Published Jun 7, 2022
By Qredo Team
6 Questions to Ask When Choosing a Digital Asset Custodian
Whether you're a hedge fund, corporate treasurer, or asset manager, choosing the right custodian can be key to your success with digital assets.
Yet navigating the digital asset custody landscape is not a simple task.
Crypto has changed the rules of the game from traditional finance. Assets are now secured cryptographically by strings of code known as private keys, and transactions can't be reversed—making security of the utmost importance.
And because this is an emerging asset class, where regulators are still feeling their way, there are few clearly established guidelines or universally agreed best practices.
To help you make sense of it all, here are the six big questions you need to be considering when choosing a digital asset custodian for your organization.
1. What type of custodian is it?
As digital representations of value, cryptoassets are stored on the blockchain and controlled by a private key.
The job of a custodian is to secure these private keys, which look something like this:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
Custodians can be categorized by their technical approach to storing private keys:
i) Cold storage custodian
The first type of custodian, which are often affiliated with either crypto exchanges or established institutions like Fidelity, are standalone businesses that aim to mirror the same operating structures of traditional finance.
These custodians typically employ "cold storage" — a method of storing private keys that reflects the same physical security paradigm that sees traditional assets like gold being stored in air-gapped vaults.
Private keys are held offline in specialized hardware, and a small portion of assets are left in hot crypto wallets (which are online) for ease of access. Exactly how these crypto wallets are managed will vary from custodian to custodian, but one thing will remain the same: the third party custodian is firmly in control of the keys. They use them to interact with the blockchain on your behalf and generate public keys to receive transfers.
In place of the private keys, you are issued a good old username and password. This separates you from the raw mechanics of the blockchain, granting you a degree of convenience.
But it comes with big trade-offs. Not least, that — legally speaking — depositing assets with this kind of digital asset custodian could be considered to be a bailment (sale) — a detail that could mean the difference between bankruptcy and being able to recover assets in the event of custodian collapse.
ii) MPC custodian
The latest breed of third party custodians are built on the cryptographic breakthrough of multi-party computation (MPC). This innovation effectively divides the private keys and scatters the sensitive key material between multiple locations. The vulnerability of holding a single private key is thus avoided, and signing takes place in a distributed fashion.
Some implementations of MPC hold the private key material on cloud hosting servers, while others share it between customers and servers controlled by the custodian. Regardless of how it is stored, it is critical to ensure that it is secure. Otherwise you run the risk of catastrophes such as losing key material and being unable to recover funds.
iii) Self-custody
Instead of opting for traditional third party custody, some organizations are choosing to realize Satoshi's vision of self-sovereignty and take custody of their own coins.
#NotYourKeysNotYourCoins
But as you might imagine, looking after your own private keys can be a high-stakes business. Keys are easily misplaced or stolen, or fat-fingered by error-prone employees — resulting in irreversible losses.
Qredo offers an alternative vision of self-custody using a decentralized implementation of MPC. You remain in control of the assets without the responsibility of safekeeping the private key, and can layer your own institutional tools on top — such as signing workflows and insurance policies — while retaining full ownership of your assets on independent infrastructure.
2. How much does the custodian cost?
Fees can make a big difference to profitability, especially for small funds.
Most crypto custodians will charge a single setup fee, in addition to ongoing fees charged according to transaction activity or at a fixed monthly rate.
Setup fees can typically be anything up to $10K with monthly fees averaging around $3K per month.
Qredo takes a different approach and charges no set-up fee, zero custody fees, and 0.5 bps per transaction.
3. How does the custodian balance security and accessibility?
Most digital asset custody methods represent a trade-off between two qualities: security and accessibility.
Third party cold storage solutions go all in on security. They shunt keys offline and implement long and complex withdrawal policies to access them. Accessibility is an afterthought, meaning withdrawal times can be more than 12 hours — even if small amounts of assets are kept in a hot wallet for easy access.
And, despite this focus on security, cold storage solutions can still leave assets vulnerable to one of the biggest dangers: insider threats.
MPC solutions, often called warm wallets, have the potential to provide both security and accessibility. But whether or not this is realized depends on how the MPC nodes that control the signing process are managed.
Regardless of the technical method of securing the private keys, many custodians will also offer additional security assurances:
i) Insurance
Even when custodians do things correctly, funds can still be lost due to crime and internal errors.
That's when you need insurance.
Most MPC solutions will have a crime insurance policy that covers employee theft, third-party computer crime, and related losses.
Cold storage solutions may have insurance that only covers assets held in the hot wallet, and not necessarily in the larger cold storage vault. Alternatively, they may have fully comprehensive insurance up to specific limits.
Funds held on Qredo are currently protected by crime insurance as standard. In addition, we are introducing the ability to layer your own bespoke insurance products on top — including native DeFi insurance offerings and our own specialized in specie insurance (coming soon!).
ii) Asset segregation
For security, transparency, and compliance reasons, institutional investors often require funds to be held in a separate crypto wallet from other clients.
