We describe the origins of the omnibus custody model in traditional finance and explore how and why digital asset custodians apply the omnibus model to securing customer assets.
By Ria Bhutoria, Director of Research
The key management process is an important component of digital asset custody that clients should evaluate when choosing a custodian. Key management determines how digital assets like bitcoin are held and secured. The two most prominent models are omnibus¹ and segregated. We interpret a truly segregated model as one that separates and accounts for client assets at all levels, including within separate private and public key pair groups on chain.
The omnibus model is an alternative way to record and maintain client holdings in the custody business. A custodian that uses the omnibus model combines clients’ assets and spreads the assets across multiple digital asset private and public key pair groups. The custodian establishes client by client segregation at the books and records level. In this piece, we describe the origins of the omnibus custody model in traditional finance and explore how and why digital asset custodians apply the omnibus model to securing customer assets.
Origins of the Omnibus Custody Model
The omnibus model for custody is standard in the traditional financial markets, such as equities and derivatives markets. The omnibus account model was popularized with the rise of central securities depositories (CSDs) like the Depository Trust Company (DTC), the world’s largest securities depository.
Before the DTC was established, stock trading was a manual and paper-intensive process. Every time a trade was executed, a courier had to transfer the corresponding physical certificate from the seller’s broker to the buyer’s broker. Trading volume expanded in the 1960s with the number of shares traded daily rising from three million in 1960² to as high as twenty million in the next few years due to increasing participation from large financial intermediaries and institutions³ and the 1962–1968 bull market.⁴ This eventually led to the “Paperwork Crisis” of the 1960s. In 1969, one firm employed 600 people to simply manage these paper certificates. The NYSE and other exchanges also had to shorten the trading day and close operations on Wednesdays to provide back offices the ability to address paper build-up. Despite the resources devoted to manual trading and time allocated to paper-based clearing and settlement, there was still a substantial amount of missed trades, theft, and exchange closures. The industry reported $400 million in lost or stolen securities between 1967 to 1970.⁵ The DTC was formed in 1973 in response to these challenges and new standards set by the SEC regarding record-keeping, custody and capital requirements.⁶
A key component of the DTC’s system is its omnibus model for storing participant assets. DTC participants include custodians, broker-dealers and banks that hold assets on behalf of end clients, or beneficiaries.⁷ Certificates that represent the same class of shares of a given issuer are considered fungible.⁸ This has led to significant dematerialization and immobilization of securities held at the DTC, or the replacement of physical settlement with book-entry settlement. Ownership is maintained at the books and records level by the DTC and its participants in the following way:⁹
- The assets deposited by DTC participants are held in the name of the DTC nominee, Cede & Co., in the records of the security issuer. Therefore, Cede & Co. essentially owns all publicly listed stock in the U.S. while investors hold contractual rights as part of a chain of contractual rights involving Cede.
- DTC has a list of participants that own a pro-rata share of the securities held under Cede & Co.
- The participants have lists of owners (individuals and funds) that hold a pro-rata share of the securities the participants store at the DTC.
The omnibus model and automated electronic bookkeeping resulted in substantial efficiency gains and reduced the unnecessary risks and cost of errors, loss and theft in paper-based securities trading and investing. In addition, the majority dematerialization and immobilization of securities also allowed for faster transaction processing and settlement (to T+5 then T+3 and eventually T+2 in 2017).¹⁰
These changes also laid the foundation for significantly higher trading volume. Peak daily shares traded at the end of the 1960s were a mere 1% of volume in the 2000s.¹¹ As of July 2017, the DTC held securities valued at $54 trillion.¹²
Today, DTC provides depository services and settles transactions related to equities, corporate and municipal debt, money market instrument, American Depositary Receipt (ADRs), and exchange-traded fund (ETFs).
The omnibus model for holding customer assets is also prevalent in derivatives markets such as U.S. cleared swaps (regulated by the Commodity Futures Trading Commission (CFTC). Cleared swaps are contracts that are mostly traded via swap execution facilities (SEFs) and cleared through a central clearinghouse. Futures commission merchants (FCMs) are an important stakeholder involved in cleared swaps products. FCMs interface with the central clearing organization on behalf of end customers engaging in the products. A key responsibility of FCMs is to administer margin related tasks, such as collateral management. Under the cleared swaps customer protection model (dubbed legal segregation with operational commingling, or LSOC)¹³, FCMs must hold customer collateral separate from the firm’s funds. However, individual client assets are pooled together within an omnibus bank or custody account as it lends greater operational efficiency and lowers servicing costs.¹⁴ While the customer funds are stored in an omnibus account, an FCM cannot use the collateral of one customer to fulfill the FCM’s or a different customer’s obligations. Rather, the FCM must use its own funds to cover a defaulting customer’s obligations to the clearinghouse.¹⁵ This requirement addresses “fellow customer risk”, or the risk that a non-defaulting customer’s margin is used towards the margin call of another customer.¹⁶
Extending Omnibus to Digital Assets
In the digital asset industry, the function of custodian and depository is synonymous. Custodians store digital assets such as bitcoin in proprietary online (hot) and offline (cold) storage solutions rather than outsourcing the function to a depository. The onus on digital asset custodians to implement robust storage processes is heightened as digital assets are bearer instruments (like hard cash) — they cannot be recovered if lost or stolen.
