Pep Pods from Cummings Pepperdine

WEBINAR: How to reduce Digital Asset Risk for Investors and Traders

Claire Cummings

Recent events have demonstrated only too clearly what we all know - that for the crypto market to succeed, all players need to have passed robust vetting processes. This applies to both sides of every trade.

In our webinar we explain how to build vetting into your structure, from set-up to trading and onward.

Join us and learn how to protect your business and your profitability. Essential listening from Cummings Pepperdine.

Live recording made  on 22nd March 2023 with co-hosts Doug Schwenk, CEO at Digital Asset Research, and Alex Royle, head of regulatory Afairs and compliance for EMEA Galaxy.

--------------------------------------------------------------------------------

Cummings Pepperdine provide relationship-based holistic solutions linking law, tax and FCA compliance. Specialising in these three key areas allows us to offer clients a wide breadth of assistance to cater to their core business needs.

Visit https://cummingspepperdine.com for more information.
For a transcript of this episode, please click here.

Cummings Pepperdine is a unique leading legal advisor on crypto and alternative assets, advising a large and diverse global client base and the only firm to provide a complete solution building on the three key areas of law, tax and FCA with legal underpinning at every point.

Visit www.cummingspepperdine.com

Claire Cummings [00:00:05]: Well, first of all, thank you very much for joining us. So let me go back to talk about reducing risk and doing that via vetting. So Digital Asset Research are kindly here to tell us, talk us through vetting processes, and Galaxy is here to give us Tales from the Front Line. So perhaps I could just ask Doug from Digital Assets to Research to introduce yourself. Doug?

Doug Schwenk [00:00:48]: Thanks Claire. Nice to be here. I'm Doug Schwank, CEO of Digital Asset Research, and we're a specialist provider for institutional clients of market data, vetting and research products.

Claire Cummings [00:01:01]: We also have Alex here from Galaxy. Alex, are you able to say a few words to us about who you are and about Galaxy?

Alex Royle [00:01:10]: Yeah, sure. Lovely. Thanks Claire. My name is Alex. I head compliance and rig affairs for Galaxy across EMEA. Galaxy is a large B to B bank. Effectively, we run trading digital everything in digital assets. We run trading asset management, investment banking services across the web. Three digital asset space.

Claire Cummings [00:01:34]: Perfect. So let's crack on then, because I think that between the two of you, you're going to be able to give everybody some very useful insights into the risks that can arise, how vetting can deal with them, and some sort of tales from the front line. Let's move forward with our slides. Here. You'll see we have eleven slides, but don't worry, there's going to be very little talking from me. There's going to be mainly talking from Doug and Alex as they are the people who are right at the heart of the industry. Just to set the scene, we've put together a slide and if everybody's happy, let me know. If you're not, we'll send out the slides afterwards. I don't intend to go through all of this, but what you can see is that there remains a large amount of fraud within the crypto world. And I'm assuming that everybody who's here listening today wants to stop that fraud. Nobody wants to be part of it themselves, and certainly nobody wants to be fined and find themselves in trouble with the law regulators. You can see there are some fairly large numbers there. So what we're here to talk about is how when you're setting up a fund, the things you need to consider and then how vetting will deal with that. Just very briefly, when you're setting up a crypto fund, it's actually much the same as setting up any other fund, a hedge fund or a VC or PE fund. But there are certain specific nuances that really are relevant that you need to consider. Now, the first one is the custody of the assets. How are you actually going to hold your crypto? Is your wallet going to be hot, cold, whatever. And what about the person that holds it? Are they safe or are they likely to commingle and go under? And the same with the exchange. Is that exchange a regulated exchange and regulated by UK, European or even American regulator? Or is it one that you haven't vetted? And again, it could cause you great trouble if anything goes wrong with it. Now, these are only two of the types of risk factors that you need to include in your fund documentation and the sector on risk factors is very important and it does need to be specific about your actual product and the risks involved in your trading strategy and the types of crypto and assets you have. And remember that the investor types that you'll have in this kind of fund are non retail, so they will be able to read and understand all the risk factors and they should be there for full disclosure to investors, knowing that they are sophisticated and have this understanding. But what about the vetting? So at the very start of the process, it's wise to begin vetting all elements of your fund so that you protect yourself and you protect your clients both together. Maybe when we move to this slide you could tell us a bit about what you get up to in vetting and I could ask Alex to join in with tales from the front line and what he's seen and we can start a conversation that would be very useful for everybody who's listening to us today.

