What to ask of your custodian
Custody is the most important decision an institution must make when dealing with digital assets. Most recently, the SEC’s proposed changes to the custody rule, only further illustrate the growing importance of selecting a knowledgeable, regulated, and accessible custody partner to secure your firms’ digital assets.
When it comes to selecting a partner or vendor, the first factor many business leaders visit is price. While it’s tempting to line up custodians side by side by pricepoint for simplicity, this approach fails to consider the quality of customer service, level of security and controls, and regulatory compliance of different custodians–all of which vary vastly.
As the crypto industry has matured, the role of responsible, regulated custody has become well-understood by market participants and institutions. While the importance of safe custody is common knowledge, what constitutes ‘safe custody’ remains difficult for institutions to answer. The range and fragmentation of various custody providers and their solutions only adds to this complexity.
The most important questions to ask of potential crypto custodians
These questions will help you evaluate the soundness of the technical and regulatory underpinnings of safekeeping.
1. How are private key(s) generated?
The first step in digital asset custody is the creation of the private key. An often overlooked stage in custody, it has the potential to be one of the most vulnerable points in the storage lifecycle of your crypto.
Further questions: Is the process manual or automated? Is it created in a way that cannot be influenced or eavesdropped by a malicious party? How can the custodian prove this to you?
2. How is the crypto stored?
When evaluating private key storage, you must take into account not only the way in which your assets are protected during their expected lifecycle but also exceptional cases and vectors of compromise that can be experienced over the course of decades of data safekeeping.
Further questions: Where is the private key stored when it's not being used? Does it exist in the general memory of an inspectable computer? How are private keys made safe from extraction? Does the asset ever exist in a place where it can be connected to the internet? What happens in the case of disaster to make sure the private key(s) cannot be lost? Could a fire, a hardware malfunction, or a natural disaster expose your institution to loss?
3. Are my assets segregated or commingled with other client or company assets?
Not all crypto custodians take the same approach to client assets. Whether storing, trading, staking or participating in voting on governance tokens, an institution should know whether or not their crypto is kept separate from the firm and other clients assets.
Further questions: In the event of a bankruptcy, are my assets bankruptcy remote and not part of a debtor estate in bankruptcy proceedings? Does the custodian have an independent parent company and affiliates? Independent board? Is there a dedicated compliance team? Is the custodian subject to risk-based capital adequacy requirements?
4. How do you ensure our instructions are followed without compromise?
A frequently neglected component of safe custody is a rigorous and secure framework for access and usage to private key material. Protecting keys from even a single unauthorized usage is paramount, because once spent or sent, these assets are irrecoverable. This is often the least mature and protected process in crypto custodians. Anchorage Digital was founded on the principle of protecting private key usage with the same level of security as the private key material itself.
Further questions: How are policies for private key use created and enforced? Can these policies be compromised such that the key can be used without proper consent? How closely are policies tied to the actual transactions being signed? Can assets be moved by the custodian without participation from my institution?
5. Whose responsibility is it to keep these keys safe?
Because digital assets’ safety and security lies in getting the technical setup correct end-to-end, across every link in the security chain, this technological security is extremely difficult to get right. Institutions rely on custody and safekeeping providers to be the experts in security so they can focus on their business. Having clarity on where responsibility for the safety of your assets lies is key to building trust.
Further questions: Does my institution have to have private key security as a core competency to confidently use this custody solution? Does the custodian take full accountability for the accessibility of my assets? How is the custodian’s responsibility audited and regulated?
Anchorage Digital custody was designed to mitigate risk to the maximum extent possible. Our custody solution is the only model on the market that incorporates secure storage, strong controls, regulatory compliance, and bankruptcy protection–all with an integrated policy engine and key processing system that keeps both equally secure. Our custody is provided through our national bank charter, the industry’s only nationally-regulated form of custody. We deliver this security in all the services we offer from trading to staking and governance, with one custody model built to scale to trillions of dollars in value.
Interested in risk-mitigated, federally regulated crypto custody and other services? Please get in touch.
About Anchorage Digital
Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry’s leading security infrastructure. Home to Anchorage Digital Bank N.A., the only federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings. The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn.
This post is intended for informational purposes only. It is not to be construed as and does not constitute an offer to sell or a solicitation of an offer to purchase any securities in Anchor Labs, Inc., or any of its subsidiaries, and should not be relied upon to make any investment decisions. Furthermore, nothing within this announcement is intended to provide tax, legal, or investment advice and its contents should not be construed as a recommendation to buy, sell, or hold any security or digital asset or to engage in any transaction therein.
.png)
