Banks, custodians and other fiduciaries cannot avoid the risk from digital assets simply by avoiding them. The legal scope of digital assets is broad, and extends well beyond Web3 assets like cryptocurrency and NFTs — it also includes electronic files, digital accounts, passwords, digital images, audio/video files, journals, authenticators, original art, social media, gaming and metaverse assets, and more. Everyone has digital assets.
Even non-digital assets like traditional bank accounts can have corresponding digital assets associated with them (like digital logins) or utilize complementary digital assets (like authenticators for multi-factor authentication, e-mails for password resets, or another digital account for identity verification) that can be compromised if not managed well.
Digital assets cannot be managed by custodians and other fiduciaries with traditional custody strategies alone. Those that want to manage all client assets must start by differentiating among them based on their unique characteristics to provide asset-specific solutions.
Client assets fall into 1 of 3 categories:
- Category 1 (Held) Assets are physical and financial assets that can be held by a third party custodian or fiduciary, and can include currency, securities, real estate, art, personal property, and even Bitcoin and Ethereum for some custodians. Custodians and fiduciaries agree to hold and administer these in a certain way.
- Category 2 (Access) Assets are sensitive client files, electronic records, and other digital assets that can be accessed by a third party custodian or fiduciary, including financial statements, tax documents, estate plans, and other confidential information. These are digital assets, but are fundamentally different from custodial assets. Custodians and fiduciaries agree to protect them, keep them confidential, and share them as directed.
- Category 3 (Digital) Assets are digital assets that cannot be held (for regulatory or practical reasons) and cannot be accessed (because having access constitutes constructive custody).
Historically, custodians and fiduciaries have only thought about Category 1 assets, but in reality have been managing Category 1 and Category 2 assets. Today, some custodians and fiduciaries have tried unsuccessfully to squeeze Category 3 assets (like a square peg into a round hole) into fitting with the solutions for Category 1 assets, but they are fundamentally incompatible from a technology perspective and from a regulatory perspective. Instead, Category 3 assets require their own, separate solution that does not involve a custodian or fiduciary having custody or access.