Agefi Luxembourg - février 2025

AGEFI Luxembourg 46 Février 2025 Informatique financière ByArndH ESSELER (portrait),JulianS CHMEING ,George S TYLIANOU and SimonMühlon, zeb consulting M arket participants who want to create the basis for an ef- ficient and effective digital assets business model should progres- sively move their DA (digital assets) re- lated business activities into their line organizations. To account for the large number of parties involved and the high complexity of the topic, they ought todevelopanoverarching operating model for their digital assets business from the outset, which will allow them to upscale their business model to serve the massmarket. Number of institutions running digital assets pilot projects is rising rapidly! The increasing digitalization of the financial markets has led to rapid growth in the digital assets sector in recentyears.Digitalassetsandblockchaintechnology havethepotentialtofundamentallychangethefinan- cial system.According to the latest zeb.DigitalAssets Study,over70%ofsurveyparticipantsexpectdistrib- uted ledger technology (DLT) and digital assets to have a significant transformative impact on their in- stitutions’ business. The number of institutions run- ning digital assets pilot projects is currently rising rapidly,andcompetitionamongregulatedinstitutions is becoming increasinglyfierce.Accordingly, numer- ous players in the DACH region have started to de- velop the necessary systems and expertise and have entered the market with their own offerings. Due to the novelty and potential of digital assets, banks and assetmanagersoftenassignresponsibilityforthetopic to stakeholders from various divisions. As a result, knowledge, infrastructure and capacities within or- ganizations are oftenhighly fragmented. To pool their knowledge, leverage change and run synergies,andensureacentralizedcoordination,they arewelladvisedtosetupdedicateddigitalassetsbusi- ness units. This gradual transition towards a line or- ganization is currently becoming increasingly important, as more and more market participants havecompletedpilotprojectsandarenowaimingfor themassmarket.Nevertheless,itwillstillbenecessary to have decentralized expertise in the digital assets business, e.g. when it comes to developing use cases basedon input fromcustomers and themarket. Why is an overarching collaborationmodel essential for the digital assets business? Dependingonthebusinessmodel,thededicateddig- italassetsbusinessunitsmay,forexample,berespon- sible for setting up and operating relevant systems, issuing digital assets products or providingrelevantservices.Sincethedigital assets business affects the entire value chain, banks involve many of their divi- sions in theirDA-related activities. For example, appropriate solutions need to be developed for tokenization in the issuing business orwallets in custody. Newprocesses androles arealsoneededat the customer in- terface, in the back office and in IT. In addition,itisoftennecessarytoin- tegrate solutions from external providers and to consider regu- latory and cultural aspects. Due to the large number of divi- sionsinvolvedandthehighcom- plexity of some processes, it is essentialtosetupdigitalassetsbusiness units in a holisticmanner. In addition, the aforemen- tioned often necessarymix of centralized anddecen- tralizedexpertisemakestheorganizationofthedigital assetsbusinessparticularlychallenging.Accordingly, institutions shoulddevelop a target operatingmodel (TOM) for their digital assets business that regulates cross-divisional collaboration on the topic. The main pillars of such amodel should be technology, organ- ization and regulation. What aspects need to be considered when setting up an operatingmodel for the digital assets business? Technologicalinfrastructure: TheDLT-baseddigital- izationofthecapitalmarketvaluechainrequiresnew infrastructure components, e.g. for tokenizationplat- formsorthecustodyofdigitalassets.Institutionsaim- ing to build a scalable and secure infrastructure to preventsunkcostsshouldconsiderthefollowingtech- nology-related aspects: - Selection of components: Since the technical com- ponents used have a significant impact on perform- ance as well as the potential product range and compatibilitywith other (DLT) systems, they should be selected using a particularlywell-thought-out ap- proach. In particular, the components should enable theintendedoffering,operateeffectivelyandscalably andbe integrablewith the rest of the infrastructure to allow for a modular architecture. This concerns, for example, the selection of solutions for tokenization, custody and transfer of digital assets. - IT architectural design: DLT components should neverbeconsideredinisolation,ascompatibilityplays a significant role in the scalability of the system and thus, by extension, the business itself. A holistic and forward-lookingtargetstatefortheoverarchingITar- chitectureoftheDLTbusinessshouldthereforebede- veloped at an early stage. In this context, it is of particular importance to also take the existing archi- tecture into account, as many institutions still use legacy systems, e.g. at the customer interface or in portfoliomanagement.Accordingly,acomprehensive interface and integration concept should also be fleshedout.Furthermore,newsecurityconceptsneed tobedevelopedforthedigitalassetsbusiness,as–un- likewith conventional securities – some types of dig- italassetssuchascryptoscouldbeirretrievablylostin