 

Doug Schwenk [00:04:45]: Yeah, so this slide, we're just really trying to frame some of the problems that exist in crypto that we're not as familiar with in traditional finance. We can all remember the financial crisis of 2008. Trusting your counterparties was a problem then in traditional finance. It remains an exaggerated problem in crypto because of the nature of the space. And some of those considerations are that the firms you're going to interact with are often unregulated or very lightly regulated, so there's no one looking over their shoulder from a regulatory perspective or if someone is, that regulator may be less sophisticated than we see in traditional finance. A lot of these service providers are firms you won't have heard of because they're startup ventures often run by people who don't have as much experience in traditional finance. And there may be varying levels of maturity and sometimes it's difficult to determine if a firm is immature or if there is bad behavior or both, as we saw with Ftx. Certainly immaturity as well as bad behavior. And crypto brings new types of risks that we haven't seen for a long time in traditional finance, such as the bearer nature of the instruments. If someone has your crypto keys, they can take possession and it may be very difficult or impossible to retrieve those. And the sort of final point that I would make on the nature of the space is don't trust the reputations or reported numbers that got a lot of people in trouble with Ftx as well as some other firms. It is not uncommon for some firms in the crypto space to report numbers that are made up or represent a false reality.

Claire Cummings [00:06:53]: Yeah. So the due diligence that you do yourself at the very start of the vetting and all the people involved is going to be absolutely key because it's only through thorough vetting that you can really trust the various players in this. Alex, can I ask, in your role of compliance with Galaxy, which is a large multinational operation, how do you generally first approach vetting the different players that you come across and making sure that you're doing everything you can to stay within and above the anti money laundering requirements and also just taking sensible steps?

Alex Royle [00:07:34]: Sure. I think the first thing to say about Galaxy is that we actually take a very traditional approach to risk management, to governance, to conflicts of interest management and internally. And we sort of expect similar of a lot of the firms that we sort of engage with, a lot of our counterparties and a lot of our clients kind of take a lot of substance from the fact that if they come to Galaxy, they get a very similar experience from us as they would if they went to any bank in the kind of the traditional space. And so we look at the same sort of risk and we look at the same use, the same sort of language and things like that when we go in and vet some of our counterparties. And I think the first point made here about the unregulated or lightly regulated space is a really interesting one. I think crypto is actually fairly well heavily regulated, but just not in the same way that a lot of people might assume. And it comes down to that sort of point about reputation and published numbers. I think a lot of people kind of get unstuck because of assumptions that are made. So crypto is very heavily regulated for AML and under the Mlr regime and for the money laundering and a lot of people extrapolate from there towards when they start sort of dealing with an exchange that might be regulated for crypto. They think the activity of the exchange might therefore be regulated like an incumbent exchange in the kind of the traditional side of things. And I think the regulatory framework globally isn't there yet. So I think from a very first principle point of view, you need to be very aware of what we actually mean by regulation and what regulation in each of the jurisdictions you're looking at actually means as well, because we know Ftx and the Bahamas. And whilst that is something that is playing out in real time, so we're pretty clear we know what happens down there. But we don't want to make any assumptions yet, is that they were regulated in the Bahamas under the Bahamian Dare Act. The thing is that you have to go and understand what is the Bahamian Dare Act? What does that look at?

Claire Cummings [00:09:54]: And I think that's particularly pertinent for this webinar because for everybody listening, we're going to provide you with the kind of details you need for the UK and actually the EU, because the legislation here derives from EU legislation as we go further on in the webinar. So, Alice, I guess what you're saying as well is that when you take a traditional view, so you take the kind of line that banks do and some because then you're applying that to what the crypto world is and the fact that not everybody in crypto is a bad actor, but there are some inherent risks. Start from an institutional point of view and go from there.

Alex Royle [00:10:40]: I think that's right. I think the broad theory that I sort of have, and I know a lot of my colleagues over here at Galaxy is there's no such thing as tokenomics, it's just economics. And in kind of the same way with this, there's not really too much new and novel risk here. There are new and novel delivery channels for similar risks. But fundamentally, a lot of the risks that we try and mitigate in the system, in the crypto system, exists because of sort of a lack of a regulatory framework in order to mitigate those risks before you get to the point. And so I think that's kind of what we're talking about here. We're not trying to sort of re underwrite new science or re underwrite a completely new risk frameworks, we just need to use the existing ones that we have and understand how risk is delivered.

