This week’s Coinrail incident serves to underline the importance of having the proper checks and balances in place. It follows the same pattern as Mt. Gox and Coincheck hacks in the past. (None of these companies were customers of BitGo.) The fact is that these hacks are completely preventable and shouldn’t pose the level of risk that they presently do.
The present system for cryptocurrency is not sustainable without addressing the underlying issue – separating trading from the securing of the digital assets. It’s critical to understand that keeping digital currency safe is not purely a technical problem. It’s also a process problem and a people problem. Storing assets with a secure custodian that is separate from the exchange is essential. If we don’t make changes soon, we will continue to see centralized exchanges fail.
The building blocks of trust
We have previously looked at what is fundamentally missing from the current market infrastructure supporting digital currency investing — custodianship. That’s because the essential building blocks of a next-generation infrastructure to support this new asset class are security, storage, compliance — and custody. At BitGo, we started with security and multi-signature authorizations. We expanded to storage solutions next to hold the asset. And we’ve ensured the entire process is compliant. But without custody, the model fails to deliver the trust that’s essential to the long-term success of the asset class.
The reasons are fairly self-evident. When you’re dealing with your own money, you’re taking your own risk. But, if you’re dealing with someone else’s money (e.g. as a fund manager, Registered Investment Advisor, etc), you need to be able to demonstrate fiduciary duty and competence — that you’ve taken appropriate precautions to verify the technology and service providers, that you’ve taken appropriate safeguards, that you’re executing good trades on behalf of your clients, that you’ve met regulatory requirements, etc. Custodians fulfil this role, acting as an independent verifier that investment managers are acting as good fiduciaries.
At an individual level, people hire banks and custodians to store their money because they either don’t know how or don’t trust themselves to store their own money — particularly when we’re talking about very large sums of money. If you didn’t have a bank to store your savings, what would you do? Put bars on the windows? Install a safe in a secret wall? Bury it in the backyard? Hire a security guard? No. You entrust it to people who know how to keep it safe, who know how to make sure you have access to it, and who have all the safeguards in place to protect your hard-earned investment.
And nowhere is that more important than with a digital asset like cryptocurrency.
Signs of trust: What progressive institutional investors are looking for
When it comes to digital currency investing services, the early adopters and fast followers among institutional investors are looking for more than just technology. After all, keeping digital currency safe is not purely a technical problem. It’s a process and people problem, as well. All of these different pieces need to come together.
And when it comes to institutional investors and dealing with their customers’ money, the bar is even higher. The amounts of money are larger, the risk of theft is higher, the possibility for insider theft is huge, and coercion and policy control failures are all higher.
If you’re an institutional investor, and you’ve decided now is the time to get into investing in digital currencies, what you’re looking for in an infrastructure solution is:
- Proven technology, including cutting edge cybersecurity that lets you get to your investment quickly and easily, but assures you it won’t disappear
- A company with a good track record of service, big cap and balance sheet, a diverse set of clients and offerings, and a solid reputation
- A reputable management team and verifiable compliance program
- Credible, top-grade insurance
- Well-established and thorough policy and compliance controls in place
- Institutional business verifications, continuity plans, and disaster recovery plans
And if you’re talking with a vendor who claims to offer all this, then its critical to kick the tires and know what you’re getting into. The questions that the most discerning investors are asking are:
- Are you a qualified custodian or not? Are you 1940’s Act compliant? If the answer is no, run.
- How fast can you access our money? If the answer is “fast”, then be careful. Security is about safety, not speed.
- Will you have multiple liquidity options once you put your money into the custodian? Will you be able to get the best market price when trading, and how will you know you’re getting the best price? Again, if the answer is no, run. That’s not real custodianship.
- Do you focus on retail or enterprise clients? Do you have a business continuity plan? What is your SLA? Do you offer 24×7 support for my questions or escalations? If you do offer retail services, which is more important, your retail business or my enterprise business?
Again, it all comes back to how to create trust in this new digital asset class. To achieve a sustainable digital currency infrastructure that meets this higher standard, we have to integrate people, processes and technologies — starting with security. This is what it takes.
Of course, some would argue that institutions should build this for themselves rather than trusting any other organization. What’s right about this approach is that it acknowledges this isn’t just a technological challenge. Again, it takes people and process and technology.
But It takes all three of these pieces coming together, and security is a fundamental piece of that technology challenge. In fact, you have to start with security, not bolt it on later as an afterthought. The risk with the do-it-yourself (DIY) approach is that even if those institutions know technology, most don’t know security — and certainly not to the level required to safeguard digital currencies.
But even beyond that, the question is, what business are you really in? Are you a technology company who wants to continually invest in cutting edge cybersecurity solutions for safeguarding digital currencies? Or are you an investment firm with a laser focus on helping you clients manage and grow their wealth, and do you want to partner with somebody who offers best-in-class services around security, storage, compliance and custodianship?
And that’s where BitGo fits in. We focus on integrating the people, processes and underlying technologies that engender trust in this new exciting world of institutional investing in digital currency.
This post was first published on blog.bitgo.com.
About the author: Mike Belshe is the CEO of BitGo. BitGo Inc. is the market leader in institutional-grade cryptocurrency investment services, providing institutional investors with security, compliance, and custodial solutions for blockchain-based currencies. BitGo is the world’s largest processor of on-chain Bitcoin transactions, processing 15% of all global Bitcoin transactions, and $15 billion per month across all cryptocurrencies. The company has over $2 billion in assets in wallet, and a customer base that includes the world’s largest cryptocurrency exchanges and spans more than 50 countries. BitGo is headquartered in Palo Alto, California, and has offices in New York, London, Singapore, and Tokyo.