Craig: [00:00:09] Hi, I’m Craig Perrin. I’m the VP of sales here at METACO. Welcome to METACO Talks. This is the 16th episode in a series of live conversations purely focused on how the future of digital assets is shaping out.
Today’s session is somewhat different. We are turning the tables on ourselves; rather than bringing in guests from the outside we’re interviewing today METACO’s CEO, Adrien Treccani, and METACO’s VP of Strategic Alliances, Seamus Donoghue. Together with my colleague, Dario Duran, who has joined METACO very recently, we will be interviewing Adrien and Seamus.
Dario, good morning.
Dario: [00:00:54] Thank you, Craig. I’m super excited to be part of the show. To be fair, I don’t get in front of the camera very much. In this episode, what I’m hoping that we get to do is we find out METACO’s latest product, Harmonize; get a little bit of insight into it, how it fits into the market, and some rationale behind what Adrien and Seamus have been doing in strategizing on how to put METACO at the forefront of what’s happening in digital asset custody.
For the audience, if you ever want to listen to the recordings of previous conversations, just search for METACO Talks on YouTube, Spotify, Apple Podcast, or any of the main podcast platforms. Looking forward to it. Enjoy!
Craig: [00:01:36] Thanks, Dario. Let get going straightaway. Adrien, good morning, and thank you for the opportunity to turn the tables. Dario and I agree to be very quick, lots of good questions for you this morning.
First of all, METACO had recently launched and rebranded the core platform as METACO Harmonize. The product is positioned as an end-to-end orchestration layer really focused on the digital assets applications. If we just take a step back, it will be great to hear from you around the orchestration, meaning your thinking behind that phrase and behind utilizing that as a key component, and particularly in relation to how you see the relation with the digital asset market evolving in this space.
Adrien: [00:02:29] I would like to mention how digital assets were adopted over the last 10 years. The evolution of these markets, which started as a very retail focused technology and platform started with exchanges, where you could buy your cryptocurrencies and then expose them to a mobile wallet or a computer device. That would be relatively painful. The user experience would be low. The market started, with more and more companies getting into markets and offering institutional services for the management of digital assets.
It started relatively easily with basic custody solutions, where the bank or the company, which often were exchanges, would provide a single infrastructure to manage Bitcoins, to manage Ethereum, and to manage some of the workflows associated with these.
I would like to mention one example, that we faced as a company last year. That led to a long discussion with the potential clients, that ultimately turned to clients, for reasons that I’m going to explain. This really started with the fact that this company, which is a pretty well-known company on the markets, had built its own custody solution when they were founded. They built a very specialized Bitcoin-centric solution to manage cryptocurrencies and to offer such service to their clients. Pretty soon after this, they realized that because it had been created at the early stage of the company, it was relatively immature. Many things that could have been improved, so they decided that they had to build a second iteration of this platform, which would be much more professional, audited and certified in different ways, and would complement what they had achieved with the first platform.
They did this and they were very successful with the second platform. They got the certifications they needed, they improved on some of the services they had created over the first platform. But they quickly realized that the tradeoff they had gotten into was they had left something which was a bit immature but agile, and now gotten into something which was very much high-quality certified but very hard to evolve, very hard to add new currencies, very hard to add new forms of use cases with decentralized finance with staking.
They ended up having to build and acquire additional solutions to complement their offering – some which would even go as far as to consume retail cryptocurrency management tools, like a ledger Nano S or Hardware Wallets. You would never believe they would use this in an institutional environment, but still they did. I think they still do.
The main friction they were facing at this time is they started accumulating the values custody solution that they needed to serve their clients with complete different approval processes, complete different key management principles. What they ended up needing is a single way to orchestrate these different custody back ends – these different ways to interact with cryptocurrencies.
That’s only the beginning of the story. Ultimately, when you start thinking about orchestration, you realize that it’s not just about custody. It is about interacting with liquidity providers, exchanges, brokers. It is about integrating compliance services so that when as a regulated company you receive a deposit, you are able to know where the money is coming from and associate some logic around this process. It is also about interacting with the advanced capabilities of decentralized finance: borrowing, lending, staking, which are getting more and more versatile and far-reaching and require things which were certainly not planned even two or three years ago. Every time you get one of these new blockchains on you on DeFi protocols, you have to somehow rethink the way your system was consumed in the context of your service.
This is how METACO was led to create this platform, METACO Harmonize. We understood that there are values and fragmented offerings on the markets, whether on the liquidity side, the custody side, the compliance side. There is an increasingly significant need to consolidate these different offerings into a single gateway, I would call it – a single secure way to orchestrate, to access the services and make sure you have a single point of view of all of these fragmented services. This is what METACO Harmonize is about. It is about providing a single API, a single frontend that can evolve through time, that can connect multiple custodians, multiple trading venues, multiple compliance providers, yet to a single interface which can be connected just once into your frontends that you offer to your clients and potentially into your back ends. If you’re a bank, your core banking system that you have to connect to deal with accounting, tax reporting, et cetera.
