Risk and Regulation at Gemini Trust Co., Inside and Out

While a crypto exchange company makes a point of working with - not around - regulators, its head of risk spearheads an industry self-regulation initiative

Friday, February 21, 2020

By Ted Knutson and Jeffrey Kutler

Market data company CryptoCompare maintains a ranking of cryptocurrency exchanges according to what it terms “a clear methodology to assess risk.” Released on February 12, the latest iteration of the firm's Exchange Benchmark placed Gemini, the venture founded by onetime Facebook associates Cameron and Tyler Winklevoss, No. 2 among more than 165 trading venues evaluated.

Those high on the list - No. 1 is itBit, affiliated with Paxos Trust Co. - do not only score well on operational, security and other risk categories, but also emphasize institutional-grade custodial services and commitments to risk management and regulatory compliance. Gemini, itBit/Paxos, No. 3 Coinbase and others, for example, have obtained New York State trust company charters. That helps to define what Gemini calls its four pillars of product, security, licensing and compliance.

Gemini has also been a leader in advocating for a self-regulatory organization (SRO), a digital-asset analog to the U.S. FINRA (Financial Industry Regulatory Authority) and NFA (National Futures Association).

Risk management and self-regulation are two facets of Yusuf Hussain, who in addition to serving as New York-based Gemini's head of risk is president of the board of the Virtual Commodity Association. The VCA, formed in September 2018, organized several committees last year and set out in earnest to establish an SRO and ultimately “adopt, monitor, and enforce global standards and best practices for SROs.”

“The financial regulators are asking for it,” Hussain, who came to Gemini Trust Co. two years ago and previously worked at Goldman Sachs Group and EY, said in an interview.

Yusuf Hussain Headshot
“Risk management done right can help enable broader market adoption of crypto,” says Gemini head of risk Yusuf Hussain.

The rise of Bitcoin and other digitized and tokenized assets has challenged regulatory authorities around the world, not least the U.S. Commodity Futures Trading Commission - which would have oversight of the VCA - and Securities and Exchange Commission.

“The purchase and sale of commodities in the spot/cash markets has been historically exempt from the CEA [Commodity Exchange Act] and CFTC jurisdiction,” the VCA states on its website. “Nevertheless, cash markets for virtual commodities - as it is a less well-known industry - can benefit from an additional layer of oversight. We believe that adding this layer can provide even more protection for consumers and ensure the integrity of these markets and growing industry.”

Regulators' Progress

As regulatory agencies have wrestled and familiarized themselves with “concerns around cross-market surveillance, crypto industry standards, examinations and enforcement,” Hussain said, they have raised their level of expertise and engagement with the fast-developing sector and its technology.

The International Organization of Securities Commissions (IOSCO) on February 12 published a report on key considerations for regulating crypto-asset trading platforms, among them access, asset safekeeping, price discovery mechanisms, technology resiliency and cybersecurity.

“Where a regulatory authority has determined that a crypto-asset is a security and falls within its remit, the basic principles or objectives of securities regulation should apply,” said the IOSCO report's conclusion.

Hussain and other crypto market participants have said that the U.S. risks falling behind other jurisdictions in adoption and innovation if its regulatory framework fails to adapt and keep pace with others.

“Sensible, thoughtful regulation can give federal and state regulators, as well as investors, assurances which can help enable mass adoption of crypto as an asset class,” Hussain said.

Hussain was joined by board representatives of two other organizations - Global Digital Finance and the Association for Digital Asset Markets - in a panel discussion on SROs during the CFTC Technology Advisory Committee (TAC) meeting on February 26 in Washington. They broadly agreed on general principles such as transparency and market surveillance, though each has its “own membership and focus,” Commissioner and TAC sponsor Brian Quintenz noted in opening remarks.

“Given the lack of federal market regulatory oversight in the digital asset trading environment, I have long called for and been a vocal proponent of a private sector, multi-platform-based solution to furthering market integrity through an SRO-like organization,” Quintenz said.

Safety and Trust Initiatives

As the CryptoCompare benchmark suggests, brand recognition and risk management go together for prominent U.S.-based enterprises.

