Off Exchange Settlement
Crypto Exchanges: Why are we here again?
Following the recent fraud and bankruptcy of FTX, one of the largest crypto exchanges around until their demise, as an industry we must seriously ask ourselves: why are we here again? Is it necessary for traders to take the counterparty risk of an exchange to trade digital assets? While few expected FTX to be the house of cards that it turned out to be, we have seen this over and over again. Can we stop this from happening?
In the early days of crypto, we met with many of the largest, regulated exchanges who despised the fact they had to custody assets for their clients. It created regulatory and legal overheads, eye-watering security and IT budgets (as inevitably they were the largest honeypots for thieves) and, more often than not, regular security incidents and resulting losses (sometimes for the customers, usually for the stakeholders in the exchanges). They needed to do it in order to be able to risk-manage the thousands of retail clients amongst the volatile, nascent crypto markets. They could do it, as the blockchain technology allowed their clients to send and withdraw assets from the exchanges at will and with minimal costs. The occasional losses were a cost of doing business, as no sensible infrastructure existed to take this burden off their hands.
Over time, various exchanges worked out how to turn the cost-centre of “client asset custody” into a novel business line, often more profitable than running the whole exchange itself: rehypothecating customer’s assets. You could do this in many ways of course, to name a few, from less risky to more risky:
1. If you are a regulated exchange, have good banking relationships and if nominal interest rates are positive, sell all the stables your clients have deposited, buy short term government debt and keep the interest earned.
2. Build lending/borrowing markets for customers to lend/borrow their assets to each other; provide a matching algorithm, margining and risk systems; charge a trading fee. Not far removed from what an exchange should be doing!
3. Offer yield on assets held at the exchange to customers, while also offering a borrowing function to margin traders; provide margining and risk systems; charge a profit-maximising spread between the two. Similar to 2, but with less ‘market’ involved, fewer arbitrageurs, more optimal spreads — not quite an ‘exchange’ anymore, more of an ‘internal’ lending desk, as you can ensure that all assets remain on the platform.
4. Offer higher yield on assets held at the exchange and use those assets to make market-neutral investments outside of the exchange’s ecosystem. This is clearly outside of the exchange-business mandate — as customers basically lend money, at fixed interest, to a market-neutral trading firm pretending to be an exchange.
5. Offer higher yield (perhaps not unreasonably high though, so nobody really thinks you are doing this), and use those assets to make highly speculative directional investments. Just like 4, but much, much riskier for the depositors.
There is a lot to be said about which of the above is legal — a lot of it depends on the Terms of Service you present to your customers; a lot of it depends on the legal framework and jurisdiction you operate in (and the way you market your services to your clients). A lot of it is grey, but the golden rule of acting appropriately has always been: would you be worried about explaining this to your clients? If not, it’s likely you are not acting appropriately — and we are yet to see an exchange openly talk about 4 or 5 outside of the bankruptcy proceedings and courtrooms anyway.
Crypto Exchanges: Regulatory arbitrage
Founding and running a crypto-exchange can be a very profitable thing to do. Before you do any building though, you have to answer one key question: what kind of an exchange would you like to run? You have two options:
- a heavily-regulated exchange in a top jurisdiction (US, EU, UK)
- a lightly-regulated exchange in another sunny jurisdiction (Bahamas anyone?)
There are many ‘non-business’ reasons why you would choose one or the other, mostly to do with the location of the business (healthcare, schools, snorkelling vs. skiing preferences) — but from the business perspective, the decision should be a simple one:
- Running a heavily-regulated exchange is great, because you have significantly better access to institutional investors (so did FTX, we know — an exception to the rule), but getting regulated is hard, especially in crypto where regulations are often lacking or unclear, and you will be strictly limited to the activities you have been approved to do. This, so far in crypto, basically means trading spot only.
- Running a lightly-regulated exchange is also great, just different: your regulator will be light-touch and you can innovate with products much faster — especially when it comes to derivatives. If the laws catch-up with crypto at some point, you can always try to get regulated later to build a presence in those jurisdictions.
Many crypto-natives at heart quite like the latter idea — they argue crypto is a global project, a shared effort, and if there are good products to be built, founders should look for regulatory frameworks where they are legal. In its extreme, this is also often used as an argument behind decentralised exchanges, where all the trading activity takes places on-chain, outside of the centralised venues; the exchange is managed by a DAO and the jurisdiction under which it falls is, at minimum, unclear.
