Digital asset management in the banking sector: opportunities and challenges

Financial industry expert Seamus Donoghue, talks about the opportunities and main challenges of digital asset management in the banking sector.

1. Cryptos, and the blockchain technology underlining it, were designed to propose an alternative to the traditional banking system and yet, financial institutions seem determined to integrate these digital assets into their asset portfolios. Is that a defensive move?

It is definitely not a defensive move as, on the one hand, there is no imminent threat to react to and, on the other hand, banks will be the core of financial markets for the foreseeable future. Quite the opposite, banks are embracing digital assets because of customer demand and the business opportunities they entail.

Cryptocurrencies provide us the option to be our own bank and trade without the need for intermediation. That is an extremely powerful value proposition but it also comes with a lot of risks.

Self-custody of digital assets means you have full responsibility for the safekeeping and integrity of your own crypto assets, meaning you must be in a position to protect them from operational, physical and cyber threats. This is why, if given the choice, most people would opt for the banks, which they already trust for traditional assets, to also manage their digital ones. In this sense, digital and traditional assets do not differ significantly in the business opportunity they present to financial institutions.

Beyond custody, whether we talk about cryptocurrencies or tokenized assets such as securities, digital assets will allow banks to create entirely new business lines, from trading to lending and asset management services. The custody of cryptocurrencies is only the initial use case but it is an essential base layer to build the “digital stack”. It will be the tip of the iceberg in terms of the financial revolution that asset tokenization will trigger.

2. For banks aiming at onboarding digital assets, which are the main challenges ahead?

Bank technology departments are familiar with the concept of managing private keys and HSMs to authorize payments. However, the use of private keys to secure digital assets presents an entirely new set of risks for the banks to manage versus traditional payments or custody. For example, if a private key is lost or compromised so are the assets and once crypto transactions are authorized they cannot be reversed.

This is why simply securing private keys is not enough: it is equally important to secure who can access them and how and when they can be used. Even if the keys are secure, if the way they are used is compromised, then all the funds are at risk. Traditional HSMs simply do not address these risks and are not fit for purpose.

Security policies

The so-called “security policies” — that are essential to the proper governance and rules of the key use — are in most cases held outside of the HSM making them vulnerable to being hacked. This is a challenge that banks are only slowly beginning to appreciate. Adding to it, the approach cannot be secure at all costs: banks must be able to balance security and availability/liquidity so to interact efficiently with the market. Essentially, the banking technology of yesterday needs to be replaced with technology that fully addresses a new set of risks related to digital assets banking.

It is also relevant to point out that — beyond the technical defies — compliance is also a challenge to overcome. Banks are highly regulated entities, and following years of compliance-related fines, move very cautiously when faced with the new requirements, beyond the standard KYC and source of funds of fiat currencies.

“Know your token” or forensic chain analysis, have, so far, been as much a mental challenge, (i.e. what new risks will this mean for the bank?) as a technical one. Fortunately, the crypto eco-system is evolving very quickly with new compliance tools increasingly available and many regulators are increasingly agile and getting out ahead of the banks, such as we have seen with FINMA, and addressing regulatory uncertainty.

3. So, essentially, securing and managing the private keys remains the key challenge?

Absolutely. For banks, everything boils down to being able to access and manage the assets securely. The right balance of security and availability is at the very foundation of digital asset management. If the keys are held in super-secure vaults with the private keys etched in metal then they are indeed secure but by definition, they are also highly inaccessible and the bank will be completely unresponsive to rapidly changing market opportunities and conditions. If the keys are highly accessible and liquid then they are also much less secure.

4. So, how can banks overcome this challenge? Which solution should they be looking at?

A bank will normally have a range of use cases, each with specific security/liquidity tradeoffs. Hence, when assessing options, they should choose a unified and comprehensive solution that manages these tradeoffs while remaining easy to integrate into their existing core banking system.

Finding a “security above all else” storage solution for the keys is not practical. A bank cannot offer custody by only relying on “deep cold” disconnected wallets held in a bunker in the Swiss alps — nice and secure but not sufficient to cover their many other use case requirements. Banks need a unified solution with which to manage funds with a context-adapted balance of security and liquidity. Essentially, this means having a platform that supports cold, warm and hot wallets, with customizable governance and security for the transitions between those “temperatures”. That would provide banks a foundation to manage all types of funds, from long-term reserves to liquidity buffers and high-velocity payments and to securely build new services on this new asset class.

Best technical solution for the banks

The best technical solution for the banks in need of a comprehensive self-custody infrastructure shall be highly secure, flexible, and scalable. The current best practice to hit those requirements is to combine purpose-built integrated hardware and software: the interaction of software services and hardware security offers all the elements of a full wallet management system, including key management, wallet security, policy management, and ledger services.

On the HSM side, tamper-proof hardware — designed specifically for digital assets banking, which includes a trusted execution environment to store and run all critical operations (i.e. secure the keys and governance of their use) — is also essential. This is a key requirement when we speak about “hardware-enforced security” and its key differentiator of purpose-built hardware vs traditional HSMs.

To steal or compromise the keys with such “hardware-enforced security” the hardware first needs to be broken and the best in class hardware solutions have been designed to withstand not just a motivated hacker but also nation-state attacks.

5. After the so-called crypto-winter, what is your outlook for 2019?

For digital assets, 2017 was the year of the retail bubble; 2018, was the year of the POC for banks and enterprises; and 2019 will be — without a doubt — the year institutional participants and infrastructure providers join the party with full production offerings.

Banks and other large financial participants entering this asset class will make this market accessible to a much broader investor base than the narrow community that drove the bubble of 2017. Institutional adoption will be the foundation for profound changes in our existing financial markets. We are witnessing the entire ecosystem rapidly evolve: capital flowing in, clearer regulatory framework, new players, etc.

Custody is the essential foundation for the tokenized economy but as we said earlier it is only the tip of the iceberg — get ready for an exponential future as markets fully embrace this new technology.