Claire Cummings [00:11:29]: That's very interesting point, because there may be areas where there isn't any regulation, but that doesn't mean to say that there isn't any legislation. And again, it's something that as we get towards the end of the webinar, we'll talk a bit more about that. So people are aware of the types of legislative requirements that apply across the board, regardless of it just being crypto. So when people say it's unregulated, it's Wild West. Well, I think it's best an element of that. But even when there is no regulation, you have to remember there is legislation. So, moving on then, to our next point, we've talked a bit about custody and the importance of custody and we talked about that the very first slide and the need to do vetting. I would say there are a few things you need to consider here when you're setting up a fund and also if you're investing, making sure that's in there, I think it's important that the custodian is independent. So this might seem blatantly obvious, and it comes from Tradfide, but it is important, and it should be in a jurisdiction which you feel you can go to to get assets back if something goes terribly wrong, if the entity holding those assets either commingles when they shouldn't or goes under. Even though you may find that your contracts are under UK English law, which is a great help because the English courts are really not keen on any kind of crypto fraud, the jurisdiction you get them back from may be more difficult. So a credible jurisdiction and have a look at whether the custodian in that jurisdiction is required to be either regulated or registered. And I say registered because under the Fifth money laundering directive, the FCA registers crypto wallet providers and exchanges rather than regulates them. But it is slightly different in different areas. And going back to my point before there may be regulation or registration, there may not, but there will always be legislation to do with fraud, money laundering, criminal activities, and the legislation has to be complied with as much, possibly more than any of the regulation or registration. So then, looking at vetting the custodian now, it's obvious, isn't it, this is really key because the custodian is holding your assets. So it's really key that you know that that custodian is safe. So, Doug, maybe I could ask you to run through the issues that you look at when you're vetting. And then Alex, come in and talk about give us some stories from the Galaxy side of how this works for Galaxy as a practitioner. So Doug, over to you.

Alex Royle [00:14:21]: Thanks.

 

Doug Schwenk [00:14:22]: When we're vetting a custodian for a client, we do look at a number of things beyond this list. But certainly the things that you mentioned around what is the regulatory overlay, what regulation applies? Are they being regulated by a credible body? What jurisdiction are they in? What's their financial health? What insurances are in place if there is something that happens, are accounts segregated? Do they have the right internal controls to prevent internal fraud or other types of risks? And then what's the management experience and expertise? Do they have the skills to pull off custody of a financial asset, let alone a crypto asset?

Claire Cummings [00:15:10]: Yeah, and I think possibly actually that ties in quite nicely. Would you really trust that much money to such a young man? How much experience and expertise did he and his team actually have? It's one of those key things that seems so obvious, isn't it? But I think it's quite easy in a relatively new asset class to believe the hype. One thing that I talked about and you talked about as well, Doug, is jurisdiction. We've had a question from Conrad what is or isn't a safe jurisdiction? I would say look at the go from the OECD list to start off with and also then find out what regulation is in place in the jurisdiction of that custodian. Alex, perhaps you could tell us about what you look for in custodians and the jurisdictions that you would consider those, where actually the custodians regulated assets are segregated. And if you take action, you've got a chance of maybe getting some of your crypto back if things do go very badly wrong.

Alex Royle [00:16:26]: Yes, I think it's great. From Conrad is also a very, very difficult one. I think a lot of that point comes down to what you really mean by credible. There's kind of two meanings of that in crypto, I sort of understand. One is there's this traditional kind of understanding which is, is it a good jurisdiction, what is the underpinning insolvency law, the trust laws and everything that you might use. But then from a crypto point of view, you have to look at credibility from the how realistic is the legislative framework for us to be able to run a business in? If you look at some of what's going on in the US. At the moment, arguably the US. Has one of the most credible regulatory frameworks, but it's incredibly difficult to be a crypto company in the US. At the moment. So does that make it credible from a crypto point of view? So you need to kind of think about the operational element of kind of running a crypto business and to the point here about what would we look at when we consider custodians. I think all of those points make absolutely perfect sense, but you also need to kind of take a view as to how you're going to use the assets under custody. So in one way, if you're looking at the spectrum of cryptocurrency and you have kind of the cold storage offline kind of side of things at one end of the spectrum and on the other side you've got the hot wallet, we mentioned that before, where your assets are instantly retrievable. Well, if you have a high turnover of assets, then you're going to lean.

Claire Cummings [00:17:53]: You need those to be hot, don't you? Because you can't start running into it to and from an off site secure storage premises. It's very much a question of what do you want to do with your assets? Do you want to buy bitcoin bitcoin and simply hold it until we get the next halving? Or are you actually a very active options trader and you're hedging by holding the underlying, let's say, Bitcoin or ether?

Alex Royle [00:18:24]: Exactly. So if you need to move collateral around if you need to move collateral around exchanges in order to get different price, in order to get access to different prices and various elements of price discovery, you need to be mindful. So you need to draw a very fine balance between the right level of security and the right level of kind of certainty that you have, but also the right level of operational requirement that you need in order to deploy those assets in alignment with the investing policy of the fund.

