The Qualified Trust Service Provider (QTSP) as an essential figure in the custody of digital assets

Given the growing needs of companies and users in terms of the custody of the assets generated in digital transactions, the importance of a Qualified Trusted Service Provider (QTSP) has progressively increased.

A

study¹ published by ISACA, a relevant U.S. based governance for IT, control, security and auditing professionals, shows that only 8% of IT companies have a team of people dedicated to digital trust. 84% recognize that digital trust, defined by ISACA as “trustworthiness in the integrity of relationships, interactions and transactions between suppliers and users within an associated digital ecosystem”, is important to their work, yet only 27% offer training to their staff in this regard. Published in September 2022, the report was based on surveys of 2,700 professionals worldwide. Its conclusions serve as a basis for reflection on aspects that are being neglected in technology companies, and which are as important as innovation or investment in technical resources. A well-established philosophy on digital trust will have a very positive impact on the reputation of companies, prevent security breaches and favor the development of companies. 

Here is where the qualified trust service provider comes into play. Applied to digital transactions, it is gaining more and more weight as an asset manager and guarantor of the quality of digital trust services as a result of the huge amount of digital assets generated in contracts and agreements between users and companies. A QTSP or trusted third party, in short, is an entity or individual that acts as an intermediary in a transaction or agreement to ensure compliance with the terms and protection of the interests of the parties involved. It is neutral and has no interest in the final outcome of the transaction, but merely acts as a trusted figure for both parties. Companies need to protect the confidentiality, integrity and authenticity of their information and digital assets, therefore the intervention of an entity that provides legal certainty to the virtual activities of companies and records the integrity of the content and the dates and times of each transaction, is extremely necessary. 

Examples of entities that function as trusted third parties 

• Notary Public. When two people sign a contract, the notary acts as a trusted third party by authenticating the signature and guaranteeing that the contract has been validly and legally signed. In this manner, the notary protects the interests of both parties and ensures that the contract will be fulfilled in accordance with the terms of the contract. 
• Central securities depository (CSD). These companies act as middlemen in the transfer of securities, such as stocks or bonds, to ensure that they are transferred securely and in compliance with all applicable regulations. By acting as a trusted third party, the CSD protects the interests of both parties and ensures that the transfer is done correctly. 
• Asset management companies. They act as trusted third parties by managing their clients’ money and making investment decisions on their behalf. In doing so, they protect their clients’ interests and ensure that investments are made safely and in accordance with the contract. 
• Copyright registrations. Trusted third parties to register and protect these rights and the benefits derived from them in literary, artistic and scientific works. 
• Electronic medical records. They store and protect patient medical information securely and ensure that it is only shared with authorized individuals. They work for the privacy of patients and ensure that their medical information is treated appropriately. 
• Property registries. They act as trusted third parties by registering and protecting information regarding the ownership of assets. 
• Cryptocurrency exchange platform. They act as intermediaries in cryptocurrency transactions, ensuring regulatory compliance. 

Assets that add value to user and transaction authentication 

Cryptocurrencies are a form of digital asset that most everyone is somewhat familiar with, but there are many other types of digital assets. Each transaction can involve a wide variety of these, such as: 

• Biometric information. People’s biometric maps related to their fingerprint or iris characteristics, used to verify a person’s identity in a secure manner. 
• Contracts. Electronic documents used to establish agreements between two or more parties. 
• Signatures. A secure way to authenticate documents and ensure that they have been signed by the right person. 

To sum up, the intervention of a trusted, qualified provider adds legal certainty to the virtual activity of companies. This service activates mechanisms to protect the security of communications, collect all the information available at each stage of the process, keep a record of requests and send the relevant notifications. In addition, it handles the custody of all these aspects to ensure the security and legality of procedures, protect data, control access to documents and signatures, and prevent violations or alterations, converting them into valid electronic evidence. 

Such is the role that TrustCloud plays, as a platform for Qualified Trust Service Delivery, recording and safekeeping all digital assets that occur in a transaction, and applying a time stamp to every step, including any changes. Its video-identification, signature and custody solutions act in unison to enforce agreements and protect the information of all parties. 

In an ever-changing era, relying on suppliers that generate digital trust at the highest level is a valuable opportunity to strengthen business strategy and management. 

¹ State of digital trust | ISACA. September, 2022.