Cryptocurrencies have a lot in common with offshore financial centers. Those of you who live offshore may despise this notion, and those of you who do not may have preconceived notions pertaining to legality; however, before getting lost in foggy premises, let me explain.
If you live and work in an offshore financial center, such as the Cayman Islands, Bermuda or the Bahamas, you likely know what it is like being on the defensive about an industry. To the uninformed, offshore financial centers are viewed as nothing more than tax havens that represent a secretive subset of modern global finance. For an expat living in one of these jurisdictions, a trip to his or her native land may involve a debate with someone who is not informed about what actually happens offshore. Education is required to win these debates. In providing transparency about the workings of the inner system, it is possible to offer others a different perspective to consider.
Despite the stigma, offshore financial centers are not the secretive settings portrayed in the media. The same is true with cryptocurrencies (I use the alternative term “digital assets” or “blockchain assets” below). Both offshore financial centers and blockchain assets may be pseudonymous by default but they possess architecture that make them incredibly transparent when used correctly. If we are transparent about the reality of the system, the uninformed will see that the system is transparent (that is a lot of transparency). That is the modus operandi of this article: to offer transparency to those on the outside. Transparency in connection with what blockchain assets are and transparency with what certain service providers, such as banks and custodians, are doing in this space. I do this by answering two common queries I am faced with when describing a few of the blockchain-based services provided by the Sterling Financial Group.
How do custodians hold blockchain assets in a way that is secure?
We are often asked by people who are learning about the industry how custodians go about securing blockchain assets. We love answering these questions because every time we do, we are afforded an opportunity to explain how blockchain networks, such as Bitcoin, work. In order to understand security, one must first understand how blockchain assets are recorded and transferred in the first place. For this, I use a general metaphor to break down a few basic steps in the transactional processes that occur on the Bitcoin network. The same general metaphor applies to most other blockchain networks.
1. The first step in any Bitcoin transaction is the generation of a private key and a corresponding public address. Both the private key and public address are a string of alphanumeric characters.
The metaphor: think of a manufacturer that creates physical keys and indestructible custom mailboxes. To build a mailbox, the manufacturer uses one mold that contains the dimensions for both the mailbox and the unique key associated with that mailbox.
2. The public/private key generation ceremony may occur offline.
The metaphor: in most instances, the manufacturer creating the private key and mailbox can do so in a secret, dark and cold manufacturing plant that has no doors so no outsiders can access. This is important because no one will be able to take a look at the dimensions of the key to recreate it.
3. The public address serves as a destination point for units of bitcoin transferred on the Bitcoin network. A bitcoin is a unit of account recorded on that public address.
The metaphor: when the key and mailbox are created, the mailbox is embossed with an address where the mailbox will be publicly installed. The person who owns the key to the mailbox can provide this public address to his or her friends. These friends then will have a physical address where they can deposit postcards. Each mailbox has an automated counter that displays how many pieces of mail have been deposited.
4. Attempting to transfer a unit of bitcoin assigned to a public address without the corresponding private key is futile.
The metaphor: although the mailbox will be public, only the person who possesses the key to the mailbox can open the door and take postcards out. We trust the integrity of the locks on the mailboxes because the best locksmiths in the world have audited and tested the lock-creation process. It is also helpful to know that the exact same manufacturing process has been used for years in other locks that we rely on every day.
5. Transferring a unit of bitcoin assigned to a public address requires the holder of the private key associated with that address to select the amount of bitcoin to be transferred and the destination address. This transaction can only be confirmed/signed by the holder of the private key associated with the public address.
The metaphor: I have a mailbox that is filled with postcards. I want to transfer three postcards to my friend. I ring up the post office and tell them that I have three postcards to transfer to my friend’s mailbox next door. The post office informs me that they will pick up the postcards next morning and effect the transfer. I meet the post office the following morning, open mailbox with my key, and they then take the postcards and deliver it directly. Without my key, the post office cannot deliver the postcards.
So, how does a custodian keep blockchain assets safe? The answer may be different for every custodian. In our opinion, the real way of doing it lies in how we allow steps 2 and 5 to happen. At Sterling, we have created an amazing offline environment to create mailboxes and keys. Once these mailboxes and keys are created, we take custody over keys and carriage over the mail delivery process. We do not leave keys out in the open.
As you may imagine, our actual procedures and systems are complex for the safety and security of our clients. With that said, I can say that we have built an enterprise grade, air-gapped, proprietary computer environment that encrypts and shards private keys using both digital and analog methods which require X of Y people to effect transactions. To summarize: we understand the technology.