For its part, Gemini Trust Co. has taken several risk-mitigating steps for purposes of customer comfort, safety and security. Through partnerships with banks, customer funds can be protected up to the $250,000 Federal Deposit Insurance Corp. ceiling.

Gemini says on its security web page that a majority of assets are in off-line “cold storage” and safeguarded by hardware security modules meeting high federal standards. The online “hot wallet” is hosted by Amazon Web Services, following “the principle of least-privilege by applying tiered, role-based access controls to our production environment. Administrative access requires multi-factor authentication.”

This January, a blog post by Hussain proclaimed completion of a SOC 2 Type 2 (System and Organization Controls) examination for Gemini's exchange and custody operations. Deloitte was the auditing firm.

Another post announced the launch of a captive insurance company with $200 million of coverage for Gemini Custody, said to be the highest limit purchased by any crypto custodian. The insurer is named Nakamoto Ltd., a reference to the author credited with the original Bitcoin paper in 2008, and is licensed in Bermuda, a leading insurance center and a market that has been particularly receptive to digital-asset activities.

Winklevoss et al
Gemini CEO Tyler Winklevoss, left, and president Cameron Winklevoss, right, with E. David Burt, Premier of Bermuda, whose monetary authority licensed the captive insurer Nakamoto Ltd.

“Insurance is essential to the health and growth of modern financial markets,” Hussain wrote, “and we're proud to bring insurance to the crypto markets - a critical next step on our mission - to empower the individual through crypto.”

“Securing funds is at the core of our business - you need to do that absolutely right,” he added when interviewed.

Background in Risk

Hussain, who earned a BS degree in computer science from Macaulay Honors College at the City University of New York, worked at Goldman Sachs as vice president/executive director in Technology Risk and the Risk division from 2011 to 2017. He became active in crypto and blockchain when Goldman began exploring Bitcoin and other emerging asset classes in 2015.

A key window into those developments was the Principal Strategic Investments Group, Hussain noted. A former senior member of that group, known as PSI and now part of GS Growth, is Tom Jessop, who moved on to the blockchain technology company Chain and then became president of Fidelity Digital Assets, another active execution and custody player with a New York State trust charter. Other Goldman alumni who have crossed into the crypto world include electronic trading expert Greg Tusar, founder and chief technology officer of brokerage Tagomi; Max Boonen, co-founder of B2C2; and Paul Chou, a founder and former CEO of LedgerX.

Gemini Ad, NYC Subway
A Gemini ad in the New York City subway, 2019

Prior to Goldman, Hussain worked in EY's Risk Advisory practice, heavily focused on managing risk, regulatory compliance and security.

Hussain said that Gemini has established appropriate board-level responsibility for the risk program, including compliance risk, security risk, business risk and other operational risks, and there is regular reporting of key risk indicators.

He said he was attracted to Gemini, which was founded in 2014, out of a desire to round out his experience and build out a risk function, and was drawn to the firm's approach to working with regulators, rather than trying to get around them.

“For Gemini, risk management done right can help enable broader market adoption of crypto,” he said.

State Street Pilot, CCO Appointment

In December, Gemini and global custody giant State Street Corp. announced a “first of its kind” pilot linking Gemini Custody with State Street's back-office reporting.

“Working with State Street is a major milestone for Gemini and digital assets as a mainstream asset class,” said CEO Tyler Winklevoss. “With trillions of dollars in assets under management, State Street will never compromise on security - and neither will we. Traditional investors will more seamlessly be able to allocate capital in their portfolio to digital assets through trusted and regulated financial institutions - helping us build a better bridge to the future of money.”

As announced in late January, Gemini Trust affiliate Gemini Europe appointed Blair Halliday as chief compliance officer and money laundering reporting officer, based in London. He was previously CCO for the EMEA region of Circle Internet Financial and reports to Julian Sawyer, Gemini's managing director, U.K. and Europe.

Sawyer said in a statement: “Gemini is primed for significant growth in Europe this year. As we continuously iterate on our technology and offering, maintaining compliance and operating within, not around, all relevant legal frameworks will always be our top priority. Blair's deep domain expertise makes him uniquely poised to drive Gemini's compliance efforts in the U.K. His leadership will be critical in our mission to work with regulators to promote smart frameworks that encourage growth in the crypto industry.”

We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals