DFSA Whitepaper on Digital Assets Custody
Introduction
On 14 June 2020, the Dubai Financial Services Authority (DFSA) in collaboration with Deloitte Middle East published a whitepaper on digital asset custodian[1] highlighting their role and importance in the digital asset market eco-system coupled with challenges and uncertainties currently faced by the industry.
For the purposes of this paper, digital assets are characterized into five categories which includes:
-
- security tokens
- cryptocurrencies
- stablecoins
- utility tokens
- e-money tokens
The digital assets market, although being at the nascent stage, is growing at a steadfast pace having an industry’s estimated valuation of USD 239bn measured by market capitalization of digital assets.
This article provides a summary of the whitepaper and our thoughts on the regulatory framework that may apply to such custodians.
What is the critical function of a Custodian?
The digital asset custodians’ primary role is to safe keep customers’ digital assets by safekeeping private key on behalf of the asset holder.
-
- The private key is like a password which is required to confirm the transaction by the owner of the asset holder.
- Safekeeping and governance of private key is of significant importance given that most transactions signed using the private key is irreversible.
- If the lost or stolen private key is irrecoverable, it may amount to losing the digital assets except in the case of the security token.
What are the options for digital assets custody?
The increasing use of digital assets has resulted in the growth and evolution of custody options.
Following options are available for individuals and institutions to custodies digital assets:
Whereas these are vanilla custody options (as covered in the whitepaper), a combination of custody options could be used:
-
- A user/investor in digital assets (irrespective of individual or institutional) could use self-custody or Third-Party Custodian as an option for safeguarding the majority of its digital assets and use Exchange for the remaining portion (limited to the portion it wants to liquidate/trade/invest). Whereas these are vanilla custody options (as covered in the whitepaper), a combination of custody options could be used:
- Exchange, in turn, could use a Third-Party Custodian or a custodian arm of the Exchange for holding the majority of the assets outside its network.
In turn, custodians use different storage methods to offer custody solutions and includes:
-
- hot wallet (online)
- cold wallet (offline)
- multi-signature wallet
- smart-contract wallet
Using a custodian for custody of digital assets is becoming increasingly important owing to ease of use, increased security with an overall reduction of risk and resources in place to mitigate risks, recourse for investors in the event of custodian’s failure (including access to trusted insurers), safer than exchanges and operational efficiency.
What are the challenges for a custodian?
- Striking a balance between usability and safety
Digital asset transactions involve multi-stage processes and thereby requires efficiency, whilst ensuring safety and no loss or theft of assets. Therefore, it is essential for custodians in determining whether to offer cold storage or hot storage solutions to investors:
- Regulatory regime
A definite global regulatory regime for digital assets is still evolving. This leaves many of the existing custodians under the unregulated perimeter.
- Mitigation Factors
Developing robust risk and technology governance controls and using insurance options are important avenues to mitigate the challenges faced and demonstrate safety, stability and certainty.
What’s Next?
The Regulators require thought leadership and global co-ordination to provide for a unified regulatory landscape for digital asset custodians. Regulatory must embed ethical principles, which includes applying high standards of service to clients, comply with known legal and regulatory obligations, having appropriate governance and risk principles and seek to protect investor’s interests at all times.
The custodians must ensure that they are able to address customers’ needs which includes:
-
- Safeguard assets and ensure internal operating procedures in place
- Resources (including hardware, software and people) are designed to protect any asset under custody
- Stay up to date with market developments, engagements with regulators
- Set market standard practice by adopting self-monitoring mechanisms
Lastly, the investor themselves must take responsibility to protect their assets and should consider the following aspects prior to finalizing the custodian:
-
- Security provisions used by the custodian
- Processes in place for key generation, storage and access
- Authentication and transaction safeguards employed by the custodian
- Recourse against the custodian in the event of a cyber incident resulting in loss/theft of assets
Conclusion
The digital assets industry is spread across globally with custodian industry comprising broad service offered by exchanges and wallet providers. The concerns regarding safekeeping, security and the regulatory compliance of digital custodians are likely to evolve further in the coming years. Hence it remains important for regulators to work with the custodians and investors to deal with concerns and innovate the digital asset market to greater heights.
How Can We Help?
We are a team of highly skilled and qualified professionals, specialized expertise as a certified anti-money laundering specialist including a FATF trained legal expert examiner, experience across financial services industry and multiple related fields from reputable jurisdictions.
Our Credentials:
- Completed – We have successfully assisted two (2) virtual asset applicants in obtaining in-principle approval and one (1) virtual asset applicant in obtaining FSP from FSRA (ADGM).
- Ongoing – We are currently assisting one (1) virtual asset applicant in obtaining FSP from FSRA (ADGM).
- Ongoing – We are currently working on one (1) virtual asset application in project management to seek FSP from FSRA (ADGM).
Authorization Support:
Our approach places significant importance on ensuring that our clients fully understand their options and we work closely with applicant firms to ensure their business control environment is clearly explained throughout the application.
We provide the following services in relation to the authorization of a regulated entity:
-
- Project management including various meetings with client, regulators and stakeholders
- Analysis of the business model and providing compliance advice on the applicable regulatory framework and application process
- Assist in preparing an application for authorization, Regulatory Business Plan, process flow charts, and financial projections
- Assist in drafting policies and procedures aligned with the relevant regulatory obligations and the business operations
- Liaise with appointed counsel and technical service providers in finalizing legal documentation and standard operating procedures
- Assist in preparation for the demo and walkthroughs on various elements of the website/application
Value-Added Services:
- Standalone project management services until operational launch
- Compliance, AML and finance advisory throughout the application process and after licensing
- Nominee for Non-Executive Board members or Board Committee members assisting in strengthening corporate governance and oversight
Authors
Gail Goring
Partner & Head – Regulatory & Compliance Services
Nisha Shah
Senior Manager – Regulatory & Compliance Services
[1] A Market Overview of Custody for Digital Assets – Digital Custodian Whitepaper May 2020