Due diligence has become one of the buzzwords of the 21st century. And there is a good reason for it. After all, we live in an age of data explosion where information is easily available, but its veracity itself is in question. In such a situation, due diligence and due diligence mechanisms are essential tools in the digital economy.

 But what exactly does due diligence mean, and how it is it carried out? Are there different kinds of due diligence that apply in different situations? These are some of the questions that we'll attempt to answer today.

What Is Due Diligence And Why Is It Important?

Due diligence is a process that involves checking the validity of a position, action or status. It is the opposite of negligence, or the accepting of things at face-value. 

 The origins of the term "due diligence" can be traced back to US legislation that sought to protect investors against misinformed investments. Here, investment brokers were required to disclose all essential information about the business being invested in. In case they failed to do so, they could be held liable and faced prosecution.  However, brokers raised concerns regarding the fact that they themselves might not always have access to the required information, and in such cases, they should not be held responsible for withholding the same.  To protect brokers from wrongful lawsuits, the legislation was adapted such that so long as they exercised "due diligence" in their investigations, then they were not liable to be prosecuted for not disclosing any information they were not privy to.

 Due diligence plays an important role not just in business but, as you will see, in the overall proper functioning of the economy.  We will take a brief tour through a few of the areas that you may have encountered due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has in everyday life.

 The most obvious is in the context of employment; a reference or background check is an example of due diligence.  For example, a prospective employee claims that they graduated from a prestigious university and have extensive work experience in a certain area.  The employer would verify this information with the university as well as former employers.  This type of due diligence may also involve criminal background screening.  

 In some industries criminal background screening is compulsory.  The human resources department of the potential employer, for example, conducts due diligence in this respect so as to verify the criminal status of the candidate.  

 A bank also conducts due diligence for loan applicants to make sure that they have not defaulted on previous loans or that they are not over-stretched financially and at risk of defaulting.

 Another example is that of a client who conducts due diligence on potential suppliers to check that they will be able to perform the expected services or deliver the goods at the required quantity and quality levels.  This due diligence may entail verifying references or researching a supplier’s track record or their reputation in the market.

 But due diligence is not only directed at others. Introspective due diligence is also an important part of company management and operations.  A company who has set principles for sustainable growth would want these applied at all times and across the board.  In conducting its own due diligence, it will check that:

it has appropriate policies and processes in place to comply with regulations, grow the business in a healthy and sustainable manner, maintain a culture of ethical business dealings, show that it is serious about what it represents and expects in terms of ethics and behavior,

its policies and processes are properly implemented on an ongoing basis, and

relevant information about the organization is gathered and stakeholders are aware of any issues.

Company due diligence is also essential when dealing with other businesses.  For example, clients will often expect that their suppliers or subcontractors abide by the same kind of principles as they themselves adhere to.  Why define standards and principles if these are not applied consistently across the supply chain?  

 Another important aspect of due diligence is its status as a recognized defense in litigation.  For example, in the context of an Initial Public Offering (IPO), certain parties who participated in the preparation of the IPO documentation, including the registration statement, may be able to use a due diligence defense if the registration statement contains misleading information or material misinformation.  

 Underwriters, lawyers, accountants, officers, and directors will try to show that they conducted a reasonable investigation of the information contained in the registration statement and that it was their belief, following such investigation, that such document contained no material misinformation or misleading statements. Demonstrating that such due diligence was indeed conducted will enable them to avoid liability.  

Finally, due diligence is sometimes imposed by law, and failure to conduct effective due diligence in accordance with legal guidelines can trigger liability.  For example, the US Bank Secrecy Act requires financial institutions to adopt an anti-money laundering program which is basically a due diligence policy and process.  Financial institutions need internal systems and controls, including policies and procedures, designed to help employees detect and prevent money laundering activities, a compliance officer in charge of monitoring the implementation of the program, training and awareness raising exercises and certification for senior employees, independent third-party audits to check, with impartiality, that the program is fully implemented.

As you have seen from the various examples above, in today’s world, due diligence has become a necessary aspect of conducting any business transaction. Whether you're hiring a new employee or looking to acquire a company, due diligence is an essential part of the process.

