In July 2017, our client became the first Swiss private bank to merge traditional banking with the innovative world of blockchain and offer custody of digital assets to its clients.
CHALLENGES AND GOALS
When a Swiss-based private bank set out to capitalise on business opportunities that were emerging in the crypto assets market, it knew there was a large gap to be bridged.
For starters, securing crypto assets differed from safekeeping of traditional assets, and it required new methods and technology. Contrary to traditional assets, with crypto assets ownership of the private key is equivalent to ownership of the assets. Compromise of the key can result in total and irrevocable asset loss. As such, secure key management is crucial.
Another hurdle was struggling to keep the pace with regulatory obligations. Compliance demands started to increase. Regulators requested the bank be able to provide segregated accounts for its clients and on-demand audit trails. In addition, the bank had to back the value of crypto assets with 800% in fiat to cover potential market/credit risks.
And at the time, one of the major obstacles our client faced was a lack of banking-grade wallet solutions on the market. The commercial wallets the bank was using were both time- and effort-consuming. Signing of transactions would take around half an hour to complete due to the manual approval workflow from cold to hot wallet.
To overcome these obstacles and offer premium digital asset custody services for its clients, the bank needed a banking-grade solution that provided critical factors such as:
● Keeping assets secure while also preserving liquidity and speed of fiat at the same time.
● Providing segregated accounts for each client as well as reconciliation, settlement and audit trails to fulfill regulatory demands.
● The ability to be easily tied to its existing systems and processes.
Choosing the solution:
To achieve this, the bank partnered with RIDDLE&CODE.
EASY DEPLOYMENT AND INTEGRATION
In cooperation with our client and using the combination of hardware and software, we were able to develop an innovative digital asset custody solution supported with a set of advanced features and functionalities. The solution was integrated on-premise and consolidated with the bank’s existing workflows and infrastructure.
SECURE YET FLEXIBLE STORAGE FOR KEYS
To secure keys, R&C provided the bank with dedicated and highly secure FIPS 140–2 Level 2 validated hardware devices and secure multi-party computation technology.
Secure multi-party computation (MPC) is a subfield of cryptography that enables parties (or devices) to cooperatively compute a function over their data without revealing it.
When it comes to key management, MPC has clear benefits, including:
● Removing the need for trusted third parties to keep data safe.
● The ability for users to keep data within their internal firewalls.
● Eliminating the need to make compromises between data usability and data privacy/security.
● Meeting regulatory compliance requirements for cross-border transfers.
When signing a transaction, keys are distributed between multiple dedicated hardware devices, removing the vulnerabilities of a single point of failure architecture.
FULL REGULATORY COMPLIANCE
Next, we mapped the crypto custody accounts and linked them with the bank’s existing internal customer accounts, so it was able to create unlimited custodial wallets from a single platform and achieve full account segregation.
This meant that the bank didn’t have to back crypto assets with fiat. We also integrated standardised APIs so the bank could implement external services for AML and KYC compliance purposes.
Ultimately, the bank eliminated the time-consuming need for managing hot and cold storage separately by implementing Trusted Node (TN) and distributed Signature Devices (SD) architecture.
*Trusted Node is a dedicated on-premise device used to create, orchestrate and broadcast crypto transactions.
*Signature Device is a separate physical device that handles the identities to access, initiate and sign the potential release of funds stored in the wallet.
*Admin Device is a separate physical device required to access and manage all settings and policies.
*Policy Engine is a set of rules defined by the customer to govern the transactions and how they are executed.
*Web Interface is a dedicated interface hosted in the Trusted Node that enables full control of all operations.
Backed with RIDDLE&CODE’s Digital Asset Custody solution, this private bank can provide its clients with regulated, secure and convenient banking solutions for crypto assets.
The bank was also able to increase efficiency of its operations with faster transaction signing (crypto-related transactions can now be processed in less than a minute), elimination of separated hot and cold storage and the ability to easily deploy new wallets.
The bank is currently offering a wide range of blockchain and crypto-related services in line with strict regulatory requirements, such as AML/KYC laws, and can provide audit trails/reconciliation on demand and in real-time.