What does digital custody even mean?
According to the European securities regulator (ESMA), it would be denoted as “having control of private keys on behalf of clients could be the equivalent to custody/safekeeping services, and the existing [regulatory] requirements should apply to the providers of those services.”
A fourth EU Money Laundering Directive further defines it as “the safekeeping, administration and safeguarding of crypto assets or private cryptographic keys used to hold, store or transfer crypto assets for others.”
It’s interesting to note that those definitions refer to the storage of cryptographic keys that control those assets as opposed to just the safekeeping of the assets themselves.
Private key = digital custody?
Is it even possible for digital custody to equate to just the storing of private keys?
It’s unlikely to be that simple, though there remains an argument that suggests it is so.
Permission-less blockchain networks would normally assume that digital assets are a form of bearer instrument, meaning the private key controls the ability to spend the assets (“unspent output”). As a consequence, losing the private key suggests a loss of the asset itself.
Blockchains don’t support the concept of an intermediary (every private key is assumed to belong to a beneficiary).
Crypto exchanges offering digital wallet solutions tend to be based on centralised databases. An investor gives up the use of the private keys to the provider, subject to an agreement. This means that beneficiary information is kept outside the blockchain.
On that basis, it’s entirely possible that people would assume that storage of the private key therefore equals digital custody.
But there are a number of other considerations.
Having key storage without a robust procedure in place to utilise the key is meaningless. There remains different approaches on how to structure protocols for the use of keys too.
Distributed ledger technology (DLT) or wallet means that there may be more than one key per token. Perhaps a single key doesn’t exist (meaning different parties hold a portion of the key and need to enter into a signing ceremony to transfer an asset, via a multi-signature arrangement).
There are hierarchical structures in institutional blockchain platforms, or there could be the need for a multi-signature agreement to reverse and/or rebooking of a transaction. That would then require a governing node empowered to correct an erroneous entry into the database.
The way forward
The way forward for digital assets therefore has to be a digital custody solution that necessitates private key storage capability.
Technological differences between institutional platforms and crypto and, not to mention an evolving regulatory framework, means a more holistic view of custody has to be taken that goes beyond key storage.
The question therefore of what digital custody is becomes much more than who holds the private key.