What should you look for in a digital asset custodian?

How do the risks of digital asset custody differ from the risks of traditional custody?

Digital assets are not the same as conventional financial assets, so custodians must master familiar risks in unfamiliar guises, and entirely new risks. The fact that ownership of a digital asset depends on possession of private keys is an obvious difference from registered securities or funds. The keys are routinely sharded into multiple parts which must not only be reassembled as needed but may be in jurisdictions that a traditional custodian is under a regulatory obligation to avoid. In the case of tokenised securities (and Stablecoins) stolen private keys can be used to mint large quantities of the assets. But theft of private keys is not the only risk. One risk that is poorly understood is that it is possible to steal assets by adding malicious code to a transaction that is in flight, replacing the recipient address without any need to steal the private keys. Digital wallets, where assets are held, are not like custody accounts either. They are anonymous and change and multiply rapidly all the time. Atomic settlement is also different from settlement by Payment versus Payment (PvP) or Delivery versus Payment (DvP) on trade date plus two days (T+2). It is not clear whether atomic settlement achieves legal settlement finality (legal irreversibility, even if a party goes bankrupt) because there is a risk that transactions will be unwound. Smart contracts rather than paying agents or custodians transfer value automatically but might be prompted to send tokens by defective or compromised data oracles. The issuance, dilution and buyback of digital assets is controlled not by corporate hierarchies organised under company law but by decentralised autonomous organisations (DAOs), which are often captured by a minority of large holders. Corporate actions are not just dividend payments or rights issues but “airdrops” and “forks.” Assets are lent but also “staked.” Of course, not all users of digital asset custody services experience these risks in the same form or have the same attitude towards them, but that only adds another layer of complexity for digital asset custodians. Venture capital funds, for example, prefer to assume the risk of self-custodying private keys so they can act fast when an opportunity arises. Bank-owned digital asset custodians, on the other hand, recognise the need to ensure private keys are as invulnerable as possible. This is why they rely on expert digital asset custody technology vendors rather than building infrastructure in-house and insist on extensive testing and auditing processes before going live with a service.

Is sending and retrieving fiat currency cash to and from blockchains particularly risky?

Keeping cash in custody does not create a risk greater than safekeeping any other tokenised asset. However, using cash in the form of a Stablecoin or tokenised deposit or tokenised money market fund to settle a transaction on-chain does create a risk while a payment is en route from the payer to the payee. The risk is not high if cash is moved on- and off-chain by members of a private, permissioned blockchain network, where the counterpart that is the source or destination of the cash is also expected to do due diligence on the underlying client. Moving cash on and off public blockchains is obviously riskier. One solution is to avoid using on- and off-ramps altogether. In November 2024 SWIFT, UBS Asset Management and Chainink announced that they had completed a successful pilot test in which investors subscribed and redeemed shares in tokenised mutual funds entirely off-chain by using the SWIFT payments network. GK8 also offers a service in which Application Programme Interfaces (APIs) are used to confirm a payment is in a bank account, with confirmation triggering the minting of a token to a blockchain.

Are traditional custodian banks struggling to manage digital asset custody risk?

Not yet. Nevertheless, traditional global custodian banks must avoid the temptation to attempt to do everything in-house. They must understand their own limitations and be willing to work with specialist partners in specific areas. That said, the proportion of the work completed in-house is likely to increase as internal knowledge expands. The crucial consideration, however, is not the ability of a traditional custodian bank to build a digital asset centre of excellence. It is to distribute knowledge of digital assets throughout the institution.

In safekeeping digital assets, is technical excellence more valuable than financial strength?