And due diligence need not be restricted to business alone. In every aspect of life today, we need to exercise due diligence in order to ensure that the required safeguards are in place to protect our interests. Whether to secure investments, perform a security risk assessment, or undertake vulnerability tests, the appropriate due diligence processes must be used to ensure the veracity of the operation.

Here, the question arises: is all due diligence the same? The short answer is: yes and no. While the basics of conducting due diligence remain the same, the exercise takes on different meanings and objectives in different settings. In the following section, we're going to look into some of the common types of due diligence that can be performed in various business situations.

What Are The Different Types Of Due Diligence?

Are you looking to open a new bank account? Or maybe you're interested in digital investments? Whatever the case, due diligence is either required or useful. In the sections that follow, we're going to introduce you to the many types of due diligence that are required to get the task done appropriately.

Acquisition due diligence is necessary when one business entity is looking to take over another business. This is a matter of common sense. After all, if you're buying something as substantial as a large business, it is essential that you perform the required background checks.

 Acquisition due diligence involves investigating the financial as well as technical prospects and viability of the business you're looking to acquire. This itself has multiple dimensions, such as:

And this is just the tip of the iceberg. Mergers and acquisitions are complex processes that require caution on multiple levels. Not only do you, as the acquirer, need to be sure that you're making a sound investment, you also have to make the seller comfortable and get as much information as possible from them. Acquisition due diligence aims to help you do just that.

Everyone who has a bank account has, knowingly or not, experienced KYS or Know Your Customer due diligence.  When providing the bank with detailed and personal information in order to open an account, the customer is helping the banks to “check the box,” so to speak.  The information provided is required in order for the banks to comply with regulations and demonstrate to regulators that they have done their “homework” in performing effective due diligence.  Banks take the information provided and check it against databases of known criminals or sanctioned persons such as the UN, OFAC, AUSTRAC and EU. The KYC information is proof that they have been diligent in ensuring that they checked who their customers are.  

 KYC due diligence is good business practice but it is not voluntary.  

 In today's complex business landscape, it's not sufficient to know just the financial side of your dealings. You also need to keep a close watch on who you're dealing with. Not performing the right background checks on business partners and customers can expose some businesses to hefty fines and lawsuits.

 That's exactly where KYC due diligence comes into the picture. This is a process aimed  at ensuring that you're entering into a business transaction with the right person. Especially in the case of financial institutions such as banks and insurance firms, KYC due diligence takes on a vital role. KYC due diligence is usually performed by financial entities when opening a new account or investment portfolio. KYC due diligence lets you know more about the person you're dealing with, their past business records, and financial performance. All this information can come in handy when assessing whether a customer is indeed a reliable entity or a risk.

 However, KYC due diligence goes beyond mere regulatory requirements. It helps your business gain greater insights into the customer and their unique needs and requirements. In this way, you can better serve your customers and enhance your business in turn.

 Another type of due diligence that must be mentioned here is enhanced due diligence. It's a stricter form of KYC due diligence and involves deeper background checks.

Also known as pre-IPO due diligence, this is a form of due diligence that involves checking whether a business is ready for its Initial Public Offering. It's essential that a financial institution carries out complete, rigorous, and thorough due diligence in order to understand the maturity status of the market before a business launches its IPO.

In IPO due diligence, experts conduct a detailed analysis of the business's legal, financial, and tax-related status. The emphasis is  on operations, IT, and HR aspects. Seen in this light, IPO due diligence is similar to acquisition due diligence.

Further, in this form of due diligence, it's important to conduct a detailed analysis of the company's business model so as to understand its feasibility and long-term sustainability. The entire process also needs to take into account the competition levels, risks, and strengths. In other words, a thorough SWOT analysis.

IPO due diligence is an essential part of the IPO process, as it helps the business understand whether they are ready for the IPO or not. It's also important for proving to the regulatory authorities, such as the SEC, that the claims made by the business are legitimate.

