Custody Best Practices: A Roadmap for Indian Institutions Holding Digital Assets

| January 5, 2024

Share this article

The Indian digital asset ecosystem has witnessed explosive growth over the past few years. This burgeoning rise in the use of digital assets is a testament to the advantages they bring over traditional asset classes. Whether for investment purposes, as a medium of payment, or to tap into the wider utility of the Web3 industry, these assets are increasingly being used in India

Grassroots Crypto Adoption
How India Ranks in Grassroots Crypto Adoption

 

Nevertheless, institutional interest has remained dim thus far due to the lack of clarity from the government about the asset class. The added incidents of theft and misappropriation of digital assets, domestically and internationally, keep institutions at bay. However, that will change as the country looks to roll out regulations tailored to the industry within the next two years.

Nevertheless, institutional interest has remained dim thus far due to the lack of clarity from the government about the asset class. The added incidents of theft and misappropriation of digital assets, domestically and internationally, keep institutions at bay. However, that will change as the country looks to roll out regulations tailored to the industry within the next two years.

Financial institutions, investment firms, digital asset exchanges, and banks will take the central focus as a defined regulatory framework makes its way, expectedly, in the next two years. The onus falls on institutions to implement proper storage mechanisms and processes.

Navigating the Maze: Types of Digital Asset Custody Solutions

First things first, institutions must know the different custody solutions to choose the right ones for their storage practices.

Hot Wallets

  • Store private keys within devices connected to online networks.
  • Software applications on mobile and computer devices.
  • Sign transactions quickly and transfer funds fast.
  • Vulnerable to cyberattacks since the devices housing them are connected online.

Cold Wallets

  • Store private keys within air-gapped computers and hardware security models (HSMs).
  • Highly secure against exploits since the keys are stored in offline devices.
  • Sign transactions offline and relay them online to blockchains.
  • Fund transfers are slow and inefficient.

Multi-Signature (Multisig) Wallets

  • Require multiple private keys to initiate transfers.
  • More secure than wallets using a single private key to secure assets.
  • Bring secure governance in institutions through distributed transaction signing capabilities – no one corrupt member can steal institutional funds.
  • Drawbacks include high transaction fees at the blockchain level arising from several keys signing every transaction and the support for limited assets.

Multi-Party Computation (MPC) Wallets

  • Offer distributed security and governance by dividing a single private key into several shards.
  • Overcome high costs associated with multisig wallets thanks to a single transaction signature arising from multiple key parts.
  • MPC algorithms create and deliver key shards stealthily, ensuring they are delivered to the right users and not visible to others using the wallet.
  • The key refresh feature enables MPC wallets to generate new private keys after every transaction.
  • Support several asset types from numerous blockchains and are easily implementable in institutional platforms.

Fortifying Your Assets: Best Practices for Secure Digital Asset Custody

Choosing the right custody solutions is just one part of operating secure custodianship facilities. Institutions must do much more. Here are some best practices to follow.

Risk Management

Institutions and enterprises dealing with digital assets must ensure that all the risks associated with their operations are identified and mitigated. The risks of operating custodial infrastructures are numerous and can vary depending on the kind of services offered by entities.

They can range from providing services for jurisdictionally banned digital asset types, like privacy and security coins, to allowing sanctioned wallets to bring crime-related funds to platforms. Also, institutions may operate conflicting verticals that can jeopardise client funds. Ventures must anticipate such risks to strategise their prevention.

Internal Controls

Most institutions provide more than one service. The presence of operations in multiple verticals can create conflicts between them. Such conflicts are often why virtual asset service providers (VASPs) misappropriate user funds. For instance, offering custody services for users while running lending and investing arms breeds conflict.

Many platforms have ended up utilising third-party funds in custody for their own lending and investing practices to boost profits. Eventually, such schemes come burning down, leading exchanges to lose user funds irrecoverably.

