As a business leader evaluating digital asset wallet and service providers, it’s important to understand the deeper implications of each wallet custody model and ensuring your wallet provider is compliant and adheres to best practices.
Whether you’re an established enterprise, a new startup, or traditional finance institution, this guide offers a foundation for understanding different wallet types and service providers, highlighting each of their distinguishing characteristics to help you determine which custody model works best for your digital strategy, and the considerations to keep in mind when selecting digital asset wallet services.
Wallet Types and Providers
Each wallet type and wallet provider has different characteristics. Below is a terminology of the key players in wallet security and roles.
- Custody technology service provider refers to a digital asset wallet service provider that provides a technology or software solution for the creation, administration and security of digital asset wallets. Fireblocks is an example of a custody technology service provider.
- Business refers to the contracting party with either a custody technology service provider or a subcustodian. A business may contract with wallet providers to enable a variety of use cases, ranging from the administration of their own assets (i.e. treasury management) to the “white labeling” of wallets to provide services to their own end-user customers (i.e. retail custody).
- End-user refers to the customer(s) of the business. Th end users may have a contractual relationship with the business but they rarely have a direct contractual relationship with the wallet service provider.
- Subcustodian refers to a wallet service provider that offers custody or safekeeping services on behalf of the business and/or the business’ end users. Subcustodians usually control business wallets and assets, whereas a business that use a custody technology service provider controls their own wallets and assets.
The following table outlines the three main wallet and custody types and the common service provider characteristics.
| Wallet and Custody Types | Service Provider | Defining Product/Service Characteristics |
|---|---|---|
| Non-Custodial Wallet or Embedded Wallet | Custody Technology Service Provider | The end-user is in sole possession of key material sufficient to control the wallet and initiate transactions. The end-user cannot be permanently blocked from initiating transactions and no other party can initiate transactions on the end-user’s behalf. The business designs and operates a wallet-based business for its end users. The custody technology service provider designs security features, blockchain integration, and offers support. |
| Direct-Custody (aka Self-Custody) | Custody Technology Service Provider | The business is in sole possession of key material sufficient to control the wallet and initiate transactions. The custody technology service provider designs security features, blockchain integrations and offers support. |
| Subcustody | Subcustodian | The subcustodian is in possession of key material sufficient to control the wallet, initiate transactions at the direction of its business, and can permanently block the initiation of transactions or seize the funds. The business issues directions to the subcustodian. |
Market Segments and Wallet Suitability
While every business has different needs, in our experience, certain wallet types and service providers are better suited to certain use cases than others.
In this section, we connect common market segments for wallet services to wallet custody types and explain why certain businesses adopt these wallet types more frequently than others.
| Wallet & Custody Types | Popular with | Rationale |
|---|---|---|
| Direct Custody (Custody Technology Service Provider) | Asset managers, licensed financial institutions (banks, fintech, etc.), broker-dealers, market makers, digital asset exchanges, public sector entities and FMUs | Often, direct custody is overwhelmingly favored by active traders and asset managers because it combines security and transaction initiation and settlement speeds. Direct custody also substantially mitigates counterparty risk. Direct custody is an attractive solution for licensed entities of any kind. When provided by a reputable custody technology service provider, direct custody solutions can be integrated into existing back-office operations and offered with licensed financial products and services. |
| Non-Custodial Wallet or Embedded Wallet (Custody Technology Service Provider) | Gaming, B2B and B2C Web3 applications ( incl. NFTs), marketing agencies | For businesses primarily seeking to enable their end users to interact with native Web3 blockchain technologies like non-fungible tokens (NFTs) and smart contracts, non-custodial wallets may be the preferable offering because this solution allows the business to retain a high degree of control over the design of the end users’ digital asset interactions without putting the business itself into the chain of digital asset custody. Non-custodial offerings can also be a compelling solution for fintechs and other retail-facing financial service providers because they allow the business to offer increased transparency and control for end users while reducing end users’ counterparty risk vis-a-vis the business. |
| Subcustody (Subcustodian) | SEC-registered asset managers, “cold” storage use cases | Some market participants, like large, SEC-registered asset managers must hold customer assets at a qualified custodian. Subcustodians operating under the relevant licenses may be a suitable solution for this segment. For businesses that are not under a legal obligation to work with a qualified custodian, Subcustody can still be an attractive option for a variety of reasons, including the regulated nature of such entities. The ability to outsource digital asset operations to a trusted third party may also be a preferable solution for new market participants or those with limited initial use cases. |
Key Considerations for Assessing Service Providers
Three critical considerations exist for any business assessing a wallet solution and service provider.