Custodians employing the omnibus model may use the hierarchical deterministic (HD) protocol to generate key pairs¹⁷ and addresses that are maintained by the custodian in its name. The HD protocol was introduced in BIP32¹⁸ to simplify the process of generating, backing up and organizing private and public key pairs in a tree-like structure.¹⁹ Under the HD structure, master private keys and master public keys are used to generate a near infinite number of child keys that can generate their own child keys (see Figure 1). A master private key can generate child private and public keys. A master public key can only generate child public keys (and corresponding addresses).
Figure 1: HD Tree Structure
Note: Unlike CSDs, digital asset custodians may distribute assets across multiple key pairs, sub-accounts (child keys) and addresses to manage risk. Omnibus in the context of digital asset custody does not necessarily mean that all assets are held within a single key pair.
In order to generate a new master key pair, custodians likely conduct a key ceremony. Key ceremonies are highly orchestrated processes that involve multiple stakeholders. Key ceremony preparations could begin months in advance. Internal and independent external auditors may serve as witnesses during the ceremony to ensure a custodian follows a secure, tamper-proof, rules-based process for generating master key pairs that will be used to store client funds.
Once a client is onboarded and transfers assets to the custodian, the custodian is at liberty to move the assets around within and between key pairs and across storage environments to maintain their ratio of total assets in online (hot) and offline (cold) storage²⁰ or to limit the portion of funds within a key pair and/or address.
The custodian establishes segregation at the books and records level on its systems to track assets held by each client, just as DTC participants account for individuals and funds who hold securities at the depository in the participant’s name. Traditional financial services providers have robust bookkeeping processes for maintaining segregation at the books and records level for traditional assets that can be extended to digital assets custody. Externally audited financial control environments and client statements provide additional assurance that funds are secure and data accurate.
Omnibus Model Rationale
The omnibus model offers distinct operational, risk management and security benefits around key generation and management, liquidity, transaction fees and privacy that make for an efficient, scalable and secure digital asset storage solution.
Key generation and management. The omnibus model may correspond to increased control of risk management by providing custodians the flexibility to manage key generation and replacement and distribution of assets across different storage methods. By using an omnibus structure, custodians can control the number of key pairings they manage. The custodian can also establish a threshold of funds stored within each pairing. Custodians would have less control over the number of key pairs they manage and the way funds are distributed across key pairs if they offered clients absolute segregation, which we interpret as separate groups of master key pairs (online and offline) for each client.
A common misconception is that the omnibus model results in a “honeypot” of assets because omnibus custodians store assets under a single master key pair. In practice, omnibus custodians may have more groups of master key pairs than clients on platform, where a group constitutes key pairs from the different storage environments (online to completely offline). For example, for simplicity’s sake, consider an omnibus custodian that has a single client with $2 billion in assets. The custodian may choose to distribute the assets in $100 million chunks over twenty key pair groups (and divide each $100 million chunk further across the separate storage environments). Because omnibus custodians do not need to tie key pairs to clients, they can more effectively manage risk by using their discretion to decide how many key pair groups to generate and how to distribute assets across them. Under a segregated model, the custodian has less control over the process and risk parameters.
Liquidity. With an omnibus structure, custodians can minimize online (hot) storage exposure and simultaneously maintain a liquid position to meet trading or withdrawal needs in a timely manner. Additionally, when multiple clients request withdrawals, the custodian can minimize the number of transactions and visits required to move funds out of offline cold storage.
Consider a simplified scenario where a custodian with segregated key pairs has twenty clients with $50,000 in assets each. Each client has a segregated key pair group with 2% ($1,000) in online storage and 98% ($49,000) in offline storage. Three clients instruct the custodian to withdraw $5,000 in assets. Given the segregated structure, the custodian would have to execute three separate movements of funds ($3,000 per client) from offline to online storage — a more involved process that requires significant coordination of people and processes across geographies to constitute a key pair and extract the funds from an offline storage environment.
