In 2017, Bank Frick became the first European bank to offer access to an in-house digital asset custody solution through a tracker certificate. Following a surge in demand, its custody services were extended to an initial set of popular digital assets, including Bitcoin (BTC), Litecoin (LTC), and Ethereum (ETH). Since then, Bank Frick has expanded its offering multiple times — with the most recent addition of the stablecoin USD Coin (USDC) in May 2020.
Before engaging Ledger to revamp and help professionalize its custody services, the bank relayed on its own in-house cold storage custody solution, built primarily around people and processes. While secure, the setup presented a variety of limitations that needed to be addressed later.
Challenges Faced by Bank Frick
As the first Bank in Europe to allow customers to securely deal in digital assets without exposing them to the technical and legal risks, inextricably linked to personal custody arrangements, the team at Bank Frick pioneered institutional digital asset custody. However, continuously pushing the boundaries of secure asset custody brought with it several unexpected challenges that highlighted the need for further professionalization and a shift away from a reliance on people and more towards state-of-the-art technology..
Early Pain Points
Although Bank Frick’s services were immediately met with rampant demand, its forward-thinking management team had to address a number of initial pain points to maintain its current position as one of the leading cryptocurrency custodians in Europe.
Stefan Rauti, Head Private Clients & EAM’s at Bank Frick: “It was clear that we needed to work with the best to cope with the ever expanding market demand and provide our clients with the peace of mind that Bank Frick is renowned for.”
Chief among the challenges in growing the business was the question of scaling. The fast and secure processing of transactions — something that had previously been a lengthy procedure due to the cold storage arrangement, necessitated a redesign. This upgrade was not just an operational matter but also addressed the overall perception which hindered early growth of institutional crypto-adoption not just for Bank Frick.
Process difficulties and inflexibility
In its earliest iteration, Bank Frick’s custody solution was based on individual hardware wallets built around tamper-resistant microprocessors known as secure elements. This straight-forward setup was an example of cold storage, a process that is characterized by keeping the sensitive cryptographic material stored in a secure offline environment, usually contained within a hardware wallet or inscribed on a damage-resistant metal plate. This hardware wallet or plate would then be stored in a physical vault for safekeeping.
Cold storage technology does not lend itself to use cases that require these assets to be accessed regularly. In Bank Frick’s case, each time a customer would want to execute a transaction, multiple operators at the bank would need to retrieve the client’s private key from the vault to sign the transaction. The same process would need to be repeated any time a client wants to generate a new receiving address, sign a message, or transfer funds to an external wallet.
This method has two major limitations:
- Slow: Blockchain based digital assets are a new paradigm that entail instant and verifiable transactions. The bank’s legacy setup was not aligned to support these qualities. When dealing with potentially hundreds or thousands of such requests each day, a service provider must ensure responsiveness and speed.
- Labor intensive: It required that each operator had a firm understanding of the underlying technology, such as private key cryptography, wallet operation and maintenance, as well as asset specific security principles. This created a bottleneck because trusted personnel required extensive training and a keen understanding of cryptocurrency security to manage, setup and safely process requests.
Security and governance issues
Because Bank Frick’s original custody architecture relied on cold storage of user funds in hardware wallets, operational security restricted any attempt to streamline and accelerate the access to each customer´s private keys.
Furthermore, aspects of independent blockchain platforms, such as the irreversible loss of a book-entry due to an incorrect address when depositing, withdrawing and transferring funds, are entirely out of the scope of the traditional financial plumbing that Bank Frick’s Back Office is accustomed too. To address this and both enforce the clearly defined governance rules and eliminate the risk of human error, the legacy setup required multiple manual checks at practically every step, reducing efficiency and increasing the time taken to process transactions.
As a result of the challenges posed by Bank Frick’s early custody solution, including the time taken to onboard new customers, execute orders on behalf of the customers, and manage withdrawals, Bank Frick may have created a perception of a slow and expensive incumbent.
Alex Lemarchand, Vice President of Global Sales at Ledger: “Communication is key, we found with Bank Frick a wonderful partner that helped us actually understand the intricacies of institutional custodians better and make Ledger Vault the №1 choice for professionals that it is today.”
Unbeknown to most, storing private keys in hardware wallets and physical vaults poses a logistical nightmare when it comes to auditing, while also making it challenging to insure the operation, due to the amount of potential human contact with the sensitive cryptographic material.
The widespread underappreciation of the real institutional security challenges, in combination with headlines that create an atmosphere of uncertainty required sober communication in all directions to resolve (including clients, insurers, regulators).
Likewise, a platform built on top of off-the-shelf hardware, with a solution that left the entire funds of each of its users vulnerable whenever accessed would almost certainly suffer from a negative public perception of the product. Though the Ledger Nano line of products is secure in their own right, they are designed for individual use, which can make liability a concern when dealing with a large-scale custody solution.
What Ledger has Implemented
Ledger Vault was designed to allow businesses that work with digital assets to securely and easily keep their client funds safe, without needing to radically shake up their existing business operational flows.
The system is designed to make managing digital assets an intuitive process that gives custodians the power and flexibility to meet the growing demands of their customers, and future-proof their custody offering.
Improved flexibility and efficiency
When it comes to cryptocurrency custody, one of the simplest ways to reduce the risk of a breach is to eliminate potential failure points. For most cryptocurrency storage solutions, the main failure points are the individuals that have access to sensitive cryptographic material such as private keys, recovery phrases, and authorization keys.
Ledger Vault eliminates this potential failure point with the introduction of segregated user roles. When creating the Vault instance, multiple people within the client firm are assigned a user role. This can be either a shared owner, wrapping key custodian, administrator, or operator role. Each of these roles has a function in either creating (shared owners and wrapping key custodians), governance (administrators), or using the Vault (operators), and no single person has the ability to subvert the system.
