Why Security-First Crypto Custody Matters for Institutional Investors

As adoption accelerates, the benefits of digital asset storage cannot be overstated. 

A prominent development among recent crypto custody trends is that regulators are at work shaping the next generation of rules. It's impossible to predict what they'll do next, but on April 25, the Securities and Exchange Commission (SEC) solicited public input during the first-ever crypto custody roundtable.  

One comment summed up the tension: 

“For too long, [institutional] investors and the firms that serve them have been subjected to significant uncertainty with respect to how regulated entities can custody customer assets in a manner compliant with [SEC] rules. … This uncertainty has … effectively deprived [investors] of the choice to have their assets held by a registered entity or a qualified custodian … [and] has not advanced investor protection.” - Richard Gabbert, Crypto Task Force Chief of Staff 

Regulators want to provide legal clarity for institutions, but they're concerned about how to uphold standards of investor protection along the way.  

For institutions interested in crypto investing, secure digital asset storage is essential for protecting the organization and clients while satisfying regulators. 

Key Takeaways

• The SEC is working toward clearer digital asset custodian rules. Institutions that develop relationships with qualified custodians, who practice a security-first approach to digital asset storage, are best positioned as the regulatory environment develops.

• Security-first custody protects against hacking, insider fraud, and human error by ensuring that no single point of failure can create a crisis.

• Cold storage, multi-signature (multi-sig) wallets, strict access controls, SOC 1 and SOC 2 certifications, and insurance coverage are key considerations to look for during due diligence. 

• Qualified custodians provide the transparency, reporting, and audit trails needed to manage client assets with confidence and peace of mind. 

Key Elements of Secure Digital Asset Storage

When people think of cyberthreats, they might think of hackers in hoodies coding their way into places they don’t belong. But the reality is much different. 

As long as a password is reasonably complex, brute force hacking it would take years. The real threat is human error: insider mistakes, phishing scams, and even simple misplaced keys.  

Consider the story of crypto custodian Prime Trust, which went bankrupt after employees simply lost the keys (and access) to about $76 million worth of Bitcoin wallets. Prime Trust did not go under because of some elite hacker; its problems stemmed from poor internal management practices.  

Secure digital asset storage involves layering protections across people, processes, and technology so there is never a single point of failure. Even if something falters, there is always a backup plan.  

 Here are the gold standards of digital asset custodian security: 

• Multi-Signature (Multi-Sig) Wallets: These require multiple private keys to authorize a transaction. For instance, BitGo’s self-custody cold wallets require both a client and BitGo key to co-sign any trade. 

• Cold Storage: These shield assets from digital threats by storing keys in hardware that’s never connected to the internet. This protocol requires manual steps to move funds, adding a layer of human verification that prevents potential attacks or user mistakes. 

• Hardware Security Modules (HSMs): Securely storing private keys is a critical task of custodians. Leading service providers use encrypted HSMs, technology familiar to the traditional finance industry, as well as backup keys in multiple jurisdictions to defend against physical theft and natural disasters.

• Access Controls and Role Segregation: Secure digital asset storage requires strict internal controls. Role-based access ensures no single individual can execute large transactions, and only those who need it have it.

• External Audits: Independent parties are important for verifying the adequacy of security and financial controls. Look for organizations with SOC 1 and SOC 2 certifications, which signal that operational standards meet rigorous industry benchmarks. 

Benefits of Secure Digital Asset Storage

Institutions face significant risks when holding digital assets on behalf of clients. Are clients safe from security breaches? Internal fraud? Are an institution’s practices running the risk of regulatory penalties?  

Here are the key advantages of secure digital asset storage. 

Enhanced Security and Risk Reduction

During the SEC’s crypto custody roundtable, it shared perhaps its deepest regret as the absence of clearer regulation of the industry; the market was interested in cryptocurrency, regulated or not.  

The future of crypto custody regulation is coming, and security-first custodians dramatically reduce the risk of theft or loss compared to exchange-based custody.  

Advanced security measures (like multi-sig and cold storage) protect assets, making successful attacks less likely. Even in the worst-case scenario (bankruptcy), reputable custodians hold client assets with legal entities distinct from their trading platforms, protecting them from the perils of receivership and bankruptcy proceedings.  

Transparent Reporting and Audit Trails

Any chief financial officer (CFO) interested in a digital asset custodian must prioritize due diligence and transparency. A security-first custodian logs every transaction and access event, providing access to detailed account statements. Many custodians offer on-demand reporting dashboards.  

Having access to an audit trail is invaluable for internal compliance, passing external audits, and most importantly, assuring stakeholders that assets are properly managed.

Insurance Coverage

Leading custodians carry insurance that covers assets against theft, loss, or misuse. For instance, BitGo offers up to $250 million in coverage. This kind of coverage is a critical safety net.  

Regulatory Compliance and Oversight

Institutions expect custodians to meet the same level of oversight and accountability they demand from traditional financial partners. 

Custodians with trust charters or licenses, like BitGo, are subject to banking-level oversight. As the regulatory landscape develops, providers that maintain SOC 1 and SOC 2 certifications are most likely to stay on the right side of the SEC. By passing external audits, BitGo is an example of a custodian that demonstrates that its security and financial control practices are top-notch.   

Custody Partners for Enterprise Crypto Security

The SEC considers custody rules governing traditional finance to be the most rigorous standard in financial oversight. While regulators are still developing the next generation of cryptocurrency rules, institutional investors can expect similar principles to apply to crypto custody.  

Partnering with qualified custodians for digital asset custody is quickly becoming the industry standard. Seeking regulated entities that segregate client assets, provide auditable records, and adhere to the strictest security protocols is a must to stay ahead of future regulations while capturing a share of the crypto market.  

FAQ

What is secure digital asset storage?

Secure digital asset storage refers to the safeguarding of cryptocurrency private keys using robust security measures, such as multi-sig, role-based access, and cold storage techniques.  

How does secure digital asset storage enhance data protection

It enhances data protection by guarding private keys from hackers, physical theft, and human error. Storing assets offline means private keys aren’t exposed to online attacks, while multi-factor authentication and role-based access ensure no single person can unilaterally access or move funds. Finally, by logging and monitoring all access attempts, stakeholders have an audit trail to follow. 

Is secure digital asset storage cost-effective?

The benefits can outweigh the costs, especially for institutions managing assets on behalf of clients. Professional custody services charge fees, but they also prevent potentially costly incidents. Additionally, building in-house infrastructure is expensive, and many organizations appreciate the value-added services, such as over-the-counter (OTC) trading and insurance coverage, that crypto custodians offer. 

How can businesses ensure the security of digital assets?

During due diligence, businesses can ensure digital asset security by looking for organizations with a multi-layer approach to security that passes SOC 1 and SOC 2 audits, uses state-of-the-art security protocols, and rises to the SEC definition of a qualified custodian.