Qualified Custodian




Qualified or Self-Custody: What‘s Right for Your Business?

Choosing a solution for the secure custody and management of digital assets is one of the most critical decisions for any individual or institution in the crypto and Web3 markets. Amidst increased government crackdowns, such as the recent SEC proposal to expand and enhance the role of qualified custodians (QCs), it is especially important to understand the differences in crypto custody solutions, especially regarding the latest rules and regulations.

The primary consideration when securing crypto holdings is whether to use a self-custody solution from a technology provider or to hire a qualified custodian more akin to traditional financial services.

Below, we’ll explore some of the critical differences between self-custody and qualified custodians, as the two are frequently lumped together. Let’s start with some definitions:

  • A qualified custodian is typically a regulated financial services provider with custody technology that holds and manages cryptocurrencies, stablecoins and NFTs on behalf of the customer. The custodian may offer value-added services such as staking or execution.
  • A custody technology services provider is a technology company that enables the customer to directly manage their own funds (i.e., self-custody).

Both models are commonly seen in digital asset markets. In addition to regulatory requirements from the SEC’s recent qualified custodian proposal, it is important for institutions to consider how security and insurance impact the decision to choose a self-custody or custody technology service provider for their business.

Security Considerations

There are various security concerns that need to be addressed when managing digital assets, including:

  • Risks associated with the physical storage of private keys
  • Cybersecurity threats
  • Collusion
  • Operational risks

In contrast to self-custody options, a qualified custodian assumes and manages the majority of these security exposures. This considerably reduces risk for the customer. Qualified custodians give customers peace of mind by securing assets with multiple layers of security, such as:

  • Demonstrating exclusive possession or control of private keys so that a client is unable to change the beneficiary of the crypto asset without the custodian’s involvement
  • Protection for the private keys of clients; the key shares are distributed to multiple physical locations, ensuring no single hack can compromise the assets.
  • To protect against collusion, all transactions must be initiated by the client and they are subject to preset, system-enforced trade approval processes on both the client and the QC’s side.

In the case of custody technology providers, all or most of the security management is left up to the end user. Customers must absorb all of the security risks, which in digital assets often means exposing the gross value of the portfolio. Managing this security risk appropriately is often very expensive, as it requires access to appropriate infrastructure, sophisticated processes and expertise.

A portion of the private keys may be held by the custody technology provider, however, they will not take on the associated liabilities for protecting these assets. This means responsibility for the backup and recovery of lost private keys often lands on the end user, adding increased complexity, costs and security risks, and potentially burdening them with needing yet another vendor to fulfill these responsibilities.

Insurance Considerations

Insurance is another factor to consider when choosing between self-custody solutions or qualified custodians. Two key types of insurance typically carried by digital asset custodians (and many other types) are:

  • Specie insurance provides protection for valuable offline assets held in physical locations (AKA cold storage). Custodians can insure assets within cold storage environments at a much larger scale and with more attractive pricing due to the level of security involved, which becomes critical for institutional counterparties. Specie insurance can only be provided to the party that is liable and has care, custody and control of the assets.
  • Crime insurance provides protection to both the custody technology provider and the customer loss payees in the event of various types of losses, including employee theft, theft by outsiders, and fraudulent instructions. Given that these providers don’t assume fiduciary or legal responsibility for client assets, they are typically only able to offer crime insurance. While having insurance coverage is better than having no coverage at all, the higher cost of insurance often makes it impractical to insure platform assets at a larger scale. Additionally, it‘s important to note that insurance coverage typically does not extend to backup artifacts that are under the clients’ care, custody, and control.

End-user customers have the option to consider obtaining direct insurance policies to cover their own internal employee fraud exposure and self-custody of backup material. However, this process can be challenging and burdensome. Qualifying for this type of insurance often requires having sophisticated internal controls in place, which is not always guaranteed and can be expensive compared to traditional crime insurance.

Regulatory Considerations

As mentioned, the SEC proposed a rule to require registered investment advisors (RIA) to keep their customers’ money and securities with a qualified custodian. As new rules and regulations evolve, it is important for investors to research the latest regulatory requirements imposed by the SEC and ensure the chosen custody solution complies. To ensure compliance with regulations and avoid potential legal issues and fines, it is crucial to recognize that there are only a select few companies that are designated as “qualified custodians.” Therefore, selecting a qualified custodian is of utmost importance.

Qualified Custodians Assume Liability and Reduce Customer Risk

Self-custody using custody technology solutions like Fireblocks or Copper offer a number of benefits to clients looking to manage their own assets. They are often flexible and relatively simple to integrate and manage, at least on the surface.

However, now with the SEC proposal, companies like these will need to partner and work with a qualified custodian to safeguard their clients assets. Beyond the benefits of security and insurance, qualified custodians also assume the majority of the complex risks associated with the management of digital assets.

Qualified custodians have spent considerable efforts implementing secure, regulatory and insured infrastructure to manage these risks effectively. Together, we believe that both qualified custodians and custody technology services will provide investors in the space true peace of mind for the integrity and safety of their assets.