Stephen: Check, check, check, check. Stephen Sargeant Live from Money 2020. We are live here Airdropd with the Around The Coin podcast. The first time the Around The Coin podcast has been featured at Money 2020. Shout out our guy Ian Horn, setting this all up for us and the amazing people at the Money 2020 organization that allowed us to come and talk to Clarisse from Dfns.

All about cybersecurity custody, MPC. We're gonna talk a lot about the new partnership that they have with IBM and what play IBM has coming into the digital asset space, especially for large financial institutions. And who better to do it with such a strong team when it comes to cybersecurity technical complexities.

And just efficient wallet as a service infrastructure in Dfns. I'm excited to get all the juice from Clarisse about what is happening with that partnership. We have 25 minutes in the booth. We're gonna talk about everything.

This is your host, Stephen Sargeant, live from Money 2020. We have the Around The Coin podcast and we are in the honeypot. We have the one and only Clarisse, the founder and CEO of Dfns. Clarisse, this is our second startup time. Give us the three minute intro. Tell us all about you and how you got into this cybersecurity slash custody slash MPC space.

Clarisse: It's always a pleasure to talk to you first, so thank you for, uh, taking the time again to, to spend time with me. I started discovering blockchain technology, uh, when I was a banker, so I spent about 10 years in banking. Different roles. Uh, and first we looked at the technology to announce the processes mostly in trade finance at the time, 2014, too early.

People didn't really look at it, uh, two years later because I really thought that, uh, this technology, uh, was interesting. I started actually diving down and reading some white papers, and that's when. Typically, there's a moment in a founder's life. It's before reading a white paper and after in the blockchain space, and then your brain, your brain explode, and you're like, all right, I have no choice.

I need to commit to this. And I started building a, a company which was a cross border, uh, a payment company between the US and Mexico. At the time I was in New York, uh, was very hard to build anything in 2015, 2016, uh, Ethereum was barely out, right? So it was very much of the early days. And so put the project aside, didn't resign from my banking job.

And, uh, three years later, um, I had the chance to work for a company that was incubated by the bank. They were raising an ICO crypto trading had never been my, my core focus, uh, but I thought, okay, they, they have a cool project infrastructure project. Let's go and see institutional investors and, and see what they think about it.

Is the world, is the institutional finance ready to start looking at the, at the technology? Um. To my surprise, everyone was very welcoming, welcoming, understanding, you know, the, the, the magnitude of it. Um, and so they would, you know, uh, naturally fall into, okay, we'll buy some of these tokens. But the process of buying the token was extremely difficult.

It'll go at, you know, you need to buy a ledger, learn how to safe, keep a private key, et cetera, et cetera. And people be like, okay, nevermind. We're not that interested. Uh, and so what was very interesting in the feedback that I got was. We need to run this crypto investment the same way we're running our traditional investment.

There's no reason why we're gonna start, you know, making, um, some exceptions to our internal policies. We don't want a trader to live with that ledger in his pocket and suddenly just go away with our money, right? And so at that time, I kind of looked at the entire spectrum of the custody space. Another interesting part is that the, the, the line were very blurry of the financial services and, uh, versus the, the tech providers.

Uh, but mostly what, what was interesting to me is that after that, that sort of global benchmark, what I witnessed that was that what was available were solution for the buy side market, right? So very much crypto trading related. And my interest was to use that technology to build, you know, many different application financial services, mostly for the traditional finance.

So I resigned, uh, started building Dfns, uh, with in mind the traditional finance adoption, which, uh, took a bit, three, about three years to actually come. Um, but yeah, uh, that, that's, that's pretty much the origin and, and my founder story.

Stephen: We're seeing a lot more traditional financial institution players here on Monday, 2020 than I think we've seen in the past.

Even at traditional crypto companies and traditional crypto conferences. The traditional financial institutions are here. They're impacting, they're really getting a grasp of digital assets. If you were to go on stage today and talk about, you know, the current state of cybersecurity. Custody and wallet as a service infrastructure, what would be one key message you'd want the traditional institutions to take away with them?