Therefore, enterprises must not conduct conflicting duties due to the high risks associated with operating certain verticals in tandem. Beyond that, enterprises must create and enforce robust policies aimed at preventing risky activities.

Technology and Security

With cyber threats being one of the biggest pain points to companies dealing with digital assets, companies must effectuate cybersecurity measures to protect client assets and sensitive data. 2023 has seen a whopping $1.7 Bn worth of digital assets stolen by cybercriminals globally.

Enterprises must safely handle user private keys and other sensitive data, including personal and financial information. It requires that enterprises utilise sophisticated encryption technologies and obtain needed cybersecurity certifications. Also, enterprise software should undergo penetration testing from reputable Web3 cybersecurity firms and encourage continuous bug bounty programs.

Compliance with Authorities

While India is yet to witness a fully developed digital asset regulatory framework, a handful of legislations presently uphold the integrity of its financial market and the safety of the users in the space. Institutions must adhere to these regulations to safeguard themselves and their users from persistent threats.

VASPs can also look at the legislation issued by other jurisdictions and emulate what their counterparts in those jurisdictions do. They must simultaneously follow international frameworks to prevent criminal fund flows through their platforms.

One such framework is the Crypto Travel Rule issued by the Financial Action Task Force (FATF), providing guidelines for deploying know-your-customer (KYC), enhanced due diligence (EDD), anti-money laundering (AML), and countering the financing of terrorism (CFT) protocols.

Disaster Recovery

At times, no amount of security or compliance measures can prevent exploits. Cybercriminals utilise cutting-edge measures that can penetrate the best of defence. Moreover, corrupt governance within organisations is just one decision away. VASPs must consider unforeseen circumstances and stay prepared.

To that end, they must insure themselves against such happenings. In the unfortunate events of unstoppable fund losses, insurance will help enterprises cover their losses and clients recover their assets. In instances when ventures turn bad and misappropriate assets, clients can still recover their funds. They must also set up effective communication protocols and detailed plans of action to continue essential functions during disastrous events.

Charting the Course: Regulatory Considerations for Digital Asset Custody in India

Operating custody services in India also requires a look at the regulatory scenario.

  • 2020: The Supreme Court of India overrules the Reserve Bank of India’s (RBI) blanket ban on digital assets, acknowledging their existence and legality in 2020.
  • 2022: The Finance Act of 2022 gets implemented, introducing a 30% income tax on income received or gains acquired through digital assets.
  • 2022: The Finance Act of 2022 also introduces 1% TDS (Tax Deducted at Source) at 1% of transacted value when digital assets are sold or traded.
  • 2022: The Indian Computer Emergency Response Team (CERT-In), an offshoot of the Ministry of Electronics and Information Technology, issues KYC – related guidelines for VASPs. They state that VASPs must record user KYC details, construct their financial activity effectively, and store the details for five years.
  • 2022: The Advertising Standards Council of India (ASCI) enforces advertising guidelines dictating that VASPs and asset issuers must highlight the high risks associated with digital assets and not mislead investors about returns while promoting their products and services.
  • 2023: The Ministry of Finance brings digital asset transactions under the scope of the Prevention of Money Laundering Act (PMLA), mandating VASPs to report suspicious transactions to the Financial Intelligence Unit – India (FIU-IND).

As these mandates and guidelines presently govern the Indian jurisdiction, the Indian digital asset landscape awaits complete clarity through digital asset-specific legislation. Recent developments suggest a bill making its way in 2025 at the earliest.

This delay can be considered a challenge to the Indian digital asset ecosystem. Despite stalling to provide regulatory clarity over the asset class, the government is pushing the adoption of its Central Bank Digital Currency (CBDC) by calling it a safer alternative to decentralised digital assets. The Ministry of Finance says so in the document titled CENTRAL BANK DIGITAL CURRENCY (DIGITAL RUPEE – e₹), hampering the validity of digital assets.