Now consider a hypothetical custodian with an omnibus model and the same risk parameters (2% of assets in online storage and 98% in offline storage) receives the same instructions from three clients to withdraw $5,000 in assets each. The custodian would have $20,000 in online storage and $980,000 in offline storage.
The custodian would be able to meet each client’s withdrawal demands without touching funds in offline storage at the time of withdrawal given it has more than the total withdrawal sum ($15,000) in omnibus online storage. After processing the client’s request, the custodian could rebalance funds across the storage environments from assets of all clients per risk parameters.
Note: As we mentioned above, under the omnibus model the $20,000 may be distributed across multiple online storage key pairings so as not to create a single point of vulnerability — e.g. $5,000 across four key pairs. The difference is that the custodian that uses an omnibus model can access each of these four key pairings to meet liquidity needs.
Transaction fees. Custodians execute on-chain transactions as a part of their key management process (e.g. to move funds between different storage environments). Using the omnibus model gives custodians more flexibility in managing fees using tools such as aggregation and batching. Also, under the omnibus model, custodians determine the movement of funds between different storage environments, so they cover the transaction fees associated with executing on-chain transactions.
Privacy. Omnibus models also provide clients with enhanced privacy. Addresses cannot be linked to individual clients and address balances do not correspond to the exact value of individual client deposits.
Proof of solvency, or a cryptographic audit, has been discussed as a way to build trust and hold third-party service providers that manage customer funds accountable. A proof of solvency consists of comparing a proof of reserve (funds controlled by a third party) to a proof of liability (funds owed by a third party). Such a process would allow auditors and customers to verify reserves and capital ratios on an ongoing basis using cryptographic proofs.
Greg Maxwell proposed the first approach to proof of solvency, the Merkle approach. Maxwell is an early and prominent Bitcoin core developer who co-founded and served as CTO of Blockstream, a company known for building financial infrastructure on Bitcoin. A Merkle tree is a data structure employed within bitcoin to efficiently store transaction data. A tree is created by hashing individual transactions to create leaf nodes and hashing these nodes together to arrive at a root node hash that collectively stores all transaction data. Maxwell proposed a modified version of this approach to create a Merkle tree of account balances that represents an exchange or custodian’s proof of liability. To prove reserves, custodians and exchanges could execute an on-chain transaction sending total funds in addresses they control to another address they control and comparing that amount to the amount represented by the Merkle tree root hash.
A notable challenge with this approach is that it can leak confidential information such as the exchange’s total balances and the number and size of customer accounts.²¹ New trustless and privacy preserving proof of solvency protocols have been developed in response to these challenges, such as MIT Media Lab’s zkLedger system and the Provisions system, which allows a custodial platform to prove that reserves match or exceed liabilities without revealing the exact amount of reserves or liabilities. However, these have not yet been deployed at scale on an ongoing basis.
Kraken, a popular digital asset exchange, conducted a one-time proof of solvency audit in 2014. It leveraged a third-party auditor to attest that the bitcoin value held by the exchange in addresses on-chain (proof of reserve) exceeded total assets in user accounts at the exchange (proof of liability). Kraken leveraged a third-party auditor to avoid revealing commercially sensitive information to the public and also provided customers with instructions to verify whether their account and balance was included in the proof of liability.²² Coinfloor, an exchange based in the United Kingdom, has been using a process similar to Maxwell’s approach to publish consistent proof of solvency reports since April 2014. It published the 69th such report in December 2019.
While there are loopholes (e.g. borrowing funds before a scheduled audit to feign appearance of full reserves),²³ proof of solvency could provide relatively stronger assurances. Until (and if) proof of solvency becomes industry standard, clients can get relatively more comfortable storing their digital assets with a custody provider that has periodic, independently audited financial controls and an established track record.
A robust omnibus model can simultaneously bring considerable efficiency to digital asset custodians and enhanced risk management and security assurances to their clients. A custodian using an omnibus model can distribute funds across multiple key pair groups and addresses to avoid creating the proverbial “honeypot”. However, not all omnibus and segregated models are created equal. Clients evaluating digital asset custodians should investigate the extent to which a custody solution is “omnibus” or “segregated” to get an accurate idea of the advantages and shortcomings of the respective structures.
¹ The “omni” in omnibus means many and “bus” refers to businesses — many businesses.