Digital asset custodians however, typically pool assets together in opaque omnibus accounts.
Assets held on Qredo are segregated into separate Layer 2 crypto wallets, and full visibility into inflows and outflows is provided via the Qredochain Block Explorer.
iii) Audits
All third party custodians should be audited by reputable bodies to meet standards for capitalization, anti-money laundering procedures, confidentiality, auditing, reporting, and storage. Penetration testing and smart contract auditing may also be appropriate, depending on the custodial architecture.
In addition, SOC 1 and SOC 2 audits can provide assurance that internal controls and operations are in compliance with the strictest data privacy and protection laws.
4. Can you access investment and yield earning opportunities?
The opportunities offered by DeFi and the digital asset market are uniquely attractive in an era of low interest rates and negative yields.
Yet choosing the wrong custodian can leave you unable to take advantage of them.
Access to DeFi
For individuals, DeFi is primarily accessed using self-custody crypto wallets such as MetaMask, that store private keys in the browser data store where they can easily be used for signing transactions in web-based DeFi apps.
However, as cold storage custodians take private keys offline, they typically preclude institutions from accessing DeFi.
Full control and flexible access to DeFi is typically only offered by MPC solutions, led by Qredo's pioneering integration with MetaMask Institutional.
Access to centralized exchanges
In addition to storing digital assets, custodians may also provide access to trading venues or have relationships with market makers.
Taking advantage of this, however, may require moving assets to an exchange. This introduces a whole new set of risks, and means losing all the protections afforded by the custodian.
Qredo is integrating exchanges and fiat onramps directly into Qredo Network, providing access to services without exposure to counterparty risk. In addition, Qredo PowerSwap will soon supply direct access to liquidity .
5. Is the custodian operationally efficient?
Choosing the right custodial tech can shorten set-up times, reduce day-to-day friction, and ensure that operations can scale as your organization grows.
We unpack these below:
Set-up times
Technical training, plus onboarding of all the key governance stakeholders, can take weeks (or even longer if you need to plug your custodian into an existing tech stack).
Having the right APIs can make this task much easier, and some custodians provide white-glove service to guide set up process step by step.
Scalability
Dynamic organizations need custody solutions that can flex to fit the requirements of growing teams.
This can be an issue with traditional multisig, in which quorums are set in stone and signing schemes cannot be adjusted without setting up a completely new crypto wallet.
MPC grants much greater flexibility over signing arrangements, enabling access and permissions that can be adjusted on-the-go.
Operational workflows
Custodians can allow you to specify rules to be followed when interacting with your crypto assets. This includes rules around who can trade, who can approve a transaction, and who can change custodial policies.
Qredo takes this to the next level and grants granular and customizable control over governance. As a result, you can easily ensure that each team or staff member has the correct permissions and access rights to carry out all the necessary tasks for running day-to-day operations.
Reporting
Organizations investing in crypto face a growing need to report activity, for both auditing and accounting purposes.
Despite this, many custodians operate in an opaque manner, recording holdings on internal spreadsheets, and not providing real-time reports.
Qredo records all digital asset activity on-chain, forming a transparent and immutable audit trail that can be exported at will.
Programmability
Traditional financial institutions can spend vast amounts of resources on automation to increase efficiency and eliminate errors.
The same level of sophistication has not yet made it to the crypto market, despite irreversible transactions making mistakes even more costly.
Automation and programmability can not only reduce errors significantly, but also unleash new trading use cases such as fast-paced arbitrage and rapid-fire sniping that wouldn't otherwise be possible. It can also enhance compliance efforts, enabling transactions to be automatically screened and blocked to avoid exposure to toxic assets.
To this end, Qredo is introducing Computational Custody — an automation tool that can independently assess transactions according to specific criteria — such as size, parameters, origin, or destination — and process them without the need for human intervention.
6. Does the custodian comply with evolving regulations?
Authorities attempting to exert control over crypto are increasingly holding digital asset firms to similar standards as banks; including the introduction of KYC/AML requirements, and very soon, the Travel Rule. This international guidance is being rolled out globally and will require all digital asset firms to share sender and recipient information.
Qredo Compliance provides information sharing infrastructure that future-proofs your compliance needs, making it easy to comply with regulations like the Travel Rule.
Depending on your jurisdiction, you may also need a qualified custodian that is registered with the local authorities.
As a decentralized custody network, Qredo occupies a unique niche in the regulated custody landscape. It doesn't fit the custodian definition, because it doesn't participate in signing transactions. However, you can assign your own regulated custodian to sign transactions, and still benefit from accessibility to other services on Network.
Need more help choosing a digital asset custodian?
The six questions laid out here should set you on the right course to choosing a digital asset custodian that suits your needs.
To dive deeper into the MPC market, read our guide to comparing MPC crypto wallet providers.
Or contact us today to learn more about Qredo, and how you can securely access DeFi through our MetaMask Institutional integration.