Koine featured in May issue of JIBFL
This article first appeared in the Butterworths Journal of International Banking and Financial Law, May 2020 Issue. Authors Francesco Roda, James Burnie, Michaela Walker and Ben Watford.
Much of the academic debate concerning cryptoassets has focussed on issues such as how they should be classified and their theoretical nature. However, the reality is that the attributes of digital assets means that a different approach has to be taken to ensure their safety and security than traditional assets, and this is particularly apparent when considering the position of depositaries and custodians in fulfilling their obligations. The consequence of this is that new approaches – some of which are explored in this article – need to be considered in terms of ensuring regulatory compliance and actually protecting digital assets.
Traditionally, policy makers and regulators have sought to adopt a technologically neutral approach to law making and law enforcement. However, regulators, including the Financial Conduct Authority, are recognising that this approach is becoming increasingly difficult,  and this has arguably been the case for blockchain-based products in particular. We consider below what the impact of digital assets has been on the role of depositaries, not simply in terms of what the rules are, but also in terms of what this means in practice, and some of the steps being taken by depositaries to discharge their obligations in practice.
WHAT DOES ACTING AS A DEPOSITORY FOR CRYPTO INVOLVE IN PRACTICE?
To determine the depositary’s role in safeguarding cryptoassets or, more broadly, digital assets in practice, it is necessary to first have a working definition of what we mean when we refer to these assets. Digital assets are, for the purposes of this article, dematerialised assets constituted and existing as entries on a public, permissioned or hybrid distributed digital ledger only.
Leaving the role of permissioned chains aside, digital assets are, therefore, simply entries on a distributed digital ledger with no other records required by participants to claim and verify their ownership of these assets. They are issued by an algorithm, and, where they are not linked to an external reference asset or service, they derive their value from market forces without having an intrinsic value or immediate utility. An algorithm takes care of reaching consensus among all participants on the validity of new transactions to be included in the ledger.  We use the terms digital assets, cryptoassets and tokens interchangeably in this article.
Digital assets can also be issued by institutions to represent an external reference asset, which are generally one of fiat money, specified investments,  utilities (such as real assets and commodities) or a service.  Once issued, these tokens are ledger entries that act as proof of ownership or right to the external reference asset and this ownership can be transferred through a blockchain. The process involves signing a transaction with the digital signature of the account owner. Just like wet signatures, a digital signature is a unique mark that evidences that a particular individual was the signer, and its uniqueness derives from the password or private key associated with the account. As such, the qualitative nature of the digital signature is different to that of a wet ink signature, in that whilst a wet ink signature is a physical action, a digital signature is based on knowledge of (or access to) how the signature has been created. The result is that, whilst digital signatures are harder to forge (hence the requirement, in relation to some legal documents, to have wet ink signatures witnessed, to mitigate against the risk of fraud), once a person does have access to another’s digital signature, that person has a much greater ability to fraudulently make transactions using that digital signature without it being evident to third parties that the signature is being provided fraudulently. It is therefore vital that investors in digital assets are able to retain and protect private keys, ie their digital signatures, so they can maintain control over the digital assets in their account.
The safekeeping role of a depositary for a fund holding digital assets, regardless of whether assets can be held in custody or not, involves either protecting the private keys or ensuring that the private keys are controlled by a third party such a custodian or safe-keeping service provider. Private keys must be generated by the depositary (or the appointed custodian or safekeeping service provider) and must not be shared with the Alternative Investment Fund Manager (AIFM) to avoid uncertainty over control (possession) of the asset. From an operational perspective, the safekeeping of unregulated digital assets and custody of digital assets that represent financial instruments share identical systems and processes.
In a typical scenario, a fund uses a broker or a crypto exchange to acquire digital assets. The fund then instructs the broker to transfer the acquired assets to its custodian. Similarly, the fund instructs the custodian to transfer assets to the broker when it intends to sell them. The lack of central clearing institutions adds additional complexity and risks for depositaries; assets and cash earmarked for trading have to be transferred to brokers, generating counterparty risk and increasing administrative overheads in the reconciliation of the fund’s positions.
The protection afforded to digital assets by the “cold storage”,  a strategy adopted by many intermediaries, is undermined by the manual signing required at the point of settlement, the time when investors are most exposed.
