This is More of a Re-launch: A Conversation with Jeanine Hightower-Sellitto About Gemini’s Custody Solution

New York-based cryptocurrency exchange Gemini launched a custody solution aimed at institutional investors yesterday. Jeanine Hightower-Sellitto, Managing Director of Operations at Gemini, says the launch is more of a re-launch of their previous custody solution and an extension of their product and feature set. In this edited interview, she discusses the solution and how it works.

Can you talk about what an institutional grade solution means within the context of cryptocurrency custody?

Institutional grade covers a couple of key hallmarks for custody solutions. The first one is its regulatory status. Is the custody solution itself a qualified custodian under a jurisdiction? For example, we are a qualified custodian under New York state banking law as a New York state trust company. We are subject to the highest and most strict level of oversight by New York regulatory bodies. Getting a license as a trust company means that we have to adhere to requirements, such as capital requirements and security standards.

The other one to focus on is the absoluteness of the security. Institutions with mandates to secure customer funds must make sure that they have the necessary infrastructure and security to satisfy institutional requirements. For example, having safe custody boxes that are affected by weather conditions or hot wallets that cannot maintain security for large crypto holdings just doesn’t cut it.

Another way to differentiate between retail and institutional custody offerings is the feature set. By this, I mean incorporating tools and features that institutions need to operate, such as sub accounting features, auditor access, the ability to create reports and interact with exchanges using standard tools.

Jeanine Hightower-Sellitto

Are the requirements you mentioned earlier different for cryptoassets as compared to other assets?

I think, yes. For cryptoassets, security cannot be stressed enough. Cryptoassets are bearer assets and there’s no recourse for them if they are lost. That is the biggest difference in terms of security for an asset like equities as compared to that for cryptoassets.

Do you think we need a new regulator for cryptoassets?   

As part of our origin, Gemini sought out regulation for both the custody platform and the exchange.  We are regulated by the State of NY as a Trust company. Gemini is a fiduciary and subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the NYSDFS and the New York Banking Law.

Further, as a member of the Virtual Commodity Association, Gemini and member exchanges are advocating for sensible, thoughtful regulation with a focus on consumer protections.

Why are you getting into institutional custody now? Do you think a critical mass has been reached in terms of institutional adoption of crypto?  

I think it is useful to note that we have had a custody offering since inception. Custody was core to the genesis of Gemini. Over time, we listened to our customers, extended the feature sets for custody, and focused on building for the future.

This is really a re-launch of our custody services as a continuation of strategy. But it is important to stress here that it hasn’t compromised the state-of-the-art features we’ve offered since the beginning.

For example, the new solution doesn’t reduce the geographic dispersion of our facilities. It also hasn’t reduced the reviews we conduct for custody withdrawal process or the requirements for our cold storage balances.

Gemini has also built its custody product from the ground up. We have not pivoted nor have we made acquisitions to expand our offerings in custody. This is an attempt to grow our product and feature set.

You mentioned a “super liquid hot exchange wallet” in your conversation with The Block. Can you talk more about the wallet? What is it and where do funds for the wallet come from?  

Our cryptocurrency exchange operates by way of an omnibus account, which holds all of our customer funds – including their fiat currencies and digital assets. Part of those funds are held in a hot wallet, and those assets are immediately available for any customer who wants to withdraw from the exchange. The large majority of the funds are held in cold storage for their protection. Trading on Gemini exchange is recorded as a series of ledger entries in this omnibus account.

Say I want to sell 100 bitcoin and they are currently in my Custody account.  I initiate a withdrawal and the 100 bitcoin are instantaneously available as a credit in my exchange trading account. The crypto withdrawal from cold storage will then follow the same secure process as any other withdrawal from Custody.  

But now I have 100 bitcoin available to sell in my trading account.  The counterparties to my trade will have immediate access to the bitcoin due to the nature of the hot wallet.  Because we maintain an extremely liquid wallet, the bitcoin are immediately available to the counterparty for trading or withdrawal.  The fiat I have received for selling my bitcoin is tradeable as well, but I cannot withdraw the proceeds until the Custody withdrawal process has been completed. 

Are the exchange hot wallet and custody solution connected in any way?

The exchange hot wallet and custody solution are not connected in a network sense; they are independent. We are able to offer the instant trade feature because both the exchange and custody solution are under the Gemini Trust company license. When you withdraw from the custody solution, we still the follow the regular process for withdrawal. Gemini Custody knows and can confirm the assets held in offline “cold” storage and therefore can credit those assets to the exchange account for instant trading, while the custody withdrawal process is taking place. Based on that, we can provide credit to assets linked to the hot wallet.

Can you talk about the pricing for your custody solution? To what extent do the complex regulatory requirements for cryptocurrencies affect pricing?  

The fee schedule for custody is published on our website. For customers with sizeable crypto holdings, we have negotiated rates based on the size of their cryptoasset portfolio and their business needs and product mix.

In order to remain compliant, we have invested a lot in our regulatory program here at Gemini. We have hired professionals and experts from places like JP Morgan and Bridgewater Capital to build out our compliance program. As you might expect, we haven’t really cut corners to run a highly secure and compliant solution. So, our pricing is definitely a factor of the quality of our solution.

Can you discuss security concerns related to commingling of funds within the context of cryptocurrencies? For example, some say that the QuadrigaCX fiasco would not have occurred if traders were allowed to hold accounts in their names. What is Gemini doing to alleviate such concerns and dependencies on Omnibus accounts?

Assets held in Gemini Custody are not commingled. Digital assets are segregated from Gemini’s account and from other Customer’s accounts, using unique digital asset addresses in Gemini’s offline storage system. By issuing unique segregated addresses, customers have perpetual visibility into their holdings through independent blockchain explorers. Furthermore we require withdrawal address whitelisting to secure the account and restrict crypto withdrawals from the user account to crypto addresses they whitelist or block all crypto withdrawal activity for that account.

Additionally we encourage all users to secure their accounts with a hardware security key via WebAuthn. This provides hardware-backed, cryptographic proof that it is you (and not someone else) signing into your account and thwarts hackers even if they have your password. 

Human governance and role separation controls are enforced at every step of the withdrawal process to ensure an effective security design. Gemini eliminates single points of failure in the workflow at both the customer and custodian level.  Through role-based permissioning, several required components of a custody transaction are delegated to multiple personnel in distinct facets of the organization. Our processes for issuing, reviewing, and transporting customer instructions to be signed offline at a quorum of secured facilities prevent tampering of data or manipulation of customer instructions at each step.  

Company leadership cannot make system changes in isolation.  Physical access to all custody infrastructure is restricted to select employees based on their role privileges. Gemini monitors and audits all activity in the withdrawal process with broadcast mechanisms that rapidly notify personnel of critical actions in case the occurrences should be further scrutinized or challenged.