How is this weird world of metaphorical manufacturing facilities, mailboxes and postcards similar to offshore financial centers? More similar than you would think.
How do service providers provide services to those in the space in a manner that is legally compliant?
Once we explain security, and the safeguards and checks we maintain, people naturally move on from technical questions to “headline questions.” I think it is fair to say that blockchain assets like Bitcoin have a stigma of anonymity and illicit activity. “Isn’t Bitcoin anonymous and used by drug dealers to conceal their identity? How does Bitcoin address the KYC/AML safeguards that are included in the infrastructure of modern banking? How do you provide financial services to those who buy and trade blockchain assets in a manner that is legally compliant?”
The questions above are another set of questions that we love discussing, mainly because it is hard to discuss these questions without discussing economic, legal, philosophical and historical issues. It also requires one to keep abreast of technological advancements in the space, such as zk-Snarks, automated path digital wallet forensics, etc. These are not straight-forward topics.
Before moving on, it may be helpful to understand the context of the Bitcoin stigma. I cannot argue that this stigma does not exist because I believed the stigma myself when I first paid attention to Bitcoin in 2012. At the time, an online marketplace called Silk Road was making headlines. I was blown away by the brazenness of the concept: an online marketplace where people buy and sell illicit goods and pay with virtual currency. Those who are familiar with Silk Road know how it ends: the FBI eventually cracked down and the founder was hit with a prison sentence of life plus 40 years. In addition to this, law enforcement and financial institutions were able to utilize the benefits of Bitcoin to freeze funds and make a swath of arrests. Although the good guys won in the end, Silk Road helped foster a stigma that permeates to this day.
Although I initially assumed Bitcoin was a nefarious tool for criminals, I did not let this assumption stop the process of me querying deeper. At the time, I was fascinated with the illicit eBay/Paypal counterpart of Silk Road and Bitcoin: who is operating this marketplace called Silk Road, how is the marketplace not shut down by the FBI, how do these goods get shipped once purchased, what is this Bitcoin thing? After asking questions and learning about the origin/philosophy of Bitcoin, it occurred to me that it was unfair and lazy of me to make Bitcoin synonymous with criminal activity. Just because Bitcoin was/is a tool that can be used in an illicit marketplace should not make it illicit in and of itself. If we were to accept that logic, denim jeans would still be associated with prisons in West Coast USA and duct tape would still be synonymous with the WWII battlefield. The comparison is not a reach; Bitcoin, duct tape and denim jeans were all first effectively used in less than ideal environments, but their attributes made them versatile and suitable for a variety of other environments.
I will be the first to admit that blockchain assets are being used by some to purchase illicit goods/services or pay for ransomware attacks. I would be a fool not to recognize this fact. In keeping with the tool vs. synonymous association argument, however, I think it is important to point out the Silk Road marketplace was just as reliant, if not more, on the United States Postal Service than it was on Bitcoin.
Putting aside the stigma and context, let us now focus on the question above: how do service providers get involved in the space in a compliant manner? After all, I represent a group of companies with more than 50 employees in three countries. We provide banking, fiduciary and asset management services to Fortune 500 Companies. The last thing our organization can afford to do is become associated with murky secretive schemes that expose us to regulatory risks. Once again, transparency is the answer. Although Bitcoin and other blockchain-based transactional networks are not integrated into the modern banking system, Bitcoin is nevertheless transparent enough to assist service providers with anti-money laundering initiatives. As you may know, every transfer of a unit of bitcoin is recorded on the Bitcoin network and members of the public may examine certain data associated with that transfer. This feature of the network allows service providers to analyze patterns and transactional data, build profiles, flag suspicious activities and decline potential customers who do not fit within certain parameters. With blockchain-oriented computer networks and blockchain based assets, we can question clients about their transactional history and ascertain rather quickly whether their answers check out.
Those who doubt the system usually respond to this fact by noting that Bitcoin addresses are not tied to identifiable people. This statement is true; however, a similar argument can be made with offshore companies and ultimate beneficial owners. Many who live and work offshore know that ultimate beneficial owners cannot hide from law enforcement by simply conducting illicit activities through offshore entities. The same holds true for transacting with blockchain assets. Privacy, not secrecy, is the default rule with both blockchains-based networks and offshore financial centers. Although these systems are far from perfect, with a few tweaks and “common standards,” it is possible to provide the right amount of transparency to both.