Building Resilient Digital Asset Infrastructure for RWA: An Operational Risk Perspective
This post is long overdue. While I am focused on understanding the systemic integration of RWA (Real World Assets), Stablecoins, and digital assets within our current financial system, I wanted to revisit my technology roots and explore what is needed for this integration to be seamless. One challenge that the financial industry faces, and is notorious for, is technology adoption. Part of it stems from culture, and part is due to the regulations and processes involved in technology inception, which have evolved over time. The long path that FinTech has taken to modernize the financial system, while commendable, is still confined to user experience or innovation at the periphery of the core financial system.
While banks and financial institutions have finally become comfortable with cloud technology, AI, and integrations, open banking and evolving payment regulations have significantly accelerated the adoption of APIs and cloud computing in the financial sector. These regulations have mandated greater interoperability, data-sharing, and security frameworks. Key regulatory developments such as PSD2 (Payment Services Directive 2) in Europe, the UK’s Open Banking Standard, and the U.S. Consumer Financial Protection Bureau’s (CFPB) 1033 Rule have forced banks to expose customer account and transaction data through secure APIs, enabling seamless third-party access to financial services. It took technology vendors over a decade to get financial institutions comfortable with cloud computing and APIs.
With guidance from various agencies, including the U.S. Treasury, frameworks have been developed to support adoption and modernization of the industry. FS-ISAC and IRPF serve as critical frameworks for financial institutions to manage security, risk, and operational resilience in an increasingly API-driven and cloud-centric banking environment.
Technology evolves at a much faster pace than it is understood and adopted by any institution, and the process is much slower for regulatory institutions like financial services. This is likely due to the risk to our financial system, which is deemed critical infrastructure, and the consequential nature of the risks that technology may pose. This explains the lag in adopting new technology waves. The industry is now at an inflection point to adopt AI and Blockchain or Digital Assets. While these technologies complement each other, they are often siloed, making integration an interesting challenge, which I have written extensively about.
In this article, my focus is on an operational risk consideration of digital asset infrastructure, which includes asset tokenization platforms, unified data platforms, and, of course, digital asset signature apparatus (a.k.a. Digital Asset Custody technology).
Discerning Between Tokenized RWA vs Crypto Assets
As of this writing, RWA (Real World Assets) such as real estate, money market funds, and other tokenized funds were valued at $18 billion, while Stablecoins, a form of digital fiat, were around $220 billion. While still small compared to the approximate $660 trillion market of all assets, it is growing. Crypto, which includes BTC and other altcoins like ETH, ADA, SOL, and others, is reaching $3 trillion.
While Blockchain is the underlying technology that extends the tenets of immutability, verification, and validation, transaction processing is applicable to both types of assets. However, the price and value systems are quite different. For instance, Crypto assets are governed by crypto-economic systems within a completely different market structure and infrastructure. RWA, on the other hand, derives its value from the traditional assets it represents and adheres to the respective micro-market structure specific to the asset class it represents.
The core thesis of RWA is transaction efficiency, 24/7 liquidation, and settlement, with all narratives ultimately converging in the capital efficiency camp. Risk model frameworks are specific to the asset class, and RWA inherits the risk models of the assets they represent. However, a new dimension of risks is introduced, including technology risks and asset velocity risk (i.e., 24/7 access). The market structure must prepare and factor these dimensions into consideration.
Crypto, on the other hand, in my opinion, not only operates in highly inefficient markets but also suffers from information asymmetry. Due to the nascency of these markets, few mature risk models exist. Not to mention the ultimate risk — permanent loss of assets — imposed by technology risks, such as those posed by digital asset custody technology. Until risk models are developed or some form of assurance is provided (for example, by sub-custody providers who have insurance), most financial institutions may find it difficult to push digital asset custody through the typical three lines of defense (Business, Technology, and Risk & Compliance).
