In the world of cryptocurrencies and digital assets, which by default are intangible, trust, risk management and reasonable assurance are key. One firm, Gemini, started by bitcoin billionaires the Winklevoss twins Tyler and Cameron in 2014, has taken the hard road to improve the standards of care, custody and control when it comes to digital assets. This road led them to New York, where Gemini is regulated as a trust, subject to the fiduciary, capital reserve and cybersecurity standards of one of the toughest financial regulators, the New York Department of Financial Services. Their bet may yet pay off with the new announcement that Gemini has secured the SOC for Service Organizations Type 1 examination typically reserved for the most stringently run financial services or technology firms.
This move is part of committed journey by Gemini to not only make risk management and market assurance a competitive advantage for their firm. They are also aiming to send a signal to other market participants that digital assets are reaching a point of operational and managerial maturity enabling institutional capital to pour in. In many ways, the announcement that Gemini has undergone third party validation by Deloitte, is only the culmination of their investments in risk management, not the beginning of the journey.
Gemini’s head of risk, Yusuf Hussain, asserted as much in an interview, where he indicated, “Given some of the past and current challenges the crypto industry has faced it is important that we move from saying we are secure to demonstrating security maturity. A SOC 2 review from an independent, third-party like Deloitte validates that Gemini is holding itself to high security, availability and confidentiality standards. This is important to continue to build consumer trust and confidence around securing and storing digital assets and may help institutional customers who might be on the fence, feel more comfortable to become more fully involved with crypto.”
For digital asset custodians, the question of care, custody and control is the veritable lifeblood of competitive differentiation. By this measure, securing the validation by a big 5 advisory firm, along with being registered as a trust by New York’s Department of Financial Services, one of the most stringent in the world, begins to set a new bar for strictly digital or crypto asset managers. With these moves, firms like Gemini are aiming to break free of a crowded and often shoddily run peer group, establishing a new operating norm where retail and institutional investors can begin to expect the type of known unknowns or acceptable risks typical of investment banking in the analog economy, rather than the eye watering volatility and unique risks inherent in digital assets.
A key measure of this assurance, which Gemini hopes third party validation will help strengthen, is the ability to offer investors an FDIC-like floor, in the form of insurance and other assurances on digital assets in their custody. While the specific scope of crypto coverage remains in its infancy, going through the operational and technical reviews required of a SOC type 1 or type 2 examination, will help improve underwriting appetite. This will raise yet another bar of operational and risk management advantages over firms that deprioritize these investments – many of which continue to operate in the shadows, in loosely regulated environments and with immature management, governance and cybersecurity standards. One unintended consequence of the wave of decentralized value creation is that the job of “hardening” a target has invariably shifted from institutions to people, with some insidious outcomes, such as crypto coercion, kidnapping and a rapidly evolving cyber crime dragnet, where cryptocurrencies are the thrift of choice. The Winklevoss twins and their firm Gemini aim to reverse this trend and shift digital asset trust to institutions.
Unfortunately, investors and early crypto adopters have learned the hard way that any new wave of economic growth or technological innovation is rife with peril. While no operational or cyber threat can visit the type of market losses a greed-fueled crypto winter has wrought, with the eradication of billions in market value in a matter of months. Nonetheless, billions in preventable losses have occurred in crypto’s maiden decade, many of which are attributable to otherwise preventable risks, if only a modicum of cyber maturity and regulatory deference had entered the market sooner. Against this measure, Gemini and a new breed of operationally sound custodians stand to reap the benefits of being fast if prudent followers of the crypto craze. Now if only the regulatory and tax environment would catch up, the world’s newest asset class, along with the potential market growth and investor returns it can enable once it is fully normalized can be harnessed.
“Gemini is the world’s first cryptocurrency exchange and custodian to demonstrate this level of security compliance. The SOC 2 Type 1 Report issued by Deloitte & Touche, LLP further demonstrates our commitment to safeguarding our customer’s cryptocurrency and data,” said Yusuf Hussain, Gemini’s Head of Risk. “Achieving this level of compliance across both our exchange and custody platform raises the bar for security and compliance standards of the crypto industry and is what retail and institutional consumers should require of any cryptocurrency exchange and custodian they do business with.” Not stopping there, Gemini aims to complete the second level of SOC 2 type 2 review later in the year, signaling that in the maturing digital asset market, risk management and reasonable assurance are becoming as much a pillar as in traditional banking.