Understanding how wallet products and custody service providers perform against each factor is essential to understanding the type and extent of risk in the selection process and will help you make an informed business decision.
The identity of the digital asset custodian
Why is it important?
The identity of the digital asset custodian is a critical factor for at least three reasons:
First, the digital asset custodian may incur licensing obligations if it is holding assets belonging to third parties. If the service provider has control of wallets but has not acquired the relevant licenses, the service provider could be operating in violation of applicable law. This not only exposes the business to reputational risk, but it also raises questions about whether or not the service provider is fit to operate a business model that may have unmet licensing requirements. It could also complicate the relationship with the business and its end users in ways that are difficult to predict unless the custodian’s identity is known.
Second, the party responsible for controlling the wallets is also likely to be the party best positioned to implement appropriate risk mitigation and control measures. Any degree of confusion as to where this responsibility lies is likely to result in risk exposures. Understanding who controls the assets is critical to managing the risk of using a digital asset wallet product.
Third, all subcustodial arrangements entail counterparty risk because a third party controls the assets. With reputable subcustody service providers, this risk is often well within the tolerance of their clients, and the risk may be deemed lower than for competing solutions. When the custodian’s identity is unclear or unknown, the business and its end users may be incurring unacceptable levels of counterparty risk, including exposure to insolvency scenarios. Identifying the custodian is a critical first step to assessing whether the counterparty is present in the relationship and whether that risk is tolerable.
Things to consider
The digital asset custodian is the party that holds the key material sufficient to control the wallet(s) and initiate transactions. In scenarios where multiple key shares are distributed among the service provider, business, or end users, there will likely be a controlling key share. In most cases, the possessor of this controlling key share is the custodian. Potential customers should take steps to understand which party will hold the key material sufficient to control the wallet and assess and, using the table below as a guide, ascertain whether any red flags exist.
Operational resiliency
Why is it important?
In the digital asset context, operational resiliency encompasses cybersecurity controls and more traditional concepts of operational risk mitigation. For subcustody models, operational risk failures can result in service disruptions such that the business may be unable to access or move assets. For the business leveraging custody technology service providers, robust cyber and operational risk controls indicate a secure product and reliable service.
Things to consider
Many subcustodians are licensed and, therefore, likely subject to regulations mandating a certain degree of operational risk controls. Businesses should seek to understand the operational controls mandated under the relevant licensing regime and assess whether the custodian has adopted heightened or tailored risk measures. Failure to meet supervisory examination standards should be a red flag.
Custody technology service providers are usually regulated differently than licensed custodians. However, this is starting to change as regulators in leading jurisdictions worldwide acknowledge the critical infrastructure role of such service providers and consider introducing standards. Such standards, if adopted, will likely place operational and cybersecurity risk mitigation and control obligations directly on custody technology service providers. Until this becomes formal practice, businesses of custody technology service providers should ask what steps the service provider has voluntarily undertaken to ensure service continuity and cyber resiliency, including whether the service provider has obtained certifications from reputable international standard-setters.
Counterparty risk, business continuity and asset recovery options
Why is it important?
All service providers should be held to a high standard for business continuity and asset recovery. As illustrated by recent events in the digital asset markets, a business’ digital assets can be lost or impaired, including due to negligent mismanagement by operators, criminal wrongdoing, or even lawful insolvency proceedings.
In the case of FTX, many early digital market participants created their own custody solutions for managing end-user assets, ultimately demonstrating not only the technical vulnerabilities of these solutions but the real risk of asset misappropriation in terms of financial distress. Of course, hacks are an ever-present problem, likely exacerbated by sub-standard wallet and key management solutions. Finally, as has been the case with Celsius, even properly secured digital assets have become subject to lawful insolvency proceedings, leaving end users with uncertainty on the timeline for recovery and the amount they can recover.