This form of due diligence is vital for candidates who are about to accept a position on a company board of directors. While it's no secret that joining the board as a director is a massive responsibility, with commensurate professional returns, still in recent times, top executive roles have come under intense public and legal scrutiny. As a result, it's important for any candidate to the board to conduct the required due diligence into the background of the company they're joining.

Thorough due diligence will help potential board members understand more about the role they are going to take on. It will also help them gain a detailed understanding of the company culture, business model, and general knowledge of how the board functions. Some important questions to ask include:

What is the experience level of the board, and what's their work culture?

How is the board's relationship with its investors?

Why are you being asked to join the board?

The very last question on the above list shows that the director's due diligence should not be focused only on the board but also on the candidate. Potential directors should perform a detailed self-assessment to understand how they can contribute to the board, what their limitations are, and whether they are ready to join the board at all. All this will help them to perform the role better.

Investment due diligence refers to the investigation that you should do in order to understand whether a particular investment instrument is right for you. Here, the potential investor needs to assess the product to understand its viability. This can include detailed steps such as reviewing the performance of the business in the long and short terms, taking stock of their financial records, and also public perception.

Investment due diligence is essential for corporate as well as individual investors, as it helps them understand whether to go forward with the investment. It also lets them get a clear idea of the returns they stand to gain in the short and long term. For digital investments, as well as any technology investment, due diligence is vital.

Investment due diligence, in the international context, will also involve looking at political risk and corruption issues.  

IP due diligence is usually conducted as part of acquisition due diligence. This involves assessing a business's intellectual assets before acquisition or investment. Particularly in tech-driven industries, a company's IP assets go a long way towards determining its value. These include copyrights, patents, and trademarks, among others.

This type of due diligence is vital in the context of today's environmental impact awareness. It involves assessing the health, safety, and environmental issues associated with the business. Other aspects that should be taken into account are environmental regulatory compliance, sustainability assessment, and contamination studies.

Apart from the above-mentioned types of due diligence, different industries may have additional and different forms of due diligence. Due diligence can also be divided into hard and soft due diligence.

Hard due diligence is where the entire exercise is dependent on factual and quantitative data. This is the kind of due diligence that's traditionally carried out, and the most significant portion of due diligence exercises fall under this bracket.

Soft due diligence, on the other hand, is more people-centric and concerns the human segments of a business. Recently, this has become an integral part of the due diligence process and looks at the cultural and organizational structure of a company.

Due diligence is no doubt one of the essential aspects of any modern business transaction. However, it requires expertise, experience, and insights that a regular team of professionals might not always possess. While it's always an enticing option to conduct due diligence yourself, the best and most objective results can only be obtained from an independent agency.

Companies specializing in due diligence services can help with background check screening, supplier checks, and credit checks.  

Vaultinum is a provider of a specific type of due diligence service.  As a technology company, Vaultinum has developed a due diligence platform to help:

private equity investors evaluate potential investment or acquisition targets,

Vaultinum’s Know Your Software (KYS) solution is a due diligence tool focused on helping clients to understand a digital asset from a variety of perspectives, including sustainability, corporate governance, software sustainability, IP protection and management, and security.  

With a dual expertise in IT and Legal, and over 40 years of experience, Vaultinum is here to help you with all your technology due diligence needs.    

The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.

The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.

Due diligence plays an important role not just in business but, as you will see, in the overall proper functioning of the economy.  This article will take you on a brief tour of the different types of due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has on our everyday lives.

What is Due Diligence and why is it important? This article explains the different types of due diligence and in doing so, you will understand what it is and begin to see the outsize role this process has on our everyday lives.

The headlines are telling: “Lost Passwords lock millionaires out of their Bitcoin fortunes,”[1] “A crypto exchange may have lost $145 million after its CEO suddenly died.”[2]  Whether you are a CEO of a crypto exchange, passive investor or new to the crypto market, we are all subject to the same human fallibility that is losing or misplacing one’s password and thus we are all equally at risk of financial loss.  Lose your password and lose out on millions? The question arises of how we can safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded. 

In spite of the considerable consequences, the problem is a simple one and a simple solution exists.  But first, in order to better understand what’s at work here, let’s take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets. 