 Claire Cummings [00:18:54]: Yeah, it's very different for a lot of people. Deborah, thank you very much for putting that question in. I hope everybody can see it. And I would also say that at the bottom. You mentioned Deborah Sabalot Dean. So yes, what can I say? You are one of the most respected authors here. So, yeah, those are very useful links. I hope everybody can see them, but if not, please say. Right, so we've talked about the custodian, not the only people, of course, or the only entity that is regulated or has legislation that's applicable to it. Now, coming to Pepperdine, we are English lawyers, so we're going to look at the UK legislation here. But there is, as I said, an overlap with European member states, those who are still member states because of the nature of the genesis of a lot of the regulation. And the first bit here is the money laundering rules. Now, the two people who are caught by money laundering rules are those who are acting with crypto assets and they're exchange providers and or their wallet providers. So these people and we'll talk later about what those exact activities are, but I would just say here that exchange should be seen as sort of a verb as well as a noun. Those people have to be registered and these are the UK rules on registration. But there's also legislation, and I think that as well as considering the money laundering legislation, also remember that there's legislation in the UK on the proceeds of crime and if anybody is caught pocketing the proceeds of crime, even unwittingly, they may themselves find themselves subject to criminal action and police investigation. And also remember directors liabilities. Now, if you're a director of a company, then at first glance you will be protected because you are a director. And as long as you're obeying by the rules and you're discharging your duties correctly, then you'll have a protection from liability. However, there are some instances which the corporate veil or the protection of a company can be stripped away. And this applies particularly where the FCA can see that a company is doing something with the directors, knowing that it's happening, which is in breach of UK regulations. So all directors have to be very careful, no matter what they're doing. Conrad I'm sorry, if you can't see the links, what I'll do is make sure that when we send round the slides at the end, you'll also see the links that Deborah has sent us. And then Hadley, just quickly, just going back to what we're talking about before, I think you're right. There is an element of where you say that OECD lists are dangerously skewed. Well, I think you're right about you're right about skewing to a certain extent. I think that's why you can probably look at jurisdictions initially to cut down areas where there may be problems. For example, I wouldn't want to have a custodian in China because if something goes wrong, you're fighting the Chinese government and I don't think you're going to win that. So it is a question of doing due diligence on jurisdictions as a whole. On both the legal side, the regulatory side and also the common sense side. Now, I thought I'd talk to you a bit about crypto asset exchange providers. I don't want to spend too long talking about the law here, but I think it is important because it's something we've discussed earlier. And the key thing I would say is what I've got at the bottom here. Now it's quite obvious if you're exchanging fiat for crypto, crypto for fiat or crypto to crypto generally what you're doing. So if you're the person who's exchanging, you know what you're doing. The tricky bit is whether you are somebody who is arranging or making arrangements with a view to the exchange of crypto and so on. Now this is something which has been discussed within government, within the FCA. Nobody is entirely certain at what point you get that first step, which is the first step of arranging. So is the very first step of talking about setting up the ability to arranging? No, I don't think it is. But where in the chain of all the actions does it begin? And this is quite a tricky one and if anybody is interested in talking about this in more detail then please do get in touch. It's slightly easier I think when we come to talk about the wallet providers.

Alex Royle [00:24:11]: Could I just add on to that because it's a really important point but I think the way that we kind of look at it, and certainly the way that I look at these things is to extrapolate the same language is used in Fisma.

Claire Cummings [00:24:25]: It is specifically the Regulated Activities Order. Yeah, and there's also another part of the FCA handbook which deals with arranging which has nothing to do with fisma. But again, we get these bits of guidance, don't we? Yeah, exactly.

 

Alex Royle [00:24:40]: So I think generally, if you were to take a view, if you're looking to sort of set something up, I think you're exactly right. There is some ambiguity there, and that will tend to play out through any kind of regulatory process. But something to anchor to, looking at the definitions in perg, going through those, which is the perimeter guidance handbook of the FCA, and looking at the way that it's determined for securities or specified investments, I think that's a very solid starting point.