Emerging solutions, like sidechains,  introduce additional complexity for depositary’s systems and processes. Sidechains provide a temporary store for assets in transit across parties. The asset on the sidechain, which is itself a digital asset (in the form of a token that represents as its external reference asset the digital asset on the primary blockchain) can be transferred in near real time, leaving the digital asset on the primary distributed digital ledger locked until the token on the sidechain is redeemed. Sidechains also enable parties to swap assets, allowing for settlement on a Delivery versus Payment (DvP) basis for the assets supported by the sidechain. Sidechains, however, are still not immune to counterparty risk; the consensus required to validate transactions in relation to the sidechain is, in fact, achieved among a reduced number of parties, and this poses therefore a greater risk of attacks by malicious validators.
Multi-signature and multiparty computation  based solutions are also offered by technology providers as a means to secure settlement; whereas these are conceptually similar to sidechains, they present additional risks, as the consensus required to validate transactions is only that among the investor and a third-party technology provider.
The security box approach – key management as opposed to custody services – was a first milestone in the evolution of digital assets markets. The next phase of evolution has begun with the emergence of clearing and settlement services to allow for operational scalability, whilst maintaining security. This will facilitate the shift from existing financial market infrastructure to the digital assets paradigm.
THE REGULATORY ROLE OF THE DEPOSITARY
Digital assets which do not have corresponding external reference assets are unregulated. Funds holding unregulated digital assets must take the form of an AIF, as digital assets are generally not eligible assets for investment via a UCITS – as such, we do not consider the position of UCITS further. AIFMs are required to appoint a single depositary for each AIF they manage, such depositary generally taking the form of either an investment firm or credit institution.
The role of the depositary in ensuring the safekeeping of the assets of the AIF is prescribed by law, and the exact nature of this legal obligation is determined by whether the relevant assets can be held “in custody”. This position has been complicated by the fact that some regulators, such as BaFin, have taken the view that bitcoins are financial instruments, indicating that they are regulated investments (ie they are treated as a type of specified investment), whereas, in the UK, they are deemed not financial instruments and unregulated. For financial instruments that can be held in custody, the depositary is strictly liable for any loss of these assets, whereas in the UK this is only the case if holding security tokens, for example tokens representing fund units or equity tokens.  This is creating an uneven regulatory playing field for depositaries operating across Europe, and is counter to the philosophy of MiFID (Directive 2014/65/EU) as a harmonisation mechanism, something which is only likely to be exacerbated as different jurisdictions are taking different approaches to the treatment of digital assets in relation to implementing the Fifth Money Laundering Directive (Directive 2018/843/EU).
Turning back to the UK, for unregulated tokens the depositary’s role is to verify the ownership of the AIF, or the AIFM acting on behalf of the AIF, of these digital assets, and to maintain an up-to-date record of the digital assets in relation to which it is satisfied that the AIF or the AIFM acting on behalf of the AIF holds the ownership. As noted above, for these digital assets the entry on the distributed digital ledger may constitute the entirety of the asset. As such, it is necessary to split between the purely legal position and the commercial position in practice. As a matter of pure law, it may be theft or fraud to trade in these assets without the permission of the legal owner. However, in practice, given that the ownership of these digital assets may be altered by anyone with the relevant private key, without third parties having any way of distinguishing who is using the private key to transfer them, as such the reality is that a counterparty trading in good faith may legitimately take good title over any assets received as a result of the trade. The commercial reality, therefore, is that whoever is able to control the digital signature for the digital asset may pass ownership to a third party acting in good faith. Consequently, in the practical sense, control over the private key effectively gives “ownership” of the digital asset.
The consequence of this, for the depositary, is that whilst the law states that the depositary needs to be able to assess whether the AIF, or the AIFM acting on behalf of the AIF, holds the ownership of the digital assets, what this is actually referring to is ownership of the private keys. AIFMD states that this assessment “shall be based on information or documents provided by the AIF or the AIFM and, where available, on external evidence”. For unregulated tokens, there is no “information or documents” as such, but rather it is common to use the Satoshi test.  This involves the purported owner of the unregulated token sending a small amount (a Satoshi being equal to a one hundred millionth of a single bitcoin) at a predetermined time to a predetermined wallet. The proof of ownership in this case is evidenced by the fact that only someone with access to the relevant wallet could ensure the transaction takes place at the agreed time, and as such the performance of the transaction by a person evidences that all tokens in the relevant wallet are controlled by that person.
Even when the depositary has determined that the tokens are controlled by an individual, the depositary will still be concerned by: (i) the trustworthiness of the person who holds the private key for the tokens; and (ii) whether there is any means by which other unknown persons may be able to control the relevant tokens, because if multiple persons have access to the same private key, then any of those persons may move the tokens for potentially illegitimate reasons. These issues became particularly acute after the death of the founder of QuadrigaCX,  one of the largest Canadian crypto exchanges, leading to the loss a large number of cryptoasset holdings. Consequently, those holding tokens are now aware of the need to set up robust governance frameworks, dealing not only with the usual issues such as ensuring high quality of cyber security, but also having strict access protocols as to who may use private keys.
A common approach is private key sharding, which involves splitting a private key into multiple parts. For example, a key can be sharded into three parts, with persons holding two of the three shards needing to approve a transaction before it can proceed.
It is also worth noting for completeness that, in addition to the above analysis, where a digital asset does reference an external asset, then, in addition to the need to safeguard the tokens, there is also a need for the external asset to be safeguarded. For example, a cryptoasset which gives the owner rights to access a certain amount of a commodity
(eg by trading in the token for the commodity) is valueless if the underlying commodity is stolen or destroyed. In these models, there will therefore have to be both a custodian responsible for the external asset and for the digital asset, and if either of these are compromised then there could be severe consequences for token holders.
CONCLUSION: THE NEXT GENERATION OF DEPOSITARY
The next generation of depositary will need to embrace the new business models introduced by distributed ledger technologies and the technologies that support it. Whilst a distributed digital ledger provides a robust and immutable record of assets movements and of the accounts that control them, it may be that ownership of an asset depends on other information that is not held on the blockchain. The next generation of depositaries will therefore be required to have in place additional controls to fulfil their role in providing custody services (or monitoring the appointed custodians), and in verifying that the AIF (or AIFM acting on behalf of the AIF) holds an ownership interest in assets other that financial instruments.
Digital assets markets use the Satoshi test as a simple proof of ownership for digital assets. The test works well even when the asset is held by a third party in a segregated (blockchain) account, as the ability to instruct a third party to transfer a tiny fraction of the asset is a sufficient proof of ownership. The Satoshi test may cease to be inexpensive when assets are pooled – a common occurrence with protection strategies like cold storage.
Whilst a topic for another article, shares in the fund can be issued themselves as digital tokens. Tokenisation provides an efficient and robust mechanism to ensuring that the sale, issue, repurchase, redemption and cancellation of units or shares of the AIF are carried out. Associated cash flows can also be represented by digital assets such as stablecoins  or, in the future, central bank-issued digital currencies. As such, even if a fund does not invest in digital assets, the impact of distributed ledger technologies on the funds industry could be significant and widespread.
1 https://www.fca.org.uk/news/speeches/ innovation-hub-innovation-culture
2 Some participants, called miners, allocate computing power to the distributed digital ledger to get the privilege to run the algorithm. The effort is rewarded with newly minted coins, transferred to the miners with a special transaction called “coinbase”, not to be confused with Coinbase, a crypto asset exchange.
3 As this term is defined by reference to the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001.
4 https://www.fca.org.uk/publications/policy- statements/ps19-22-guidance-cryptoassets
5 Cold storage refers to storing digital assets offline without the private keys controlling them ever being online. This resists theft by hackers and malware.
6 A sidechain is a separate distributed digital ledger that is tied to the original but does not interact with it until it has completed its own set of transactions that are then added to the primary chain as just one result.
7 Multi-signature refers to requiring multiple keys to authorise a transaction, rather than
a single signature from one key. Multiparty computation enables a group to jointly perform a computation without disclosing any participant’s private inputs. The inherent limitations of these approaches derive from the security definition: such protocols do not provide security beyond the trusted-party emulation.
8 The FCA would classify these as exchange tokens, see: https://www.fca.org.uk/ publications/policy-statements/ps19-22- guidance-cryptoassets
9 See Jack Thornborough, James Burnie and Andrew Henderson, ‘Issuing Equity Tokens on the Blockchain’, (2019) 7 JIBFL 457.
10 An alternative to the Satoshi test consists in requesting the signing of a given text with the private key that controls the account.
11 https://cointelegraph.com/news/quadrigacx- users-lose-190m-as-speculations-over- cottens-death-swirl
12 Stablecoins are cryptocurrencies designed
to minimise the volatility of the price of the stablecoin, relative to some “stable” asset or basket of assets. A stablecoin can be pegged to a cryptocurrency, fiat money, or
to exchange-traded commodities (such as precious metals or industrial metals). Popular stablecoins in digital assets markets are pegged to the US Dollar.