Clarisse: There were several phases in the traditional finance adoption. First, this technology was used as, um, a. Was leveraged by innovation department that were looking to build POCs. So at that moment, obviously security is important, but that's not what you're looking at. You're looking internally to prove that is a use case and you're gonna do a, you're gonna build a POC.

Now that we're seeing more and more, actually large production use cases, and now that the business line cash management payments, capital markets. We wanted to build the setup for their, uh, the infrastructure of their finance to evolve for the next 10 to 20 years. The subjects become core, right? So at the heart of it is the standards for digital assets shouldn't be lesser than the one for traditional finance, right?

And this is what we've been. Keeping on repeating, you should not do things less well with crypto because it's a new technology. You should actually maybe even have better technology and, and come to the market with, uh, with the, the, the latest, uh, uh, um, the latest, not only trends. I don't fact, I don't think that that that word, but, uh, the latest good practice that, you know, have been accumulating over, over the past 30 years.

So security. Is of the utmost importance because otherwise we're gonna spend our life doing, you know, one path forward, two path backwards. And I think for the first three years of our business, we've been a lot impacted by the crypto trading, uh, um, markets. Uh, and there we've seen a lot of rug behaviors, right?

People that were treating this space. Uh, we've, um. As if pretty much sending a Bitcoin was, should be as easy as sending an email. It's not. This is money and you should actually make sure that, uh, you, you, uh, you fence it properly and, and you secure it properly. So we, we spend our time to say there's several risks and new risk in blockchain.

Those risks are harder to get and you should, you know, get educated. So for instance, smart contracts. How do you secure smart contract? Who your smart contract? These are very specific risks to the blockchain industry. What's fundamental is that your corporate security is actually exactly as important as it was in the traditional finance, and you should not lesser that part, right?

And when you look at the history of hacks, um, for instance, the by beat act, all that would've been prevented by good corporate security practice. So we try to break it down and say, okay, first we start by making sure that you operate with corporate security practice that are, you know. Best in class.

Second, you audit the platform that you're going to integrate and audit means are certified. What technology are they using? Um. It should be transparent. If a vendor doesn't open the, you know, doesn't open the, the, the, the due diligence that are for you and to ensure their pen test and their certification and the stock to report, et cetera, is that something is probably wrong.

Right? Um, do

Stephen: you think we lost a little bit of that? 'cause we're so focused on disrupting the traditional financials. Institutions that we forgot to take away the best practices. And what they've done well over the last five to 10 decades is good security and, you know, cybersecurity measures. We kind of threw away everything.

And then we forgot about the cybersecurity part that we should have kept in place. A

Clarisse: hundred percent the, the, the, the first wave of, uh, uh, and not, not all the builders, obviously not all the companies, but the, the first wave of adopters on the crypto, on the crypto side. Reinvented re completely reinvented the wheel right, and thought that they were studying ground zero.

No, we're not studying ground zero. We're starting of a history and a sedimentation of, you know, once again, security practices, compliance practices that cannot be forgotten a hundred percent.

Stephen: What is the biggest use case? What are your, you know, traditional customers? What are they commonly doing using your platform?

And while as a service. You know, as a wallet, as a service provider, especially one that's API first, which we don't see too many of those in this, you know, crypto industry.

Clarisse: Yeah. We serve several use case. We mostly focus on two. The first one is, uh, custody for mostly banks. Neobanks, um, crypto custodian regulated crypto custodian.

Um. The guess the, the use case behind that is, is mostly being able to, you know, foreign bank being able to serve the asset managers that they've been serving. The asset managers that are issuing DETF, they can hold the Bitcoin associated, so they want to gain back that business, which has been completely, uh, uh, uh, taken away from them for, from the Coinbase of this world.

