Name: Inside Fireblocks Trust: A Walkthrough of our Qualified Custody
Uploaded: 2026-03-10T16:01:07.294Z
Duration: 41 min 24 s
Description: Inside Fireblocks Trust: A Walkthrough of our Qualified Custody

Transcript for "Inside Fireblocks Trust: A Walkthrough of our Qualified Custody": Hi, everyone. Thank you so much for joining today. We're just gonna give everyone one more minute to come on before we get started. So we'll get started here in just one minute. Hi joining us today for in a walk through of our qualified custody. House questions at any point during the session, please address the questions at the end. And if today you'd like to continue with our team, we'd love to connect, and you can find that request demo button at the top to do that. We'll also be sending everyone a recording of today's webinar later today. So now on to while we're all here, today's session is going to cover two things. First, we're gonna walk through the why behind qualified custody, what it is, why it matters, and why for many institutions it's not optional. And then we'll get into the good stuff, a live walkthrough of what qualified custody actually looks like inside the Fireblocks platform. So leading us through all of that is Tomer Greenbaum, our VP of licensed services operations who lives and breathes this stuff every day. So, Tomer, I will hand it over to you. Thanks very much, Samantha. I'm Toma Greenbaum, and I lead the customer operations for Fablux License Services and specifically under Fablux Trust company. The presentation part of this webinar will take around fifteen to twenty minutes, and then we'll switch to the demo. The demo will be partially recorded to save on administrations such as approvals, etcetera, but the majority is going to be live. Fabrics trust company is a New York state regulated limited purpose trust company that provides institutional clients with qualified custody and bank rate cold storage for digital assets. We're one of the only 12 NYDFS regulated trust companies, having received unconditional approval in August 2024. The regulatory framework is critical to institutional trust. Second to the required charter, the security is paramount. On top of the, five blocks infrastructure security, which is baseline for a system and some of you are already familiar with, we utilize a bank grade vaults currently holding over $1,000,000,000 of client assets, ensuring all keys are safe from both physical and cyber threats. Finally, it's a unified approach. Dedicated vault operations teams are operate supported by the broader Fireblocks organization for technology, compliance, security. The Fablock Trust Company seamlessly combines this crucial regulatory requirement with the robust security standard you already know from the Fablock's parent company. But the critical question is why qualified custody is essential, especially in today's regulatory environment. There are three primary drivers. First, the regulatory mandate. Entities like RIAs, VCs, and other institutions managing client assets in The United States are legally required to use qualified custodian under SEER rules. It's a nonnegotiable requirement for compliance, but we're not just limited for serving U. S.-based customers only. So if your business is licensed outside of The U. S, you can talk to us, and we can explain more a bit about it. Second, it's about safeguarding assets. A qualified custodian provides a fully regulated compliant framework for securely holding digital assets. This ensures institutions can meet their strictly fiduciary obligations and adhere to all SEC and state level regulations, giving them clear path forward. But not only that, there's also the peace of mind that they are your clients' assets are in the hands of licensed custodian lying in the gold standard infrastructure for securing digital assets. Finally, it fosters increased transparency and trust by reducing systematic risks and protecting investors from fraud. Qualified custody helps build the the foundational trust required for broader institutional adoption. Firebox Trust Company have built a secure and compliant platform designed to meet this evolving regulatory landscape. For any institutions with fiduciary duties, including hedge funds, banks, and VCs, qualified custody is not merely an option. It's the fundamental foundation of the digital asset strategy. So there are a few misconceptions around whether you need it or not or you should use a a qualified custodian, and one of them is that we can just use in house cold storage to store our assets. Institutional security means that more than keeping assets offline, security is continuous and comprehensive effort. Our approach integrates three pillars, compliance, governance, and active monitoring. This combination builds like system that controls our layered assets are segregated and never commingled between customers, not swept to an omnibus wallet. Built in security is applied to logical and physical layers, transaction authorization policies both at the customer side initiating a proven transaction at the hot wallet side of the customer, and custody wallets, the fabless trust ops that approved and signs those transactions at the cold wallet workspace at the custody side. All physical infrastructure are protected by schedule based face recognition systems, device biometrics and AI based analysis alongside with human monitoring 20 