These risk events may be rare, but their potentially profound impact underscores the need for selecting a service provider that has carefully prepared for the transfer and recovery of customer assets.
Things to consider
Potential businesses of a wallet service provider should ensure that the service provider has contingency plans for a range of adverse outcomes. At a minimum, the service provider should have controls to prevent or mitigate insider misappropriation and credible plans for transferring of customer assets in the case of a significant service disruption or insolvency event. In addition, service providers should offer options for the backup and recovery of key materials to mitigate against inadvertent loss. Service providers that cannot meet these criteria may have significant risk vulnerabilities, even with low probability.
Summary of Key Considerations and Red Flags
The table below summarizes the key considerations discussed above and highlights potential red flags for each wallet type and service provider.
| Wallet & Custody Types | Key Considerations and Potential “Red Flags” |
|---|---|
| Non-Custodial Wallet or Embedded Wallet (Custody Technology Service Provider) | Consideration: End-user holds the controlling key share. Only end users should be able to initiate transactions. 🔴 Red Flag: The service provider advertises as non-custodial, but possesses key material sufficient to allow it to access wallets and initiate transactions. The service provider may be deemed a type of custodian and found to be operating without a required license. 🔴 Red Flag: The service provider can unilaterally block transactions or freeze accounts. This is evidence that the service provided is custodial and, therefore, may require a license to offer the service. The consequences of detecting any of the red flags described above are serious. The service provider may be operating outside of compliance with applicable law of the service. This may also negatively impact businesses of such service providers and their liability for services provided to end users end users. |
| Direct Custody (Custody Technology Service Provider) | Consideration: The business should hold the controlling key share to initiate transactions. 🔴 Red Flag: The service is billed as direct custody or self-custody, but the service provider possesses key material sufficient to allow it to access wallets and initiate transactions. The service provider may be operating without a required license. Consideration: The custody technology service provider demonstrates the adoption of robust cyber and operational risk controls. Ideally, the service provider can demonstrate compliance with emerging international standards. 🔴 Red Flag: The custody technology service provider cannot produce evidence of adopting operational risk controls, has no periodic audit/pen testing process, or has not been certified by relevant international standard setters. Consideration: The custody technology service provider demonstrates protocols for asset migration and recovery. 🔴 Red Flag: Insufficient or unclear planning for insider risk mitigation, transfer of wallets, and release of funds in the case of insolvency or critical disruption in service. 🔴 Red Flag: Insufficient backup and recovery processes. |
| Subcustody (Subcustodian) | Consideration: The licensing framework of subcustodians may not be suitable for digital asset management or customer business requirements. 🔴 Red Flag: Service is offered without a license and/or insufficient licensing. 🔴 Red Flag: The license obtained in a less than reputable jurisdiction. 🔴 Red Flag: The licensing framework is ill-suited to digital asset custody, raising security concerns. 🔴 Red Flag: The licensing framework places activity prohibitions on the subcustodian such that service is not suitable for the desired business purpose. |
Understanding the market for digital asset wallets is a foundational step for all businesses operating in the digital asset space. It is more than just selecting a custody solution; it involves understanding various custody models, their nuances, and their distinct implications. Companies must be vigilant in their assessment of these providers and potential risks. Recognizing red flags and ensuring that your service provider adheres to relevant regulations minimizes potential legal pitfalls and reinforces the security of your business’s digital asset strategy.
To learn more about Fireblocks Wallet-as-a-Service and discover how to scale wallets without sacrificing security.
Disclosures
Fireblocks does not offer legal, technical, or other professional advice. None of the foregoing is intended to be, nor is it authorized for use as, a substitute for the knowledge, expertise, and judgment of a competent professional in the relevant field. If you need such advice, please seek the independent assistance of a professional advisor before taking any action regarding this content. For the avoidance of doubt, and without limiting the foregoing, it is your express responsibility to determine the suitability of any particular wallet or wallet provider according to your own criteria and to consult your own legal, technical, tax, accounting, and other professional advisors.
