Governance challenges for corporate cryptocurrency accounts
- Decisions and responsibilities
When an organization holds and moves cryptoassets, the first major obstacle is the governance of the accounts and the cryptoassets themselves. In businesses, decisions are not just taken by one person but are often the result of a collective, hierarchical process. How can we reconcile this complex decision-making system with cryptoassets’ inherently decentralized, individual nature?
- Performance requirements: safety and flexibility
In a commercial environment, the security of funds is on the one hand crucial to protect the company’s financial assets against theft and fraud. On the other hand, companies need flexibility to be able to react quickly to cashflow requirements and market opportunities to remain efficient. How can we successfully marry these two often contradictory imperatives in the specific context of cryptoassets?
- Regulatory implications
Before we discuss the technical aspects of governance, we must highlight the constantly changing regulatory environment around cryptoassets. Globally operating companies must comply with local as well as international regulations, and non-compliance can lead to heavy sanctions: a fine ranging from 750 to tens of thousands of euros, an 80% additional penalty in case of tax reassessment, and criminal charges if the amount is high and the intention of fraud is proven. These assets must be auditable both internally and externally to demonstrate total transparency to other institutions.
- Investment in the economy’s future
Companies that bet on the Internet’s future and its implications for the digital and physical world quickly understand that they are investing time and money to venture into the world of blockchain technology. Training teams and finding the right service providers to understand how to securely use cryptocurrencies and other blockchain technologies both represent a significant commitment in time and money.
Multiple, surmountable challenges
While the governance of business cryptocurrency accounts presents challenges ranging from compliance to security, it opens avenues for innovation and preparing for the digital future. Let’s explore some solutions in detail.
The complete guide to solutions
- Trusted people and frameworks
One approach to corporate cryptocurrency account governance is for companies to assign their management to trusted individuals within the organization, such as senior executives or IT security managers. Finance teams and CIOs, for example, would be responsible for creating and implementing governance policies and procedures. Holding the keys to an organization’s funds is a heavy responsibility. Digital wallet options are available to protect individual users from potential errors or cyberattacks. Key individuals can also store the private keys to access funds in a hardware or “cold wallet”.
- Managing permissions
Setting up an authorization system that allows multiple decision-makers access to company funds is crucial. The cryptoassets belong to a legal entity. This means that the way they are moved and managed must follow the hierarchical and often interdependent responsibilities within the company. A thorough review of the company’s governance and its assets in general is a prerequisite. Who needs to be able to move which funds, in what cases, how often and under what authority? Given the specific nature of blockchain’s digital assets, is the governance system in place for traditional funds appropriate? Who technically can carry out the transactions? Of course, the chosen governance system can be modified, but it can become complicated if the organization has not prepared this step well.
- Internal and external audits
Implementing a regular audit process is essential to assess the effectiveness of your existing governance systems. These audits can be internal or external and are designed to ensure that all transactions and asset movements have been properly authorized and that security measures are up to date and effective. In any case, it is crucial to have tools and procedures in place to monitor suspicious transactions and activities.
- Using blockchain technologies
In recent years, the development of blockchain technologies has paved the way for decentralized protocols and applications that now offer access to solutions such as multisig wallets. These can transcribe the organization’s agreements and processes and are programmed to require several signatures or conditions to be fulfilled before executing certain actions, such as fund transactions.
- Continuing education and training
Companies’ cryptoasset managers must take training courses regularly. This helps them to remain informed of advances in blockchain technology and current security practices and regulations, including smart contract management and infrastructure security. They should also take care to regularly update cryptoasset infrastructure and software with the latest security measures.
According to a recent study, 74% of cybersecurity incidents in general involved a human action that allowed a malicious actor to intervene. A company venturing into the new world of cryptoassets must incorporate cyber-hygiene measures into its corporate culture and internal communications: prevention, phishing tests, internal newsletters detailing essential rules, and so on.
- Diversifying storage methods
Another security measure is to diversify the ways in which digital assets are stored. For example, the risk can be split between physical (hardware, or cold wallets) and digital (cloud, online services—hot wallets) storage solutions. For reasons of convenience, part of the funds can be left easily accessible for frequent transactions, while another portion can be stored more securely.
How the storage methods are diversified depends on the company’s risk management policy and thus often on its core business, its sector and its involvement in blockchain assets.
- Storing assets with a specialist
For some companies, managing cryptoassets in-house can prove too complex or risky. In these cases, they can call on specialized “custody” services to store their digital assets securely. These companies, registered as VASPs (Virtual Asset Service Providers), also offer a full range of services, including investment strategy and tax assistance.