Top custody questions from business leaders introducing crypto to their portfolio

1. What are the benefits of using a crypto custodian (as opposed to self-storage or going through an exchange)?

As opposed to an exchange, where the focus is on trading and volume, businesses that prioritize custody and security will often turn to a crypto custodian. One of the biggest distinctions is that a crypto custodian will hold the private “keys” needed to access funds on your behalf.¹ Loss or theft of keys is a major concern for crypto owners, as this scenario leaves them with very little recourse for recovering funds. On the other hand, investors that go through custodians may lower this risk for themselves.

2. In what ways does crypto custody differ from traditional custody?

In some ways, crypto custody is more similar to traditional custody than one might expect. A custodian is a trusted third party that is responsible for safeguarding valuable assets on behalf of a consumer. A bank may provide its customers a custody service for physical assets by providing a bank vault and safe deposit boxes. However, things get slightly more complicated when it comes to the world of digital currencies.

Crypto custody relies on the safeguarding of private keys that enable access to funds. This has implications for the security methods used: rather than relying only on physical measures such as surveillance systems and vaults, crypto custodial protection also depends on strong digital measures, such as encryption and multi-factor authentication (MFA).² The regulatory landscape, means of recovering lost assets, and the ways in which access and control of funds is granted are also areas in which crypto custody differs from its traditional counterpart.

3. How does a custodian become “qualified” and stay up to date on regulatory compliance?

Becoming a qualified crypto custodian requires meeting specific regulatory requirements and obtaining the necessary licenses and certifications. The regulatory landscape in relation to crypto continues to evolve, so responsible custodians must ensure they stay up to date on best practices and standards for compliance.

4. How can a custodian show its controls are effective?

A custodian’s financial and technical controls can be audited using a SOC (Service Organization Controls) report. SOC audits examine the controls that the custodian organization has implemented to protect the systems and services offered to customers and partners.

SOC 1 Type II audits provide an independent auditor’s opinion on the design and effectiveness of financial controls and processes while SOC 2 Type II reports provide an opinion on the technical controls of a custodian’s system. As a service provider, custodians should be able to provide one or more of these reports.³ Ideally, custodians will be transparent around their audited financials, information security program, business continuity plan, and privacy policy.

5. How can the right custody platform enable business opportunities?

Custody of assets allows not only a safe way to manage digital currency, but in some cases, it can also provide valuable connectivity to the underlying blockchains—and all the benefits that go with them. Ethereum, for example, allows you to access staking and defi apps such as Curve, Uniswap, and AAVE⁴. In addition, once you have a secure custody solution, it opens the door for your business being able to offer other crypto engagement strategies, like Crypto Connect, Crypto Rewards, and Crypto Payout.

6. Will custodians provide insurance for my digital assets?

Good custodians will provide asset insurance and a mix of warm and cold wallets. In the case of cold wallets, private keys are stored offline, providing a higher level of security with less convenience. Hot wallets, on the other hand, have private keys that are stored online, and are thus more susceptible to potential hacks (while allowing higher convenience). Warm wallets use a mix of online and offline storage.⁵ Balancing different types of wallets allows custodians to minimize risk while maintaining accessibility.

7. How do qualified custodians handle potential security breaches?

A responsible custodian will invest in the appropriate security controls to limit the potential for a security breach and should have a defined cybersecurity program. This program should cover all facets of cybersecurity, including the ability to identify, prevent, detect, respond, and recover from cyber threats. For example, this includes encryption for protection of sensitive information, multi-factor authentication for verifying users, and firewalls for blocking unauthorized traffic, among many other things. Responsible custodians will also design their systems to allow for segregation of duties and separation of assets to minimize the impact in the event of a security event.

Bakkt Trust Company LLC is licensed to engage in virtual currency business activity by the New York State Department of Financial Services.

Download the fact sheet to learn more about how Bakkt Custody can work for you.