Stepping stone or roadblock? Institutional custody in the era of tokenization
Current and future dynamics in the global custody industry for financial Digital Assets
As presented in our second publication, “Mapping business opportunities in The Era of Tokenization — a $24trn game”, institutional custody, as of today, is one of the biggest open battles for further market growth of Digital Assets (tokenized assets). Hence, it is one of the verticals with the highest potential and opportunities in the financial services landscape for tokenized assets. Custodians need to implement the necessary technology and infrastructure to secure tokenized assets which means protecting the private keys and developing secure mechanisms to support transactions in and out of custody. In addition to storage of the private keys, custodians also need to adapt their technology architecture to manage cybersecurity risks when interfacing with a public blockchain to facilitate asset transfers.
Lack of sophisticated custody solutions (for various reasons) currently prevents institutional money from flowing into the ecosystem. Consequently, it cannot exploit the full potential and benefits of asset tokenization, which is ultimately necessary to provide increased liquidity and market depth. Currently, Digital Asset custody providers are mainly based in the US and these providers focus mainly on cold storage solutions and offer a limited coin/token spectrum. The competition, however, is expected to intensify by the end of 2019. Recent announcements from larger traditional financial players (e.g. Fidelity) to offer institutional custody solutions are positive news for the entire Digital Assets ecosystem.
At global level, there are currently around 40 providers offering — or expected to offer in 2019 — Digital Asset custody solutions for institutional investors. The ecosystem is heavily oriented towards cold storage solutions (offline), with only 10% of providers offering an online storage architecture (hot storage). Around 30% of those providers are pure tech players: focusing on, for example, software/hardware-as-as-service for financial institutions and others. Only 25% of providers in the current landscape offer an insured solution — mostly insured by US and UK insurance carriers. In terms of geographical origin, the majority of providers are currently located in the US. Those providers (e.g. Coinbase Custody, Gemini, BitGo, and Kingdom Trust) seem to be the most developed and established in the local market environment, with up to +$20bn in Assets under Custody (AuC). Second highest concentration of custody providers are located in Switzerland and Liechtenstein.
One third of providers are regulated by a variety of banking/financial institution licences (e.g. Trust Regime, VFA, E-Money, VFQ, DLT) in a broad range of jurisdictions (e.g. USA, Gibraltar, Malta, UK). Due to inconsistent regulation (e.g. between countries and types of Digital Assets), not a single institution can be considered a fully regulated, licensed custodian.
Digital Asset coverage is still limited and onboarding of new tokens is a slow process. 30% of current players take custody of fewer than 10 coins and no ERC20 tokens. Approximately 25% hold custody of more that 10 coins (mainly because they include the ERC20 standard) and 45% of players did not disclose any information on their Digital Asset portfolio.
Missing building blocks in the current landscape
According to our detailed research of the market landscape, the following areas are seen as pain points/obstacles in the growth of Digital Assets:
○ Consistent Regulation: across all major financial jurisdictions, unclear or changing regulatory guidance is confusing for custody providers as well as investors
○ Qualified Custodians: in the majority of jurisdictions, a regulated (qualified) custodian is required by law for investment advisors (e.g. asset managers). In the US, the Securities and Exchange Commission (SEC) introduced “The Rules And Regulations, Investment Advisers Act Of 1940”, which requires that any registered investment advisor who has custody over client’s assets must have those assets stored with a qualified custodian. Currently, only ~10–20% of Digital Asset custodians are somewhat qualified
○ Enhanced Financial Services: support for institutional players in such as fund administration, regulatory reporting, taxation etc.
○ Sophisticated Product Offerings: for truly digital services, online/hot-storage custodians are required to support advanced blockchain-protocol-functionalities such as staking (as in proof-of-stake) or dividends/voting rights (as in tokenized equity-bearing securities)
Since the current landscape contains significant flaws keeping institutional money from flowing into the Digital Assets ecosystem, the question remains: who will close the gap?
A couple of candidates identified
1.Digital Asset (Crypto-) Exchanges
Exchanges moving from the current intransparent model to a fully licensed business model where they could extend their offerings with custody solutions (e.g. Coinbase). Exchanges already own the crypto end-customer (retail) and could even consolidate to fewer exchanges with increased market depths.
● As Digital Assets are expected to become regulated, so do Digital Assets (Crypto-) Exchanges
● Security regulation across jurisdictions (e.g., German BörsG) foresees that exchange market participants need to be “qualified” — leading to the tiered system that banks currently participate in for traditional financial exchanges. This trend would likely also happen to Digital Assets (Crypto-) Exchanges
● Exchanges are currently unlikely to adapt their technology stack — their management teams have strong web software development backgrounds but they do not necessarily come with a core banking know-how
2.Cold Storage Providers
Cold storage providers could develop hot-storage (online-) solutions and offer them to their existing client-base. In general, this requires them to build an entirely new tech stack as the main problem of hot-storage is not the key storage itself but developing an access system that only executes fully validated, non-hackable transactions towards Hardware-Security-Modules (HSM) where the private keys are stored.
