Updated: Jun 29, 2021
This article was originally published in Blockchain Industry Review - a Crypto Curry Club Magazine published monthly and available in soft copy and the printed version.
Written by Guest Contributor, James Burnie
Partner of legal services, gunnercooke
Given that the core driver behind businesses generally is generating revenue, it seems counter-intuitive for firms to focus on what happens in the event of their insolvency. However, we are seeing a trend towards some firms actively making the way they handle insolvency into becoming part of the sell for their business services.
The drivers for this are two-fold. Firstly, there is greater engagement between cryptoasset firms and the Financial Conduct Authority. Crypto exchanges in the UK are generally required to be registered with the FCA for AML purposes, and as part of their business plan the FCA will expect a proper assessment of the risks of their business, including an assessment of their solvency risk. Similarly, clients of exchanges may themselves have to register with the FCA for AML purposes, in which case they should expect to identify areas of risk to their business, which would include the counterparty risk of using
exchanges. Secondly, with the recent economic impact of COVID, the concept of insolvency for any counterparty is seen as a tangible risk, and so addressing how this has been mitigated simply makes good commercial sense.
Reducing insolvency risk for clients
When considering the potential for insolvency, it is tempting to think initially only of balance sheets. However, this misses the point – insolvency is not about how big an institution is, rather it is the ability of an institution to pay debts as they fall due. As such, even large institutions risk insolvency if they do not have the necessary liquidity to meet their debts.
For users, the issue of insolvency revolves around the users’ ability to obtain their cryptoassets / fiat money from the exchange in the event the exchange goes insolvent. The act of exchanging assets is not itself therefore the core issue, as exchanges generally only execute when there are sufficient assets for the trade. Rather, the key question is how the cryptoassets are safeguarded when they are held in connection with a trade.
As shows by the Cubits administration, it can be dangerous to leave this simply as a matter of faith, rather it often makes sense to bring in independent oversight, in the form of an independent custodian who provides safeguarding. The benefit of this is that, in the event of either the exchange or the custodian being a bad actor, it is much more likely that the other will pick up on this and bring it to the user’s attention.
For the remainder of this section, in recognition of the value of an independent custodian, we will refer to the entity holding cryptoassets as the “custodian”, however the points made also apply if it is the exchange which also provides the custody function.
Analysing the safeguarding of cryptoassets splits into considering how assets are protected legally, operationally and from a security perspective. To explain this, we set out below illustrative examples of how this has been dealt with by a range of custodians. Please note however that as there are multiple ways of dealing with the issues raised, it is important to understand the unique features of each custodian, and we do not express any opinion in this article as to whether one solution is superior to another.
The legal analysis revolves around who has legal title to the cryptoassets. If the custodian takes legal ownership of the cryptoassets acting as principal, then those assets will likely form part of the custodian’s estate. In the event of an insolvency, therefore, there is a risk that the cryptoassets are deemed part of the custodian’s estate, meaning that users holding cryptoassets with the custodian are treated simply as unsecured creditors of the custodian, severely reducing the amount they will be able to receive in the event of an insolvency. The usual solution here is for custodians to make clear in their documentation that they are holding assets as agent for the user. However, additional protection is provided by setting up a trust arrangement, under which cryptoassets are held on behalf of users. Setting up a trust is relatively easy, as put simply it involves meeting three requirements: (i) certainty of intention to create a trust, which is generally satisfied by entering a trust deed; (ii) certainty of subject matter, which is satisfied by being clear which cryptoassets are subject to the trust, for example by placing them into a separate account from other assets held outside the trust; and (iii) certainty of objects, which is satisfied by being clear who the cryptoassets are being held for. We are seeing increasing use of trust structures by clients who are arranging safeguarding of cryptoassets, under which arrangement the person arranging custody informs the custodian that the assets are held on trust. In addition, there is no reason why a custodian cannot itself declare the trust, as part of keeping assets held on behalf of its users’ bankruptcy remote, and this is the approach adopted for example by Koine Money Ltd.
Operationally, the key issue is control of the cryptoassets: put simply, whether someone has legal rights to cryptoassets is academic if in practice those cryptoassets have gone. “Control” here really refers to the ability to update the blockchain using the relevant private keys. This can be done by splitting the private key into three pieces (called “shards”), a technique used for example by Copper who then puts one shard under the control of the user, one with Copper and one with a trusted third party. As 2 / 3 shards are needed to access the blockchain, Copper is prevented from being able to unilaterally move cryptoassets, as the consent of either the user or the trusted third party is required. The purpose of this design is to remove the risk of Copper being able to unilaterally acquire client assets.
Security considerations revolve around the need to stop bad actors stealing cryptoassets, and to prevent this requires strong security. The custodian should be happy to provide details of how assets are kept secure. Trustology, for example, uses an automated approach managing assets within programmable HSMs that are stored in secure data centres with highly-available multiple encrypted backups. This approach enabled them to be one of the first crypto custodians to be able to convince an insurer to underwrite their custody solution.