Two in five members of the audience ranked technical and technological excellence above a strong balance sheet as a desirable quality in a digital asset custodian (see Chart below). If custody was a purely off-balance sheet business, this would make sense, but it is not. The financial crisis of 2007-08 proved that some ostensibly off-balance sheet risks could still impact bank balance sheets. Operational risks, of the kind custodian banks incur, have long carried a capital weighting. In March 2022 the Securities and Exchange Commission (SEC), via Staff Accounting Bulletin No. 121 (SAB 121), prescribed that digital assets held in custody on behalf of customers should be shown on the balance sheet of the entities it regulates. (1) The Bank for International Settlements (BIS) has also imposed capital requirements on banks to cover their exposures to digital assets, with especially punitive capital weightings for digital assets issued on to public blockchains. Obviously, non-banks do not bear any of these balance sheet costs, which means they can focus on the technicalities and the technology, and offer cheaper, more flexible and more creative digital asset custody services. Custody clients that value technical ingenuity attach a higher value to those capabilities than financial strength. Other clients, and especially those managing third party assets as a fiduciary, will take the opposite view. 

Is technical excellence the right criterion for choosing a digital asset custody technology vendor?

No. The digital asset custody technology sector suffers from a high risk of merger or acquisition or outright failure. If financial strength and longevity are important when choosing a digital asset custodian, they are even more important when choosing a digital asset custody technology vendor. Blockchain technology that worked well in a Proof of Concept (PoC) or Pilot Test may be technically excellent but also be hard to scale. As the digital assets markets grow beyond cryptocurrencies, it will be important to choose a vendor whose technology can scale with the market. Speed of settlement is an obvious case in point. Proof-of-work blockchains have notoriously limited capacity to settle transactions quickly, so vendors must find ways to massively increase the number of transactions per second (TPS) their technology can process. As transaction volumes and trading counterpart numbers increase, digital asset custody technology vendors will also be under pressure to increase the number of digital wallet addresses their technology can support. Buyers of digital asset custody technology are also finding that working with one vendor is not enough, because different vendors cover different segments of the digital asset markets. Working with more than one vendor is also a form of risk management. If one vendor fails, the other can pick up the slack.

Is there demand for custody services that span both traditional and digital assets?

Yes. There is growing interest in a consolidated custody service from institutional clients which have exposure to more than one type of asset. An asset manager holding cryptocurrencies, native and non-native tokenised assets and traditional securities and funds does see advantage in the ability to manage all the assets as different parts of a single pool. The assets can be lent and financed and posted as collateral interchangeably as well as being bought and sold. However, it is difficult for banks to integrate such a rapidly evolving technology as blockchain into their legacy banking systems.

Are digital asset custodians struggling to optimise quality and price?

Traditional global custodians have a self-defeating tendency to customise their services to the wants and needs of institutional clients in exchange for miserly fees that are better suited to a pile-them-high-and-sell-them-cheap commoditised service. This has made it difficult to scale the global custody business as a standardised offering. The digital asset industry is not yet large enough for global custodian banks to have experienced similar dilemmas. Clients are as yet focused not on value-adding services but purely on asset protection. As a regulated institution, global custodians must also be mindful of the uncertain legal and regulatory environment, which limits the range of services they can offer for fear of inadvertent compliance breaches. It is difficult for banks to customise such a narrow range of services. The number of blockchains they can support is limited too. New services, such as staking, must be assessed not just as commercial opportunities but from a risk management and control, cybersecurity, resilience and contractual perspective as well. 

What can be done to reassure traditional custodians that staking is safe?

A dozen firms involved in the cryptocurrency industry have with the assistance of PwC developed the Node Operator Risk Standard (NORS) to certify the level of security and operational efficiency of Ethereum node operators via staking risk management standards and third-party certification. It helps holders of cryptocurrencies choose staking counterparts that are safe. The success of initiatives such as these depends on industry-wide adoption, which in turn depends on the robustness and scalability of the standard and its adaptability to changes in both the technology and the way the underlying markets work.

What is the value of insurance to a digital asset custodian?