● The reason why cold storage providers do not offer hot storage today is that they are not capable of delivering a non-hackable access technology e.g Hardware-Security-Module (HSM) where the private keys can be stored
● In traditional web development, most systems are indeed hackable — we see hacks even on leading players such as Google, Facebook, Target, etc
● Cold storage providers will need to build up an entirely new tech stack to provide hot storage — they currently lack this scarce talent (see also crypto exchanges with same reasoning)
Traditional banks could start offering Digital Assets including custody services. In general, they have three ways how to enter into the Digital Assets offering:
- Embed Digital Assets natively in their core banking system to be able to handle/process them (like currently with securities and currencies)
- Connect to a third-party system as technology provider for Digital Assets
- Rely on a third-party Digital Asset custodian as a financial service
● Embedding Digital Assets natively in core banking systems is difficult as today’s core banking systems usually only support 6 decimals after the comma. Reprogramming an already deployed core banking system (CBS) is a large-scale IT project of >12 months. Taking into consideration that data types (in the very bottom of the stack) need to be adapted towards blockchain-/private-key-methodology, experts expect that a complete switch to a new CBS would be more cost-efficient than deployment of Digital Asset methodology into an existing CBS
● As long as Digital Assets are not consistently regulated, banks would incur the highest possible equity charge in their risk weighted asset calculation according to Basel III — this means that they would incur substantial equity requirements due to holding Digital Assets on their balance sheets. This is not mitigated by having a 3rd party system like Metaco (Switzerland) as it does not provide a balance sheet for those assets
Traditional Custodians could build up the necessary tech infrastructure and start offering Digital Asset custody. This sounds like a logical move, as traditional custodians are already serving those institutional customers that are likely to drive the growth in the Digital Assets ecosystem (e.g. banks and asset managers).
● Traditional Custodians need to change their business model to offer Digital Asset custody — this translates into an increased internal approval hurdle for such a project
● They will need to provide value-added services (as in advanced blockchain-protocol-functionalities) like staking, voting-rights or dividend-payouts. They do not do this in the traditional asset context and will need to assume the full risk of private keys disappearing. As such, this could put the rest of their balance sheet at risk
● Scenarios such as a “51% attack” could trigger liabilities for custodians and put their existing business at risk. This likely reduces their appetite for Digital Assets at current volumes
● Traditional Custodians tend to be the least innovative players in the financial industry as their business is scale-driven and has been automated already a decade ago
● They would incur the highest possible equity charge in their risk weighted asset calculation according to Basel III and incur substantial equity requirements due to holding Digital Assets on their balance sheets, just like Traditional Banks
Consequently, based on the current inability of custody providers to meet institutional investor’s demand, we identified the following trends:
Demand for technological shift from cold- to hot storage
● Only hot storage will allow full exploitation of the technological potential of blockchain-based Digital Assets (e.g. staking and voting), whereas cold storage only allows limited functionalities - Investors as well as protocol-developing startups will demand fully-compatible custody solutions
● Investors need faster access to liquidity and trading. Currently, cold storage wait times have an average of 2 business days for asset release. Additionally, investors demand an integrated solution with add-on services (e.g. reporting, taxation) and in-custody functionalities (e.g. in-custody trading)
● This will happen, while investors still demand highest security standards: as of today cold storage was preferred because of greater perceived security, as soon as hot storage solutions will be complemented/integrated with higher security tech stacks (e.g. in combination with Core Banking Systems), they will take over the leading position in the custody ecosystem for Digital Assets
Increase of regulatory compliance
● While cryptocurrencies and utility tokens remain vastly unregulated in the majority of jurisdictions, the development and evolution of security tokens (e.g. equity/debt or real estate representation) will trigger stricter guidance from regulators for custodians in the ecosystem
● On the investor/asset manager side, qualified custodians will be required by law and regulators for investor protection, based on certain fund-size thresholds, analogous to traditional assets
Proliferation of institutional-grade custody banking solutions
● The increasing number of institutional investors will rely on “trusted” institutions and will combine strong tech-capabilities with licensed business models in a “new generation of banking”
● The combination of increased cyber/infrastructure-security requirements and regulatory compliance for a hot-storage solution will trigger an increase in institutional-grade custody solutions, built on proven banking-technology
● The combination of traditional banking-technology (e.g. Core-Banking-Systems) with Digital Asset/blockchain methodology will lead to a more professionalized custody environment, meeting institutionals’ demand