What to ask of your custodian

Custody is the most important decision an institution must make when dealing with digital assets. Most recently, the SEC’s proposed changes to the custody rule, only further illustrate the growing importance of selecting a knowledgeable, regulated, and accessible custody partner to secure your firms’ digital assets.

When it comes to selecting a partner or vendor, the first factor many business leaders visit is price. While it’s tempting to line up custodians side by side by pricepoint for simplicity, this approach fails to consider the quality of customer service, level of security and controls, and regulatory compliance of different custodians–all of which vary vastly.

As the crypto industry has matured, the role of responsible, regulated custody has become well-understood by market participants and institutions. While the importance of safe custody is common knowledge, what constitutes ‘safe custody’ remains difficult for institutions to answer. The range and fragmentation of various custody providers and their solutions only adds to this complexity.

The most important questions to ask of potential crypto custodians

These questions will help you evaluate the soundness of the technical and regulatory underpinnings of safekeeping.

1. How are private key(s) generated?

The first step in digital asset custody is the creation of the private key. An often overlooked stage in custody, it has the potential to be one of the most vulnerable points in the storage lifecycle of your crypto.

Further questions: Is the process manual or automated? Is it created in a way that cannot be influenced or eavesdropped by a malicious party? How can the custodian prove this to you?

2. How is the crypto stored?

When evaluating private key storage, you must take into account not only the way in which your assets are protected during their expected lifecycle but also exceptional cases and vectors of compromise that can be experienced over the course of decades of data safekeeping.

Further questions: Where is the private key stored when it's not being used? Does it exist in the general memory of an inspectable computer? How are private keys made safe from extraction? Does the asset ever exist in a place where it can be connected to the internet? What happens in the case of disaster to make sure the private key(s) cannot be lost? Could a fire, a hardware malfunction, or a natural disaster expose your institution to loss?

3. Are my assets segregated or commingled with other client or company assets?

Not all crypto custodians take the same approach to client assets. Whether storing, trading, staking or participating in voting on governance tokens, an institution should know whether or not their crypto is kept separate from the firm and other clients assets.

Further questions: In the event of a bankruptcy, are my assets bankruptcy remote and not part of a debtor estate in bankruptcy proceedings? Does the custodian have an independent parent company and affiliates? Independent board? Is there a dedicated compliance team? Is the custodian subject to risk-based capital adequacy requirements?

4. How do you ensure our instructions are followed without compromise?

A frequently neglected component of safe custody is a rigorous and secure framework for access and usage to private key material. Protecting keys from even a single unauthorized usage is paramount, because once spent or sent, these assets are irrecoverable. This is often the least mature and protected process in crypto custodians. Anchorage Digital was founded on the principle of protecting private key usage with the same level of security as the private key material itself.

Further questions: How are policies for private key use created and enforced? Can these policies be compromised such that the key can be used without proper consent? How closely are policies tied to the actual transactions being signed? Can assets be moved by the custodian without participation from my institution?

5. Whose responsibility is it to keep these keys safe?

Because digital assets’ safety and security lies in getting the technical setup correct end-to-end, across every link in the security chain, this technological security is extremely difficult to get right. Institutions rely on custody and safekeeping providers to be the experts in security so they can focus on their business. Having clarity on where responsibility for the safety of your assets lies is key to building trust.

Further questions: Does my institution have to have private key security as a core competency to confidently use this custody solution? Does the custodian take full accountability for the accessibility of my assets? How is the custodian’s responsibility audited and regulated?

Anchorage Digital custody was designed to mitigate risk to the maximum extent possible. Our custody solution is the only model on the market that incorporates secure storage, strong controls, regulatory compliance, and bankruptcy protection–all with an integrated policy engine and key processing system that keeps both equally secure.  Our custody is provided through our national bank charter, the industry’s only nationally-regulated form of custody. We deliver this security in all the services we offer from trading to staking and governance, with one custody model built to scale to trillions of dollars in value.

Interested in risk-mitigated, federally regulated crypto custody and other services? Please get in touch.

About Anchorage Digital

Anchorage Digital is a regulated crypto platform that provides institutions with integrated financial services and infrastructure solutions. With the only federally chartered crypto bank in the US, as well as Anchorage Digital Singapore, which offers equivalent security and service standards, Anchorage Digital provides institutions an unparalleled combination of secure custody, regulatory compliance, product breadth, and client service. Founded in 2017, Anchorage Digital is valued at over $3 billion with funding from leading institutions including Andreessen Horowitz, GIC—Singapore’s sovereign wealth fund, Goldman Sachs, KKR, and Visa. Headquartered in San Francisco, California, Anchorage Digital is remote-friendly with offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on Twitter @Anchorage and on LinkedIn.

This post is intended for informational purposes only. It is not to be construed as and does not constitute an offer to sell or a solicitation of an offer to purchase any securities in Anchor Labs, Inc., or any of its subsidiaries, and should not be relied upon to make any investment decisions. Furthermore, nothing within this announcement is intended to provide tax, legal, or investment advice and its contents should not be construed as a recommendation to buy, sell, or hold any security or digital asset or to engage in any transaction therein.

Additional reading

Eight Questions: CJ Jouhal, Head of Engineering, Anchorage Digital
Serving Institutional Crypto Needs With Anchorage Digital
Eight Questions: Moses Lee, Head of Asia, Anchorage Digital Singapore
EDX Markets Selects Anchorage Digital as Custody Provider for New Clearinghouse Business
Introducing the Rekt Test
The Lifecycle of Staked ETH