A conversation with Philipp Vonmoos, Swiss Crypto Vault
A conversation with Philipp Vonmoos, CEO of Swiss Crypto Vault
In the context of PwC’s 2020 Global Risk Study, we interviewed Philipp Vonmoos, former CEO of Swiss Crypto Vault. During the conversation with Maria Sommerhalder, Blockchain Competence Centre at PwC, he explained the risks posed by cryptocurrencies and what those mean for the work of risk experts.
Does Swiss Crypto Vault use all available data to identify and manage risks?
We use all relevant internal data generated by our own system. As all blockchain data are transparent and publicly available to everyone, we could use them all, but it would require significant resources to process them in a way that would enable us to do so. In addition, every blockchain is different and we would have to create a different, specific tool for each one. However, we do use relevant blockchain data, for example, in chain analysis to evaluate the origin of cryptocurrencies as part of anti-money laundering checks. Blacklisting also helps: if a blockchain is hacked and the address that the payments were sent to can be identified, then this address is blacklisted.
Do you use data from outside the blockchain, such as regulatory monitoring?
We are currently only active in Switzerland, so that is the most relevant jurisdiction for us. It really helps that Switzerland is leading the way when it comes to blockchain regulation, so there are clear guidelines. Swiss regulatory monitoring covers all Finma guidelines, but we also continuously monitor international developments.
Has Swiss Crypto Vault been able to manage certain risks more effectively using AI or machine learning?
Under machine learning we understand that a system poses its own hypotheses and keeps improving itself. We are still a long way from that with crypto. But analytics and artificial intelligence can help us, particularly in the area of regulation and compliance - for example, with anti-money laundering and fraud risk. That’s because analytics is very useful for checking large amounts of data and could also be effective for depicting patterns, algorithms and behaviour. We currently provide support for around 40 customers and a volume of approx. CHF 1 billion. Unfortunately, that is still too small a data set to apply analytics to.
How are these new technologies currently being used by risk experts at Swiss Crypto Vault?
A good example is the use of transaction analytics on the blockchain. If, for example, someone wants to deposit their bitcoin in our system, we first check how they acquired them. Transaction analytics help to provide proof of the coins’ origin.
What is the biggest hurdle getting in the way of using new technology at Swiss Crypto Vault?
The hardest thing is prioritising with limited resources, particularly software developers’ time. We have more ideas than we have development capacity and every development is a balance between costs and risk on one hand and the benefit on the other.
The second hurdle is data. For internal data or very specific cases we usually don’t have a big enough data set for machine learning and there are is no relevant industry benchmark data.
Is there an area in which your company is currently making substantial changes?
Our original idea has been on the market for two years now. But the crypto environment develops quickly. What is already a big topic for us, but will become much bigger, is “staking”. This is where holders of crypto support the running of a blockchain but must digitally deposit their crypto assets as a kind of collateral. However, it only works if we can earmark the capital and process it using a private key, so that the blockchain can draw on this capital if necessary.
We’re also seeing a lot of developments in security tokens. For example, shares, bonds or securities, but also physical assets like houses, the ownership of which is governed by the blockchain. In the future, you will also be able to vote in an AGM with these types of token. The possibilities in terms of the design of these security tokens are promising, but we also need to be able to ensure that they can be stored safely from a technological perspective as well. These technological developments empower holders of crypto, but also bring about greater participation on their part.
“In principle, you can rely on blockchain data because they cannot be changed. But I see a danger here, particularly with regard to analytical tools and artificial intelligence. These tools are only as good as their configuration. Risk managers must question the results and not just blindly trust the tools.”
What are the biggest risks associated with this initiative?
The biggest risk connected to the staking initiative is uncertainty over which type or format will prevail. Different blockchains take different approaches and there are still no standards yet. An additional challenge is how crypto storage solutions will adapt in general. For example, for security purposes, we built our system in a way that it would intentionally slow down processes. However, for staking, there are now some blockchains that require you to be able to react within less than a second. This is an aspect that needs to be managed.
Which risk functions do you consider to be absolutely indispensable for Swiss Crypto Vault?
We need to cover a broad spectrum, from physical, procedural and digital security to regulatory and legal risks. Solution architects and infrastructure specialists, who are experts in cybersecurity, but also the legal experts and risk managers on the regulatory side, are indispensable.
How do the different risk experts work together? Should it happen more frequently?
Right now, it’s working well for staking, because we’re small and can bring people together at a moment’s notice. To do so, we need everyone - tech, risk and legal. In addition, the crypto environment is constantly changing. Therefore, we meet very regularly.
How does the risk profile of your customers change when they acquire crypto assets for the first time and outsource to your company the safekeeping of those assets or the private keys?
The customer’s risk profile improves because they have entrusted safekeeping to a professional provider that is audited by third parties.
Customers that are new to crypto have a great deal of respect for the field, often also because they lack knowledge of the topic. One of the questions asked most often is how we make sure the coins are clean. The more it’s considered and discussed, the more our customers realise how complex the whole topic is and that it requires specialists. A lawyer, for example, needs to be very tech-savvy but also understand what the intention of the legislator was when writing a law 50 years ago, and how it applies to crypto-assets. These are topics that we discuss intensively with our clients.
How will blockchain technology change the work of risk experts in the next three to five years?
In general, irreversibility is not making it any easier for risk experts. There is basically zero room for error in public blockchains. On the other hand, managing risks has always meant managing uncertainty. The blockchain is very transparent and we’ll have more data available that can help risk managers. In principle, you can rely on blockchain data because they cannot be changed. But I see a danger here, for example regarding analytical tools and artificial intelligence. These tools are only as good as their configuration. Risk managers must question the results and not just blindly trust the tools.