In today’s world, assets are increasingly digital (“Digital Assets”).  Bitcoin, Etherum, Litecoin, Cardano, Stellar – these are just a few of the more than 4,000 cryptocurrencies in existence as of January 2021[3].  We won’t delve too much into the background of cryptocurrency, there are plenty of articles and YouTube videos available that do an excellent job in that respect, but at its most basic cryptocurrency is the virtual or digital representation of currency in certain environments or situations, often taking the form of virtual “coins” or “tokens.”  The latter of which is not limited to merely representing a currency but also functions as an investment tool to commodify digital creations.

The best known, and most widely used of these cryptocurrencies, is Bitcoin.  This example of a Digital Asset, and those like it, are for the most part managed by a decentralized network of computers that use blockchain protocols and open-source software which all adhere to the same pre-defined rules concerning cryptocurrency.   This software enables one to create a digital wallet where the so-called “keys” to the bitcoins are stored.   

 To better explain the mechanism of crypto-keys, let’s take the analogy of a traditional bank, whereby you are provided a bank account number, a security pin and in today’s digital age, password protected access to an online account.  As applied to cryptocurrency, instead of accounts, pins and passwords, we have keys and a seed.   

More specifically, there is a public key and a private key.  The public key is like the bank account number, the receiver shares these coordinates with the sender so that they know where to send the money. The private key is akin to a bank pin number, or the series of numbers you enter to prove, for example, that the funds attached to the credit card you are using actually belong to you.   

Lastly, and what mostly concerns us today, is the password, or “seed”, which allows you to gain access to your digital wallet by unlocking, or ‘decrypting’, your private key. This password is made up of a sequence of 12 to 24 automatically generated words known only to the you, the owner.   

 So in our example of the traditional bank, if the public key is an account number and the private key is the pin number, then the seed is your password that ‘unlocks’ and gives you access to your online account.    Except, unlike a normal online bank account, there is no option to re-establish a forgotten password.  The password, or seed, if lost means that all is lost, including your millions!!

Cryptocurrency transactions via Digital Wallets 

As we said above, cryptocurrency, like any other currency, can be used to purchase products, services or effect other types of transactions.  But since we are not dealing with cold hard cash, how does this work exactly?  The typical practice for holders of cryptocurrency is to utilize cold wallets, hot wallets or a combination of both.   

Cold Wallets for the security-first mindset 

Cold wallets, or ‘hardware’ wallets, live on tangible devices such as a USB stick. The device must first be connected to the internet, the password entered to decrypt the private key, and then it provides an in-device signature that allows one to make secure transactions.  The private key never leaves the device so no malware in existence today can forge its signature. Trezor and Ledger are two popular brands of cold wallets.   

 While more secure, cold wallets, unlike hot wallets, require the intermediary step of connecting to the internet to make a payment, for example, and are thus considered less user-friendly.  

Hot Wallets for transactions on-the-go 

Hot wallets are an online storage system, whether web-based, mobile or on a desktop, that contain both the private and public keys permitting easy access to the stored cryptocurrency in order to make exchanges between currencies, products or services on-the-go.  Since hot wallets contain both keys and are always online, hence the ‘hot’, there is no need to connect a separate device to the internet in order to make a cryptocurrency transaction.  MetaMask and Crypto.com are two examples of this kind of digital wallet. 

 However, given the digitalized nature of the storage system, this form of wallet is, as you may have already guessed, vulnerable to malware, hacking and cyberattacks. 

Combination Wallets for the savvy investor 

In simplistic terms, the difference between hot and cold wallets is like the difference between withdrawing cash from a bank teller or swiping your credit card – withdrawing cash requires physical presence and valid id, whereas a credit card while efficient and fast does not always require additional levels of security, like in the case of contact-less payments, and is more vulnerable to theft or misuse.   

 Some savvy cryptocurrency holders use a combination of the two, storing only a portion of their valuable asset on a hot wallet like a mobile device and the remaining, majority portion, on a cold wallet and making monetary transfers between the two as needed.  