Let’s focus on RWA, as it is perceived as the low-hanging fruit. We have risk models and market structures, so let’s speed up and reap the benefits of speed in trading, liquidity, and capital efficiency. All adjacent use cases, such as borrowing, lending, and collateral management, leverage this technology innovation. This not only facilitates liquidity-saving mechanisms but also turbocharges settlement and asset mobility across various ecosystems. With Stablecoins to settle trades, we further speed up capital mobility.
But what about the technology risks? Especially with the transmission infrastructure and, of course, digital asset custody technology?
Technology Risks and Custody Infrastructure
RWA are generally categorized into two types:
In both cases, the risk of permanent loss is minimal due to the assurances required by regulators and the governance frameworks in place to reissue an asset. Unlike crypto assets, which are driven by the ethos of ‘not your keys, not your assets’, RWA operate under a different paradigm, focusing more on transaction efficiency and ultimately hoping to achieve capital efficiency.
Digital Signature Apparatus vs. Digital Custody
The digital signature framework required for these functions can seamlessly integrate with existing control technologies and cybersecurity mechanisms, leveraging today's robust key management systems.
Recommended by LinkedIn
Addressing Technology Risks
Do we still have technology risks? Yes, technology risks still exist, but with a different dimension. The technology dimension exists similarly to DoS ( Denial of Service) or DDoS attacks in the internet era. While vulnerabilities or theft of keys, reentrancy attacks, etc., seen in the crypto world, may not result in the permanent loss of assets, any such vulnerabilities impose disruptions in normal transaction processing and represent an operational risk.
How do we address this important, yet significant impediment in moving forward with RWA adoption? While digital asset technology infrastructure risk vectors can disrupt transaction processing, risk mitigation must focus on high availability and disaster recovery with high fidelity. This is even more critical since the technology promises 24/7 operations and, with time and trust as two fundamental constructs of digital technology, the trade execution, settlement, and ownership records must not only be resilient and available but also ensure interoperability with the slower, legacy systems of core banking.
Perspectives:
The U.S. financial system, as a pillar of critical infrastructure, relies on a robust regulatory framework to ensure its resilience against cyber threats, technological failures, and operational disruptions. Regulations such as the FFIEC IT Examination Handbook, Federal Reserve’s SR 20-24, SEC Cybersecurity Rules, OCC Bulletins, and the Gramm-Leach-Bliley Act (GLBA) provide structured guidance on risk management, operational continuity, and technology oversight.
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and Executive Order 14028 reinforce rapid incident response and resilience in the face of evolving cyber risks. Complemented by the NIST Cybersecurity Framework, these regulations collectively drive financial institutions toward continuous improvement in cybersecurity, third-party risk management, and system availability.
Similarly, the EU’s Digital Operational Resilience Act (DORA) aims to significantly enhance the security and resilience of the financial sector, particularly against severe disruptions such as cyberattacks, natural disasters, or technological failures. As the first legislation of its kind at the European level, DORA establishes a harmonized and comprehensive framework for ensuring digital operational resilience across European financial institutions.
This evolving regulatory landscape underscores the imperative for financial entities on both sides of the Atlantic to adhere to stringent technology risk mitigation practices, ensuring the uninterrupted functionality of the financial infrastructure that underpins economic stability.
Interesting reads and Sources:
Head of Education & Talent @The_LHoFT
1wExcellent. Thank you for you sharing.
Managing Partner, H.I. Executive Consulting (H.I.E.C)
2moThanks for sharing your thoughts and wisdom Nitin Gaur!
Technology & Growth Advisor to Global Apparel & Fashion industry in 50+ countries for 40+ years | * AI for Apparel & Fashion * * Enterprise Digital Transformation Optimised * * AI for Sustainability & Circularity *
2moI appreciate this, Nitin
We help birth Tokenized Enterprises! Visit TokenizedDotComs.com for Location. BlocktechBrew.com for Creation. (dhruv@blocktechbrew.com); 150 web3 dot coms for Tokenizing Real Estate, Commodities & all Finance.
2moSo excited for TokenizedRWAssets. To do good for others with newfound wealth is my wish! I promise I will. TheFinternet TokenizedDotComs.com
Entrepreneur | Invested | Involved
2moAs always, great insights!