They encourage of this world. We're the only, I mean, thanks to them, they were the only regulated providers out there who could do that. And, and so you see a, a lot of. Um, a use case on the custody side. Very, very basic use case, which is, uh, uh, at the, I would say the foundation layer of the finance industry.

And the second is payments and payments. We've been very exposed to the payment use case because, as you were saying, being an API first platform, actually the first client that ever built on Dfns, they were, um, uh, payment platform, cross-border platform, et cetera. So our. The first client still alive actually, uh, that sign up on Dfns is a, is a company called Ny Os, who was doing cross border between Europe and Africa, Europe and, and latam.

Uh, and then we're very lucky to also scale with players like Bridge before they got acquired by Stripe. Stripe. We still also behind Stripe, uh, moon pay, guap pay, you name it. This is, this is definitely a. A place where we see a lot of activity on our platform. We process around 3 billion these days on a volume, on a volume on the platform.

And I would say 70% is stable con related. So we're very much exposed to pure stratify, uh, use case. Um. If you want to drill down on the sub use case, which, what are they actually building? Number one use case is cross-border. Uh, second, we see a lot of remittance, um, mostly, uh, on our side, mostly serving, uh, cross-border, which in the US and Latin America.

Um, and last, which is growing is the global payroll use case. That that's mostly what we see. Apart from that, uh, we also serve a tokenization use case, a bit of trading where you need automation, right? Uh, but today our core focus is very much on the first two ones.

Stephen: You mentioned a few companies there, obviously as a, you know, infrastructure play, you partnerships and, you know, integrations is huge for your organization.

We just heard yesterday about the partnership with IBM. I feel IBM's kind of been quiet in the digital asset game. It seems like they're ready to make a big splash. Talk to me about where IBM fits into this. Digital assets for traditional financial institutions play.

Clarisse: Yeah, of course. Main clients of IBM are banks, right?

Banks right now, especially in the us So depending on the market, you have a, a lot of activity in the us, in Europe, in Turkey, and some specific markets. Banks are looking at the digital asset space knowing that they have to do something and knowing that they need to start deploying their, their, their infrastructure to be able to support.

Blockchain powered finance, right? IBM today process, or let's put it this way, 70% of traditional finance transaction hits a mainframe or a piece of IBM infrastructure at some point. And I think when you look at the credit card processing, it's about 95% of credit card processing that goes through, uh, hardware, an IBM piece of, uh, or hardware piece, uh, uh, on the IBM side.

Uh, so. They play a fundamental role on the, on the traditional finance. So think about it where you're, when you're IBM and you're starting seeing digital assets, uh, uh, uh, the digital assets market actually growing, uh, banks starting thinking about issuing stablecoin, tokenizing deposits, uh, getting into, uh, into the space.

Being able to serve these clients with a digital asset offering is essential. And that's the way you become relevant 20 years from now. And I think what we thought was amazing when we met the IBM team, or when we first met the IBM team is that they were very early on in understanding that, uh, that, uh, that path, they had actually partner up with other wallet provider in the past to be able to.

Supply key management service to this, uh, to these banks. And they decided earlier this year, they wanted to have a strategy there and to be able to, you know, be the first, um, service provider for the finance industry to be able to have, um, uh, a digital asset platform to serve these clients. It's absolutely game changing and we're very, very happy about that because put yourself in the shoes of a bank before IBM gets in the game.

You have in front of you a bunch of startups. Some bigger than others. Uh, I, I'll, I'll, I'll, I'll, I'll give you that. Uh, but still there are, there are players that have been around for five years starting digital assets. For a bank, it means opening your infrastructure, opening the infrastructure that is already legacy, and where you're actually operating all your traditional transaction to a new vendor that you don't know.

Start them.

You know what, if something goes wrong, it's your fault.

Stephen: Hoping that they'll be around in the next, you know, in the next Exactly That. I don't the next bull, bull or bear market.

Clarisse: Exactly. That they don't get acquired. And you know that saying that no one gets fired for choosing IBM. Well that's very true. No one gets fired for choosing IBM.

