Custody and the Investor Identity

Custody and Investor Keys

The Platforms

In FinP2P, every investor is assigned a FinID Investor Profile — their global identity across the network. This profile has an associated FinID Signing Key, which is a standard EVM-compatible Wallet Address (similar to an Ethereum wallet address). it is used to approve all transactions on any application, across any ledger.

Depending on the ledger technology:

The direct Signing Key may be used (e.g., on EVM-based blockchains).

A Delegated Signing Key may be assigned if the underlying ledger requires a different cryptographic framework (e.g., Canton, Corda).

This model allows custody technology providers to deliver digital identity and signing services seamlessly across the entire FinP2P ecosystem.

Custody Technology Integration

Custody providers integrate with the FinP2P network by connecting their Custody key management system to the Ownera Custody Hub Router via an integration adapter, which enforces their signing policies and links applications to custodians.

Once connected, all relevant transactions from any FinP2P application are routed to the custodian’s technology for validation and signature.

Before signing, Custody can implement any desired policy (e.g., various authentication methods, multi-signatures, MPC, HSM, cold storage). This is all agnostic to the router, which simply waits for a valid signed transaction to route and orchestrate.

Typical transactions are signed using EIP-712 or a minimized HashList format, covering blockchain and legacy transactions alike.

Core Verification Criteria

The key aspects to verify include:

  1. Legal Possession: Verifying that the asset cannot be moved on the registry blockchain without a valid, signed transaction from the Custody Router, ensuring Custodian has a legally-binding, provable, undisputable record of ownership.
  2. Transaction Execution: Ensuring the transaction is correctly executed on any underlying asset registry blockchain.
  3. Transaction Proof: Cryptographic evidence confirms allocation of assets to the investor’s FinID Signing Key on the registry ledger.

How It Works

1. Transaction Execution:

The router determines the best course of action depending on the underlying blockchain's nature:

  • For EVM-compatible blockchains:

    • Custodian signs with the FinID’s Signing Key.
    • The routers route the transaction into the source blockchain via the tokenization engine (Ethereum, Polygon, Besu, Quorum, etc.).
    • The Signing Key serves as the wallet address holding the asset, making ownership EVM-native.
  • For non-EVM-compatible blockchains:

    • The Signing Key signature authorizes the custodian to manage a native account on the target blockchain.
    • Ownera custody routers may include a built-in Ledger node (such as Canton node, Corda).
  • For non-blockchain assets (e.g., FIAT payments):

    • The Signing Key signature authorizes a traditional, non-blockchain transaction via legacy networks like SWIFT.

2. Transaction Proof:

Getting proof that a transaction was properly executed depends on the asset registry blockchain:

  • Public chains:

    • If the asset is on a public chain, the Custody Router will receive the transaction details and can verify it independently. The tokenization engine can also add any cryptographic proof if needed, such as a Signed Receipts or Zero Knowledge Proofs where available.
  • Private chains:

    • If Custodian has a node on that private chain, it can verify the transaction independently (e.g., Canton, Besu network).
    • If Custodian does not have a node or third-party validation capability, the router will receive cryptographic proof from the remote blockchain, signed by the financial institution's router.

3. Possession:

Ensuring that only a signed transaction by Custodian can move the asset out of the FinID Signing Key holder's account involves several practices:

  • Legally:

    • A contractual agreement between Custodian and the TA using the tokenization engine as a registry specifies that only valid signed transactions by Custodian can move assets in the client's wallet or account.
    • This contract is backed by appropriate on-chain smart contracts.
  • Technologically:

    • Custodian can validate the smart contracts of the tokenization engine before allowing clients access to assets.
    • On public chains, smart contracts are public and auditable.
    • On private EVM chains, smart contracts can be provided and audited.
    • Custodian's node (embedded in the router) controls assets natively on networks like Canton or R3 Corda.
    • All tokenization partners utilize regulated TAs or other registrars to manage the registry blockchain.

Custody Services: Omnibus vs. Non-Omnibus

The routers also support immobilization to an Omnibus and reissuance of assets where it makes commercial sense, such as reissuing with CSDs or issuing DRs.

Non-Omnibus custody (also known as fully segregated or named accounts) ensures that each client's assets are held and recorded uniquely in their account. This model supports increased transparency, auditability, and direct asset ownership visibility, often preferred for clients with enhanced regulatory or fiduciary requirements. It also supports a Nominee structure for holding assets.

Omnibus custody enables the aggregation of multiple client holdings under a single account per asset class, allowing for efficient immobilization, simplified settlement, and streamlined interaction with market infrastructures such as CSDs. This model supports operational efficiency and cost savings.

The routers support both models and enable dynamic routing, reissuance, or settlement optimization depending on jurisdictional, commercial, and operational factors.