fourseven. Transaction signing facilities are built with bank standards, and transactions are signed by our offline signing teams using proprietary developed systems using air gap signing devices. We'll see that over at the table. Topping that with Firebulk's MPC CMP technology supplied by our parent company, Firebulk's. The number two misconception is that self custody covers everything we need. So if we don't have the regulatory requirement to store assets under custody, you might think that you would want to just store it in your self custody wallet. So building on this misconception that self custody alone is sufficient, what we'll introduce here later on in the demo is how Firefox offer comprehensive solution by combining both your self custody workspace and wallets and qualified custody connected from the same platform, all initiated and managed from the same console alongside with all others connected accounts that you can connect to. For entities with fiduciary duties and regulatory mandates, qualified custody is nonnegotiable, as we said. It addresses the compliance, governance, and audit requirements that self custody cannot fully cover. However, the five look's advantage is the ability to leverage both models simultaneously through one unified platform. This allows you to manage assets under qualified custodian for regulatory compliance while retaining the operational flexibility of using your self custody vaults, all secured by the same underlying MPC technology and access to the same interface and APIs. So just before we move on to see how it works, let's summarize. Five lakhs Trust Company provides a full service solution that grows with your business needs. We cover a wide range of functionality starting from assets. We support over over 40 digital assets, and we're constantly expanding the coverage based on the client requests. We also support key financial activities like staking for assets, say, like Ethereum and Solana and various collateral arrangement, including margin trading, tri party services. Our security is comprehensive, featuring vault storage with bank grade security, biometrics controls, and multiple verification layers. This is complemented by regular transparent audits and record keeping. Crucial. Crucially, the solution may operate through your Fireblocks interface, whether you're a Fireblocks customer, a soon to be customer, or just a Fireblocks Trust customer, allowing you to seamlessly manage both qualified custody and self custody operations, which eliminates integration complexity and simplifies your workflow. The platform is fully API enabled, allowing you allowing partnerships and integrations between all different types of platforms for unified access to third party platforms as well. So if you're seeking partnerships and you want to integrate a custody solution into your other business, we can do that as well. We're not limited for US based customers. So if your business is outside of The US and requires custody, speak with us, and we'll be able to help with that. So let's take a look. A minor part of the demo will be recorded to save the administration, such as switching platforms and approvals and stuff. It's only going to be, like, less than a minute. During the demo, we'll be switching between three different platforms, a customer hot wallet console, which is for you for customers of five blocks, it's the familiar console that they are used to see. Transactional transactions will be initiated and signed by customers using their mobile devices and MPC keys hosted by them. A Fireblocks customer portal allowing customers to create vault accounts and wallets on the custody Cold Wallet workspace directly from their console, and a Fireblocks Trust Cold Wallet workspace where you will see the result of actions done by customers both on the connected account in their hot wallet self custody workspace and in the customer portal. Transactions initiated by a customer from their custody vault on their self custody workspace will be signed offline using an Airgap iPhone by utilizing the offline device camera and the online console, one that for transactions exactly like you see it on exchanges. A fourth platform that is going to be presented will be the Starbucks Trust back office, which is utilized by our trust operations team, allowing us to have our own internal policy for approving based on compliance and based on other rules that we have internally for white listed addresses, transactions, and travel groups, etcetera. So for those of you who are familiar with the Fabrics ecosystem, this slide shows the unified digital asset operating platform you already know. It's a single engine that powers everything you do from your internal operations and security to financial applications and network integrations. Everything you see here, policy controls, financial reportings, wallet solutions is secured by your underlying MPC technology. The key change is the addition of regulated custody through the Fablux network. This is where the Fablux trust company fits in. It's a natural and crucial extension of our existing platform, bringing the security and operational efficiency you rely on into a regulated qualified custody framework. I will dive into the specific of the Fablux trust in the very next slides, but it's important to understand, as it's seamless, unified part of the platform you already use. And if you're