Embracing the digital asset future

By Anoosh Arevshatian, Zodia Custody

Published: 20 March 2023

Whilst events unfolding throughout 2022 have resulted in alarm surrounding institutional adoption of digital assets, it’s undeniable that crypto assets are here to stay as an asset class, especially with clarity emerging across the regulatory landscape globally. According to research in Fidelity’s 2022 crypto adoption report, nearly 6 in 10 institutional investors (58%) invested in crypto assets globally. Further, market data research by Goldman Sachs has shown that Bitcoin has the greatest total return (27%) and risk adjusted ratio (3.1) of all asset classes in January YTD. Given this context, hedge funds, asset managers and funds of funds have different considerations associated with the assessment of risk and potential returns of crypto assets. At a minimum, the following factors should be considered:

1.    Fundamentals: 

As with traditional assets, it is important for institutional clients to assess the fundamental value of a crypto asset. Beyond its regulatory characterisation, this includes evaluating the technology behind the asset, the adoption and use case of the asset and the overall strength of the asset’s ecosystem. Consider as well whether the issuer of the crypto asset is licensed and how the asset generates value (and in the case of stablecoins, assess the level and quality of the underlying collateral underpinning the value of the crypto asset). Each crypto asset should be reviewed independently and may have different fundamentals. 

2.    Liquidity: 

Market conditions may give rise to a need to quickly change investment positions. It is therefore important to consider the liquidity of a crypto asset, including the volume of trades and the presence of deep and liquid markets through exchanges. Blockchain intelligence tools can effectively provide data on the liquidity of the asset, the exchanges the asset is listed on and the risk levels of these exchanges. 

3.    Volatility: 

It seems obvious, however crypto assets can be highly volatile, with prices fluctuating significantly over short periods of time. It is important for institutions to consider whether the price volatility of a specific crypto asset aligns with their investment objectives. 

4.    Regulation: 

Institutions must consider the regulatory environment in which a crypto asset and its issuer operate. Some jurisdictions have developed regulatory frameworks for the treatment of crypto assets, which provide greater legal clarity and protections for investors. This assessment is multi-lensed and should also include a consideration of your own business: 

I.    Does your institution require special licensing or permissions to invest in crypto or to create a fund? 

II.    Does your institution understand the regulatory characterisation and treatment of the crypto asset? i.e. could it be a security, a commodity, etc. as per the Howey Test? Remember crypto assets are not all the same. 

5.    Risk management: 

It is important for institutional clients to have robust risk management processes in place to mitigate the risks associated with investing in crypto assets. This may include diversification of portfolio, thoughtful asset allocation, and use of risk management tools e.g. stop-loss orders.

Safekeeping your digital asset investments 

Like other assets, crypto assets require safekeeping. For institutions, this service is usually provided by a custodian. Unlike traditional custody, digital assets have no centralised entity acting as a clearing house. Additionally, digital asset custody differs in that safekeeping is provided for the private keys  which control an institution’s access to their crypto assets and which may be stored on paper or on hardware devices. 

It is therefore critical for an institution to be able to prove control over the private key in their relationship with the custodian (e.g. through a trust arrangement or proof of beneficial interest in the digital assets). In many jurisdictions, technical advancements have superseded legal principles, resulting in the custodian having more legal freedoms compared with traditional custody.  

An institution therefore has several options with respect to the storage of their private keys, outlined below. Note: wallets are solutions through which private keys are managed in order to operate a public address. 

  Custody Option Considerations
Hot Exchange Wallets Online access to wallets, simultaneously making it both quick to transact and highly exposed to attacks (and insolvencies).
Software Wallets Private keys stored on software wallets either on a computer or mobile device, with additional security and sign-in measures. Results in the holders/users of the aforementioned devices being exposed to physical harm or coercion.
Hardware Wallets Hardware devices which contain software that stores the private keys and signs off transactions.
Multi-signature addresses Requires a “M of N” approval mechanism whereby a minimum subset of signers (M) are required to sign before a transaction can be executed. Results in operational execution being slower and additional user maintenance requirements, which sometimes vary by blockchain.
  Paper Wallets Seed phrases or private keys are written on paper, making it highly exposed to loss, damage or errors.
Cold Cold Storage Private keys stored offline in devices that are not connected to the internet. Results in operational execution being slower (i.e. slower asset transfers, delays in claiming rewards from network participation such as staking, forks, airdrops, etc).