Craig: [00:07:37] Adrien, thank you. Very interesting view. Seamus, if I can come to you, Adrien mentioned banks in particular, if I think a little bit around tier one financial institutions. Creating optionality and avoiding technical debt is a compelling value proposition. Banks are continually focused on cost management, and clearly the situation around digital assets is a fast evolving landscape at this current moment in time. Banks are looking to implement and create capability for their clients. Do you see this as a problem, just for large tier one institutions or across the digital asset infrastructure, or is it equally happening across the crypto native startups as well?
Seamus: [00:08:33] Thanks. I think Adrien gave very good context of the evolution of the market. I’ll just emphasize some of the points there. Crypto native should be the most agile and the most adapted to the space. What we’ve seen in reality is, with digital assets it’s not just about having secure solutions for keys, but the governance of the key. Any platform you have, whether it’s self-custody, sub custody, other services like staking platform, settlement networks – all of these need to have appropriate governance.
The solutions specific in those use cases have governance to them. But as the space grows and you have multiple platforms, how do you manage each of those? Who has access to that platform, that has its own set of rules? Let’s say a separate self-custody solution has its own set of rules, a staking platform has its own set of rules. You need something to bring those together, so as an organization you have some sort of holistic single control process, single operational and risk approach. That’s what crypto native is.
Dario: [00:09:40] I was just going to say, absolutely. I couldn’t agree with you more about the need for this type of middleware coordination layer that’s in there. What strikes me though, and this is something that I want to question both of you about – you guys decide who wants to answer – in the past many weeks that I’ve been here as we start up I’ve been party to a few RFPs. I still see this orchestration or this coordination layer as a nice-to-have from the clients, the biggest banks in the world. Why is it that they haven’t yet gotten to the point where they step away from thinking about digital custody as the purchase of Blockchain nodes, plus key management, software, hardware, plus compliance, AML type of software? They’re still very much lodged in this puzzle fitting mode and, they haven’t I think yet developed the sense that there’s a broader coordination function required. Why is that still the case, or what can we do to help them?
Seamus: [00:10:47] Well, why don’t I comment on that? Adrien described the evolution of the market. I think when we have banks come to this space, they’re much less mature in their thinking. They’re still trying to figure out digital assets and what’s required.
We evolved from being a single custody framework. We became very flexible in terms of how you could deploy multiple hardwares, the MPC, that was unique. But I’d say that the custody space on its own is fairly mature, and what we’ve observed is a single solution solves all your problems. You have different use cases; you’re going to require different types of solutions.
I think some of the players that haven’t been in the market as long come to the perception that a single, let’s call it silo, which is what we used to call our product, solves all their problems. When in fact the space is growing exponentially in many different directions, and it’s very hard to predict which way, and you don’t want to make strategic decisions that close those options very early on.
You may start with, let’s say MPC. Then then day two, you have got requirement for hardware, and then it may be requirements for different types of hardware, need to be a cloud based. All of these things impact your architecture. You’re going to integrate all this. One, parametize them, as I said before, and then integrate them all into your core infrastructure.
Now, that integration may not be such a big lift in a small agile firm, a crypto native firm. But a bank, you don’t want to go to core integration more than once. Once is painful enough. Things like, how many decimals the system supports can be a massive roadblock, because we’ve seen basically decimals matter in our space. These things become big issues.
One of the messages that we’re very focused on is orchestrations. We’ve seen the market evolve from thinking there’s a single silo that’ll solve all your problems, to try and get the message across that over time you’re going to need a very flexible and agile solution. The key point about particularly when you move into a banking space, is their infrastructure by default is not agile. You’re talking about banks that are building a legacy on top of legacy and legacy. It’s a cliché, but it is a spaghetti of infrastructure. You should have a single point of integration to an orchestration framework, so you have a single risk and control approach that you can abstract across all your solutions, whether that’s the custody use case, self-custody, multiple self-custody infrastructures.
There’s also a need here for redundant infrastructure. We just had Curve get bought by PayPal, and those that are using Curve are, like, “Wait a second. We have to get off this by year end, what are we going to do?” We see more and more firms realizing they need no single dependency on core infrastructure; they need multiple there.