Unfortunately, the business decision is a little less innocent than this: regulatory regimes allowing the exchange to innovate are often also the ones that will, for example, struggle to regulate and proactively enforce proper segregation of client assets. So a lightly-regulated exchange does not only allow the founders to iterate through product faster, it also makes it tempting to misuse client assets to make bets or, indeed, ‘invest’ in the business in the absence of institutional interest.
Finally, as crypto goes through the huge valuation swings while we all work out what its fair-value is and how economic value will accrue to the ecosystem over time, game-theoretically it often just makes sense to be as aggressive as possible when building a business. If the market goes up, the most aggressive players make the most money and get to out-spend their competition into oblivion. If the market goes down, the business crashes among the asset fire-sales — but often the less aggressive version of it would also have been worthless by then. If the downside is the same, why not aim for the moon?
With all these terrible incentives around, as a trader you have some options if you don’t want to limit yourself to trading spot only on top regulated exchanges.
Solution 1: Not your keys, not your coins (hardware wallet edition)
We have all heard this and said this before — why are all these customers getting caught with assets on exchanges, rather than in their own offline wallets? The answer is simple: because they are using the exchanges as their (free) custodians. We would argue most users know that this is not the prudent thing to do, but the hurdles to keeping all their assets in their own wallets (and incentives to keep them on the exchange) are often simply too high:
1. For most users self-custody is hard (and perhaps not really advisable until the tech is much easier to handle and best practices are clear and proven).
2. For some users the passive yield they are getting from holding their assets on the exchange seems like a good deal, as exchanges are usually not forthcoming about the risks they take with these assets.
3. For some active traders the benefits from cross-margining, portfolio margining and other capital-efficiencies provided by the exchange are key to staying competitive. They make significantly more money (using more leverage, lowering their funding costs) by keeping a chunk of their assets on the exchange.[1]
Simply put: it does not work for everyone.
Solution 2: Not your keys, not your coins (DeFi edition)
With all the on-chain innovation we have seen and the growth of Layer-2 solutions on Ethereum, there is a wealth of spot and derivatives exchanges available on-chain for traders to use. Many of them, through different liquidity provision mechanisms, offer passive and transparent ways to earn yield that do not require taking on additional credit risk.
Two issues remain, for now at least:
1. Most of the tech is very new, so while you are not sending your crypto to a centralised exchange, you are sending it to a smart contract that you have to trust. Exploits happen all the time and sticking to the most blue-chip venues basically limits traders to spot-trading only.
2. All-in trading costs (accounting for liquidity, execution fees and funding fees) are significantly higher than on centralised exchanges.
Again: it does not work for everyone.
Side note: TradFi
In traditional finance, exchanges generally do not hold client assets — instead trading firms secure their derivative positions through clearing agreements with Futures Commission Merchants (FCMs), via ISDA and Repo agreements with investment banks, and with agreements with prime brokers. However, the prime broker model has not yet been adopted in the crypto world due to its inherent insecurity (as seen in the Lehman Brothers crisis) and a heightened risk of default if the Prime Broker does not have a well-capitalised parent company to bail them out: The recent Archegos fiasco cost Credit Suisse over $5billion and Nomura $2bn. The prime brokers in the crypto industry lack the reliable financial resources (balance sheets and wealthy parent companies), which their traditional counterparts enjoy.
Solution 3: Off Exchange Settlement
We believe Off Exchange Settlement (OES) is the best path forward to mitigate counterparty risk for traders who need to keep margin on an exchange.
Optimal OES flow requires 4 entities:
- Exchange — a lightly-regulated trading venue
- Custodian — a regulated entity with best practices, SOC certifications, audited by the Big 4, with an on-chain proof of client assets, based in a strong jurisdiction
- Trader — a client of the Exchange and the Custodian
- Trusted Third Party — a regulated, reputable entity used to provide a dispute resolution mechanism
The OES workflow usually follows three basic steps:
- Client keeps assets with the Custodian
- Custodian “locks” the funds in some of the Client’s wallet in favour of the Exchange upon the Client’s instruction
- Exchange “mirrors” those funds on its platform, allowing the Client to trade using the locked capital as margin
In the remainder of this paper, we share our perspective on OES as a solution — a solution we actively use and have argued for years that exchanges and custodians should implement. We believe this approach allows for structural redesign of counterparty risk models in the digital assets space, taking the best lessons from traditional finance models and enhancing them with the crypto-native tools, thus paving the way for increased participation of institutional capital.