² Larry E. Bergmann. “The U.S. view of the role of regulation in market efficiency.” February 2004 https://www.sec.gov/news/speech/spch021004leb.htm
³ William F. Jaenike. “The Paperwork Crisis.” Q3 2008 https://optimizeronline.com/the-paperwork-crisis/
⁴ Ben Carlson. “The End of the Go-Go Years.” September 2017 https://awealthofcommonsense.com/2017/09/the-end-of-the-go-go-years/
⁵ Tim Ferholz. “The solution to Wall Street’s 1960s paperwork crisis could also save bitcoin.” March 2015 https://qz.com/370553/what-the-cigar-chomping-schleppers-of-1960s-wall-street-mean-for-bitcoins-future/
⁶ The DTC was combined with other clearing and settlement companies in 1999 and became a subsidiary of the Depository Trust & Clearing Company (DTCC). Today, deposits at the DTC consist of securities such as equities, debt, and government and municipal securities.
⁷ Will Kenton. “Depository Trust Company (DTC).” November 2019 https://www.investopedia.com/terms/d/dtc.asp
⁸ Wikipedia. “Depository Trust Clearing Corporation.” https://en.wikipedia.org/wiki/Depository_Trust_%26_Clearing_Corporation
⁹ Matt Levine. “Dole Food Had Too Many Shares.” February 2017 https://www.bloomberg.com/opinion/articles/2017-02-17/dole-food-had-too-many-shares
¹⁰ Wikipedia. “T+2.” https://en.wikipedia.org/wiki/T%2B2
¹¹ William F. Jaenike. “The Paperwork Crisis.” Q3 2008 https://optimizeronline.com/the-paperwork-crisis/
¹² Will Kenton. “Depository Trust Company (DTC).” November 2019 https://www.investopedia.com/terms/d/dtc.asp
¹³ Marc A. Horowitz. “CFTC final rule adopts LSOC model for cleared swaps collateral.” February 2012 https://www.dlapiper.com/en/us/insights/publications/2012/02/cftc-final-rule-adopts-lsoc-model-for-cleared-sw__/#_ftn1
¹⁴ Marc A. Horowitz. “CFTC final rule adopts LSOC model for cleared swaps collateral.” February 2012 https://www.dlapiper.com/en/us/insights/publications/2012/02/cftc-final-rule-adopts-lsoc-model-for-cleared-sw__/#_ftn1
¹⁵ Futures Industry Association. “Protection of Customer Funds Frequently Asked Questions.” June 2012 https://secure.fia.org/downloads/PCF-FAQs.pdf
¹⁶ Joanne Morrison. “An LSOC Tutorial: A New Customer Protection Model for Cleared Swaps Begins.” https://secure.fia.org/files/css/magazineArticles/article-1528.pdf
¹⁷ A key pair refers to a private key and corresponding public key. The private key is used to spend funds (by creating a unique digital signature to sign each transaction) and the public key is used to receive funds. The private key must be kept secret to prevent funds from being compromised. The public key is used to generate public addresses that are shared to receive funds. A private key is often compared to a bank account pin that must be protected and a public key is referred to as a bank account number.
¹⁸ BIP stands for Bitcoin Improvement Proposal. It is a standard for proposing changes to Bitcoin or the BIP process. For a deeper overview of the BIP process, we suggest this piece by Bitcoin Magazine: What is a Bitcoin Improvement Proposal (BIP)?
¹⁹ Users can restore subsequent child public and private keys and corresponding addresses with a backup of the master private key.
²⁰ Online storage is often referred to as “hot” storage and offline storage is referred to as “cold” storage.
²¹ Gaby G. Dagher, Benedikt Bunz, Joseph Bonneau, Jeremy Clark, Dan Boneh. “Provisions: Privacy-preserving proofs of solvency for Bitcoin exchanges.” October 2015 http://www.jbonneau.com/doc/DBBCB15-CCS-provisions.pdf
²² Kraken. “Proof of Reserves Audit Process.” https://www.kraken.com/en-us/proof-of-reserves-audit
²³ Kraken. “Proof of Reserves Audit Process.” https://www.kraken.com/en-us/proof-of-reserves-audit
This content was created by Fidelity Digital Asset Services, LLC, a New York State-chartered, limited liability trust company (NMLS ID 1773897). All rights reserved.
Fidelity Digital Asset Services, LLC does not provide tax, legal, investment, or accounting advice. This material is not intended to provide, and should not be relied on for, tax, legal, investment or accounting advice. Tax laws and regulations are complex and subject to change. You should consult your own tax, legal, investment and accounting advisors before engaging in any transaction. Digital assets are speculative and highly volatile, can become illiquid at any time, and are for investors with a high risk tolerance. Investors in digital assets could lose the entire value of their investment.
© 2020 FMR LLC. All rights reserved. Fidelity Digital Assets and the Fidelity Digital Assets logo are service marks of FMR LLC.