There’s often a use case for sub custody. We work with some of the largest security services firms in this space, Northern Trust, Standard Chartered, who to be fair, they helped us design this framework. They came to us and said, “We have self-custody,” which is direct custody and in the security services space requirements. Again, it may be very prescriptive from regulators, what type they have and different jurisdictions. They may have multiple instances just like the crypto native firms. But then there’s jurisdictions where they’re not regulated, and they need to rely on the network of sub custodians, which is very normal in the traditional space. Larger firms can have upwards towards a hundred sub custodians. Each of those will have their own policy, their own risk and controls, their own accounting, their own position-keeping. How do you manage all those discreet infrastructures? You can’t.
You need a single there to abstract those, manage them all from one point. Otherwise, you’re going to have all sorts of control risk gaps, and in the end the complexity of the system is going to be a disaster and it’s going to lead to all sorts of problems in this space where risk and security are of the most priority.
Dario: [00:14:21] Absolutely, I agree a hundred percent. It’s one of the reasons that I’m here, because METACO is a unique animal in this market with regards to the orchestration foresight. I know that Adrien was looking at this stuff already a couple of years ago as he’s developed it. The market is still catching up on that regard.
I’m going to latch onto a particular aspect of what you were just covering. You talked about Curve, you mentioned MPC as a protocol multiparty compute type of infrastructure that’s making its way into the market. I see increasingly players want to test it. They want to see if the promises are true, can you really build out digital asset custody without having to have hardware in house? When I hear statements like that, I think the problem that they’re trying to solve is that they want to step away from having to hire smart people that manage critical infrastructure, and they want to outsource that somehow.
There’s a tradeoff that’s happening there. I’d like to hear maybe from either of you, from Adrien, can you talk a little bit about the trade-offs that you’re making when you’re doing MPC versus HSM, the hardware security module implementations in-house?
Adrien: [00:15:28] Absolutely. I can start with a few words about MPC itself: what it is about and why was it invented in the context of key management?
It’s been now the standout for many years to secure the cryptography keys in special hardware – special hardware which is designed to protect these keys, protect their confidentiality and ensure that any kind of attack attempt is identified and the keys are potentially zeroed out so that it’s impossible even with physical access to the containers or in this case to extract them.
Now, the main fragility of these hardware security modules which are specialized for key management, is that they are pretty centralized. If you get to hold one of these boxes, and let’s say you have an electronic microscope and you would be able to open the chips and look inside (which in principle is impossible, but theory is always bridged by attackers), you may be able to extract the key, which is held in a single box. That’s the single point of failure or the single point of compromise.
Also, if the manufacturer of this box makes a mistake; there is a bug or there is a weakness in the hardware, it maybe in principle, it has happened in the past that you HSA may be fragile to an attack and may leak the confidential data.
If now we go to the multi-party computation, which is this more recent way of dealing with cryptographic keys, MPC is about decentralizing and therefore creating security through distribution of the key material. Rather than saying, I have a super secure vault (which is my hardware security module) and I assume that nobody can break, in the context of MPC, I say there is no vault. Also, in principle, it’s very insecure, but I’m going to spread fragments of this key in multiple locations such that the approach to break the key is to break multiple locations or multiple data stores relatively at the same time.
This debate is endless, because whether HSM or MPC is better is really a question of security assumptions. Is it better to have a purpose built hardware, which has survived decades without breach, but is centralized; or is it better to have fragments of keys in the clouds in very basic virtual machines or database, which are pretty insecure but distributed amongst multiple parties and therefore it makes it harder to compromise at the same time.
In this context, of course, we would be tempted to say that the ideal situation would be a combination of the two, where you would have decentralization with hardening – with special hardware capable of maintaining these fragments. But the market is not there yet. I’m sure it will happen, but the market is not there yet.
Still the fact is there is a lot of traction currently with multi-party computation algorithms, because you don’t need hardware, and hardware is a pain to maintain. Let’s be honest about it. You said it, if you want to maintain hardware you need experts that maintain the hardware. Or you leverage hardware in the clouds, which may be fully managed by your cloud provider. But then you start having more trust into your cloud provider, which may be fine, but some people are not comfortable with this idea.
MPC being fully software with mother and technologies, virtual machines, Kubernetes, et cetera, you can really deploy your key management backend just by pressing a couple of buttons. In this context, deploying a custody infrastructure with MPC is something you can achieve in a short amount of time with limited efforts, if you leverage this new technology.
Where do we position ourselves with METACO in this duality of HSM and MPC? We think ultimately most companies are going to need both depending on the use case, and depending on the country where they operate, depending on the laws, depending on the best practices. There are countries where it is mandatory to secure the keys with hardware, there are countries where it is mandatory to air gap the keys in a completely isolated environment, and there are countries where MPC is now getting traction and becoming the recommended approach.
But we know that depending on the use case, whether you want to have for instance, long-term custody of your assets, potentially having an air gap hardware is going to be more appropriate than MPC, which is much more agile and potentially more prone to dynamic interactions or high-frequency transactions. We believe – and this is what we observe – that there is a requirement for plurality here, for more than one solution.