Nevertheless, there are some merits to the delay. The government needs to prepare itself to handle large-scale adoption and maintain the integrity of the Indian financial system. The Ministry of Finance issued a press release in February 2023 stating its investigations into VASPs involved in laundering money.

Around Rs 936 Cr worth of digital assets were either seized or frozen by the government, showing how unchecked digital asset usage can result in money laundering and crime financing. Thus, the enforcement of the PMLA by various agencies, including FIU-IND, is highly needed and beneficial.

Embracing the Future: Building a Secure and Thriving Digital Asset Ecosystem in India

As India witnesses a burgeoning digital asset ecosystem, taking it to new levels of adoption requires it to be underscored by security. Achieving that needs institutional and enterprise players to utilise robust custody solutions. Partnering with established and reputed custody solution providers is of utmost importance.

Custody platforms like Liminal are making strides in safeguarding digital assets and offering banking-grade custody, elevating Web3 storage practices to the standards of traditional finance custodians. Liminal provides tailored custody solutions for your business needs aimed at easy scalability as you grow. Its wallet infrastructure and white-label use cases let you effortlessly implement the secure storage your operation needs and make the most out of the vibrant Web3 landscape.

More on Crypto

Digital Asset markets have taken a giant leap ever since their categorization from purely being a volatile alternate investment asset to now being a robust and regulated asset class. 

The journey of digital assets, most significantly that of blue-chip tokens like Bitcoin and Ethereum, has been nothing short of a protagonist in the fight against traditional financial systems, investment avenues, and age-old yield mechanisms. 

However, it was only after the introduction of regulation for these digital assets that they garnered huge institutional interest, pushing the scale of adoption and inviting the likes of family offices to partake in the “coming of age” story of investing in digital assets. 

In the underlying characterization of digital assets as the next best portfolio addition for institutional investors, with a significant boost kicking in after the launch of Bitcoin ETFs(with Ethereum ETFs also on their way), there are still reservations as to how to go about tackling the security, custody, and management challenges that come with them. 

To discuss how current market conditions are driving family offices to embrace portfolio diversification strategies that include allocating funds to digital assets, we dive deep into the intricacies of digital asset custody

Challenges In Secure Digital Asset Investing For Family Offices 

Family offices, traditionally known for their conservative investing approach, sit in the middle of the institutional investors’ branch, bringing untapped liquidity into the market. Conventionally, family offices used to rely only on safer investment bets to accrue value for their investments, but now they are increasingly dipping their toes into the dynamic world of digital assets. 

Despite the potential for high returns, family offices have historically faced significant challenges when considering digital assets as an investment class. Factors such as market volatility, regulatory uncertainty, and the need for established custody solutions have deterred many from fully embracing digital assets.

Talking about the key hurdles family offices face in navigating this exciting but complex landscape, here are some top-of-the-line challenges for them:

  1. Security Concerns: The nascent nature of digital assets presents unique security risks. Hacking, scams, and volatile markets can threaten portfolio stability. Family offices need robust custody solutions, advanced cybersecurity measures, and comprehensive risk management strategies to mitigate these threats.
  2. Regulatory Uncertainty: The regulatory landscape surrounding digital assets is still evolving, creating uncertainty and compliance hurdles. Family offices must stay updated on changing regulations and navigate complex compliance requirements across jurisdictions.
  3. Limited Expertise: Building internal expertise in digital assets can be time-consuming and expensive. Family offices often need more in-house knowledge and resources to properly evaluate, manage, and secure their digital asset investments.
  4. Lack of Infrastructure: Integrating digital assets into existing portfolio management systems can take time and effort. Family offices need secure and reliable infrastructure to seamlessly store, manage, track, and report on their digital asset holdings.
  5. Complex Valuation: Accurately valuing digital assets can be difficult due to their volatility and lack of standardized methodologies. Family offices need robust valuation frameworks and access to reliable market data to make informed investment decisions.

Enabling Family Offices to overcome challenges in digital asset custody

The promise of digital assets is undeniable, yet the hurdles for family offices can seem daunting. 

