The Alternative Investment Management Association (AIMA), together with leading digital asset custodians and industry experts, has published a new Industry Guide on Digital Asset Custody for institutional investors. The guide provides industry guidance on sound practices and key considerations around due diligence for institutional investors determining how to custody their digital assets. This jurisdiction-neutral guide has been primarily designed for institutional investors who are seeking the services of a digital asset custodian.
It is the initiative of AIMA’s Digital Assets Working Group (AIMA DAWG) – a cross section of around 300 senior industry experts including institutional investors, custodians, exchanges and other service providers. It is tasked with driving AIMA’s regulatory engagement, thought-leadership initiatives, and operational guidance in the area of digital assets.
The concept of digital asset custody revolves around the safekeeping of a private key. However, as the private keys are used to store, manage, and transfer digital assets by the owner and help with the decryption of messages and authentication of transactions, they represent a single point of failure in the system. Therefore, private keys require sophisticated technologies to prevent theft, loss or destruction. It is the control and management of these private keys which have given rise to the frameworks supporting the custody of digital assets as a distinct and specialist service offering.
While keeping a private key safe is fundamentally a technical need entailing specific hygiene protocols, when embedded within a commercial service offering, potential users of that service need to consider the terms upon which the service offering is provided, the regulatory framework sitting around the custody provider, any insurance provisions that are required or are in place and the legal basis upon which the assets are held.
As a general resource, the guide should not be regarded as a substitute for professional advice, which should still be obtained where appropriate. Further, institutions engaging in digital asset custody should pay close attention to applicable regulatory requirements and guidelines issued by regulatory authorities in applicable jurisdictions.
Director, Asset Management Regulation, AIMA
Director, Senior Blockchain Market Specialist, PwC UK
Chief Innovation Officer, ECI
Contributors to the guide
- Haydn Jones – PwC
- Rich Itri – ECI
- Asen Kostadinov – Copper
- Daniel Andemeskel – UI Enlyte
- Divya Dattani – Barclays Investment Bank
- Evan Kohn – Anchorage Digital
- George Kirchner – NYDIG
- Jack Neureuter – Fidelity Digital Assets
- John D’Agostino – Dagger Consulting LLC
- Jonathan Gilmour – Travers Smith LLP
- Lauren Abendschein - Coinbase
- Maxime de Guillebon – Zodia Custody
- Nitin Khanapurkar – Apex Group
- Robert Cooper – Digivault
- Simon Zais – Capco
- Steven D’Mello – Albourne Partners
- Vaïk Müller – CMS Switzerland
Table of contents
2. Custody options – an overview of technologies
2.1 Cold storage or air-gapped storage
2.2 Hardware security module
2.3 Multi-party computation
3. Key generation and management
3.1 Main considerations for key generation
3.2 Sound practices for key generation
3.3 Key management considerations
3.4 Key management sound practices
4. Due diligence
4.2 Legal and compliance
4.3 AML and Fraud
4.4 Cyber security and incident planning
4.5 Financial and counterparties
4.7 Operational risk
5. Application of SOC reports and ISO certifications
5.1 Applicability of SOC 1 and SOC 2 reports
5.2 Questions to ask when evaluating SOC reports
5.3 Applicability of ISO certifications
Download the guide
Members with a log-in should log-in here to be provided with a download link to the Guide
Availability for non-members
Most of the regulatory guides AIMA produces are available solely to AIMA members. This guide, by contrast, is available for download by both members and non-members. This guide is representative of the types of guides and guidance AIMA produces for the benefit of members. We hope readers will find the information in the guide to be helpful.
The webinar looks at the current landscape for custody of digital assets and the key technical, business and risk considerations. Speakers discuss the guide’s contents and consider various topics such as regulation, biggest challenges for custodians, poor custody practices seen in due diligence, developing sound practices / standardisation and custody issues due to the advent of DeFi.
- James Delaney, Director, Government Affairs, AIMA
- Haydn Jones, Director, UK Crypto and Blockchain Lead, PwC
- Richard Itri, Chief Innovation Officer, ECI
- Robert Cooper, CEO, Digivault
- Maxime de Guillebon, CEO, Zodia Custody
- Steven D'Mello, Partner - Operational Due Diligence, Albourne Partners
- Asen Kostadinov, Chief Strategy Officer, Copper