Lost Passwords and Inaccessible Wallets 

If security is the priority, the best choice of digital wallet is hands-down a cold wallet.  But even in this instance, what happens if you lose, misplace or forget your password?  Or your hardware is damaged in a fire or corrupted while reformatting? Given cryptocurrency’s unusual nature, the consequence is finding yourself permanently locked out of your cryptocurrency investment and, in the majority of cases, having no recourse.    

 A poignant example is found in the case of Stefan Thomas, a German-born programmer living in San Francisco, who has a digital wallet in the form of a small hard drive - a cold wallet - that holds over 7,000 Bitcoin worth more than 200 Million USD at its height.  This digital wallet gives users 10 guesses before locking them out permanently and leaving its contents encrypted forever.  The problem is Mr. Thomas wrote his password down on a piece of paper and lost it years ago.  Two more wrong attempts and he will permanently lose his ability to cash in on his Bitcoin investment. 

 Lost passwords aren’t the only risk.  A British man recently discovered that he had accidently tossed his Bitcoin hard drive wallet out with the trash and was offering the city 25% of the value, approximately 91 Million USD at the time, to excavate the landfill.  His request was denied.   

 These are not cases of a few unfortunate or unlucky souls.  According to the New York Times, using data compiled by the cryptocurrency data firm Chainalyis, of the existing 18.5 million Bitcoin, around 20 percent — at one point worth around $140 Billion USD — appear to be in lost or otherwise inaccessible wallets[4].  

 These examples bring us full circle to the question posed at the start: how can we safely and securely protect our cryptocurrency digital assets so that, when memory fails us or an unforeseen event occurs, we won’t be left stranded? 

Protect your Digital Assets with the Crypto-Safe 

Many cryptocurrency experts advocate the old-school method of protection: a bank safety security box.  But alas, even then, you have to keep track of the key.  Let’s put it another way: it took seven years for Bitcoin to go from nothing to knighting newly minted millionaires.  If you were just a passive investor at the time, where would you have stored a password for 7 years, not knowing in advance whether the cryptocurrency would ever come to something, let alone a million somethings?  As the saying goes, modern day problems require modern day solutions.   

 Enter, Vaultinum’s crypto-safe.  Vaultinum, an independent third party dedicated to the protection of digital assets since 1978, has been investing to meet the challenges of new uses for repository services in an ever-changing world.  Over 3,500 clients from around the globe have entrusted Vaultinum with the protection and security of their Intellectual Property as well as their strategic immaterial digital assets, such as know-how, laboratory notebooks, algorithms, trade-secrets, sales methods, private keys, etc.   

 Vaultinum, in a natural progression, took its secure Deposit solution that protects an individual or entity’s valuable digital assets and developed the crypto-safe to offer the same level of protection to holders of cryptocurrency, be it a copy of their password or cold wallet.   

How do Deposits in Vaultinum’s Crypto-Safe work? 

Deposits in the crypto-safe come in two forms: physical deposits, for example a USB stick, where the storage medium is sealed in a secure vault based in Switzerland, or online deposits using a secure VPN and military grade encryption. 

Once deposited, the Digital Asset is secured using asymmetric encryption based on blockchain algorithms, hash functions/fingerprint creation and electronic timestamping to guarantee the integrity of the transmitted elements. Vaultinum’s legal and technical experts then:   

verify the content of the digital asset;  

attest to the depositor’s ownership;  

record the content and creation dates; 

provide a Deposit certificate to the owner.  

 Regardless of the format, depositing your Digital Asset with Vaultinum is an essential step towards protecting your investment.  

Accessing the Crypto-Safe to retrieve your Digital Asset 

When it comes times to retrieve your password or cold wallet, the process is simple but more importantly, it is secure.   

 After receiving the client’s request for access, Vaultinum’s Legal Commission confirms ownership of the deposit through a strict verification process, or in  the case of a deposit escrow, the triggering event, permitting access to the deposit.   

 Once the Legal Commission has verified the deposit owner, the Chief Compliance officer designates 4 agents to make up the Access Commission who initiate the release as follows: 

In this way, no one agent acting alone could access the digital assets secure in the crypto-safe.  Within 24 hours the Access Commission breaks the seal, a copy is made on a digital support and provided to the verified owner and the original resealed digitally.   

