Australian Senate Crypto Report - Recommendation 2 - Minimum custody standard for digital assets
The Senate Report into Australia as a Technology and Financial Centre comments on whether there should be government regulated custodial or depository arrangements for digital assets. While custodial and depository services are rapidly emerging for digital assets, many believe it is important they are subject to specific, regulatory requirements. Recommendation 2 states:
The committee recommends that the Australian Government establish a custody or depository regime for digital assets with minimum standards under the Treasury portfolio.
The recommendation reflects the need echoed by submitters for clear regulatory guidance in relation to custodial and depository services. While some choose to store their digital assets in a 'cold wallet' like a hard drive, there is always the potential of throwing out millions worth of crypto-currency. Third-party custodians allow for greater security and separation from ones own private keys as well as specialised insurance and protection.
Under current regulations, however, there is no specific framework for digital asset custody. ASIC's Regulatory Guide 133 Funds management and custodial services: Holding assets (RG 133) outlines minimum standards for asset holders to ensure they meet their obligations under their Australian Financial Services Licence (AFSL) but does not specifically catered to digital asset custodians.
The Senate Report seeks to build on Australia's well-established custodial services infrastructure which currently holds approx. AUD$4 trillion in value. Some submissions suggested a combination of the existing foundations, law, and policy, including RG 133, allow for adequate custody at present. Those familiar with the attributes of private keys understand the capacity, capability and resource requirements and that the key difference between digital assets and others, when custody is considered, centers on control of private keys.
Other argued that a separate set of standards and licensing requirements for businesses should be deployed with a minimum standards that any company dealing in the custody of digital assets would have to follow. ASIC's consultation paper 343 (CP343) offers sensible technological guidance including that:
specialist expertise and infrastructure should be used for digital asset custody;
segregation of crypto assets on blockchain should be used;
private key generation and storage should occur in a way that minimises risk of unauthorised access;
multi-signature or sharding based storage should be deployed;
practices for receipt, validation, review, reporting and execution of instructions should be used; and
robust cyber and physical security practices be put in place.
Ultimately, the report found that digital asset custody arrangements present unique risks not analogous to traditional assets, principally the risk of exposure of private keys and speed with which digital assets can be moved. The introduction of a regulated framework for custodial or depository companies, if it adopts the best practices developed by existing digital asset exchanges, will likely enhance consumer confidence, help reduce the risk of exchange collapses, encourage investment and help spur on Australia's already significant custody industry.