Blog Article

Protecting Value and Staying Compliant with Asset Clawback


Caroline Young, Patrick Campos, and Jackson Mueller

Publishing date



Asset clawback

In June, the Stellar Development Foundation announced that validators on the Stellar public network successfully approved of a new protocol upgrade – Protocol 17. The key feature of Protocol 17 is the introduction of the “asset clawback” function, which provides authorized entities and/or individuals the ability to issue natively-digital securities in a manner consistent with regulatory requirements. Specifically, CAP-35, which encodes elements of Securrency’s compliance framework, allows authorized parties to pull back value in certain situations relating to regulatory compliance, investor protection, and lost or stolen value.

In short, the clawback feature allows issuers to:

  • recover assets that have been fraudulently obtained;
  • respond to regulatory actions, if required; and
  • enable identity-proofed persons to recover an enabled asset in the event of loss of key custody or theft.

This is a huge development for the Stellar ecosystem and for institutional adoption of digital assets that addresses several regulatory and institutional stakeholder concerns regarding establishing and maintaining ‘control’ of assets, especially in regards to regulated financial instruments such as stablecoins and central bank digital currencies (CBDCs).

Securrency, a leading developer of institutional-grade blockchain-based financial and regulatory technology, was the co-author of the CAP-35 proposal and closely collaborated with the Stellar Development Foundation in building this incredibly important feature into the Stellar public network.

We asked Securrency’s Patrick Campos (Chief Strategy Officer) and Jackson Mueller (Director of Policy and Government Relations) to discuss why asset clawback is such a big deal and how Securrency is leveraging this unique ability to protect value as it moves across networks and jurisdictions in a highly automated, compliant way. What follows is their explanation.

Complexity in a maturing ecosystem

One of the main objectives of regulators monitoring the traditional financial services sector is protecting investors by requiring that firms have measures in place to reclaim lost or misappropriated value. Robust regulatory frameworks have been established to ensure the safe custody of assets, including measures to reclaim value if it is affected by various externalities, such as a ‘fat-finger’ trade, bankruptcy or loss of business continuity, or a cybersecurity breach. Long-standing legal precedent further defines how traditional financial services products and providers are required to operate in the marketplace.

The advent of distributed ledger networks, including Stellar, and the products, services, and applications built on these networks have triggered regulatory concerns around the protection and recoverability of digital assets. This scrutiny is heightened by the growing interest among traditional financial institutions in leveraging these emerging technologies to provide new investment and product opportunities to their clients. As adoption grows rapidly, regulatory scrutiny naturally follows.

For the ecosystem to further mature, the development of appropriate regulatory frameworks around the custody of digital securities is paramount. Periodic hacks of exchanges and wallets, lost private keys, and the difficulty – if not impossibility – of clawing back lost or misappropriated value is a significant impediment to institutional adoption of digital assets and the corresponding development of this ecosystem.

Regulators in the US and in many other jurisdictions are cognizant of these challenges and have published statements expressing their concerns:

  • In 2019, the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) issued a joint statement on the custody of digital assets, voicing concern about a broker-dealer’s ability to hold private keys and custody digital asset securities while issuing, holding, and transferring them safely and securely.
  • In the event a client is victimized by fraud or theft, the SEC and FINRA worry that broker-dealers would not have sufficient ability to provide recourse, causing “securities customers to suffer losses, with corresponding liabilities for the broker-dealer, imperiling the firm, its customers, and other creditors.”
  • A year later, the SEC published a statement and request for comment recognizing “that the market for digital asset securities is still new and rapidly evolving. The technical requirements for transacting and custodying digital asset securities are different from those involving traditional securities.”
  • As part of its statement, the SEC announced a five-year safe harbor “designed to provide participants with an opportunity to develop practices and processes that will enhance their ability to demonstrate possession or control over digital asset securities.”

Active engagement on these issues between industry and regulators is taking place, with participants exploring the potential of these emerging technologies to address regulatory concerns related to custodying digital asset securities. Indeed, in many cases blockchain technology can actually enhance security and investor protection through automation, transparency, and traceability. Both Securrency and SDF have been deeply engaged with securities regulators in multiple jurisdictions on these issues.

Towards a Solution‍

Given the challenges associated with custodying digital asset securities, which have prevented traditional finance from fully leveraging these new technologies and from offering better and more accessible financial products and services, the approval of Protocol 17 represents a milestone in the maturation of the digital assets ecosystem. Securrency’s digital assets market infrastructure technology, developed over the course of five years, has been purposefully designed to facilitate blockchain-based financial services by keeping compliance at its core. We love the speed and low cost of the Stellar network, so working with the SDF team to build this institutional-grade feature onto that network was truly exciting for us.

When the asset clawback feature is enabled on an asset, a flag is visible to any potential holders, distinguishing the asset as a recoverable vice bearer instrument. At this point, the potential holder can then decide whether to hold the asset, knowing it can be clawed back. The asset clawback function provides the issuing authority or designated control location the ability to pull back value, giving regulators comfort that investors and their assets are protected and that value can be retrieved if and when wrongdoing or an outside event occurs.