Take it one step further and consider leaving a legacy 

Vaultinum’s Deposit solution is more than just a secure repository for a valuable Digital Asset, Vaultinum can also act as a trusted third party in the context of escrow, whereby you can choose a beneficiary to receive the Deposit based on a pre-defined event.   

Combination of Deposit and Escrow solutions 

At its most basic, depositing assets in escrow means entrusting the asset with a third-party who undertakes to safekeep and release it to another party upon the occurrence of a pre-defined event.  A person or entity places the asset, or a copy thereof, in trust with a third-party (an “Escrow Agent”), who holds this for the Digital Asset owner until another person or entity (the “Beneficiary”), obtains access to the asset if certain conditions, agreed in advance with the Digital Asset owner, are met. 

In practical terms let’s take, for example,  parents who decide to invest in an as yet unprofitable cryptocurrency in the hopes that, twenty years later, their hunch pays off.  First, they would make a secure deposit in Vaultinum’s crypto-safe of their password or other Digital Asset.  Next, they could take advantage of Vaultinum’s certification as a trusted Escrow Agent to name a Beneficiary. 

In our example, the  parents could name their child as Beneficiary to receive the Digital Asset upon their death or upon the occurrence of a pre-defined event.  By doing this, they ensure the secure and verified release of the investment password to their child.

The same principle could apply to pledges.  You could pledge access to a wallet that you have created to someone if a pre-defined event occurs.  Vaultinum in these cases, in addition to safeguarding the Deposit and implementing the stringent process of releasing it securely will check the ID of the beneficiary and validate the existence of the triggering event.  ID checking and event validation processes can be pre-defined by you in advance.

Depositing Digital Assets in Escrow works for companies as well.  Let’s take the case of Gerald Cotton, the CEO of the Canadian Digital Currency Exchange, Quadrigacx, whose sudden death also meant the loss of the password necessary to open the exchange’s digital vaults. As he was the only one to have access to it, thousands of crypto currency owners were left without the ability to collect their assets resulting in a total loss of approximately 145 Million USD.  

Had he deposited his password in a crypto-safe with an escrow clause, it could have been released to Beneficiaries upon his death and enabled them to claim or distribute the assets as pre-agreed. 

 As a result of these easily avoidable situations, the combination of deposit and escrow mechanisms are flourishing to both protect Digital Assets by storing them in crypto-safes and providing a secure way for potential Beneficiaries of such assets to access them. Blockchain technology and Oracles can also be used to validate the occurrence of a release triggering event.

When it comes to cryptocurrency, the concept can be quite complex: keys and seeds, hot and cold wallets, lost passwords and inaccessible assets.  But the end goal is the same as any other investment scenario, to protect the keys to your investment.  

 In this respect, Vaultinum can be the perfect partner to help you out. We provide secure Deposits in our crypto-safe for the protection of your password or cold wallet. With 40 years of experience in protecting IP and Digital Assets we can help you protect against a faulty memory or an unforeseen event.   

 We even combine our Deposit solution with our escrow services to cover all your bases. Using this service, you can choose a Beneficiary to receive the Digital Asset upon the occurrence of a pre-defined event, relying on Vaultinum, as Escrow Agent, to ensure a smooth and secure release.  

 So, don’t trust your memory to an unknown future; contact us at Vaultinum today for a more secure tomorrow.  

[1] Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

[2] Shane, Daniel. “A crypto exchange may have lost $145 million after its CEO suddenly died.” CNN Business, 6 February 2019, https://edition.cnn.com/2019/02/05/tech/quadriga-gerald-cotten-cryptocurrency/index.html#:~:text=(CNN%20Business)%20%E2%80%94&text=Quadriga%2C%20Canada's%20biggest%20cryptocurrency%20exchange,Disease%20while%20traveling%20in%20India.

[3] Conway, Luke. “The Most Important cryptocurrencies other than bitcoin.” Investopedia, Dotdash Publishers, 19 January 2021, www.investopedia.com/tech/most-important-cryptocurrencies-other-than-bitcoin/

[4]Popper, Nathaniel. “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.” New York Times, 12 January 2021, https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html#:~:text=Stefan%20Thomas%2C%20a%20German%2Dborn,wallet%20that%20holds%207%2C002%20Bitcoin.