The allure and risks of self-custody or non-custodial solutions

Under the guise of improved security and greater efficiency, some institutions have implemented one or more of the above options in a self-custody arrangement, without the use of a specialised digital asset custodian. The disadvantage of doing so is that self-custody results in processes that are exposed to error and complexity, leaving employees and company resources vulnerable to physical compromise. Besides these factors, self-custody does not adhere to institutional requirements related to internal controls, audit standards, and single points of failure (or restriction of access to the crypto assets by individuals!).

Digital Asset custodian scorecard  

Clearly self-custody is exposed to risks, as noted above. For this reason, the use of digital asset custodians with specialised expertise is recommended. Not all digital asset custodians are alike, however. The scorecard below can be used as an assessment tool.   

Factor  Considerations
Custody arrangements and legal treatments
  • What is the custodian’s overall business model? 
o    What method(s) do they use to safeguard the private keys?
o    Do they have a related exchange business that may introduce conflicts of interest? 
o    Do they segregate proprietary assets from client assets?
o    Are client assets segregated per client or comingled in a single account?
  • What protections do you have on your assets in the event of a custodian’s insolvency? 
  • What is the legal characterisation of the storage of the private key, its deployment and the underlying digital assets controlled by the deployment of the private key? 
Security and access to assets
  • How does the custodian enable authorisations as defined by your institution? 
o    Are approvals audited? 
o    How is the identify of approvers verified?
o    Are these approvals unforgeable and signed cryptographically?  
o    How does this impact timelines on executing transactions? 
  • Are disaster recovery, back-up procedures and business continuity plans in place?
  • If hot wallets are used, does the custodian have any reserve to cover the possibility of hacks? 
Governance, Risk & Compliance approach
  • Is the custodian licensed, registered or regulated? 
o    Where? 
o    Do they comply with key regulatory requirements, especially those related to money laundering and counter terrorist financing?
o    Do they demonstrate proactive identification and awareness of upcoming regulation in the short and medium term in the jurisdictions where they operate?  
  • Does the custodian have a risk management framework with relevant policies and procedures? 
o    How resilient are the custodian’s services? 
o    Is the custodian overly reliant on third party service provision? Do they demonstrate oversight over critical third parties?
o    Does the custodian have appropriate cyber security measures in place? e.g., bug bounty programmes, penetration testing, insurance 
o    Does the custodian apply any fraud detection and behavioural analytics tools on transactions? 
o    Does the custodian operationalise FATF recommendation 16 which specifies the need to obtain sender / receiver information of digital assets?
o    Are crisis management and insolvency measures in place?  
  • Does the custodian have any independent reports published (e.g. SOC 1, SOC 2) or reviews conducted (e.g. ISO 27001) on their operations? 
End to End service offering and product suite
  • What breadth of crypto assets do they offer support for? 
  • What value added services are provided? e.g., connectivity to exchanges, yield generation, etc. 
  • Particularly in light of recent events in the crypto industry, is an off-exchange settlement solution available (enabling segregated storage of assets off-exchange which can be mirrored and securely traded on exchanges)? 

Lying ahead of the industry is greater regulatory clarity which serves a key milestone in crypto’s further integration within the overall economy. It is therefore vital for institutions to equip themselves with information and decision-making tools that will empower them in their digital asset future.



1  Fidelity Digital Assets Research, 2022. Institutional Investor Digital Assets Study: Key Findings
2  Goldman Sachs Finds Bitcoin Tops Gold, S&P 500, And Nasdaq As The Best-Performing Asset Of 2023 (forbes.com)
3  SEC.gov | Framework for “Investment Contract” Analysis of Digital Assets
4  Strings of data that bear a unique mathematical relationship to the public keys where digital asset ownership is recorded on the blockchain.