Independent specialist digital asset custodians, including some controlled by banks, use insurance to reassure customers that they can be made whole if assets are lost. The ability to demonstrate that an insurer considers the risk insurable has sales and marketing value. However, the terms of insurance policies vary. For example, insurance cover is sometimes pooled. This means that, in the event of a catastrophic loss, multiple clients must compete for a share of a single pot of money. Cover tailored to individual clients is superior. Policies can also vary by custodial method. One digital asset custodian offers customers that use a “cold” vault cover worth eight times as much (US$1 billion) as it offers to customers that hold assets in a “warm” infrastructure (US$125 million). Interestingly, the audience attach little value to insurance (see Chart below). This is sensible. Insurance cover is less important than the technical knowledge, processes and controls, regulatory status and financial strength of a digital asset custodian. The ability of any insurance policy to protect the policyholder client against loss is subject to underwriting caps, capacity limits and contractual terms and conditions that may not be fulfilled in every case. Limits vary according to the impregnability of the method by which the digital asset is safekept. Large custodial clients find that there is insufficient capacity in the market to cover the whole of their risk, so they must spread their business across several custodians. Likewise, insurers must share the burden of a large underwriting risk with other insurers. Although the digital asset custody insurance market is maturing and becoming more sophisticated, as both the underwriters and the custodians learn from each other about risk and risk management, the market still lacks capacity. All digital asset custodians are currently safekeeping assets whose value is greater than the value of their insurance cover.

Do jurisdictional differences and legal and regulatory uncertainty increase the cost of insurance?

The novelty of the digital assets industry means there is not a long claims history on which insurers can base their policies. Insurance underwriters see legal and regulatory uncertainty in a jurisdiction as making it harder to get an enforcement action if assets are missing. They also prefer digital asset custodians to be licensed or regulated. But the risk of an organisation getting sued successfully is the major deterrent to the provision of insurance. 

How much weight do audited accreditations carry with insurance underwriters?

Both specialist, non-bank digital asset custodians and digital asset custody technology vendors have accumulated audited accreditations such as ISO 27001 (an international standard of information security), System and Organisation Control (SOC) I and II certificates (financial and information controls assurance) and International Standard on Assurance Engagements (ISAE) 3000 and 3402 certificates (which certify that controls are in place). They are evidence of institutional-grade internal controls, which can be reassuring for potential buyers when the company is selling an innovative product, especially if the auditor that issued the certificate is a Big Four brand. Insurers are interested in which firms audit a potential risk, and a brand name auditor improves the profile of a risk in much the same way that it improves sales prospects, even if a Web 3.0-savvy start-up firm specialising in digital assets would be better qualified to judge the capabilities of the  business. In effect, and perhaps contrary to the audience conviction that technical knowledge is the most important factor in choosing a digital asset custodian (see the Chart below), buyers are purchasing Brand as much as Knowledge. That said, possessing certifications prepared by a Big Four firm is not a sine qua non of obtaining insurance. It helps mainly in reducing the number of questions a digital asset custodian must answer because underwriters do ask potential clients directly why they do not have certain accreditations. Insurers are interested mainly in identifying potential points of failure, and especially whether losses are more likely to be occasioned by the behaviour of the custodian than the customer. Experience shows that losses tend to be caused by customer misuse of technology and processes rather than by weaknesses in the technologies or processes themselves.

Do insurers rely on standardised questionnaires when assessing digital asset custodians?

No. There are many variants. Insurers tend to rely on detailed statements of facts rather than questionnaires. These are highly prescriptive and sometimes so detailed that they must be completed by multiple individuals at a digital asset custodian because certain information cannot be shared between colleagues. There are dedicated questionnaires for other lines of coverage, such as financial crime, cybersecurity and blockchain technology but, in these cases, insurers decide what they care most about. They often accept information generated by the activities of their peers.

Are there standard Request for Proposals (RFPs) questionnaires for digital asset custodians and digital asset custody technology vendors?

No. The standardised questionnaires prepared by trade associations such as the Association for Financial Markets in Europe (AFME) and the industry consultants that intermediate RFP processes for end-investors and asset managers in the traditional custody industry are not yet evident in digital asset custody. On the technology side, banks ask vendors different questions, partly because they must respond to regulatory demands, and these vary between jurisdictions. The questions they do not ask are often more important than the ones they do. It is an area in which the buyers are learning by doing.

(1) On 23 January 2025, subsequent to the Future of Finance event, the SEC confirmed in Staff Accounting Bulletin 122 (SAB 122) that it was rescinding the guidance in SAB 121.”