Site Search

Menu

Capabilities

Menu

Artificial Intelligence (AI)

Menu

Cybersecurity, Risk and Regulatory

Loading Results

Why is crypto custody important for financial institutions?

Example pattern for mobile
Example pattern for desktop

Summary

  • Custody is the foundation of any digital assets business. It is the first thing to get right before anything else.
  • Creating a crypto custody plan starts with addressing its three main challenges: reconciling crypto activity, enforcing security around crypto assets, complying with the rules, both old and new.
  • Based on how large of an element digital assets will be in your overall business plan, you have a few options to establish crypto custody as part of your plan.

If you provide or plan to provide digital asset products and services, one element of the digital assets business is the foundation for the rest: custody. Crypto custody is already its own, fast growing line of business. Without it, other crypto-based services — trading, staking, yield generation, asset management, borrowing and lending, derivatives, market making, issuance and insurance — couldn’t exist. Clients will likely turn to you for these services if you can protect their assets. If recent market events have highlighted anything, it’s that knowing how you handle custody is paramount.  

Crypto custody is far from easy. Digital assets exist only as code on a blockchain. There are no traditional clearinghouses and gatekeepers, transactions are irreversible and you’re responsible for following your transactions. In this new world, you’re subject to risks and nuances that your traditional custody tools, processes, vendors and controls probably aren’t prepared to handle.

We recommend balancing innovation with trust by developing a strategy that addresses the three critical challenges of crypto custody — reconciliation, security and compliance.

Building out a reconciliation of your crypto activity

Blockchain can make many things easier, but reconciliation isn’t one of them. To accomplish a reconciliation of your and your clients activity, you may need to gather huge volumes of data for each blockchain you operate on. You may also find (if you’re prepared) highly detailed data, such as the source and purpose of many transactions on the blockchain and the history of many assets involved. 

The right software can help address many of these challenges. A custom indexer, for example, can be configured to monitor the blockchain for relevant data and put it in a form you can use. But software can’t automate everything. You may, for example, need to hire or upskill personnel to execute three-way reconciliations, which matches blockchain data against internal systems and has strict rules on when a transaction is clean and should be accepted.

Enforcing security in a world where a loss is irretrievable

In the digital asset space, if it’s gone, it’s probably gone for good. Blockchain transactions are irreversible, so if a digital asset is misplaced or stolen, there’s likely no recourse. That makes security more important than ever. Besides up-to-date cyber defense, it’s also critical to secure private keys, the strings of numbers and letters (like a password) that enable clients to access their digital assets. If a malicious actor gets hold of that key, those assets can be lost.  

To address this new threat, consider a holistic operations risk management framework centered on security measures and controls such as:

  • Non-text (SMS) based multi-factor authentication (MFA), such as external keyfobs
  • Segregation of duties
  • Limits on the number accounts that each key can access
  • Maker/checker processes inside your institution
  • Maker/checker processes when clients request transactions
  • Asset segregation
  • Identity and intent verification 
  • Strict transaction processing rules 

Keep in mind that these are just some of the measures required, and both the technology and the related threats are evolving quickly. You’ll need to stay up to date on the latest in digital asset security. 

Following both new and old rules through a modern compliance strategy

Digital assets are subject to both existing and evolving regulations. You’ll need to comply with Bank Secrecy Act and Anti-Money Laundering (BSA/AML) measures, for one, as well as transaction monitoring and operational controls, complaint and fraud processes and capital adequacy, among others. And new rules are being proposed all the time.  

Your traditional controls and software probably aren’t able to monitor blockchain activity for illicit behavior, so you’ll likely need new, specialized on-chain analytics software. The right software can provide automated, configurable thresholds and alerts, establish transaction provenance and perform forensics analysis. It can also help you meet the BSA’s travel rule mandate — which obliges custodians to obtain, hold and transmit information on participants in certain transactions involving large transfers. Some capital requirements are new for digital assets. For example, many regulators demand more reserves for assets held in hot wallets (which are online and largely automated) than in cold wallets (offline and dependent on human approval). 

Regulators also want to see you protect consumers from insider trading and market manipulation. Leading practices here include consumer education (to help reduce the risk of criminals manipulating consumers into revealing their private keys), processes to investigate suspected fraud, role-based access to sensitive information and a framework to help confirm that consumer complaints will be heard, tracked and acted upon. 

Proceed by either building, partnering or joining a consortium

Many firms will need to stand up new operations specifically designed for digital asset custody. Here are three options for entering the digital asset custody market.

 

Build it

If you build a digital asset custody service from the ground up, you’ll potentially have some big advantages. Proprietary software can help you offer differentiated services and provides control over compliance and consumer protection. That could both improve your long-term profits and help strengthen your brand for crypto services. But standing up digital custody from scratch is costly and time consuming. And it puts you on the hook for any developmental or operational slips. 

Pros Cons
  • Proprietary software and infrastructure
  • Increase internal offerings
  • High reward - total profit
  • Large investment required
  • Difficult to raise capital
  • High risk

Find a business partner

Working with an existing digital asset custodian can dramatically cut your costs and time to market. Depending on your contract, your partner can also assume some budgetary and operational risks. But you’ll be dependent on them for operations, you’ll have to split profits and it may be harder to set yourself apart in the market. You’ll also still have to execute on compliance, both because regulators demand it and because if there is a slip, it’s your brand that may take the hit. 

Pros Cons
  • Shared risk
  • Access to additional resources and knowledge
  • Less financial burden
  • Can't make own decisions
  • Reliance on others during production
  • Split profit

Join a consortium

By joining a group of peers to pool resources, you can jointly build a solution or possibly contract with a business partner. That can potentially reduce costs and facilitate market access. The downside: Your ownership rights may be limited and you’ll be dependent on the other consortium members executing as agreed. But the advantages in cost and speed to market could make this an attractive solution, especially for smaller institutions.

Pros Cons
  • Gives small financial institutions access to a large market
  • Large, shared resource pool
  • Low cost; low risk
  • No total ownership over assets
  • Potential contract issues
  • Increased liability - reliance on other members

It’s not easy, but it is urgent

None of the options for entering digital asset custody are easy. The reconciliation, security and compliance challenges are real, and experience with traditional custody isn’t enough. But digital assets are here to stay and crypto-based products and services that require custody are growing quickly. If you act now, establishing a trusted brand for digital asset custody could help make you a leader in the financial services at the center of the metaverse, web3 and more. If you wait, you may find this market consolidated around a few leaders, making it very hard to break in.

Digital assets are changing the game. Let’s plan your next move.

Take your digital assets vision from plan to reality.

Learn more

 

The rules for financial services have changed

Bringing financial services companies fresh perspectives, proven approach and dynamic experiences.

Learn more

 

Vikram Panjwani

Digital Assurance and Transparency Partner, PwC United States

Email

Alberto Corvo

Financial services transformation Principal, PwC United States

Email

Deb Seidner

Financial services transformation Director, PwC United States

Email

Next and previous component will go here

Follow us
Audit and assurance services Consulting Tax services Newsroom Alumni US offices Contact us

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.