new to the Fablox platform, this slide illustrates why we're the industry leading solution. Firebox is not just a wallet or a transaction provider. We are a comprehensive, unified operating platform for all of your digital asset needs. As you can see, the platform is built on multiple integrated layers, security and governance. This is the foundation ensuring your assets are protected with advanced security and policy controls, operations and financial applications. This layer handles the day to day complexities, everything from settlements and transfers to managing liquidity and automating workflows. And the wallet solutions, this is where we offer a full spectrum of custody options from hot, warm wallets to our new regulated custody offering. The power of five gs is in this unification. You don't have to integrate multiple separate systems. Everything operates through one consistent secure interface, allowing you to focus on your core business. So just before we go live and see the new custody system in action, let me explain what is that we see here. This is a visualization of the day to day connected accounts in action. So the left side shows yourself custody workspace connecting to your external entities at your banks, staking providers directly from the console, trading platforms, more, all done directly from your five blocks console, Where now we offer a connection to Fireblocks Trust called Wallet infrastructure alongside with the rest through the same interface where you can send funds to all of your externally connected entities directly from the console through white listing their addresses or withdraw directly back to yourself custody. Focusing on custody, using the Fireblocks Network link, you cannot connect directly from your Fireblocks console to your Fireblocks Trust ColdWallet custody platform and perform all actions directly from the console. This slide is visualizing the three primary actions when focusing on qualified custody solutions. So sending funds, you initiate from your Fablox workspace, self custody, and it is signed according to the applied tab, creating a custody vault. This is initiated from the custody portal and requires dual approval from both the customer side and the trust ops admins. Withdrawing funds, this is initiated from your workspace but requires approval and signing from both workspace and the trust custody workspace as well. Staking, it installed directly from the portal itself. So let's say let's switch and see how it's being done. So when I switch over to to the workspaces, I'm just going to explain what we're going to see here. So if you look at the top right corner of the screen where where it's here, you can see this is a Warm Wallet workspace. This is my own self custodied as a customer. In here, I can see my own vault accounts that I own the keys for, and I can also see the vault accounts represented at the custody side. So this is my custody vault accounts that are basically located in the Five blocks trust Coldwallet workspace. So I can create as many as I want here, and I can create white listed addresses on this console and send assets directly from those vault accounts to those white listed addresses. I can also send funds from my vault accounts according to my transaction authorization policy to the trust through the connected accounts. I can also give my trust vault accounts addresses to counterparties so they can send directly there, and it will be represented here. What we're going to see now is how we are creating a Vault account, and this involves with the trust the customer trust portal. And what we see here is that our customer is entering the customer portal. It creates a vault account. This is actually going to drag an action, a request to create a vault account at the trust ColdWallet workspace. I'm going to call this lending main and just apply an email so it will send notification to. In this case, I'm logging out, but in real life, it will be two different users. There is a tap there is a a quorum here and then an admin quorum that mandates that someone else approve this request before it's being executed. So another user is logging in to the system right now, and this user is going to see a request to create a Vault account. As you can see here, one of two approvers approved. This is the guy that initiated it, and now it's going to be approved by the second user. Now, following that, I'm switching over to the TrustOps admins portal, and this is where we see a request according to a quorum that we have for the Fabrics admins trust to approve this request of creating a Vault account at the custody workspace. Click on approve. I see the request. Confirm it cryptographically with my biometrics, and then I have this Vault account created. Now I'm going to do what I'm going to do is I'm going to add a wallet into this vault account. So in this case, I'm going to edit here. I'm on test net. Click on add. Same is going to happen here. Someone else needs to approve it. So a different user logged in to his computer in same office or at home is going to get a request through email. To approve it, they're gonna click approve. It was approved. Switching again to the trust ops team. Trust ops team will approve this address. And then what we're going to see is that the address and the vault were created on the connected accounts. It's going to pop for approval by the admin's quorum