theeventoftheft,forexample.Suchasecurityconcept may include physical storage media to be used in emergencies in addition todigital ones. - Decision regarding sourcing: When deciding whether to develop technical components for the digital assets business internally or procure them from external providers, it is important to consider the compatibility of third-party solutionswith exist- ing systems in addition to costs and development time. This is essential toensure integrabilitywith the overarchingdigital assets ecosystem. Due to the fast time-to-marketandthegreaterexperienceofexternal providers, the use of third-party solutions is usually the preferable solution. In view of the high level of interaction andpossible lock-ins, it is crucial to carry out a structured and comprehensive procedure for provider selection. Organization and governance: To ensure effective operationofthedigitalassetsbusiness,adetailedcon- cept of the target organization is of the essence.What makes thisbusiness special is that the selected techni- calsolutioncanhaveasignificantimpactonfunctions and processes. So, we can conclude that, at least to someextent,“organizationfollowstech”.Thefirststep should therefore be to develop at least a rough target image for the envisaged technical solution before the concrete target organization is designed. The follow- ingaspectsareoftenhighlyrelevantwhendeveloping the target organization: -Integrationintheorganizationalstructure: Thefirst step is to define the relevant activities and processes, aswell as the roles and functions required toperform these activities. This can include operational roles in the middle and back offices as well as control func- tionssuchasrelevantproductowners.Dependingon the envisaged businessmodel and the existing orga- nizational structure, there are various ways to inte- grate the unit – for example, as an independent department or as part of an existing business unit. However,itisimportantthatclearresponsibilitiesare assigned, and that skills and activities are pooled wherever possible. -Developmentoftheprocessorganization: Thenext stepistodefineprocessesforthefunctionsdeveloped in stepone. Theseprocesses canbederived, inpartic- ular,fromvariousactivities,namelythefunctionaland technical activities for creating and processing prod- ucts, any relevant activities at the customer interface as well as control and support activities. In order to create a scalable infrastructure for the digital assets business, the design of newprocesses should ideally follow a modular approach. When it comes to tok- enization, for example, this can be achieved by con- nectinganEVM-compatibletokenizationsolutionvia an API and using token templates. This allows nu- merous token products to be created with a similar process that can be easily embedded in front-office processes and allows for the use of standard custody solutions. - Establishing committees: In addition, overarching committees should be set up for coordinating and monitoring digital-assets-related initiatives to ensure a coherent and uniform strategy. Fundamental deci- sions on digital assets ought to be made centrally by such committees wherever possible. This is particu- larly important in order to maintain transparency acrossalldigitalassets-relatedinitiativesandtoensure a uniformand targeted approach. Regulation and risk management: A robust frame- work for compliancewithall relevant laws andregu- lations is essential, as the digital assets sector is dynamicandcomplex.Theaimistotakeaminimally invasive approach and ensure the right balance of pragmatism and security. The following considera- tions shouldbemade in this context: - Selecting the licensemodel: The first step is tode- fine which services are to be provided under which regulatory framework andwithwhich license. This can include, for example, the crypto securities regis- ter pursuant to the Electronic SecuritiesAct (eWpG) or crypto custody pursuant to MiCAR. In order to be allowed to do business, companies can then de- cide to either apply for licenses themselves or use li- censes provided by third parties. Although this decision should bemade case by case, it is generally advisable for institutions to hold all the necessary li- censes themselves in order to control asmuch of the value chain as possible. -Ensuringcompliance: Inordertobeallowedtocon- duct businessunder the envisaged licensemodel, the operationalmodel has to consistentlymeet the corre- sponding regulatory requirements, including those pertainingtoKYC,aswellas,forexample,transaction monitoring(KYT),e.g.forcompliancewiththeTravel Rule.Tothisend,theinstitutionsneedtoestablishrel- evant functions or design a regulatory-compliant or- ganizationalstructure,amongotherthings.Regulated institutionsalreadycoverthemajorityoftheserequire- ments with their existing organization. They should therefore conduct a gap analysis in order to identify possible gaps and close themin a targetedmanner. - Adjusting risk management: In order to effec- tively identify, measure and manage new risks in thedigital assets business, the riskmanagement ap- proach must be adapted. Moreover, appropriate measures tomitigate relevant risksmust bedefined and implemented. zeb has already supported numerous institutions in designing and implementing operating models for their digital assets business. We use our expertise on digital assets and capital market topics