Towards optimal OES: Wallets
Optimal OES solution requires two main types of wallets[2] to be offered by the Custodian, reflecting the different split of cryptographic control over the assets:
1. Multi-Party Wallet — where 2-out-of-3 signers can sign transactions, the signers being Custodian, Client and Trusted Third Party.
This type of wallet is designed to hold majority of Client’s assets that are available for trading on the Exchange[3].
2. Settlement Wallet — fully controlled by the Custodian.
This type of wallet is designed to:
- hold a portion of the Client’s assets available for trading on the Exchange
- hold some of the Exchange’s assets
The Custodian has the duty to settle profits and losses (PnL) arising from trading operations on a periodic basis (on-demand by either side, daily, hourly, or potentially minute-by-minute or tick-by-tick), both for the Client and the Exchange.
Towards optimal OES: Required Balances
Client
The client has the responsibility for keeping adequate margin for their positions on the Exchange across the Multi-Party and Settlement Wallets. Their failure to do so will result in position liquidation, just as it does currently when posting collateral to the Exchange.
In addition, the client has a responsibility to maintain adequate funds in the Settlement Wallet, subject to a margin call and a remediation period. Failure to deliver additional margin to the Settlement Wallet during this period will also result in liquidation of positions.
Exchange
The exchange has responsibility for keeping adequate[4] capital in the Settlement Wallet. Their failure to do so should be flagged by the Custodian to the Client, at which point the Client may choose to close out positions on the exchange and retrieve the collateral posted to the Settlement Wallets.
Towards optimal OES: Settlements
Frequent settlement is important to avoid a build-up of counterparty risk, as well as efficient collateral management between venues in volatile markets.[5] Hence settlement and risk-checks on required balances should be done frequently (e.g. every minute).
Settlements within the Settlement Wallet are carried out automatically by the Custodian, using a separate ledger. As stated before:
1. If the Client’s balances drop below the required levels in the Settlement Wallet, the Custodian issues the Client with a margin call.
2. If the Exchange’s balances drop below the adequate levels, the Custodian will notify all Clients trading on this exchange.
In the normal course of business, the Client and the Custodian would jointly move funds from the Multi-Party Wallet to the Settlement Wallet following a margin call. The Custodian would also return excess collateral from the Settlement Wallet back to the Multi-Party Wallet when such collateral is accumulated by the Client (for example due to accumulated positive PnL) and such a return was requested by the Client.
Outside of the normal course of business, in special cases outlined below, the Trusted Third Party can act together with the Custodian or the Client to move funds from the Multi-Party Wallet.
Towards optimal OES: Trusted Third Party (TTP)
Why do we need a TTP?
There are several cases when a TTP is required in an institutional custody setup:
a) Custodian unavailability
If the Custodian is unable to sign a transaction with its key-share, then the TTP can sign a transaction to remove the assets from all existing Multi-Party Wallets previously managed by the failed Custodian.
b) Key-share loss by either the Custodian or the Client[6]
In this situation the TTP will be able, jointly with the remaining key-share holder, to sign a valid transaction from all the existing Multi-Party Vaults into newly generated ones.
c) OES settlement dispute between the Exchange and the Client
Details of possible settlement disputes are described below in the Disputes section.
Required qualities of a TTP
Knowledgeable and Independent
A TTP should understand trading derivative markets and custody processes to enable it to respond to any disputes that may rise through the normal course of trading. It should be confident that it is performing its required duties and have sufficient independence from the Exchange, Custodian or Client’s wishes. All three counterparties should have confidence that the TTP would act according to the prevailing regulations and terms and spirit of the OES agreement and will not succumb to the pressure of any of three parties involved. As detailed in the following Disputes section, if there are disputes beyond the scope of the OES agreement, the TTP should have a clear procedure in place for referring these to arbitration.
Operationally capable
A TTP should understand the security requirements of signing on-chain transactions. A TTP will be present at the initial key set up and will need to design a secure and redundant key storage policy.