And so we've been starting doing the first meetings of joint meetings with them and I've been amazed, honestly, it was behind my expectation to see how. Um, those innovators, our bank are re are completely Yeah. They're, they're released. Right? It's, it's finally they have a solution that, that they can actually push internally, uh, without having to gamble with their, with their, with their profession.

So, so this is good. Uh, uh, and this is, uh, I think where we're super happy as well is that this is a major step. For the adoption of the technology at scale for the TRA traditional final space.

Stephen: I think it's so interesting. I had no idea about those stats, but I also didn't know about the stats about Dfns.

You know, $30 billion, uh, in assets under management or under that are covered. You have 3 billion transfers worth of values on a monthly basis. Yeah. How do you protect your, you know? Yeah. I hate to use this analogy, but you're a honeypot. Fair enough for illicit actors, especially nation state sponsored actors, how do you protect your users' funds and Yeah.

The partnerships with IBM that rely on this technological infrastructure?

Clarisse: Yeah, of course. When you look at our, our, at our technology, uh, at the, you know, at the fundamental wallets is a key. And a node are actually a couple of key private, public key and a node. Without the nodes, you cannot transact on chain.

Right? So this is very much how we see, uh, uh, the, the, the, the wallets on the blockchain space. And in between we've built, we've built a stack that enable developers to easily access those 45 blockchains today. But, you know, we keep on, we keep on adding blockchain, uh, every month. Um. We enable them as well to safely connect with third party integrations.

Because once you actually have an asset in a wallet, you want this asset to move, right? You want this asset to be able, uh, to generate yields. You want, you want to be able to operate, uh, not just the security of your wallet and the, and the custody of your wallets in, in, in a safe way, but. The entire life cycle of the transaction.

So on our side, um, when you actually, um, operate or when you actually start being a client of our SaaS platform, we leverage what we call multi-party computation. So MPC technology. To generate the wallet, and that's going to be that fundamental security layer. We can spend hours, I think they're gonna kick us out.

We can spend hours on, on MPC. I think the one property that is interesting for everybody to, to, to understand is that when you leverage multi-party computation, you generate a key insurers and you never, uh, you never rebuild that key even at the point of signature. So you remove the single point of failure in the lifecycle, uh, of that private key, and that's.

That's amazing, honestly, that this is why we chose that, that, uh, technology to power, uh, ASAs platform. Uh, and this is why we think that it's, it's a very strong stake, uh, technology for this specific use case of, uh, of digital assets. Uh, we've decided to open source our technology so it's actually transparent so everyone can look at it.

It's audited, it's coded in rust. It's open source Food, Linux Foundation first. That has always been operated. Operating in transparency has always been something that is super important. That's the fundamental layer. And then on top of that, right? 'cause you can have the most secure key infrastructure, key management system, if your integrations are, um, loose, if you don't, uh, uh, um, connect your third party, you're taking infrastructure directly into your, uh, your core, um, uh, NPC infrastructure, then you may pretty much build a castle with open doors, right?

So then after. Uh, I would say around that there's many layers of security that we implement. Just wanna add something here, is that this is our SaaS platform, but what we've recognized over time is the larger players, the banks, they've operated KMS forever, right? Actually they are the one that have standardized the previous technology that is still very much in place everywhere in the bank, which are HSMs.

HSM has been standardized since 1970s. It's a technology that they've operated with. They have. Hundreds of HSMs that are managed. And so these players, the larger players. They don't want our MPC technology. They're telling us, go get it standardized. Maybe we'll look at it later. Uh, but they want to operate the KMS based on the infrastructure that they already have today.

Right. And so it's a very different concept. So very different motion. Young providers, they want you to take care of it. Banks are like, all right, that part will take care of it. In integrate safely. Your, your, your, your technology and your software on top of this KMS.

Stephen: You know, you're having conversations with some of the titans of industry when it comes to traditional finance.

