The implementation of the 5th EU Anti-Money Laundering Directive by the German legislator calls for new solutions regarding the custody of digital assets. Through extensive development of their custody solution and its highly certified IT-partner GISA, Plutoneo offers the highest security standards while being able to provide fully customizable custody options to their customers. Author: Mauro Cappiello
Officially, the Bitcoin bubble burst in late 2017, when prices fell around 82% after a peak of just below $20,000.00. But instead of declining afterward, the market for crypto currencies and crypto assets is becoming increasingly relevant again. While 2019 trading volumes are still far below the 2017 peak, volumes in Q2 of 2019 are three times as high as those of 2018 (Muehlemann, 2019). A notable mention is Bitcoin, which gained 155% between April and July (ibid.). Meanwhile, digital assets like stable coins (USDT) reach higher trading volumes than crypto currencies and become more and more relevant to the digital ecosystem.
Digital custody on its way to become a commodity
The most prominent case of crypto theft was the Mt. Gox incident in February of 2014, where around $460 million in Bitcoin were stolen. However, the danger of malicious attacks has not been eliminated since then. In 2018 alone, Reuters reported an increase of over 400% in crypto currency thefts to over $1,7 billion (Chavez, Dreyfuss, 2019). In mid-July 2019, the Japanese exchange Bitpoint was hacked and lost $32 million. Furthermore, Binance, one of the leading crypto currency exchanges was hacked in May 2019 and 7,000 Bitcoin worth approximately $41 million were transferred to the hacker’s wallet (Pompon and Vinber, 2019). This clearly shows two things: (1) the crypto market is still of considerable size, and (2) there is a vulnerability of crypto assets that needs to be addressed.
In particular, the security of digital assets has been a major news item in recent months and faced some important developments. Most notably Germany is leading the way when it comes to the regulation of digital assets. With the implementation of the 5th EU Anti-Money Laundering Directive (AMLD 5) the German legislator even goes beyond the required regulation. Crypto assets (so-called “Kryptowerte”) will be established as a financial instrument to the German Banking Act (KWG). In addition to that, crypto asset custody is being introduced as a new type of financial service and will, therefore, require the authorization of BaFin.
This amendment considerably extends the use of crypto assets from a mere means of exchange to a financially recognized asset that can serve not only as a means of payment but also as a store of value. In other words, all entities currently operating in the digital asset market or planning to register in the future are required to either acquire a license or engage a third party holding the appropriate custody license to perform their transactions.
As a result, this amendment poses a major challenge: “To whom do I entrust the safekeeping of my digital assets, or do I take over the custody myself?” Fortunately, there is an answer.
The custody solution platform
Originally, crypto assets were kept using one of two methods: hot storage or cold storage. Hot wallets are directly connected to the Internet and provide instant access to the private keys required to authorize transactions. However, this increases their vulnerability to malicious attacks over the network. On the other hand, cold storage solutions physically store private keys in secure offline locations. While this increases security, it also prohibits high-speed transactions.
Additionally, the option to choose between custodians and non-/self-custodians exists. Crypto custodians provide clients with a soft- or hardware-based custody solution and manage the stored keys on their responsibility. Contrarily to this, non-/self-custodians only provide the custody solution, without being responsible for the key management. The latter, of course, entails huge risks, as described above, and poses enormous requirements concerning IT security.
As a result of the outlined difficulties of cold and hot storage, a new concept of custody has developed. This new approach combines the advantages of cold and hot storage while eliminating the previous weaknesses of those solutions. The so-called warm storage enables fast transactions and fulfills the security standards of banks. Hardware security modules (HSMs) ensure these security demands by making unauthorized access or attacks extremely difficult.
A closer look at the custody market for digital assets shows that a host of industry standards have developed, which now are considered as the fundamental requirements for the digital custody market.
The standards shown in Figure 1 must be met in order to manage the custody of digital assets for financial institutions. The first criterion is instant liquidity. The assets must be accessible and transferable in real-time. In addition, customers demand to be able to manage users and roles in order to determine who can access their stored keys. From a security point of view, it is essential to offer a solution for key recovery in case of a disaster. In the past, lost or stolen private keys led to the permanent loss of the corresponding assets. The use of HSMs also provides additional advantages in this respect, since it prevents private keys through backups from being lost.
Furthermore, all custodians must offer adequate insurance so that financial institutions can properly cover themselves against risks. The most important element, however, is regulation. In order to store digital assets for financial institutions, the standards that have been in place in this industry for decades must be met. On top of a robust IT infrastructure, the operational processes need to be monitored closely to ensure that the clients’ assets are protected at all times. Risk management processes for IT and operations are performed by a separate team, to ensure that internal controls work as designed. In other words, a crypto custodian must comply with all existing regulations, e.g. authorization by BaFin for the German market.
Plutoneo — fully customizable custody for digital assets
During the development of their custody solution, Plutoneo realized that it was not sufficient to just meet industry standards. Thanks to many years of experience in banking, Plutoneo’s team knew that every bank and every financial service provider has its own fixed IT-system. The answer is, therefore, to be able to adapt the own service as individually and flexibly as possible to customer requirements. This is why Plutoneo initiated contact with their current IT-partner GISA, a provider of IT-solutions for critical infrastructure and certified cloud services. The company has been active in the technology industry since 1993 and holds more than 20 security licenses. With over 800 employees that are responsible for technical development and daily run of applications, GISA has the necessary capabilities to develop the Plutoneo custody architecture based on service modules. Therefore Plutoneo can offer each client, depending on the respective requirements, a customized solution. Thus, Plutoneo is the ideal custody provider for platforms and large-scale clients ranging from traditional banks to crypto exchanges.
The future of digital assets is shaping up. Through regulatory progress and technological evolution, Plutoneo is now ready to offer financial institutions an appropriate custody solution for their digital assets. In combination with their IT-provider GISA, their clients benefit from fully customizable solutions and a follow-the-sun IT operations team. The custody solution by Plutoneo combines instant liquidity, a fully customizable IT-solution and meets all the security standards and requirements known from traditional capital markets.
Mauro Cappiello is the founder Blockchain Innovation Group in Zug. He has more than 2 decades of international experience in technology, strategic leadership and business transformation in the financial industry/investment banking enabling business alignment, cost-efficiency and innovation.
Mauro is a former CIO of Clearstream (Deutsche Börse), co-chair of the Crypto Valley Association Enterprise Working group and a mentor in F10 Accelerator (SIX, ZKB). Apart from that he is also a blockchain start-up mentor (RISE Technologies, APIAX).
You can contact him on LinkedIn (https://www.linkedin.com/in/maurocappiello/).