How institutions can better plan the security around custodial assets

The digital assets industry continues to recover from its setback in the year 2022 and currently has risen to a market cap of about $1.1 trillion. As participation from institutions, brands, and regulatory stakeholders increases, the digital assets industry is likely to continue its path to achieve mainstream adoption.

Simultaneously, security continues to be one of the biggest hurdles for the sector. As per media reports, the total value of digital assets lost in scams, hacks, and rug pulls amounted to $656 million in just the first half of 2023.

With governments and regulators demanding stricter compliance, global cooperation, licensing requirements, and reporting frameworks for suspicious transactions, the digital assets industry is on the cusp of evolving into a full-blown industry.

How should institutions tackle this problem?

It should be known that first and foremost, there is no trade activity that is free of risk.  Generally, bigger expected returns come with a greater risk of loss. The more you understand the risks of your investment, the more effectively you can minimise their potential effects.

Risks associated with digital assets can range from operational risks like unsupervised trading, Inconsistent customer protections, commingled customer assets to fraud-related risks like data manipulation and counterparty-associated risks.

Globally, institutions holding or transacting digital assets must fully comply with the rules applicable in the jurisdictions they provide their services. Auditing and understanding the compliance requirement is crucial for institutions to remain safe.

Governments are framing new laws or amending the existing ones to address the disruptions caused by digital assets. The legal team of any institution should keep track of all regular updates taking place, equally, companies must implement a process to ensure all legal requirements are met.

Reporting illegal and suspicious activities to the authorities is a crucial requirement of new laws that apply to digital assets besides ensuring that tax reporting is efficiently handled.

Managing technology and operational Risks

Digital assets are supposed to offer speed and scale in financial transactions. For that, they must have a smooth operational procedure, which needs to be developed and documented after examining every aspect of custody management, asset transfer, and incident response.

Risks in this segment can largely be categorised under five types—Data security and privacy, digital, technology errors and omissions, IT resiliency, business interruption, and reputational risk.

These issues are usually solved by digital asset custody providers by deploying a number of solutions. Here are few examples:

Access control

There can be two types of access controls for who can access digital assets and carry out transactions. 

Role-Based Access: Within an organisation, several people can access digital assets to facilitate speed and scalability. Organisations need to define them. There should be periodic reviews, and access control should be updated based on personnel changes.   

Multi-Factor Authentication (MFA): While accessing digital assets, using multi-factor authentication makes it more secure against security breaches such as hacking and stealing assets.  

Third-Party Due Diligence

Third-party custody service offers multi-layered security to your private keys. They can retrieve your private keys if you forget them. But before enlisting a third-party custodian, institutions must perform due diligence.  

Insurance Protection

After implementing all the safeguards, institutions should take appropriate insurance protection plans. Cybersecurity insurance plans are available and immensely helpful for institutions holding or transacting digital assets.

Ensuring that your private keys remain private

Ensuring that your keys are stored in cold storage like your PC that's never connected to the internet. It is safe from hacking and theft. Conversely, storing them via Hot Storage that is Protected by encryption technology is another option. It offers easy access but remains vulnerable to security breaches.  

Institutions could also choose to store them in Hardware Security Modules (HSMs) which are devices that generate, protect, and manage private keys, or multi-signature wallets which as the name suggests, are wallets that need multiple signatures to execute a transaction. 

Cryptocurrency wallets and custody solutions are two different things. While anyone can use wallets to hold digital assets, cryptocurrency custody solutions are primarily used by institutions such as hedge funds, governments, institutional investors, and cryptocurrency mining companies. A custodial service provider will use a combination of hot, warm, and cold wallets to ensure maximum security for the assets. At the same time, it will ensure operational efficiency by implementing appropriate access controls.

Just like any other asset class, cryptocurrency is also an asset class susceptible to vulnerability. As it grows in popularity, having a planned mechanism of risk management and safety measures is critical. Cryptocurrency custody service providers offer cutting-edge solutions for institutions that encompass enhanced security and efficient management of digital assets. 

Equally, it is important for institutions to keep a check on regular updates and ensure that compliance and reporting mechanisms are in place.

Manhar Garegrat is the Country Head, India and Global Partnerships at Liminal, a wallet infrastructure and custody solutions platform.