as well as on organizationaldevelopmenttocreateandestablishef- fective and sustainable organizational structures. If youneedanyhelpinthatregard,feelfreetoreachout to our experts. *zebconsultingisastrategy,management&ITconsultancyspecializing in financial services in Europe. For more information, visit our website www.zeb.lu Digital assets TOM: how financial institutions embed digital assets in their line organizations L e 23 janvier, Stépha- nie Obertin, ministre de la Digitalisation, Paul Konsbruck, directeur général de LuxConnect, et GérardHoffmann, direc- teur général de Proximus Luxembourg, ont procédé à la signature d'un partenariat entre le gouvernement et Clarence SA (joint-venture de LuxConnect et Proximus Luxembourg) en vue de l'ex- ploitation d'une solution de cloud souverain déconnecté. La solution de Clarence fournira au gouvernement, au travers du Centredes technologiesde l'infor- mation de l'État (CTIE), des ser- vices à haute valeur ajoutée dans un environnement totalement déconnecté, garantissant ainsi la souveraineté des données du Luxembourg. La ministre de la Digitalisation, Stéphanie Obertin, salue cette ini- tiative:«Jemeréjouisdecetteavan- cée majeure en faveur de services publics de qualité. L'État luxem- bourgeois signe aujourd'hui un partenariatuniqueensongenreen Europe etmise ainsi sur une solu- tion souveraine et déconnectée pour des applications à la pointe de l'innovation.Après la première e-ambassade au monde, le Luxembourgfaitunenouvellefois figure de précurseur en créant les conditions nécessaires pour la sécurité des données et leur utili- sationparlesadministrationspour des services publics au profit des citoyensetdesentreprises.Cepar- tenariat avecClarence suit deprès l'annoncedesprojetsMeluXina-AI etAIFactoryetcristalliselavolonté du gouvernement d'investir de plus en plus dans des outils qui favorisent l'émergence d'un éco- système national des données et quirenforcelasouveraineténumé- rique duLuxembourg.» Unpartenariat stratégique souverain totalement luxembourgeois Clarence coopère pour l'exécu- tion de la plate-forme avec LuxConnect, société privée à 100%détenue par l'État et acteur incontournable de l'opération de centres de données certifiés Tier IV, et avec Proximus Luxem- bourg, une société luxembour- geoise réglementée par la CSSF ayant fait sespreuvesdans lages- tion et l'utilisation de données hautement confidentielles. Lagestion technique et opération- nelle de l'infrastructure Clarence pleinement dédiée à l'État sera directement assurée par le CTIE, permettantàcedernierd'exploiter et d'appliquer les technologies les plusavancéesàsesdonnéessensi- blestoutenassurantl'entièreconfi- dentialité, un contrôle complet et une souveraineté sans faille. «La plateforme de cloud décon- necté installée dans deux centres de données LuxConnect Tier IV etgéréelocalement,combinesou- veraineté forte et accès au meil- leur du cloud. Pionnière en Europe, elle offre une expérience proche du cloud public dans un environnement sécurisé et sous juridiction luxembourgeoise. Cettesolutionuniquepermetnon seulement un contrôle total des données,mais aussi la créationde valeur pour le Luxembourg en renforçant notre autonomie numérique», ajoute Paul Konsbruck, CEOLuxConnect. Un cloud souverain au service de la sécurité et de l'innovation législative Ce partenariat ambitieux permet à l'État luxembourgeois de four- nir des services de cloud souve- rain innovants, spécifiquement conçus pour répondre aux besoins des utilisateurs finaux, qu'il s'agisse les entités gouverne- mentales, des communes ou des institutions nationales. Il ouvre la voie au développement d'appli- cations modernes et sécurisées, adaptées aux exigences du CTIE et de ses partenaires. Ce projet garantit un environnement de traitement hautement sécurisé pour le partage des données sen- sibles, y compris celles liées à la sécurité publique, la défense ou encore les données éducatives et de recherche non classifiées. Par ailleurs, la plateforme per- mettra également de répondre aux besoins spécifiques des cadres législatifs en matière de données, tels que la loi sur l'intel- ligence artificielle, avec l'implé- mentation de sandboxes dédiées strictement conformes et sécuri- sés, ou encore le futur règlement européen relatif à l'espace euro- péen des données de santé. Ce projet constitue ainsi un levier stratégiquepour renforcer l'auto- nomie numérique du Luxem- bourg tout en offrant aux utilisa- teurs un outil puissant pour le traitement et le partage des don- nées dans un cadre souverain. Gérard Hoffmann, CEO de Proximus Luxembourg, ajoute : «Être respectueux des réglemen- tationseuropéennesenmatièrede confidentialité des données n'est pas seulement une obligation légale, c'est aussi une démonstra- tiond'engagementenverslatrans- parence, la sécurité et la confiance des utilisateurs, tout en assurant une base solide pour innover et tirer parti du potentiel des solu- tions numériques modernes. Clarenceetsaplateformedecloud souverain déconnecté est en total alignement avec l'engagement du Luxembourg à être un pilier de confiance,deconformitéetd'inno- vationdansl'économienumérique internationale.» Source :ministèrede laDigitalisation Le gouvernement luxembourgeois et Clarence signent un partenariat Un cloud souverain déconnecté (de g. à dr.) Paul Konsbruck, CEOde LuxConnect ; Stéphanie Obertin, ministre de laDigitalisation ; GerardHoffmann, CEOde Proximus Luxembourg ©MinDigital