital wallet solutions tend to be based on centralized databases that create a relationship between the investor and the digital wallet provider whereby the investor gives up the use of the private keys to the provider, subject to an agreement between the parties. Put simply, under this approach, beneficiary information is kept outside the blockchain.
One could therefore think that the storage of the private key equals digital custody. However, there are a number of considerations that would make me think otherwise:
- Key storage without a robust procedure to utilise the key is meaningless. Also, there are different approaches on how to structure protocols for the use of keys (e.g., the so-called “signing ceremony,” which can be used to reduce the reliance on a single party).
- Depending on the design choice of the blockchain, distributed ledger technology (DLT) or wallet, there may be more than one key per token, or a single key simply may not exist (i.e., different parties hold a portion of the key and need to enter into a signing ceremony to transfer an asset, via a multi-signature arrangement).
- Institutional blockchain platforms (typically permissioned) have certain hierarchical structures or a multi-signature agreement to reverse and/or rebook a transaction, with a governing node empowered to correct an erroneous entry into the database.
So in my mind, the way forward for digital assets is as follows:
Clearly, a digital custody solution necessitates private key storage capability whether that’s for Bitcoin, blockchain or DLT. As a result, the question around how those private keys are controlled is a critical one for defining the role of custody of crypto assets. This is a given.
However, differences in technology between crypto and institutional platforms, as well as the applicable and still evolving regulatory framework, requires a more holistic view of custody that goes beyond the storage of keys. Put simply, the emerging definition of what is digital custody will be more than a question of who holds the private key.