Choosing a solution for the secure custody and management of digital assets is one of the most critical decisions for any individual or institution in the crypto and Web3 markets. Amidst increased government crackdowns, such as the recent SEC proposal to expand and enhance the role of qualified custodians (QCs), it is especially important to understand the differences in crypto custody solutions, especially regarding the latest rules and regulations.
The primary consideration when securing crypto holdings is whether to use a self-custody solution from a technology provider or to hire a qualified custodian more akin to traditional financial services.
Below, we’ll explore some of the critical differences between self-custody and qualified custodians, as the two are frequently lumped together. Let’s start with some definitions:
Both models are commonly seen in digital asset markets. In addition to regulatory requirements from the SEC’s recent qualified custodian proposal, it is important for institutions to consider how security and insurance impact the decision to choose a self-custody or custody technology service provider for their business.
There are various security concerns that need to be addressed when managing digital assets, including:
In contrast to self-custody options, a qualified custodian assumes and manages the majority of these security exposures. This considerably reduces risk for the customer. Qualified custodians give customers peace of mind by securing assets with multiple layers of security, such as:
In the case of custody technology providers, all or most of the security management is left up to the end user. Customers must absorb all of the security risks, which in digital assets often means exposing the gross value of the portfolio. Managing this security risk appropriately is often very expensive, as it requires access to appropriate infrastructure, sophisticated processes and expertise.
A portion of the private keys may be held by the custody technology provider, however, they will not take on the associated liabilities for protecting these assets. This means responsibility for the backup and recovery of lost private keys often lands on the end user, adding increased complexity, costs and security risks, and potentially burdening them with needing yet another vendor to fulfill these responsibilities.
Insurance is another factor to consider when choosing between self-custody solutions or qualified custodians. Two key types of insurance typically carried by digital asset custodians (and many other types) are:
End-user customers have the option to consider obtaining direct insurance policies to cover their own internal employee fraud exposure and self-custody of backup material. However, this process can be challenging and burdensome. Qualifying for this type of insurance often requires having sophisticated internal controls in place, which is not always guaranteed and can be expensive compared to traditional crime insurance.
As mentioned, the SEC proposed a rule to require registered investment advisors (RIA) to keep their customers’ money and securities with a qualified custodian. As new rules and regulations evolve, it is important for investors to research the latest regulatory requirements imposed by the SEC and ensure the chosen custody solution complies. To ensure compliance with regulations and avoid potential legal issues and fines, it is crucial to recognize that there are only a select few companies that are designated as “qualified custodians.” Therefore, selecting a qualified custodian is of utmost importance.
Qualified Custodians Assume Liability and Reduce Customer Risk
Self-custody using custody technology solutions like Fireblocks or Copper offer a number of benefits to clients looking to manage their own assets. They are often flexible and relatively simple to integrate and manage, at least on the surface.
However, now with the SEC proposal, companies like these will need to partner and work with a qualified custodian to safeguard their clients assets. Beyond the benefits of security and insurance, qualified custodians also assume the majority of the complex risks associated with the management of digital assets.
Qualified custodians have spent considerable efforts implementing secure, regulatory and insured infrastructure to manage these risks effectively. Together, we believe that both qualified custodians and custody technology services will provide investors in the space true peace of mind for the integrity and safety of their assets.