Overcoming the challenges mentioned above and finding the best probable solutions for them becomes a hardcore reality that must be dealt with utmost precision. 

At Liminal, we work extensively with institutions looking to go one step beyond simply investing in digital assets and look to operate them securely under all circumstances. The same logic applies to family offices as well. 

In our pursuit of building such a robust infrastructure solution, tailored to address the challenges faced by family offices fully and to empower them in their journey to moving to a new asset class for investment, we have created a comprehensive custody solution, integrated best-in-class security protocols and provide real-time monitoring and risk management services to proactively identify and mitigate potential threats, giving family offices peace of mind knowing their assets are secure.

  1. Security Concerns:

Fortress-grade custody: We leverage multi-sig and MPC wallets, leading asset-to-insurance ratios, and bank-grade security protocols to ensure the safety of your assets. Our CCSS Level-3 certification and FIPS-compliant hardware devices go the extra mile, minimizing security risks and providing unmatched peace of mind.

Advanced Cybersecurity Measures: Our vigilant team constantly employs 24/7 SOC monitoring, strict access controls, and penetration testing to identify and mitigate potential threats.

Comprehensive Risk Management: Our experts help you create and implement tailored risk management strategies, considering internal vulnerabilities, market fluctuations, and evolving threats.

  1. Regulatory Uncertainty:

Staying Ahead of the Curve: We have a dedicated team of compliance experts who stay abreast of evolving regulations worldwide. We integrate crucial compliance monitoring in our solutions such as KYC/KYB, AML, and Travel Rule checks, to help navigate complexities across jurisdictions and proactively adapt our services to ensure your portfolio remains compliant.

Streamlined Reporting: Our platform generates comprehensive compliance reports automatically, saving you time and resources while ensuring transparency and regulatory adherence.

Regulatory Partnerships: We actively engage with regulatory bodies and industry leaders 

to become accredited custodians. Currently, we hold a TCSP license in Hong Kong and have also received an IPA from ADGM for an FSP license for our Abu Dhabi entity. 

  1. Limited Expertise:

Your Digital Asset Knowledge Hub: Our team of seasoned custody, compliance, wallet, and security professionals offers expert guidance on evaluating, managing, and securing your digital asset investments. We share industry insights, educational resources, and ongoing support to enhance your knowledge base.

Dedicated Account Management: A dedicated account manager serves as your point of contact, providing personalized guidance and support tailored to your specific needs and goals.

Extensive Resource Library: Access easy onboarding docs, a curated developer section, seamless user-guiding workflow, and trending topic discussions through webinars, research whitepapers, and market reports to build your understanding of digital assets and make informed investment decisions.

  1. Lack of Infrastructure:

Seamless Integration: Our API library, Liminal Express, seamlessly integrates with your existing portfolio management systems, creating a smooth and efficient workflow for managing your digital assets.

Secure Storage and Management: We provide institutional-grade hot and cold wallets for self and managed custody infrastructure, eliminating the need to build or manage complex systems.

Automated Workflows: Streamline recurring tasks and automate key processes with our automation engine, with powerful functionalities like smart refill wallet, smart consolidation, and auto-sweep, enhancing efficiency and reducing operational burdens.

  1. Complex Valuation:

Reliable Data and Valuation Tools: We offer access to trusted market data providers and valuation tools tailored for digital assets, enabling you to make informed investment decisions based on accurate assessments.

Insurance-as-a-Service: We have collaborated with Costero brokers to provide the best possible insurance to our clients that covers their entire portfolio at the best market price. 

Asset segregation and transparency: We deploy segregated accounts, succession planning, and no rehypothecation of assets to allow family offices to maximize transparency and access. 

Embracing the Future Of Family Office Investing 

The future of wealth management includes digital assets. Family offices are actively exploring this burgeoning space, recognizing the potential for diversification and growth. Liminal Custody stands as your trusted partner in this journey. As a regulated custodian, we offer best-in-class security, industry-leading compliance solutions, and a dedicated team of experts, empowering you to invest in digital assets confidently.