Claire Cummings [00:25:15]: I agree, it certainly does give us that. I think that if anybody were arguing with the FCA, it would be very difficult for the FCA to say, well, no, we've been saying this for years to do with other types of investment. And it will apply to a token, which is a security so it's a type of crypto asset, but is regulated under Fisma and the Regulated Activities Order. And therefore but all the same, we're going to make it slightly different for crypto. It would be very difficult for them. But there does remain at the same time this ambiguity. And having spoken to the FCA they have said to me themselves that they're not really sure where it starts. So I think you're absolutely right. Anchor yourself in that and you're as safe as you can be, but just have just have an eye on the changes and any potentially capricious action as well. And then, as I say, the wallet providers, it's very much easier here because if somebody is really sort of holding your assets to safeguard them or safeguard and administer and you kind of know what you're up to there. If we go back, actually it's quite interesting, Alex, we were talking about anchoring ourselves in Fisma and the Regulated Activities Order and the definition there of being an administrator is actually twofold here, the custody custodian and administration. Rather here we just have just safeguarding. So you see a slight divergence, but I think that is really to do with the nature of the assets. One thing I quickly say is that if anybody uses multiparty computation, then the holding of shards for safekeeping by a third party isn't caught by that. That's because then there isn't a service really of safeguarding. It's just akin to giving somebody the front door keys to your house and saying, can you just keep them in case I lose mine? Alex, what have you found when looking at custodian wallet providers? And do you use secure multiparty computation or your clients in any of the activities you're involved in?

Alex Royle [00:27:39]: We use a variety. I think the core sort of heuristic is diversity is king, right? So I don't think you never put all your eggs in one basket and that kind of also aligns with the technology that you might use to secure something. So I don't think we don't particularly have a view that one is any better than the other. It comes down to the individual service.

Claire Cummings [00:28:05]: As well, doesn't it? Yeah, it comes down to the individual leads of what it is that you're trading, what your investment strategy is. It's quite a sort of personal commercial choice.

Alex Royle [00:28:16]: But I think going back to what we were saying before about you need to weigh up the requirement for security and to be able to deploy any duty that you have on behalf of kind of investors with the ability to actually use the assets and use the assets in an appropriate appropriate way. I think the interesting point here as well around administration is that to your point, if you would administrate without safeguarding, then you are completely outside of outside of scope here. And also there's no concept of arranging safeguarding.

Claire Cummings [00:28:54]: The arranging has been taken away. There's less ambiguity with this definition, isn't it? It's very clear about you're just safeguarding all you're safeguarding and administering. There's no arranging and pure admin court. So that's like heart back to the definition of custody and administration and Regulated Activities Order, but a bit of a change. And also remember this has a European birth, whereas the Regulated Activities Order really is a domestic legislation. The same themes are carried through, aren't they? So with that sort of quick trot through what a crypto exchange provider is or may not be, and also what a custodian wallet provider is, doug, could we turn to you now to walk us through all the vetting of a crypto exchange provider?

Doug Schwenk [00:29:58]: Yeah. So when we vet exchanges for clients, we do think about a couple of important things, especially in less regulated jurisdictions, but looking for evidence of data manipulation or persistent market manipulation in the trade and order book data of the exchange. And we see in some exchanges that they are creating transactions that didn't happen. And we see on some exchanges the allowance or the encouragement or the lack of discouragement of market manipulation, which can be, for example, wash trading and similar activities. We look at the compliance infrastructure to prevent future manipulation. So ensuring that that infrastructure is in place, policies, surveillance tools, staff that are knowledgeable, do they actually kick out clients that are doing bad things? We look at things like best execution fees, margin policies, reserves, and really all of the things that we look at with a custodian, because you're likely going to need to put assets on the exchange in order to trade them, and so you're going to be subject to the similar risks as a custodian or at least for some period of time.

Claire Cummings [00:31:27]: Got you. And Alex, how have you found your vetting of the exchange providers?

Alex Royle [00:31:35]: Yeah, I think the concept of exchanges in crypto is an interesting one because as we sort of said before, we don't have that framework around the activity of providing a crypto exchange in a regulatory context. So things like the rec rulebook, rec rulebook that the FCA has for regulated exchanges, there isn't that concept. And some of the kind of the Mtf rules and or Otf rules, but you kind of wouldn't really have that in a crypto context, don't sort of exist. So when we're talking about exchanges, we need to go and look at what are we actually doing here? I think a lot of these kind of infrastructures in crypto are more akin to sort of hedge funds, if you like that, then provide exchange services or hedge funds kind of with central limit order book functionality attached to them and understanding that and realizing it appears or it transpires that. The Ftx animator piece was just that, except the entity was bifurcated between two where you had an exchange and then you had a liquidity provider sitting behind that. And there are very clear rules within traditional finance to separate the activity of trading and the activity of providing price discovery and price matching to, to mitigate those conflicts of interest. So I think the core understanding here when you're engaging with sort of centralized exchanges is understanding the conflicts that may be existing within their own business model and understanding that from kind of a risk. Capital deployment point of view. And also, I think understanding the on and off ramps and how quickly and.

Claire Cummings [00:33:24]: How I was going to ask about that.

