User Management and Custody
The term User in this document refers to any legal entity which can be a person, a company or any other legal entity that can issue or invest in assets.
User management
The FinP2P network is designed for financial institutions to bring their own clients into the network to invest, trade and hold securities. Therefore the expectation is that every institution would manage their own user’s interfaces, and ideally allow users to log into apps with their existing user name and password (single sign on).
Therefore we expect the front-end Routers to provide the Application API of FinP2P with the user identity and signed transactions for their primary users.
The cryptographic keys for these identities can be managed in multiple ways:
The Router itself can manage keys on behalf of the user, by operating or using the services of a key management platform or network. This model is recommended, since that’s the way other financial services are provided to users online - a user signs in with their user name and password (plus any security measures such as 2FA) and sees their assets on the screen, without having to manage or even be aware of the existence of cryptographic keys.
The Router’s application may allow the users to manage the keys themselves or use the services of a 3rd party key management service or network. This model is more relevant for users audiences who are comfortable with management of private keys.
KYC / AML / Accreditation and other user certificates
The FinP2P network is designed for financial institutions to bring their own clients into the network to invest, trade and hold securities. Therefore the expectation is that financial institutions are responsible for conducting the required regulatory checks for the clients they bring into the network.
The network allows the primary Router of a client to add certificates (such as KYC / AML ) to the profile of the user, and it also allows external Certification Sevice Providers to add certifications to the profile of the user (for example an Accreditation certification agency). That means a user may hold multiple similar certificates, from their own primary Router as well as from external Service Providers.
At the same time, each primary Router of an asset, may decide which certifications they demand from potential investors, and which Certification Service Providers they “trust” to deliver those certificates. This means the asset has control over which users are allowed to invest based on the certifications they hold.
For more details on the role of Certifications in the network, see FinP2P Data Model
Custody
In the same way as user accounts, custody management is a service which can be provided by organizations within the FinP2P protocol, and the expectation is that if and when required, financial institutions or their external custodian providers can provide those service for their clients, so when a front-end app calls the FinP2P Application API, the required transactions will be routed to be signed by the appropriate entity.
It is important to note, that in the world of Private securities today (unlike with Public securities), the vast majority of security holders hold the securities directly in their own name (as defined in cap tables and investment or debt documents), and therefore the protocol supports that option as a well.