BitGo Bolsters Custody Case with Security Certification
Crypto servicer stresses trust and safety as competition for institutional infrastructure heats up
Friday, May 3, 2019
By Jeffrey Kutler
Cryptocurrency processor and digital-asset custodian BitGo has achieved the SOC 2 Type 2 security certification, saying it will provide an edge in attracting institutional investor interest.
The six‐year‐old company, which was a digital‐wallet pioneer and currently processes $15 billion of Bitcoin and other cryptocurrency transactions per month, has sought to differentiate itself through an independent custody offering. Co‐founder and CEO Mike Belshe has called custody “the missing piece of cryptocurrency market infrastructure [that] has kept institutional investors out of the market.” Last year it obtained a South Dakota state charter for BitGo Trust Co., described as “the first qualified custodian purpose-built for storing digital assets.”
With SOC 2, a certification for service organization controls, Palo Alto, California‐based BitGo is underscoring its commitment to trust and security. At the Type 2 level, BitGo races ahead of crypto market competitors such as the New York State-chartered Gemini Trust Co., at least as far as custody is concerned.
“Building confidence in the cryptocurrency marketplace means having the highest level of controls and processes in place to attract and expand institutional investment,” BitGo chief security officer (CSO) Tom Pageler said in the SOC 2 Type 2 announcement on April 23. “Receiving this independent validation from a leading auditor assures existing and prospective clients that we are robustly safeguarding their assets and personal data.”
In July 2018, after a year‐long process of getting to SOC 2 Type 1, audited by Deloitte, Pageler said in a blog, “We want to be the most compliant, audited, and standards‐driven digital custodian” and will “be looking at other certifications that are specific to cryptocurrency and other internationally accepted industry standards. In addition to these external audits, we are continually looking at ways to lead the industry in security, such as ensuring segregation of duties, taking a risk-based approach to security, and enhancing our monitoring capabilities.”
Pageler who joined BitGo in May 2018 and reports to CEO Belshe, brought more than 20 years of experience in security and risk management, most recently as CSO and chief risk officer of Neustar. He has also been deputy chief information security officer (CISO) of JPMorgan Chase & Co. and CRO and CISO of DocuSign, and while working for Visa helped launch the Payment Card Industry Security Standards Council.
Others in the Custody Crowd
Although BitGo stresses its uniqueness as an asset custodian that is not connected with - or potentially conflicted with - an exchange or brokerage operation, it is not alone in its conviction of the importance of custody as the digital infrastructure evolves.
That state of play was on display in a panel discussion during Depository Trust & Clearing Corp.'s Fintech 2019 conference in New York on April 30. The speakers represented organizations contemplating if not actually offering crypto‐asset custody: Justin Chapman, global head of market advocacy and research, Northern Trust Co.; Paul Chou, chairman and CEO of LedgerX; Kelly Loeffler, CEO of the Intercontinental Exchange-led venture Bakkt; and Bob McElrath, blockchain architect, Fidelity Digital Assets.
McElrath, for example, said a “handful” of clients were on board Fidelity's institutional custody platform. He referred to custody as the “foundation” for enabling institutional‐grade offerings.
Loeffler said that a key Bakkt objective when it was established in August 2018 was to be an institutional “on‐ramp.”
An April 29 post by Bakkt chief operating officer Adam White, headlined Custody at Our Core, pointed out, as did Loeffler the following day, that a physical-delivery Bitcoin futures contract is to be “traded on ICE Futures US and cleared on ICE Clear US, a federally regulated exchange and clearinghouse regulated by the CFTC. Bitcoin delivered upon contract settlement will be stored by Bakkt. To provide regulated custody, we have filed with the New York Department of Financial Services for approval to become a trust company and in this capacity serve as a qualified custodian for digital assets.”
The result will be “the first end‐to‐end regulated environment for price discovery of crypto,” the Medium post went on, with the cryptocurrency stored at a regulated custodian and traded and cleared on a federally regulated exchange and clearinghouse, leveraging the proven and secure ICE infrastructure.
“We believe that end‐to‐end regulation, paired with reliable infrastructure, will unlock greater institutional participation and, as a result, establish more liquid, fair and efficient markets for this emerging asset class,” White's article said.
BitGo CSO Pageler said in an interview that the opportunity to legitimize the asset class was “a big reason” for his joining the company, and that the SOC audits and documentation - which is made available to current and prospective customers - serve to raise the comfort level of institutional investors.
There have been other building blocks and signs of progress for BitGo, whose venture capital backers include Goldman Sachs Principal Strategic Investments and Galaxy Digital Ventures.
An integration announced in January with Genesis Global Trading allows BitGo Trust clients to execute buy and sell orders without having to manage keys or move their assets out of secure cold storage, and without necessarily having a Genesis account.
“Some custodians are choosing to sacrifice security and safety by enabling fast withdrawals from cold storage, which makes their clients more susceptible to hacking, false instructions, and theft,” Belshe said. “Our partnership with Genesis Trading, a FINRA‐ ‐and SEC‐regulated company, gives our clients access to liquidity through Genesis' robust network of trading partners. And that solves the real problem, which is the need to access liquidity - not the need to speed up withdrawals.”
In February, BitGo announced what it termed “the industry's most comprehensive insurance protections for cryptocurrencies and digital assets.” They include up to $100 million of custodial assets held by either BitGo Inc. or BitGo Trust Co., insured through the Lloyd's market.
“It is not always easy for some clients to understand under what circumstances their investments are insured and to what extent their loss would be covered,” Belshe said. “We are changing that by being more transparent than any other company about the terms of our coverage. Transparency and accuracy is essential for building trust in the market.”
BitGo in March announced custody support and multi‐signature wallet security for the Blockchain Capital BCAP ERC‐20 security token. In April, digital‐asset trading platform LGO Markets said it is providing BitGo custody and multi-signature wallets for its clientele of hedge funds, family offices and asset managers.
[UPDATE: On May 9, BitGo said it appointed Nick Carmi as head of financial services “to bridge between the complex technology of digital assets and the traditional financial markets,” CEO Mike Belshe said in the announcement. Carmi was previously head of Tower Research Capital's FICC (fixed income, currencies and commodities) business, was CEO of the SpreadZero fixed‐income dark pool, and worked in listed and OTC clearing sales at Deutsche Bank. Belshe said that he “will be critical to our future progress, helping us meet the existing needs of traditional clients while also helping us build a better financial market of the future in ways that can only be done with digital assets.”]