Alex Royle [00:33:25]: Yeah, how quickly can you get money on and off and assets on and off? And what are those processes and is it 24/7? Is there going to be downtime and understanding and actually gaming all of those situations because a lot of people with Ftx and then more recently, even with Banks now, unless you have active kind of recovery processes and well understood systems in place should something go wrong, you're going to be less scrabbling at the moment when you really don't need to be. And the only additional side of that is crypto isn't a particularly transparent place from an exchange point of view. And there's an awful lot of sort of innuendo that can fly around the market and that in and of itself can cause problems. So quite often you have to be on your toes in regards to understanding sort of counterparty risk with a lot of these exchanges because that's what it is. When you have cash and or assets on an exchange, you have an open counterparty risk to that exchange. So we really need to understand that before kind of engaging in that context. And look, we've seen, unfortunately, some pretty well known, well understood crypto funds fail in the last six to nine months just because they had too many assets caught on one exchange that went down. That was Ftx and now those funds have had to wind down. And that's no fault of the manager from a fund management point of view. But it is a fault from a counterparty risk and risk management point of view.

Claire Cummings [00:35:04]: Yeah, which I would say part of that is actually the job of the risk management of the fund manager. And in some ways Ftx going down is not an awful lot different to what happened over 20 odd years ago. Not quite that, is it? When Lehmans went down and people's money was stopped there and now within the fund world, it is absolutely common to have more than one prime broker, so you know you're going to get out safely. So I think there's a similar thing when you're talking about the exchanges and the wallet providers. I think it's also worth saying that if we look at Doug's second point and we look at the KYC AML policies, if you're using a crypto exchange which is FCA registered, then you should be able to get some. Comfort from the fact that no one's going to get through the registration process unless their KYC and AML policies and their surveillance tools are all robust. But I would caution against relying on the FCA and I would instead say that it is worth getting in independent people such as Digital Asset Research to come and help you with your due diligence to make sure that everything is in place. And also remember this is ongoing, isn't it? We're talking about dynamic activities and dynamic pools of assets. It's not something that you do at the front when you're at the start of the day, when you're selecting your service providers and due diligencing them and then forget them. It has to be part of the sort of the life of the fund and the investment cycle.

Alex Royle [00:36:48]: Yeah. I think ongoing due diligence and re underwriting the assumptions made at the point that you engage with a third party is key. And I agree, Claire, the FCA would never accept a defense that well, they were on the register, therefore, I assumed that everything was okay. The point of registration is a snapshot in time, and you need to really understand the obligation on you as a firm is kind of a constant one. So relying on old data is never defensible. So I think constant re underwriting of your due diligence is just as key here.

Claire Cummings [00:37:28]: Yeah. Doug, with your work, with Dar, how much of your work do you find is the ongoing requirement, is people making sure that they're not just starting out right, but they keep going right, that anything can happen? So they want to always surveil their service providers and make sure that everything is as good as it could be. Is that a large part of your business?

Doug Schwenk [00:37:55]: It is a large part. We've been doing quarterly reviews of exchanges and other counterparties since 2018, and it started with some of our clients who were concerned that the exchanges available were not transparent enough and how do we figure out if we can trade on finance and not lose our money? And we have found in the last six months, of course, as we've seen, Voyager and Celsius and Ftx and a number of these who had strong reputations and potentially robust policies fail. And we have clients who got more anxious about what for some of them was a once a year process, turning that into a more regular process. And we have clients now who are looking at the data on a daily or hourly basis, things like exchange wallets and what's the activity in those wallets, what's happening in the data that's coming out of the exchange. And we've seen more robust and demand for more robust testing of the exchanges. So, for example, you may find an exchange that has a great KYC and AML policy, and then you go sign up for an account and you hold up a blank sheet of paper as your government ID and you're allowed in and you're given access to trading. And I think that sort of testing is necessary to make sure it's not just what they say they do, but are they actually enforcing the policies they have in place?

Claire Cummings [00:39:40]: Yeah. And I think what we're going to do now is we're going to come on and we're going to talk about the vetting of the wallet providers, and we're going to talk about ongoing vetting as well. But maybe if we start, Doug, if you could tell us, maybe we could cut we could sort of COVID two slides with one conversation. Perhaps you could talk us through when you're going in and you're looking at how a custodian wallet performs, what you look for, and then on the ongoing vetting, what you look for and the timing you look for on that. And maybe compare and contrast a bit with the exchanges. Because I think custodian wallet is kind of like counterparty risk as well, isn't it, because you're giving it to somebody else. But it isn't necessarily as dynamic as an exchange because they can be used for very much for buy hold. So they're quite different businesses, although they have the broad similarities and it's the question of trust and robustness which is behind both of them. So, Doug, talk us through your vetting at the beginning.

Doug Schwenk [00:40:57]: Yes, so we look at a number of things. I think some of the important ones are the technology robustness? What standards does it follow? Has it been audited by any third parties? Is the code something that is robust and follows best practices in the way that that code is supported, what assets are supported? And the coverage, does that match the coverage that the clients need? What are integration with trading venues and partners and settlement systems, ingress and egress processes? And then I think, most importantly, can you implement with this wallet provider the controls that you want to put in place, which may mean, for example, segregation of duties internally to the asset owner? How much control does the asset owner have over the keys versus the wallet provider? Those kinds of questions I think, are really important. You first have to have those policies. You have to know what you want to achieve and then make sure that that wallet provider can implement those policies either through your control or through a mix of your control and theirs.

Claire Cummings [00:42:17]: Yeah. And I think the ingress negress is very that ties in very much to what we were talking about earlier, about needing a different you will need different types of holding for different types of asset and different types of strategy. But where you get very volatile markets, you may need to move quite quickly and you don't want to be hampered by the custodian that's holding the assets. You want that to be absolutely split second smooth.

Doug Schwenk [00:42:43]: Conversely, sometimes it's good to have a pause in the egress because that can prevent if there is, for example, a risk with a particular wallet, gives you time to address that risk, or if you have an insider compromised, gives you time to address that before you see all of your assets disappear. So I think there is a balancing act, depending on your strategy, as you say, and your risk tolerance.

Claire Cummings [00:43:11]: Yeah. So Alex, what are the types of issues that you look at with the wallet providers? I know we've covered quite a bit already, but this was sort of more day to day, the gritty looking under the bonnet.

Alex Royle [00:43:27]: Sorry, no, after you look at I think there's a much broader spectrum of services that a crypto custodian provides. And say the idea of a custodian in the traditional world, in the traditional world is a little bit more like you go put your assets there and they're recorded and they're safe and they may sit within a system. Exactly. But within crypto there's a lot more kind of and we've discussed it a bit already, sort of activity specific types of custody, some types of crypto custody are not suitable for certain types of crypto activity. I think really understanding that and doing the risk assessment for the activity you're providing, and then matching that risk assessment over to the systems and controls to what Doug was saying and the ability for the firm and our belief that that firm will actually enact those systems and controls in the way that they sort of say that they will. And then also going back to a point you were making earlier, Claire, about okay, and then what is the legal framework within which that custodian is set? What are the trust laws? Is it formed under any kind of regulatory framework or is it just a piece of technology that sits and then you take control of the technology yourself and then you are responsible? Are you actually outsourcing anything here or are you in sourcing a third party piece of technology? I think those are the kind of things that you sort of really need to understand. And when you do sort of have this element of reliance, if you like and you can't sort of outsource any responsibility through reliance. But when you do have that, how open are they for you to going and kicking the tires every now and again and sort of building in those kind of ongoing due diligence requirements and you sort of get a feel for the services that's provided in that way.

Claire Cummings [00:45:23]: Yeah, very much so. And that does actually bring us on to the last topic we were going to discuss is exactly the ongoing vetting. So maybe really I think we've talked about this, haven't we? But maybe, Doug, maybe you just mention a little bit about what deep vetting is and how you go into credit risk as well.

Doug Schwenk [00:45:52]: Yeah, I think there's a lot of value in having kind of a rhythm to your vetting and from time to time doing a really deep dive on the legal structure, the governance of the counterparty, understanding their financial health top to bottom. These counterparties aren't going to necessarily be able to do that type of response to a large DDQ on a minute by minute basis, or even monthly, or sometimes even quarterly. But on an annual basis, it's very reasonable to expect them to permit you to get a much deeper view of exactly where they're at, talk to key people in their compliance team, et cetera. And I think the ongoing monitoring, by necessity, the data that you can collect is going to be less intrusive and invasive, but is super important into what we think of as a credit risk equation. And understanding the credit riskiness of that counterparty can help you size the amount of activity you have with them and what risk you're willing to take. And I think we saw that with Ftx where as we monitored them on a routine basis, we saw some of those signals of the exchange falling apart earlier than I think a lot of people did. And a number of our clients were able to draw down balances well ahead of the sort of event that really brought Ftx down or the moment when they went down by looking at those signals in real time. And I think that's one of the sort of keys in this space is to be constantly thinking about the credit riskiness of your counterparties and managing and monitoring that and really making sure that you aren't stuck with a Lehman type of situation or an Ftx type of situation.

Claire Cummings [00:48:07]: Yeah, we're talking about that. The things that are relevant to us from last week actually here are how do you deal with the sort of the choice and the vetting of your bank when actually there are so few banks around that will work with crypto? If we take these rules and apply them to the few solutions in banking as well as the exchange and the wallet, how do we do with that? Alex, how have you found crypto and banking for your business has worked out?

Alex Royle [00:48:47]: Yeah, that's a big topic there. I think you've hit right in the sweet spot of all kind of government and regulatory affairs around sort of crypto at the moment coming over from the US and this kind of perception that there's a concerted and coordinated debanking of the industry in the US. And that's kind of being playing out in real time. And then over here, the well documented difficulties that even registered firms that have passed muster with the FCA have to kind of get bank accounts with business bank accounts in the UK. Also, coupled with the fact that a lot of banks are now sort of kind of applying blanket limits to people moving funds, moving their own funds on and off crypto exchanges, it is a big kind of pervasive problem within the space at the moment. I don't really think there is too much of a solution at the moment other than diversify where possible. I think a lot of where it is possible and also I think a lot of firms are seeing from the US side of things, which is an interesting story, that a diversity of banking providers from the same jurisdiction is not as diverse as it may be perceived in the US at the moment. I think if you have five or six banking providers, but they're all US banks, then all those banks are going to suffer from the same problem if there is a sort of a federal action or if there is a kind of a broader regulatory action against the space. So I think you kind of really.

Claire Cummings [00:50:30]: Need to bake they're politically geographically linked, aren't they?

Alex Royle [00:50:34]: Yeah, I think so. I think so too.

Claire Cummings [00:50:37]: The interesting thing here, I suppose, that we leave a few minutes of questions, but if you start thinking about solutions, inevitably you start thinking about central bank digital currencies. But this is probably subject for another time. Are they the answer? Like many things, my thinking is there's a great deal of good, but there's also potential for harm. And certainly when you start getting central banks involved with smart contracts and what can be seen, you have issues like the European Parliament I think, yesterday came out and said that they want controls over smart contracts. And then in the US you get, for example, Ronda Santis voting against Cbdcs on the basis that the state will have more interest or have access to more personal information again. So for everything that's brought up, as with anything in traditional and banking and other forms of life, there are the pros, there are the cons and there are the concerns as well. So before we sort of each say goodbye and give you our websites and so on, could I see if there are any questions? I mean, we Deborah's been very handy sending on some legal citations. They are actually quite complex and we are doing more of an overview of real life than a deep dive into anything legal. But has anybody got any questions that they'd like to ask us before we leave and say goodbye?

Alex Royle [00:52:20]: The one thing I would just say to Deborah's comments, as she's highlighted quite clearly there, that we're also tilting into a moving landscape here in the UK. We have a consultation and a couple of call for evidence or free calls for evidence into the crypto space. I think, therefore, along with ongoing vetting, you need to actually understand in between vetting periods whether or not the obligations placed on you have changed. And when they change in real time, you kind of really need to stay abreast of that. Which is why in the space at the moment, there's a great sort of advisory network and a lot of people that really are dealing with this in real time and finding good partners, the likes of yourselves here, is also key for firms trying to operate in the space.

Claire Cummings [00:53:13]: Yeah. Deborah's questions points where she goes to some quite detailed law, and I think that's a very we specifically haven't done that on this, but they do sort of start to give everybody listening a feel for the intricacies of the issues and how we've looked at the arrangements, making arrangements, the exactness of what those words actually mean. And I think that's these are things which are I find hugely fascinating. Not everybody does, but they have such a direct impact in the day to day life of a business. So there is a lot to sort of to keep looking at. But I'm pleased to say at least there are also consultation processes. There are also potentially the chance that the ability to sway governments or give the industry view into governments. One example is, I'm delighted to say we have our Cummings Pepperdine cryptionary, which are the dictionary of crypto terms. And in next couple of weeks that's going to be going to every single MP and then we'll be following up with MPs to answer all their questions, talk again about talk about what they mean and feedback industry view to what it is that we need to see in legislation and guidance. So I think as we now get to the end of the hour, james yes. You're sitting on a very busy desk, aren't you? What we will do, if everybody's happy with this, we will send out the recording to you all probably via mailchimp, if that's okay. And we'll also put it on our LinkedIn posts if anybody has any questions, I'll just quickly go sort of first because it's easy to forget. Our website is cummingspepperdine.com and you can find our cryptionary on the Cummingspepperdine website as well. Doug, Digital Asset, how can people contact you at digital asset Research?

Doug Schwenk [00:55:19]: Digitalassetresearch.com very easy.

Claire Cummings [00:55:22]: And Alex, keep the theme going.

Alex Royle [00:55:26]: Galaxy.com.

Claire Cummings [00:55:30]: We're all on there. So finally, just thank you very much to my fellow presenters for joining me, Doug and Alex, and thank you even more to all the listeners. We hope you found it very useful. Goodbye you.

People on this episode