Navigating the Legal Terrain Around Staking Services

Views
Feature Image

Crypto Staking 101

Cryptocurrencies like Bitcoin, Ether, XRP and others operate on a blockchain - a decentralized ledger that records all transactions across a network of computers (nodes).

While Bitcoin uses a Proof-of-Work (PoW) mechanism to reach consensus on the state of the network, which requires miners to solve complex mathematical puzzles using a lot of computer power and energy to add a new block to the blockchain, the Proof-of-Stake (PoS) consensus chooses the creator of a new block in a different way. In PoS, the creator of a new block is chosen based on their “stake” in the cryptocurrency, meaning how many coins they possess and are willing to “lock up” as collateral.

When you stake your coins, you’re basically locking them up in a wallet to maintain the network’s operations by validating transactions and creating new blocks. In return for validating transactions and proposing new blocks, you can earn ETH as rewards.

The idea behind PoS and staking is to provide a more energy-efficient mechanism to maintain the network compared to PoW, and to incentivize honest behavior among participants by having them put their own assets at stake. This means they have a vested interest in correctly validating transactions since they have something to lose. It’s a way of ensuring that the people who are validating transactions and creating new blocks are invested in the continued accuracy and security of the blockchain.

The legal treatment of staking services and the rewards earned with staking internationally is now in the limelight. Admittedly, understanding such new technology and its legal and regulatory implications is extraordinarily complex. The following clarifies the mechanics behind staking and highlights relevant considerations.

How does staking work?

Let's look at staked ETH as an example. The Ethereum system consists of the execution layer and the consensus layer. Transactions from address A to address B or smart contract interactions take place on the execution layer. The consensus layer is responsible for things like block and attestation handling:

  1. The holder of the private keys of the originating address can transfer the ETH to the deposit contract.

  2. The holder of the validator keys can access the deposit contract and unstake.

  3. The holder of the private keys of the withdrawal address can access the ETH after the unstaking.

  4. The holder of the private keys of the withdrawal address can transfer to third-party addresses.

Staking-as-a-software Service

Staking itself is designed as a software service by operating the staking infrastructure, namely the validator node. From a regulatory perspective, “pure staking” services do not raise any issues. Since the staking provider is never in possession of any of the private keys to the address on the execution layer, there is no third-party custody over the cryptocurrencies. With the validator keys, the staking provider may only initiate the unstaking, i.e. the transfer of the ETH in the deposit contract on the beacon chain to the withdrawal address on the execution layer, which does not raise any regulatory concerns.

Custody Considerations for Staking

Ancillary custody service

Staking services may include different types of ancillary custody services, which may have a regulatory implication depending on its set up:

  • Segregated custody: the cryptocurrencies are individually assigned to the client on blockchain level. Separate custody is generally permitted without a license in Switzerland.

  • Omnibus custody: the cryptocurrencies are assigned to one or more shared addresses, whereby it is evident off-chain which share is due to the individual client. For collective custody, at least a FinTech license is generally required.

  • Deposits: the cryptocurrencies are not permanently held available for the client by the custodian and the cryptocurrencies cannot be allocated to the respective clients, either on- or off-chain. Accordingly, a banking license (or a FinTech license in the case of assets of less than CHF 100 million) is required for their acceptance.

Actual and exclusive power of disposal

A staking provider may act as custodian and require a license if he has the actual and exclusive power of disposal over the cryptocurrencies. Whether he has power of disposal depends on whether he holds the relevant private keys. If the staking provider is the only person holding the validator keys and the private keys of the withdrawal address, this qualifies as third-party custody and the staked ETH would fall into the bankruptcy estate of the staking provider in case of bankruptcy. If the staking provider holds only one of these two keys, or if he is not the only one holding the private keys to the withdrawal address, this would not qualify as third-party custody and the ETH would not fall into the bankruptcy estate of the staking provider in case of bankruptcy. Hence, he would not require a license.

The underlying digital assets custody technology and governance around key management therefore become crucial considerations.

The obligation to keep client assets at disposal at all times

If a staking model is designed in such a way that the staking provider has the actual and exclusive power of disposal of the private keys of the withdrawal address, it needs to be further analyzed whether the client’s assets qualify as so called “depository values”. The most intensely debated criterion in this regard is the obligation to keep the cryptocurrencies at the client’s disposal at all times during staking:

  • No lending business: The obligation to keep the crypto assets at disposal at all times means in particular that no lending business may be conducted. In the case of lending business, the bank itself decides whether and how much of the assets at its disposal it invests, and the bank is entitled to the income of that lending business. With staking, the situation is different: rewards are not paid out for depositing ETH, but for validation activities that comply with the protocol. Rewards are only used as an incentive system to ensure the functionality and security of the decentralized network. In addition, due to the technical blocking, the tokens are actually not available for the staking provider for its own investment purposes. In simple terms, lending business is done in the interest of the bank, whereas staking is done in the interest of the client.

  • Power of disposal during lock-up periods: If, in addition to the validator keys, the staking provider also holds the private keys to the withdrawal address, and he is the only one holding these keys, he has the actual and exclusive power of disposal over the staked assets. The protocol itself, never acquires power of disposal over assets. Any lock-up periods impair the possibility of transferring the tokens from the deposit contract on the beacon chain to the execution layer without delay. However, they do not affect the ability of the staking provider to hand over the private keys of the withdrawal address to the client and thus immediately give up the exclusive power of disposal over the staked tokens.

  • Slashing risk has no influence on regulatory qualification: The obligation to keep client assets at disposal at all times relates to 100% of the assets to which the client is entitled and not to 100% of the assets which he had originally deposited. This is illustrated by the example at the beginning of this article. If it is now clearly stated in the staking contracts that the client bears the slashing risk directly and that the client’s claim against the staking provider in the event of a slashing event is reduced by the slashed ETH at the moment of the slashing, the staking provider will at all times hold for the client exactly as many ETH as the client is entitled to.

What Staking Providers Need to do

Staking providers must make an in-depth analysis of their services, all related processes and the contractual framework. They should initially ask themselves e.g. the following questions to enable an assessment of the applicable legal rules:

  • Which person(s) hold(s) the private keys of the withdrawal address?

  • Which person(s) hold(s) the validator keys?

  • How are the withdrawal credentials managed?

  • Does the deposit contract / withdrawal address contain pooled client assets?

  • Which client contracts address staking and/or custody?

  • When does the service provider’s contractual custody obligation end?

  • How is the slashing risk addressed in the client contracts?

  • Will the staked ETH be used as a collateral to borrow ETH?

  • Is MEV extraction planned and how is it structured?

Contact Ripple's custody team today to learn more.