A TTP will need to sign transactions on a regular basis to prove that they are still in control of the key which will mean retrieving their key shares from storage locations and using them to co-sign transactions.
Regulated
In some jurisdictions signing a crypto transaction may be a regulated activity so a TTP should have the appropriate regulatory permissions.
Towards optimal OES: Disputes
Conflicts can arise between Exchanges, Custodians and Clients. There will be cases (some of which are detailed below) when the Custodian and Client may disagree on settlement amounts and therefore refuse to sign a transaction.
Some of these disputes can be anticipated, and the correct response should be agreed beforehand and documented in the OES agreement. Some unexpected and currently unknown situations are difficult to anticipate and should either be dealt with reference to principles or through arbitration.
In crypto there are broadly three asset control issues:
1. Cryptographic control
2. Legal control
3. Bankruptcy remoteness
In the examples below we deal with the first point only. Parties should ensure their legal documentation and structure gives them adequate control, including bankruptcy remoteness, in the below mentioned situations.
Anticipated scenarios
Some problems can be anticipated because they have happened. Here are some of them.
1. Exchange problems
The primary reason for OES is to reduce the credit counterparty risk of traders leaving their assets on Exchanges.
a) Exchange fraud or bankruptcy
The obvious Exchange issue is fraud or bankruptcy. In this situation, the Custodian should return any Exchange pledged assets to the Clients without delay (having settled outstanding PnL).[7]
OES in action: Coinflex restructuring
There has been an actual bankruptcy of an exchange that was using OES. In 2022 Coinflex was set up on Copper’s version of OES called Clearloop. Based on the limited information available, it appears that none of Copper’s Coinflex clients suffered any losses originating from the Coinflex bankruptcy.
b) Exchange Hacking
Exchanges have also been subject to hacking attacks and have attempted to socialise losses amongst their traders.
c) Exchange errors
Some exchanges have suffered from liquidation losses due to the mismanagement of liquidation risk[8] or from technical problems. For example, on 31st October 2020, Deribit’s BTC index fell suddenly by 25% as one of the four exchanges Deribit used to calculate its BTC index had gone offline for maintenance. This led to the unwarranted liquidation of short put positions. Apparently, the losses inflicted upon investors were limited to a few million dollars, so Deribit was able to absorb the losses, making all affected clients whole. However, had the losses been greater the exchange might not have been able to compensate their customers in full.
d) Exchange private key storage
Sometimes exchanges have not prudently stored their private keys and have had to halt withdrawals[9].
In many of these cases, exchanges have had sufficient capital to compensate their customers for hacking and other losses that were the exchange’s fault. However, there is a risk that a loss becomes so large that the exchange does not have the capital to cover it and the exchange’s customers lose funds.
2. Client problems
Trading firms aren’t immune to trading losses and may lose money in excess of balances available in their Settlement Wallet. In such cases, the exchange may not have time to liquidate affected clients’ positions and so may require a topup of capital from the Multi-Party Wallet.
If a trading firm loses more money than is available in the Settlement Wallet, but refuses to transfer additional capital from the Multi-Party Account, then the custodian and the TTP would jointly sign a transaction transferring sufficient value to the Settlement Wallet.
It is also possible for trading firms to lose all their capital[10]. This is a risk that exchanges should manage through requiring traders to post sufficient margin and rapidly liquidating unmargined positions.
3. Custodian problems
There have been instances of custodians being hacked[11] and being sued for losing private keys[6].
These problems can be avoided by a Multi-Party Wallet that can function if one of the keys is lost or having a backup copy of keys. Custodians who do not follow such procedure, would not qualify as a safe counterparty, given the lack of access to wallets in case of a custodian bankruptcy.
4. Other, unanticipated scenarios
It’s unlikely that we’re going be able to identify all possible situations that may arise. In this case the dispute should be referred to The London Court of International Arbitration which has been resolving complex disputes for over a century. The custodian, exchange and trader should agree in advance to accept the decision of the arbitrator.