We come back to this narrative of orchestration. Why should you go to the market and try to convince your clients that hardware is the solution or MPC is the only solution, when in fact you can promote something which is agnostic to it? You can leverage multiple brands of hardware, you can leverage different kinds and different flavors and innovations on the multi-party computation side also. This is what we’ve decided to do. This is how we’ve been able to support banks in various jurisdictions, various countries. This is also how we’ve been able to leverage the solution for many different use cases, whether they’re relayed to tokenization, to trading, to long-term custody; because we provide this flexibility which can satisfy both the long-term sub custody and large CSDs or the asset managers that are much more agile and want to be able to trade, stake, lend, borrow, et cetera.
Dario: [00:21:30] Thank you
Craig: [00:21:33] Thanks, Adrien. I’m conscious time is moving on with the four of us. We should have probably had a bit more time. I think one thing would be really interesting to talk about briefly. The company’s evolved from a self-custody infrastructure, multi custody orchestration, many to many interactions, tokens, trading exchanges, sub custodians. it’s covered a huge amount. Already, even in my time, working with the team I’ve seen the history.
Probably a question, I’d like to get a view from both of you on this and maybe also Dario, particularly for METACO, Adrien what do you see as what’s next? Then maybe Seamus some comments from you on the same.
Adrien: [00:22:28] Well, I think there are quite a few initiatives on the market. I’m not going to say about what next for METACO explicitly, but what’s next on the market. I can see that there are different initiatives to leverage these new technologies like multi-party computation, to create consortium of parties which share risk and distribute the risk even further beyond the boundaries of your company. I think that’s a one market trend today. It’s about creating even more decentralization beyond the boundaries of your company so that you’re potentially cross border, you’re potentially subject to multiple jurisdictions, and you avoid the single point of failure as relating not just with technology but potentially politics, potentially the financial stability of the different parties, et cetera.
I think that’s one of the trends that’s moving now. I also believe that with the additional ease that is provided with the advanced technologies, self-custody is going to become more prone to be used even by smaller companies, which was in the past harder to consume because of its complexity. But we also see that sub custodians are appearing in the markets – large custodians offering the services to other smaller companies. I believe that the ability to interact with sub custodians in this field is going to be paramount to the success of digital assets adoption.
Seamus: [00:23:57] Maybe just to add on a little bit more specifically about us, I think we’ve evolved from a custody product company. We launched a SaaS solution to more solutions. In the context of solutions, clients are looking less for a product now to look for a full stack. We’re building out, we have a number of strategic initiatives with partners about can complement our solution, whether that’s things like AML trade, reporting, IFRS compliant data, fund accounting type of solutions.
But I think more importantly we have a wallet. We continue to have a wallet, we think it’s good. But as I said earlier, the wallet space or the custody space, is pretty mature. Competitors may still see us in that box, as in the custody competitor space. But I think with Harmonize, we’re a lot more agnostic. A lot of those that we would call competitors, we’re more than happy to collaborate on the Harmonize side.
Even though I would say we have a good wallet, we know clients will want more. Clients will want our wallet, they want another wallet. They may not even want our wallet at all. They may use two or three of our competitors and they have a problem: how do I manage these three solutions, and how do I have the ability to scale those to other solutions? Other self-custody, sub custody. This is the reality of how the space is evolving, so we have Harmonize.
If you think of a competitor, maybe we’re potential partners in this space and we can collaborate on providing solutions to clients that have that are facing that pain point.
Dario: [00:25:18] Seamus and Adrien and Craig, I’ll hand over it. If I hear you too correctly, it means that if you feel that you’re part of this ecosystem, if you feel that you’re part of the crypto stack, which should be implemented either in a big financial institution, in financial infrastructure companies, prime brokers, or an asset manager; if you feel you’ve got a solution for them you should be talking to METACO about integrating with us. Is that right?
Seamus: [00:25:47] That’s the message. Thanks, Dario.
Craig: [00:25:53] Great. We’re out of time. First of all, thank you for the insights. I think with the background and the experience from yourself, Adrien, Seamus and Dario as well, it’s been a phenomenal first quarter for me joining the team. Great to be here. I appreciate your insights this morning.
Thank you for everyone joining. I hope you found it informative. Apologies, we haven’t been able to take any questions from the audience. But if there are any questions, we’re happy to take those through the usual channels.
The next METACO Talks is a live event from our virtual booth at The Network Forum Annual Meeting, which will take place shortly. We will then be back on the usual schedule in the coming week. The recordings are usually available via the website and the usual method. Thanks everyone for joining, appreciate it. Have a good day. Have a good weekend. Thanks all!
Dario: [00:26:54] Thank you. Bye.