of the hot of the client workspace. They approved it, and now I can see that this vault account was created, and it's represented on my connected account screen on my self custody workspace. What I can do now is I can request to withdraw assets to this vault account. If it had something, was able to withdraw from it, and this is what we're going to see right now. So I'm connected over to my to my hot wallet, and these are my vault accounts. As you can see, we have different balances in different vault accounts. And the regular operation that were used that were used to see on every hot wallet is the ability to withdraw and deposit into vault accounts. This is basic corporation that is governed by the transaction authorization policy and the admin quorum of this workspace. So if I click on withdraw from my Vault account, I will be able to choose an asset, choose a destination. This destination could be just another Vault or a white listed address. But this is, like, basic operation that allows me to initiate and sign transactions, like, on a daily operation of my hot workspace. The second thing that that we're go that that can be done here is the interaction, and this is basically what the demo is, the interaction with the both accounts that are not present on this workspace. Those are representations of my custody, both accounts in the Fireblocks Cold Wallet workspace. By the way, if you look at this and you go to the Cold Wallet workspace, you will be able to see both accounts by those names over there, and we'll see it when we will send the transaction. Before we do that, we would like to whitest an address. In order to whitest an address on the custody on the custody side, we, first of all, have to whitelist the address on our hot wallet workspace. So I'm going to whitelist the addresses. I'm going to add a wallet. It's going to be a whitelist at this wallet. It's going to be an external counterparty, and let's call it, in this case, a webinar. Create the wallet. Add an address. And at the address. This requires the approval of our admin quorum. In this case, it's going to be me. So as we just said, this is my hot wallet. I just created the whitelisted address, which later on, I would like to transact from my custody cold wallet, Vault account to it. So I'm going to approve it. And it is approved. Now instead of using it for internal use, what I'm going to do is I'm going to go to my account, to a connected account. Let's say that I'm going to take this, and I would like to send funds from my client 001, which is a custody wallet on the cold wallet of of Fireblocks Trust. I would choose Ethereum on Testnet. I would choose a destination, which is going to be whitelisted address called webinar, which we just created. And I will need to put the travel rule information because it's mandatory for sending funds out of the trust. So let's just put send to another beneficiary. It's meant to be corporate entity. The name will be webinar. The street will be main. Click save. Choose the amount. Let's be gracious. Instead, $6, click on transfer. Now the transaction is, first of all, pending signature of my signers. Although, what I'm doing is I'm requesting to send funds from my custody wallet. So this is going to be a tristage process. I'm going to, first of all, approve it by our quorum. So this transaction that I'm going to approve now is done online. And following that, the transaction is going to be switched over to processing by the third party. The third party in this case is going to be FiveLux Trust. And before we can approve this transaction, I need to make sure that this address is qualified for transferring out of the trust. The travel rule needs to meet compliance, needs to check the addresses and everything. So for that, we have the Fabrics Trust back office. If I go to approval quorums, I will see that just give me a second here. So I have this transaction and whitelisted that's address waiting for approval. So this is approving creating and approving this address on the custody side. So let's go and do it. White listed address. Approve. I am going to look at the address information. Approve it. And then it's approved. If I switch over to the cold wallet, I will see that this address is going to be approved. Let me just approve it on my mobile again. And now I'm going to switch over to ColdWallet. This is the Fabox ColdWallet. There is going to be a vault account here called Client004. And this is MEG TAC Enterprise, my new newly created wallet and its address. So if I click on it, I'll see that there is Ethereum Sepoyer here, and this is the address that they got for it. So now we have both systems aligned with the white listed addresses, and we can approve this transaction. So going back to my trust admin portal, I can see that there is a transaction created waiting for us to approve. So we go through compliance, travel rule, everything regarding this transaction, approve it. And once it's approved, I will be able to see a transaction here. Now this transaction was initiated. If we click on the transaction, we will be able to see the information. This transaction was initiated by a hot wallet user that has a representation of a cold wallet a vault account on the trust workspace and whitelisted an address of a counterparty. Transactions are signed on cold wallets by a a completely isolated air gapped mobile devices. In this case, it's