Let Liminal Custody guide you through the process, making the path towards secure and compliant digital asset investment smooth and efficient. Contact us today and explore the new frontier of wealth management

Remember, while the potential is promising, navigating the digital asset landscape requires careful planning and collaboration with trusted partners. Liminal Custody is here to equip you with the knowledge and resources to succeed.

February 23, 2024

As we continue constructing a fully regulated digital asset custody platform, ensuring secure storage for both crypto and fiat assets remains a critical priority. 

To facilitate the last checkpoint of enabling institutions to convert their digital asset treasury into fiat currency, we’re expanding beyond pure wallet infrastructure and integrating seamless fiat off-ramp capabilities for our partners.

We’re thrilled to announce our partnership with Encryptus, licensed and compliant off-ramp solutions tailored for institutional clients. This collaboration elevates Liminal’s service offerings by empowering our partners to convert their digital asset treasuries into fiat currencies efficiently.

Integrating A Seamless Off-Ramp Solution

The digital asset ecosystem historically faced friction points when transitioning between fiat and cryptocurrencies. Off-ramp solutions address this pain point by enabling efficient and streamlined conversion between asset classes, minimising value loss and simplifying compliance processes.

Here’s how off-ramp changes the game:

  • Reduced Friction: Frictionless conversion minimises delays and operational complexities associated with traditional fiat-crypto exchange methods.
  • Enhanced Efficiency: Streamlined workflows expedite asset conversion, increasing speed and cost-effectiveness for institutional and individual users.
  • Optimised Value Preservation: Advanced off-ramp solutions prioritise minimising price slippage and value loss during conversion, protecting user portfolios.
  • Simplified Compliance: Integrated compliance features navigate regulatory complexities, ensuring adherence to relevant financial regulations.

With our partnership with Encryptus, we have embedded their institutional-grade APIs, connecting their off-ramp solution within Liminal’s wallet and custody platform. 

This integration simplifies our clients’ liquidation requirements while keeping their assets secure and more:

  • Effortless Digital Asset to Fiat Conversion: Our partners will be able to access treasury management and facilitate business payments in 54 countries and individual payments in an extensive network of 80+ countries.
  • Streamlined Compliance and Regulation: Our partners will be able to leverage Encryptus’s rigorous licensing and compliance framework, ensuring adherence to stringent financial regulations.
  • Enhanced Platform Value: We will be able to expand the functionality of the Liminal custody solution, attracting institutional users seeking comprehensive digital asset management capabilities.

Moving Towards A Robust Off-Ramp Partnership With Encryptus

The partnership between Liminal and Encryptus earmarks a significant step forward in secure digital asset custody, representing a shared commitment to pushing compliant practices while supplying institutions with easy access to convert their digital assets to fiat. 

For Encryptus, the opportunity to integrate with Liminal’s established platform presents a chance to reach a wider audience and scale their innovative off-ramp solutions to new heights. By streamlining fiat conversion within Liminal’s secure custody infrastructure, Encryptus gains access to a trusted network of institutional users seeking seamless and compliant treasury management.

For Liminal, this collaboration reinforces our dedication to partnering with companies that demonstrably prioritise clear governance and robust policy frameworks. By aligning with Encryptus’s stringent compliance standards, we reaffirm our commitment to building a secure and sustainable future for digital assets, where trust and regulatory certainty go hand-in-hand.

January 22, 2024

Hello world, it’s that time of the month when we share the biggest security breaches in the world of Web3 through our Security and Regulatory Newsletter. 

Liminal believes in optimizing security and custody practices globally across the Web3 industry. Through our Newsletter, we highlight security, regulations, and compliance incidents that have happened in the past month and how one can follow better Security practices to safeguard their digital assets. 

We will also highlight regulatory changes that might have happened globally, which were significant to the overall ecosystem.