Instead of using hardware wallets for each custodian customer, a Vault instance is securely generated after the wrapping key has been created and three unique master seed shards have been securely communicated by the shared owners. Once live, administrators are able to generate a practically unlimited number of individual accounts on the platform, and define the governance rules for each account and the operators that are able to access it.
The rights of each user on the platform are automatically determined through the use of a unique personal key, which is generated and stored in their personal security device (PSD). This PSD communicates with Ledger Vault over a secure ECDH communication channel, which cannot be eavesdropped on or tampered with. The Vault security setup and secure channel communication process is covered as part of our standard $150 million insurance program provided by Lloyds of London.
Because brokers can be provided their own accounts on the Vault, and transactions can be submitted and authorized within minutes, traders can benefit from faster and more secure broker settlement — no more waiting potentially hours or days to sell digital assets. This speed is enabled by the robust Vault transaction approval flow system, which allows Bank Frick operators to work as a quorum to initiate, approve and broadcast transactions that comply with the governance rules.
This system drastically reduces the amount of time needed to execute client requests, allowing transfers to be created and broadcast within just minutes without sacrificing security.
Security and scaling benefits
As we previously touched on, each account created on the Vault has its own set of governance rules, which restrict how operators can interact with and manage the accounts they are assigned to. These governance rules allow Bank Frick to enact strict operational controls over custodied assets and ensure only authorized operators can create and approve transactions if they meet set conditions.
- Whitelists which restrict outbound transactions to pre-defined addresses.
- Multi-authorization scheme system that ensures a quorum of operators are needed to approve a transaction before it is broadcast. The quorum requirements are set by the administrators when creating the governance rules, and can vary based on several parameters, including the transacted amount (e.g. high value = stricter quorum).
- Approval groups are used to build elaborate and resilient multi-authorization schemes by arranging users into groups by geographic location, internal department (compliance, operations, etc.), access credentials, external 3rd parties, and more.
- Conditional workflows automatically select the specific multi-authorization scheme based on the conditions set out in the governance rules — such as exceeding a set transaction value or sending to a whitelisted address.
Overall, these features massively expand the control Bank Frick has over customer funds by taking the decision-making process out of the equation. Instead, administrators only need to set up the governance rules once per account, after which all transactions will automatically be subject to the appropriate restrictions. This, because each administrator and operator must authenticate themselves using their PSD, which is tied to the permissions on their Vault account.
Rather than needing to access the sensitive key material for each client in order to process a transaction, Bank Frick operators can now initiate transactions from segregated wallets for each customer within the Vault using their PSD. To do, the operator simply selects the digital asset to transact with, enters the recipient address and amount and then sends the transaction. They will then need to double-check the details on the trusted display of their PSD, before signing the transaction.
This transaction is then run through the conditional workflows and the correct authorization scheme is applied. The request will then need to be approved by the required number of operators before it is signed by the HSM and broadcast.
Unlike old cold storage-based security practices, the Ledger Vault can be quickly integrated with existing systems, and clients can easily control their Vault instance either manually or programmatically using their own legacy systems using Ledger’s API.
Martin Stolze, Business Analyst at Bank Frick: “The integration of the Ledger Vault was a first even for the experienced IT Staff of Bank Frick. However, Ledger was very responsive and was regularly on-site to make sure every aspect was addressed.”
Because of this, Vault clients are able to keep their current workflows, and can think of Vault as an extension of their existing systems. This means less training and reduced friction, allowing firms to get up and running with their new digital asset custody solution quicker than they might expect — with a full set up and integration possible in as little as two weeks.
This helps firms maintain their professional appearance and operating procedures without any break in service, while ensuring their customers don’t need to change how they interact with the platform.
The value Delivered for Bank Frick
By transitioning from a legacy cold storage-based system to Ledger’s secure digital asset management solution, Bank Frick unlocked a great deal of value for its clients, and significantly reduced the workload for its employees — all without compromising on simplicity or security.
One of the major ways this was achieved is by ensuring practically anybody working within the company is able to easily get to grips with Ledger’s Vault solution with minimal training — removing the need for a specialist blockchain or crypto team, and ensuring pre-existing employees can quickly get up to speed with the platform. This, because all of the technically challenging processes are handled behind the scenes within Vault’s secure execution environment, while the Vault front-end is as simple as a standard online banking app.
Vault also helps Bank Frick scale. Prior to the use of Vault, Bank Frick would need to manually initialize a hardware wallet for each customer of its custody solution. This would then need to manually stored in a physical vault for later access any time a customer wanted to withdraw or move their funds. But with Ledger Vault, Bank Frick administrators can simply create a new account on the vault for each customer of its custody solution, while Vault operators will be able to securely create and approve transactions from this account using their Ledger security devices.
The Vault digital asset custody solution provides Bank Frick with an incredibly intuitive reporting system that can be used to generate detailed reports for record-keeping and accounting purposes, auditability, and transparency, and more with just a few clicks. These reports are exported as a .CSV file, which can be imported into most popular spreadsheet and accounting software for easy auditing.
Peace of mind
Investing in a third party SaaS solution instead of building on premise allowed Bank Frick to focus its investments on their core priorities by reducing its IT costs.
Since all Vault customers are covered under Ledger’s $150 million insurance plan, which was secured from Lloyd’s of London syndicate Arch, Bank Frick was able to avoid going through the complicated practice of insuring their own digital asset custody solution, and are now able to provide customers with the assurance that their funds are safe, even in the unlikely event that something goes wrong.
Vault customers also have the option of extending their insurance coverage even further, through Ledger’s easy upgrade process — providing protection for users in even the most unexpected scenarios.