Towards optimal OES: Exchange perspective
As we previously discussed, when lightly regulated exchanges choose to rehypothecate the funds of their customers, they do so within the landscape of an extremely competitive and aggressive businesses competing for customers with innovative products and better customer experience. This competition usually means taking the most aggressive stance when dealing with customer assets is the only way to fund the ongoing growth of the exchange. If all your competitors are doing it, it’s nearly impossible for you not to do it and stay competitive. With OES in place, these exchanges have a chance to break out of this cycle: start reaping the benefits of a heavily regulated exchange, while remaining at the cutting edge of product innovation. The cost/benefit analysis is as follows:
Benefit 1: More fees from incremental volumes from institutional traders
Much of the institutional capital that would otherwise happily trade on lightly regulated exchanges does not do so precisely because of the counterparty risk they would need to assume in doing so. Top exchanges (as measured by technical quality of trading services provided) with OES will immediately benefit from the exponential growth of volumes due to the ability of trading institutions to switch away from executing via risky liquidity venues.
Benefit 2: Lower spend on security
Exchanges implementing OES will also no longer be a prime target for hackers, as they do not hold client assets anymore. Currently, exchanges provide custody services effectively for free (or in return for the risky cashflow from rehypothecating the clients’ assets), while incurring significant costs of ensuring the security of client assets.
Cost 1: No more rehypothecation of client assets
By implementing OES, exchanges are no longer able to rehypothecate the clients’ assets — by design, the exchange has no access to the private keys governing those assets[12]. For an exchange currently doing this, it will have a significant impact on their bottom line — but equally it will remove their clients’ concerns about the reserves held by the exchange.
It is our strong belief that trading venues that adopt OES will become more attractive to customers and will attract much greater trading volumes in the long run compared to exchanges refusing to implement it, because of the greatly mitigated counterparty risk, one of the most sensitive issues in the post-FTX world. With OES in place, the exchange can concentrate on its core business operations such as acquiring customers, introducing new products, and ensuring an efficient and reliable matching engine.
Towards optimal OES: Client perspective
Many institutional clients currently avoid trading on the most liquid exchanges in crypto due to the counterparty risk posed by posting collateral to them. While often involved in crypto, any losses resulting from such counterparty risk carry significant career risk for the managers — much higher than sub-optimal execution or lack of access to the most innovative products in the space. OES as described here largely removes the counterparty risk issue, as most of the assets belonging to the client stay within the Multi-Party Vault, which cannot settle transactions without the approval of either the Client or the Trusted Third Party. It further provides strong guarantees about key availability in the event of catastrophic key-loss events, with the signing permissions distributed across counterparties. Realistically, the counterparty risk is largely removed, not just transferred to another entity.
This is not to say that individual clients should not take part in the OES settlement flow. Granted, there is a non-trivial cost to setting up a Multi-Party Vault, finding a Trusted Third Party, generating the appropriately-split MPC key-shares etc. This cost is, however, fixed, not variable — hence it will clearly be worth it for institutions and individuals who post significant capital to the OES solution, but perhaps less so for smaller traders, who may settle for a simplified flow with Settlement Vault only. This solution scales easily for all the parties involved and transfers the counterparty risk from a lightly regulated exchange to a regulated custodian.
Towards optimal OES: Custodian perspective
For completeness, it is worth discussing the costs and benefits of custodians getting involved in setting up OES across multiple exchanges for their clients. Technologically, these are not easy implementations, requiring intrinsic understanding of the products offered by the exchange, the margining mechanisms and broader risk controls.
The primary goal for the custodian should be maximising the assets under custody. OES implementation for institutions and individuals alike should bring a wave of customer assets to custodians. For institutions, these are the assets that are currently sitting in ETFs and other sub-optimally structured products, giving institutions access to safe custody and the ability to manage their position in a liquid market. For individuals, these are assets currently held in hardware wallets and post-it notes with seed-phrases in their desk drawers.
Finally, for both types of clients, a large amount of assets that will flow into these OES solutions is currently posted to the exchanges — either the heavily regulated ones that often do not have the best products or liquidity; or the lightly-regulated ones, where clients are under-sizing the deposits because of the significant counterparty risk.
All of the above represent a business opportunity for the custodians.
Existing OES Solutions
Given the current rate of innovation in the sector, this section of the paper will be out of date shortly after the time of writing. However, at the time of writing in March 2023, the following are the best-known competing solutions in the market, implementing different flavours of OES:
· Copper Clearloop — integrated with Deribit, Bitfinex, OKX and some other minor exchanges
· Fireblocks — integrated with Deribit and Huobi
· Ceffu[13] (previously Binance Custody) — integrated with Binance
· Anchorage — working on a solution with a spot exchange
· Fidelity — working on a solution with a spot exchange
· Zodia and Koymaynoo — both have indicated forthcoming release, but details are yet to be announced. They both have backers with strong balance sheets but the extent of the balance sheet guarantees is unclear.
OES: Summary
OES is a win for exchanges, traders, and custodians alike: Exchanges no longer have to custody traders’ funds, traders mitigate the counter party credit risk of exchanges, while custodians get to charge fees on assets under custody.
A safe solution for trading on exchanges is vital to the success of the crypto industry. If crypto is to be taken seriously by traditional finance we need comprehensive and robust protection of investors’ assets through OES.
Nickel Digital Asset Management is authorised and regulated by the Financial Conduct Authority (“FCA”). This paper explores issues facing crypto exchanges and is solely intended to offer high-level commentary in relation to such issues and how such issues might be addressed. The paper is not a financial promotion (as defined within the FCA’s Glossary of Terms).
____________ Footnotes ____________
[1] This matters particularly for traders on derivative exchanges, as they must leave collateral on exchange for longer periods to support their positions. In contrast, for spot exchanges, exchange risk is less important as assets can quickly be sent to and from the exchanges, with transactions settling on-chain usually within minutes, thus minimising the need for large inventory on-exchange.
[2] Technologically, custodians generally offer two types of wallets, both of which allow for the optimal (or near-optimal) OES setup:
- Single signature wallets — a single private key, usually stored in an HSM is used to sign transactions out of this wallet by the Custodian. Permissioning for transactions and redundancy of key-storage is fully implemented by the Custodian too.
- Multi-signature wallets — either multiple private keys are required to create a valid on-chain transaction, or multiple key-shares are required to do so via a multi-party computation (MPC) algorithm. With n keys, valid signature requires an m out of n signers threshold, where any m key-holders have to co-sign a transaction in order for it to be valid. On-chain permissionless solutions exist for this (e.g. Gnosis Safe), while Custodians usually resort to implementing MPC algorithms, thus ‘splitting’ a single key into multiple key-shares. Permissioning is implicit in the threshold function, and redundancy of key-storage is implicit in the existence of redundant keys/key-shares.
[3] There can be one Multi-Party Wallet per Exchange or one can be used for several Exchanges, with the Client logically delegating funds in this wallet between Exchanges, where the Custodian has to record the logical delegation of funds across Exchanges.
[4] The most standard way to define adequacy here would be to:
- Impose the same margin requirement on the Exchange as on the Clients, except on the net position the Exchange holds against all of the Clients or;
- Impose separate margin requirement on the Exchange based on independent risk-modelling of the exposure the Exchange holds against all of the Clients
[5] For example, if a Client has a short bitcoin derivative position on an Exchange, in the event of a large market fall, this position will result in accumulation of large positive PnL on the Exchange, which increases counterparty exposure. If Exchange were to go bankrupt, the unsettled profit would be lost.
[6] One alleged example of this situation: https://www.coindesk.com/markets/2021/06/22/fireblocks-being-sued-for-allegedly-losing-over-70m-of-ether-report/
[7] Note that these assets should be bankruptcy remote from clawback by the Exchange bankruptcy administrator.
[8] https://ambergroup.medium.com/okex-its-time-to-pay-the-piper-c242ec4ace47
[9] https://asia.nikkei.com/Spotlight/Caixin/China-s-OKEx-halts-cryptocurrency-withdrawals-after-founder-arrested
[10] https://medium.com/@vladmatveev/cryptolab-blow-up-1f925039d61b
[11] https://www.coindesk.com/layer2/2022/02/09/4-unanswered-questions-about-the-bitfinex-hack/
[12] While the exchange will no longer be able to externally rehypothecate the funds (points 4 and 5 in the introduction), it will still be able to build products in its ecosystem that allow users to borrow/lend their assets to other users on the exchange, which carries minimal risk for customers and will continue to provide trading cashflow for the exchange.
[13] To the best of our understanding, there is a close corporate relationship between Binance.com and Ceffu, the latter being a regulated custodian allowing clients to mirror their balances to Binance.com. An implementation of a solution akin to the Multi-Party Settlement Wallet is pending.
