Global Digital Finance (GDF), is an industry membership body that promotes the adoption of best practices for crypto assets and digital finance technologies, through the development of conduct standards. It is conducting a consultation on the following Codes of Conduct for Cryptoassets: Part IX(i) Principles for Custody “Custodial Wallets”.
Organizations can provide feedback and publicly support and adopt these principles by following the steps in the feedback form.This is a public consultation which will run until Friday 10 April 2020.
Part IX(i) – Code of Conduct – Principles for Custody “Custodial Wallets”
Opening
Goal of the GDF Code of Conduct
Structure of the code
Limitation of the code
Adherence to the code
Market Overview
1. Compliance with Existing Laws
2. Legal Considerations
3. Operational Considerations
4. Technical Considerations
Opening
This document should be read in conjunction with the Code of Conduct Overarching Principles. Also, the code will often reference the “Crypto Asset Safekeeping and Custody Key Considerations and Take Aways GDF-Crypto-Asset-Safekeeping document”.
Goal of the GDF Code of Conduct
Global Digital Finance (“GDF”) is a not-for-profit industry body that promotes the adoption of best practices for crypto and digital assets and digital finance technologies through the development of conduct standards, in a shared engagement forum with market participants, policymakers and regulators.
GDF believes that scaling digital finance can allow access to markets by people who currently have little or no such access, thereby increasing their level of success and financial inclusion. At the same time, GDF recognizes that capturing these opportunities requires the nascent crypto asset industry to adhere to the requisite level of self-discipline and maturity. Incidents of fraud, embezzlement, deception, and other forms of violation of existing laws, rules and regulations or bad behaviours threaten the reputation and sustainability of the industry.
Accordingly, through the principles contained in this Code of Conduct (the Code), GDF introduces standards of good behaviour that attempt to address the above.
Structure of the code
The principles contained in the Code are designed to work across a broad range of crypto custody businesses and actors including intermediaries, trading platforms and funds. This Code is intended to be a living document and as such principles may be amended and new principles may be added as new business models emerge.
Limitation of the code
While global regulatory principles and practices inform the Code, it is not law and does not carry or contend to carry any such value. Instead, the Code constitutes a set of voluntary principles.
The Code recognizes that certain activities conducted in the custody of crypto assets may enter the remit of existing laws, rules and regulations. The Code seeks to complement such laws, rules and regulations only where gaps may exist or where legal or regulatory clarity has not yet been achieved.
Adherence to the code
GDF members agree that the principles laid out in the Code are important for both businesses and individuals. To enhance transparency and assist in the evaluation of the services provided by crypto asset businesses and actors, GDF members will endeavour to publicly attest their adherence to the principles based on reasonable and good faith efforts.
Regarding the approach for custodians to attest to this code and to verify their adherence to the Code, please refer to the GDF Registry on the website.
Market Overview
GDF observes that there are many different types of custody services that fall into the broad definition of crypto custody. Please refer to GDF’s document “Custody – Key Considerations & Take Aways”, where we provide a non-comprehensive list of current solutions available and summarise the services that each custodian offers, together with the technical solutions that underpin the offering.
Today, we see two distinct types of custodian – Custodial and Non-Custodial wallets. It is the scope of this code to focus on custodial wallets. We also acknowledge that definitions, even within the industry itself, are still evolving. To that end, we attempt to define each relevant category for consistency within this code.
CUSTODIAL WALLETS or (Hosted Wallet)
Custodial Wallet services offer varying levels of control.
Some wallet providers have partial control over the asset, with the ability to execute, transfer, sign transactions, block or recover assets and private keys on behalf of a client with their instruction. However, they would not have full control to initiate a transaction on behalf of a client if the custodian does not have the clients private key exists in their possession to enable the release of the transaction.
We appreciate that in certain circumstances, the Custodial Wallet Provider could exercise full control. However, the basis of this document defines control as partial only.
Custodians may provide services in addition to safekeeping or the holding of assets on behalf of others, which include but are not limited to reconciliation, settlement, corporate actions, maintaining bank accounts & fund management. However, due to the nascent industry, there are very few offerings in the market providing a full suite of services (see BitGo clearing and settlement services ).
Other current definitions of Custodial Wallets include “hosted wallets” and “custody services”. We refer to the ESMA definitions published in January 2019 and also to the FINRA guidance published in July 2019.
NON-CUSTODIAL WALLETS or (Non-Hosted or Hardware Wallet)
Non-Custodial custody occurs where there is no third-party providing a service. Beneficial owners (clients) access these services directly to secure/ safeguard their own crypto assets, giving them full control over their crypto assets. The assets can be stored in hardware or software wallets.
The Custodian (Agent) creates custodial accounts and/or cryptographic business redemption conditions around the safekeeping and release of digital assets from a custodial account.
Beneficial owners (clients) check digital assets into custodial accounts and declare which fiduciaries must initiate redemption requests. Fiduciaries approve redemption requests initiated by a beneficial owner. Beneficiaries receive digital assets redeemed out of a custodial account.
We note that in some instances some wallet providers have expressed that while they do not store the private keys on behalf of their clients (which makes them close to non-custodial wallets), they retain the ability to block or freeze a transaction in the event of a suspicious transaction or the application of a court order. However, these wallet providers may be limited to prevent the client from recovering the key using another device and executing a transaction on another device/platform.