How complex are these concepts to them? How do you educate them? Yeah, because I find in crypto, people just bucket everything. Like, oh, you do crypto compliance, your chain lysis, right? Like you do what chain lysis does, but that there's so many, you know, different. Competitors and industry players that handle unique aspects of cybersecurity of MPC.

How do you acknowledge like where you fit into this whole puzzle?

Clarisse: And it's also evolving, right? We are, we're all evolving with the industry, uh, uh, um, scaling, um. Education is key. You absolutely mentioned it. And I think there's several levels at which the, the players are today. So most of the tier one bank, they understand the concept.

They've been educating themselves, they've been doing POCs. So they've built building competence internally with innovation team that have been following carefully the subject. So these players, they. Understand the market. They've sometimes done, uh, some of the RFP. So the concept is, is not too foreign to them.

All the new players that are coming, uh, uh, to the space, then it's, it's, it's, it's long, long hours of the, of, uh, of, um, education. But we always start, or we try to start with kind of simple concept, right? Which is if you are going to have any use case being deployed on blockchain. You need the wallets and that's kind of layer of basic infrastructure.

You need to implement it for any use case. And it's completely use case. Um, uh, uh, I would say use case neutral. It's not completely true 'cause you can decide to have some, uh, different type of storage call versus odd, depending on the use case you have. So, so it's not completely true, but it, it does hold the fact that this is kind of the foundational layer for all your use cases.

Right. And from there we try to. Always discuss every single subject based on the use case. And we really think that your technological stack should be extremely use case focused. And this is why, for instance, we're extremely, um, we have a platform that is extremely modular, uh, and we're agnostic in term of integration because we don't believe that this is our position to tell you you should leverage.

Public blockchains instead of private blockchain. We don't believe that this is, uh, for us to be, um, um, uh, to build a product with some sort of ideology. We want to build the most open, uh, platforms. So actually the technology and the combination of uh, uh, um. Third party integration they will pick is relevant to their regulatory requirements, to the use case to their clients.

Uh, and it can be, it can be very detailed. Uh, the reason why, for instance, we started integrating content, very content network very early on two years ago. It's because clients came to us being like, we actually need this technology to start, uh, um, tokenizing assets in a privacy pre preserving way, right?

So we listen to our clients, we build up, uh, and then after you're right, it's about educating very specifically to the use case there that they want to address. In

Stephen: Canton's huge. Right now, they're getting a lot of popularity. Uh, 30 seconds. What does the future of Web3 look like within cybersecurity and while as a service provider.

Clarisse: So, you mean from an industry standpoint?

Stephen: Yeah. What does the future look like? Yeah. What do we have to do to see this vision that you thought about Yeah. Years ago when you built,

Clarisse: yeah, yeah. Yeah. So first, from a market standpoint, I believe there's going to be a lot of consolidation and there's gonna be a few large players that will, uh, uh, uh, remain and grow.

Uh, we'll see also players specializing in use case to be very competent on our side. Our vision is that. What we're building is so central to the infrastructure of our clients that we're focusing less and less on the key management part and more and more on the operating system. And first, the future is to, is, is in building this, um, marketplace of integration.

This, uh, nexus for your blockchain operation system, uh, that is safe. So you can actually, you know, never leave the enclave of your, of your, of that security that we promised you to start with. Right? So it's going beyond. What it up until the application. So we make sure that, uh, uh, the lifecycle of the transaction is secure from A to Z, and this is very much how we're expanding, uh, in our product, right at every single stage of the lifecycle of the transaction.

How do we make sure, how do we prove our clients that, you know, it's been initiated by the right person? How would you, we keep this, uh, uh, cryptographic audit log and how do we prove that security from A to Z? Yeah. More transparency. More standardization. A hundred percent.

Stephen: Clarisse Dfns, the first Around The Coin Podcast live on Monday 2020.

We're so happy to have you here and we hope that we could do more maybe around the world, maybe in Amsterdam.

Clarisse: We love that. Thank you so much. Thank you so much. Thank you.

‍