Quorum Authorization: The Key to Widespread Security Token Adoption?
Cryptocurrency began as a venture of the anarchist underground. In 2009, Satoshi Nakamoto’s genesis block debuted with text referencing the front page of the Times, and the January 3 headline about bailouts. Crypto arose as the ultimate antithesis of the traditional banking system and financial sector — a new way for transactions to be made with complete anonymity, the digitization of currency and the democratization of money in response to a collapsing fiat system.
Ten years later, cryptocurrencies and even blockchain for enterprise technology are going mainstream. As regulated institutions increasingly seek to foray into the wonderful world of digital assets, security tokens are the new hot trend in emerging fintech technologies; Google trends data indicates that public interest in the topic of security tokens has doubled over the past 5 years.
The issue? Transactions from regulated institutions must adhere to compliance requirements — and it’s a complicated process involving multiple checks and balances. In other words: Cryptocurrency and regulations don’t mix well — at least, not without some much-needed modifications.
Quorums: Making Compliance Easier
Quorum authorizations not only provide added security to blockchain transactions — when done well, they also can be combined with risk-based policies to ensure a smooth, automated compliance check process for any digital asset.
In a “quorum,” several pre-determined parties are required to provide authorization of a transaction — also known as m-of-n — before that transaction is completed.
Let’s start with a basic quorum system — sans the risk-based layer. In a basic security token transaction, any institution must ensure the transaction follows both basic compliance regulations — e.g. anti-money laundering (AML), know your customer (KYC)-and anti-fraud regulations.
To ensure that security token transactions are handled according to regulations, a well-built quorum would include at least 3 quorum groups made up of multiple participating parties: a minimum of one exchange employee (administrative division), a trustee of the account, and a quorum group comprised of a bot for AML compliance, a bot for KYC compliance, and a bot for anti-fraud regulations — plus a human compliance officer.
This is an example of how such a quorum structure would look for a cryptocurrency exchange:
As demonstrated, all compliance requirements would have to be met for the transaction to be completed — along with the authorization of at least one account trustee and one exchange employee from the administrative services side of the organization.
The problem: Most quorums rely on some level of manual input — making transaction time unacceptably slow for the average digital asset customer. Each transaction may be a matter of a human or a group of humans accessing a cold storage method (e.g. HSM) — a process which can take hours, days, or weeks.
MPC: Making Quorums Accessible and Scalable
With secure multi-party computation (SMPC)-based systems, those quorums can be programmed not only with human participants, but with bots as well — allowing the entire system to be automated, and reducing the risk of human error.
Security token transactions can be made as secure as fiat — at lightning speed, and in an era ready for the digital transformation of the financial services sector.
MPC, being a software-only system, also allows participants to be added or removed as needed — a must-have in preventing rogue insider attacks from former employees, for example. (Multi-sig also has this capability — but we outline the differences between MPC and multi-sig here.)
Risk-Based Policies: Taking Quorums Up a Notch
A risk-based policy system can expand or contract quorums as needed — and in the ever-changing world of token regulation and compliance, flexibility is a must-have.
Let’s say the exchange client in our given example has holdings both in the European Union (EU) and in Canada. In that case, his/her holdings must not only reach basic compliance regulations (e.g. KYC, anti-fraud, AML, etc.) — but also go through any requirements that would fall under FINRA, SEC, or other local regulations.
With Unbound’s Crypto Asset Security Platform (CASP), digital asset key protection is all digital — and can include risk-based policies that expand or reduce the quorum based on location, amount, asset class, time of the transaction, and account status. (If, for example, a client moves from the EU to the US and drops EU citizenship, the system will be ready for whatever the SEC throws at it.) We support quorums of any size, with any number of quorum groups.
Quorums in action
Want to learn more about CASP? Check out how Liquid, one of APAC’s major exchanges, enabled quorums using CASP here. It’s a study not only in security, but in business growth — and the potential is endless.
Originally published at https://www.unboundtech.com on August 6, 2019.