1. Compliance with Existing Laws
a. We acknowledge that financial laws, including but not limited to laws concerning money transmission, deposit-taking, e-money, payment, AML/CTF or even securities laws (together, “financial laws”), may or may not apply to custody based on a variety of factors. For example,
i. The types of services offered by a custodian, which may include but are not limited to holding crypto assets, account reconciliation, settlement, corporate actions, maintaining bank accounts & fund management,
ii. The jurisdiction in which the custodian operates from.
b. We also understand that even if we as custodians fall outside the remit of financial laws, we remain subject to all other existing laws, as noted in the Overarching Principles, including;
i. Contract laws;
ii. Consumer protection laws, including safekeeping of customer assets; and
iii. Criminal laws, including the prohibition against fraud.
c. For that reason, we commit to seeking legal advice to confirm either that:
i. Our custody service falls within the remit of financial laws, in which case we will act in accordance with such laws; or
ii. Our custody service(s) does not fall within the remit of financial laws, in which case we will seek to abide by other laws applicable to our activities.
2. Legal Considerations
a. We will put in place governance arrangements that are clear and transparent, promote the safety and efficiency of the platform, conform to applicable market conduct standards and expectations.
b. We will disclose the name, address and company registration number of our legal entity, as well as appropriate selective disclosure as to our officers, directors and senior management, such as experience and achievements to date.
c. We will disclose our licensing status, if any, as well as the regulations that such licensing status subjects us to.
d. We will share with our customers our insurance status if any, and the extent of the coverage.
e. We will clearly state whether the assets we custody are considered securities in the jurisdictions we operate, thereby highlighting liability towards customers in case of a loss with respect to relevant securities regulations.
f. We will disclose the respective rights, obligations, responsibilities and risk allocation of the parties, and the conflicts and dispute resolution mechanisms.
g. Regarding privacy coins, we will deal with the “shielded” aspect with due care and attention.
3. Operational Considerations
a. We will implement the necessary operational and technological checks and balances to reduce risks associated with control and access to customer’s holdings to ensure that a single person cannot execute and sign a transaction on behalf of a client.
i. The checks and balances should be part of an auditable workflow explained and understood by the client.
b. We will disclose to clients to what degree their assets are protected under insurance in the event of a loss.
c. We will ensure consistent periodic reporting to our clients in regard to account statements, corporate actions and specific crypto asset activity (forks, air-drops, etc.).
i. When relevant and in-line with transparent policy, we will ensure that all air-drops are passed through to the client’s account, unless technical innovation is required on behalf of the custodian.
d. We will ensure clients accounts are separated where appropriate.
i. If commingling of assets occurs within omnibus accounts, we will communicate this to the client.
ii. We will not rehypothecate clients crypto assets we hold on their behalf unless explicitly agreed with the client.
e. We will be clear and transparent on the funds at risk associated with Staking and Voting.
i. Staking may result in potential income for the client.
ii. We will ensure all client votes are passed through to the blockchain unless technical innovation is required.
f. We will make clear to our clients in regard to the crypto assets we custody, any relevant network structure considerations (such as the governance structure of the foundation)
i. Also, we will make public, in the event of a 51% attack, how this would be dealt with and communicated to token holders.
g. We will design our systems to enable a high degree of security and operational reliability, with adequate and scalable capacity.
h. We will put in place third-party technological audits, including with respect to risk, compliance and cybersecurity.
i. We will take necessary actions, including technical solutions and surveillance, to prevent, detect or deter money-laundering, terrorist financing or sanctions risk, in accordance with the GDF Code of Conduct for KYC / AML
j. To reduce fraud risk, we will put in place verification measures (such as multi-factor authentication), confirmation processes and notifications upon withdrawal of assets from the custody platform, as well as procedures to approve and authenticate transactions above certain limits.
k. We will conduct periodic risk mapping to identify the possible sources of risk, both internal and external and mitigate the impact of such risks through the use of appropriate systems, policies, procedures and controls.
l. We will put in place recovery measures so customer holdings may be preserved in the event of technical failings or force majeure event.
i. Through business continuity management, we will aim for the timely recovery of operations and fulfilment of the custody platform’s obligations, including in the event of a wide-scale or major disruption.
m. We will put in place defined roles and responsibilities and conduct background screening on all new hires, paying close attention to serious misdemeanours and financial distress.
n. We will ensure that periodic IT security training is provided to ensure all staff are aware of the common techniques used in malicious acts such as phishing.
o. We will put in place controls for any service outsourced or partnerships entered into, through thorough due diligence, including but limited to:
i. external audits;
ii. ethical hacker support for developing partners platforms and/or continued risk assessment of integrated IT systems to ensure no risk of unauthorized access.
p. We will ensure a consistent level of service for every crypto asset that we support, noting that each crypto asset may have a different protocol.
4. Technical Considerations
a. When creating seeds (useful guide) used to generate the keys for signing transactions, we will ensure that the latest secure techniques are employed, such as;
i. generating multiple seeds and splicing them together randomly;
ii. disabling the internet; and
iii. seed encryption.
iv. Also, we will ensure that no single person will possess the seed or back up phrase in its entirety.
b. When storing keys or seeds we will ensure best practice standards are applied, such as;
i. strong encryption;
ii. the sum of the keys required to transact is not stored in one physical location; and
iii. backups are not stored in the same location as primary keys or seeds.
c. We will employ state of the art processes, to avoid any form of collusion, such as multi-signature for example when authorizing a client’s transaction, thus ensuring we mitigate against any possible collusion risk.
d. We will employ mechanisms to delete or destroy unwanted data, in regards to seed, key and wallet generation.
The Code of Conduct consists of nine parts. Parts I-VIII, can be downloaded from https://www.gdf.io/gdfcode/
We recommend that you read this Code, Part IX(i) – Principles for Custody “Custodial Wallets” in conjunction with the GDF taxonomy.
Source: GDF Webseite
Read more about How the latest German regulations target Bitcoin exchanges and custodians and the notes of BaFin on digital assets custody business.