
Matt Levine – Custody of Cryptocurrency - lifeisstillgood
https://www.bloomberg.com/opinion/articles/2019-07-11/maybe-the-companies-will-fix-the-climate
======
lifeisstillgood
From the article (ok the email):

Custody

If you buy a share of stock in a company, you don’t get your own tiny
fractional share of all of the company’s assets delivered in a bag to your
door. With rare exceptions, you don’t even get a paper stock certificate.
Instead you get an entry in the computer of your broker reflecting that some
of the shares that the broker holds are actually held for your account. But
the broker doesn’t have a bag, or a paper certificate, either. The broker has
an entry in the computer of some other intermediary—in the U.S., generally,
the Depository Trust Company—saying that some of the shares that DTC holds are
actually held for your broker’s account. DTC may have a paper certificate,
though often it just has an entry in the computer of the company’s transfer
agent reflecting that many of the company’s shares are owned by DTC.

I guess if any of these computers crashed then that would be bad? For you?
Presumably they keep backups. This system actually works really well; there
are occasional weird glitches in which the technical details of stock
ownership can get confused, but there are not really cases of people losing
their shares because their broker or DTC or the transfer agent forgot where it
put them.

This is not an accident: Reliably keeping track of security ownership is a
really really really important feature of the financial system, and so the
financial industry works together to maintain a functioning system, and it is
all heavily regulated to make sure that it works. This system is
conventionally called “custody,” which is sort of a historical metaphor
suggesting that you own paper stock certificates and your broker is keeping
them safe in a box for you. But, in almost every case, that’s not actually
happening; that’s just a metaphor. Really “custody”—the methods that your
broker, and the financial system generally, use to keep your securities safe
for you—occurs entirely on computers, and is basically an agreed and regulated
set of legal and technological conventions for making sure that everyone knows
who owns what stocks.

Cryptocurrency has different conventions. Basically there’s a blockchain
recording who owns what, and an enormous set of possible numbered accounts
each with, in effect, a password (a private key) entitling its owner to use
the cryptocurrency in the account. There is (generally) no centralized
intermediary holding everything for everybody; distributed technology and
cryptography are what keep your coins safe. There is a lot to like about
this—it is not vulnerable to single points of failure, it is not captured by
powerful incumbents, etc.—and crypto enthusiasts quite vocally like it. There
is also, to be fair, a lot to dislike. You can lose your password, or someone
else, absurdly, can guess it. Maintaining your password yourself might be a
pain so you might rely on someone else to keep custody of your coins, and they
might lose them. In fact there is a comically long history of people losing
their cryptocurrency because they or their broker or their exchange forgot
where they put them. The actual experience really is much worse than in the
securities industry.

So far. You could imagine better conventions for just, like, how your broker
should write down the password or whatever. Getting to institutional-grade
custody of cryptocurrency is not an unsolvable problem; it is just a matter of
finding some good legal and technical conventions, and getting the industry,
and the regulators, to buy into them. It is a hard problem mostly in that the
industry, and the regulators, are used to the conventions that work for
regular securities, and it is hard at this late date to get them all to agree
on a new set of conventions for a new sort of asset.

Anyway here is a joint statement from the SEC and the Financial Industry
Regulatory Authority on “Broker-Dealer Custody of Digital Asset Securities”:

In particular, a broker-dealer may face challenges in determining that it, or
its third-party custodian, maintains custody of digital asset securities. If,
for example, the broker-dealer holds a private key, it may be able to transfer
such securities reflected on the blockchain or distributed ledger. However,
the fact that a broker-dealer (or its third party custodian) maintains the
private key may not be sufficient evidence by itself that the broker-dealer
has exclusive control of the digital asset security (e.g., it may not be able
to demonstrate that no other party has a copy of the private key and could
transfer the digital asset security without the broker-dealer’s consent). In
addition, the fact that the broker-dealer (or custodian) holds the private key
may not be sufficient to allow it to reverse or cancel mistaken or
unauthorized transactions. These risks could cause securities customers to
suffer losses, with corresponding liabilities for the broker-dealer,
imperiling the firm, its customers, and other creditors.

These are not problems that are so different from the problems of keeping a
list of securities at DTC; it’s just that those problems are familiar and the
crypto ones are new.