To further customize Stellar’s asset clawback feature for regulators, Securrency’s platform both empowers and restricts the functionality in several important ways.

Leveraging asset clawback functionality using a ‘hybrid’ control location

While blockchains enable unprecedented automation and efficiency, the inability to recover value, as well as vulnerabilities to outside events, generate regulatory concerns. Specifically:

  • Because blockchain tokens are bearer instruments, once these bearer instruments are lost, stolen, misappropriated, or mistakenly moved, it is difficult to reverse transactions in the absence of an empowered transfer agent and a good control location associated with those assets.
  • Further, it is difficult, if not impossible, to stop an unauthorized party from engaging in transactions, even if they’re a known bad actor.
  • Finally, technology risks such as a 51% attack or quantum attack present significant challenges to recovery.

In a hybrid control location framework, supported by Securrency’s architecture, merging the benefits of the traditional custody model with those of the blockchain model specifically addresses the pain points associated with custodying digital assets. Under this framework:

  • As with cryptocurrencies, signed transactions enable movement of value between blockchain addresses without the need for an intermediary. However, a decentralized policy-enforcement point is used to ensure the value can only move between known and qualified addresses. These transactions are recorded immutably on the Stellar ledger.
  • Blockchain addresses (wallets) are mapped by financial intermediaries to their rightful beneficial owners.
  • On-chain transactions are detected by “Ledger Event Listeners”, enriched with ownership data, and recorded in an off-chain location for high performance analysis, fraud detection, and regulatory reporting.
  • The off-chain record acts as the control location for the asset, that is the official record of share ownership, placating regulatory concerns about an irreversible on-chain record. When coupled with on-chain clawback, the off-chain record can be used to restore discrepancies or misappropriation.

In short, the off-chain location mirrors and records transactions taking place on-chain. Importantly, the hybrid custody framework is not dependent on a single blockchain. Assets can reside across and move between multiple ledgers with a single, complete record managed at the off-chain control location.

Asset clawback functionality comes into play when the off-chain control location (for example, in the event of misappropriated/stolen value) leverages the issuer authority to initiate a reversal of a particular transaction or set of transactions to recover lost or stolen value. In the process of restoring the record of ownership, the control location does not need access to a particular party’s actual key to gain access to the lost or stolen value, thereby preventing the control location from manipulating any other value held by that party’s wallet. As the asset is tied to a specific control location, that control location can reclaim the value of the asset quickly. This becomes even more important when one considers, for example, the ramifications of a broker-dealer insolvency.

Asset clawback would address the SEC’s requirements in that, for a broker-dealer to apply for the five-year safe harbor, the broker-dealer must establish policies and procedures to:

  • identify steps the participant will take regarding custody of digital asset securities if a blockchain malfunctions, if there’s a 51% attack, a hard fork, or quantum attack;
  • allow for compliance with court-ordered freezes or seizures; and
  • allow for the transfer of digital asset securities held by the participant to another broker or appropriate party in the event that a broker-dealer can no longer continue, self-liquidates, or is subject to a formal bankruptcy.

As the SEC further states in its statement and request for comment, “these policies and procedures should include measures for ensuring continued safekeeping and accessibility of the digital asset securities, even if the broker-dealer is wound down or liquidated, and thus would provide a reasonable level of assurance that a broker-dealer has developed plans to address unexpected disruptions to the broker-dealer’s control over digital asset securities.”

Protecting against the potential for asset clawback abuse

Of course, given the power of this functionality, one is not wrong in viewing this feature as susceptible to abuse. However, Securrency has built in significant transparency measures to ensure that the actions undertaken by a control location are delegated to known and authorized parties and that all actions taken by such parties are recorded immutably, visible, and publicly disseminated.

In short, the actions undertaken by the control location are also recorded on the blockchain. As such, in the event the control location is hacked or the control location becomes a malicious actor, the actions undertaken by the control location in initiating a clawback are recorded on the blockchain and made known to all parties involved.

But that’s not all. Securrency has also built-in several other protections to prevent misuse of the clawback functionality. To be eligible to hold control location (clawback) authority for a particular asset, an entity must demonstrate the license (transfer agent, custodian, CSD) to perform this function via an identity-verification process. These parties are liable for improper use of their authority.

Securrency has spent considerable effort and time developing a multi-layered system of delegation of authority that goes beyond naming a particular transfer agent that’s allowed to initiate a clawback. It’s a process analogous to steps undertaken by banks in performing Know-Your-Customer checks on a customer who may be acting on behalf of another person.

As important as Protocol 17 is, the asset clawback feature is just one of many features required to propel institutional adoption of digital assets. That said, the importance of the clawback and how it is used further demonstrates the value of these emerging technologies in protecting, if not enhancing, market integrity in the digital asset ecosystem.