Dive in and get a detailed analysis of everything security and regulation in the domain of web3 with Liminal’s Monthly Security and Regulatory Newsletter.

Web3 Security Compromises in January

Abracadabra exploited for almost $6.5 million, Magic Internet Money stablecoin depegs

The Magic Internet Money ($MIM) stablecoin has lost its dollar peg again, dipping all the way below $0.77 in a flash crash before returning to around $0.95.

The depeg appears to be related to an exploit of the Abracadabra lending protocol, which allows people to borrow $MIM. An attacker exploited an apparent flaw in the platform’s smart contracts to drain around $6.5 million.

Goledo Finance hacked for $1.7 million

Goledo Finance, an Aave-based lending protocol, was exploited through a flash loan attack. The attacker stole assets estimated by CertiK to be around $1.7 million.

Goledo Finance contacted the attacker to offer a 10% “bounty” for the return of the remaining assets. In a message on January 29, the attacker wrote: “I hacked Goledo and want to negotiate.”

Socket service and its Bungee bridge suffer $3.3 million theft

The Socket cross-chain infrastructure protocol was hacked for around $3.3 million in an attack that exploited its Bungee bridge. The thieves were able to exploit a bug that allowed them to take assets from those who had approved a portion of the system called SocketGateway.

A little over 700 victims were affected, and the highest loss from a single wallet was around $657,000. 121 wallets lost assets priced at more than $10,000.

On January 23, the protocol announced they had recovered 1,032 ETH (~$2.23 million) of the stolen funds.

Web3 Regulatory Practices for January

The EU Imposes Stricter Due Diligence Rules for Crypto Firms

On Jan. 17, the European Council and the Parliament came to a provisional agreement on parts of the Anti-Money Laundering Regulation (AMLR) that now extends to the crypto sector.

Under the new rules, cryptocurrency firms will be required to run due diligence on their customers involving a transaction amounting to €1,000 ($1,090) or more. 

However, the agreement isn’t final yet as it has to be first officially adopted by the Council and Parliament before the rules can be applied.

So, after the EU passed its landmark MiCA regulation last year, which clarified rules about cryptocurrencies, regulators are now targeting the space with tighter controls. 

While these regulations bolster security and trust in the crypto market, potentially attracting more cautious investors and combating financial crimes, they also present challenges. 

The US State of Virginia Introduces Digital Assets Mining Rights

Recently, the Virginia State Senate introduced Bill No. 339, which outlines regulations for the transactions and mining of digital assets and their treatment under tax laws. 

The legislation exempts individuals and businesses engaged in crypto mining activities from obtaining money transmitter licenses. Additionally, it protects miners from any discrimination. 

Issuers and sellers of crypto are also exempted from securities registration requirements if certain conditions are met. Moreover, those offering mining or staking services are not to be classified as “financial investment” but must file a notice to qualify for the exemption.

The bill further incentivizes crypto’s use for everyday transactions by offering tax benefits. Under this, up to $200 per transaction can be excluded from an individual’s net capital gains or gains derived from using crypto to purchase goods or services, starting from Jan. 1, 2024.

Key Takeaways:

  • Hackers continue to exploit vulnerabilities in DeFi protocols and cross-chain bridges, highlighting the need for robust security measures.
  • Regulatory frameworks are evolving rapidly, with stricter AML rules and supportive legislation for emerging technologies like crypto mining.
  • Staying informed about these developments is crucial for navigating the digital assets market safely and responsibly.

Stay #LiminalSecure

These events highlight the constant evolution of Web3 security and regulation. You can confidently navigate this dynamic landscape by staying informed and prioritizing security best practices. 

At Liminal, we’re committed to empowering institutions to unlock the full potential of digital assets without compromising security or compliance norms with our robust custody and wallet infrastructure solutions. Join us on this journey towards a safer, more accessible future for digital assets.

January 15, 2024

Find Out How You Can Benefit From A Fully Self-Custodial Wallet Architecture