an iPhone. And in order to transfer the information between the online system and the cold isolated device, we're exposing QR codes, which is sending the transaction information onto the device. So in order to do that, I take the mobile device. I click on it to show the camera, and I'm using this camera to scan the QR codes from the screen. Once it's done, what you see is that this device shows me the transaction information. I got the transaction information with from the console onto the device. The device is completely offline. I click on approve. I put in my PIN code. I identify myself with my face ID, and then it will show a QR code of the signed transaction. So if I click on continue here, it will show me and my device, and I'm able to transfer the signed transaction information over to the online consult. So this transaction is already happening. The transaction is in the blockchain being confirmed, and the recipient should see it in few minutes, according to the, to the blockchain confirmations. So that's it. Basically, you're able what we've seen now is that you're able to interact with ColdWallet vault accounts that belongs to you directly from your HotWallet workspace through the connected accounts exactly the same as you should do with other connected entities like your bank accounts, exchanges, and other entities. So the transaction is completed right now, and the assets are out of this client zero zero one vault account directly to my counterparty. If we go to the transaction history, we'll be able to see that this transaction was initiated, signed to this address, and transaction hash will take us to the blockchain to show us the transaction itself. All of that is easy and allows you to do whatever you need. But but without the the ability to create compliance reports, it it wouldn't worth so much. So in order to get that, we are interacting with TRES and allow, you to get, end of day reports and transaction reports for both balance and transaction activities. Those will look like that. So end of day balance reports will give you the right in right information for the date, the assets, the nominal holdings, timestamps, everything for your end of day balances exactly the same you can get for your transactions based on dates that you choose or automated, like end of day. Okay. I think that we are done with the demo, and we'll be happy to accept any questions right now. If anyone has any questions, you can write them in the QA QA side, and we'll be able to accept and answer some of them according to our timing. I do see a couple, Tom. I was just read the first one here. Trust compliant with EU regulation on AIFM. So Publix is the NYDFS regulated trust company. And as I said, we are able to accept non US customers from specific locations outside of The US. So we are compliant with The US regulations, but if there are no mandates specific mandates to be licensed other in other places, we'll be able to accept based on US regulations. Okay. And, And the next one is, I can see that. So do you wanna go through them? Go ahead. yeah. So is there a list of supported assets in the QC? What is their approach and timeline? So, basically, yes, we support around 40 different assets currently. All assets that we support needs to go through due diligence on our side and then the approval of NYDFS. And, therefore, we only support assets that are needed. So before the assets that are now, plus that are we we add more, like, tranches. And based on customer requirements and needs, it takes about between four to six, weeks to approve an asset, but it gets into a list, and we go through the list, and according to popularity and a requirement, like, mean, I the majority of customers will add them to the trash. Let's see. How does fabric structure structure governance to ensure client assets remain protected even if the company itself changes ownership and leadership. So if you're referring to a to the customer side, the legal agreement between Fireblocks and the customer is based on the customer entity illegal entity. So if it switches hands, then we need to go through a new due diligence process, a a KYC process between our legal and compliance teams and the customer. The onboarding process for a customer involves with starting with going through the legalities and contracts and are transferred to our legal and compliance teams. They will go over the documents, red line, and and make sure that everything is compliant. It's going to be exactly the same if the company switches heads. Let's see. If there is a fraud occurred during transaction or something unusual, who will be responsible? So the the funds and trusts are insured. We are a regulated entity, and so we have our insurance policy, and, and we're situationally dependent. If you need more information, we can connect you to the legal team and talk about it. There is a question. How do you structure the account wallet in your books? Is it based on the jurisdiction of the account owner? So it's based on the legal entity structure of the customer. I think that we're covered with all the questions unless we see more coming in. Okay. So if there are no other questions, we'll wrap it up. Thanks, everyone, for attending this webinar. If you need anything, if you want to get more information, feel free to contact us. We'll be happy to engage, answer questions, or maybe even more. Thanks very much.