You’ve probably seen the headlines; the loss of bitcoin passwords has resulted in the loss of cryptocurrency fortunes.  How is this even possible and more importantly, how can it be avoided?  But first, we will take a crash course in cryptocurrency, learn how it is deployed via digital wallets, review some of the greater risks inherent in these wallets and finally, see what steps we can take to better protect our digital assets. 

The loss of bitcoin passwords results in the loss of cryptocurrency fortunes.  How is this even possible and more importantly, how can it be avoided?

Lose your password and lose out on millions? 

Consider the following scenario: you're a SaaS company that's been in business for a while now. You've been working on a deal for quite some time and are about to close it. And suddenly, the prospective partner wants you to use software escrow services as a part of the deal. You don't want a stalemate, so you need to find a way to preserve the contract while also protecting your valuable resources.

Scenario number two: you're a business that has outsourced its software development process. However, the company to which you've given the contract isn't very experienced, and you need to find a way to minimize your risk. What if the business doesn't fulfill its commitment? How can you ensure that you will get continued software support in case, for example, the developer goes bankrupt?

Whichever scenario you fall under, for any business in the 21st century, understanding software escrow services is essential. After all, in the age of AI, you can't really hope to run a business without software development. Yet, the truth remains that in the real world, software vendors often fail to keep their word or may not be able to due to financial problems. In such cases, your business needs to ensure that it remains fully functional.

That's exactly where software escrow services come in. Such agreements can help safeguard the interests of all parties involved in a software deal. Today, professionals all over the world are opting for software escrows to protect their digital continuity. And that's what this article deals with today.

We'll dive deep into how software escrow works, how it can help protect your business interests and let you in on how to select the best escrow services. After reading through the following, you'll be able to implement a software escrow agreement that suits your needs.

Let's put it in the simplest of terms: software escrow is a service that helps you implement agreements between software vendors, clients, and the escrow agent who acts as a trusted third party. The escrow agreement ensures that the vendor is obligated to share and store with the escrow agency every line of source code, data, and instructions that would allow the client to properly update and maintain the software.

Why is this needed? If the software development agency ever discontinues support for the software, closes up shop, or breaches the contract, then the client might not be able to continue their operations. In case any of these situations, which are often known as "Release Conditions", occur, then all the escrowed materials are handed over to the client so that they can continue their operations unhindered. It also helps prevent unnecessary litigation and loss of time as well as money.

What Are The Different Kinds Of Software Escrow?

Since clicking on this article about software escrow, we can assume you're in the market for a suitable software escrow agency. While doing some background research, you may have come across other related terms such as SaaS escrow, source code escrow, and even data escrow. But what do they mean, and how are they different? Let's take a look.

In general, software and source code escrow are interchangeable terms and have the same meaning as explained above. Such an escrow can be used to store not just source code but even build-related files and associated documentation. In short, anything that would allow the client to run, update and maintain their software systems. Such escrows are usually used for on-site software licenses, although they can be used as development agreements or any other software-based transaction in general.

Today, however, the software is rapidly shifting from the traditional on-site model to the SaaS model. In this scenario, software escrows are bound to morph into SaaS escrows or, to be more all-encompassing, cloud escrows. 

What is a SaaS escrow, then? It's similar to a software escrow, with a focus on SaaS applications. When a business subscribes to a SaaS escrow, they work to protect themselves in case they lose access to business-critical SaaS requirements. The escrow agency ensures that the business has access to a fully-functional copy of the SaaS tool and also their own business data.

There are other types of escrows possible, such as technology escrow, data escrow, and domain escrow. Let's take a look at each of them in brief before moving forward.

Technology escrow seeks to protect any form of physical or electronic technology that's critical to a business. Data escrow operates in a similar fashion, but just for data. And domain escrow works to protect domain credentials. 

The Working Principle Behind Software Escrow

In general, the specifics of software escrow agreements change according to the needs of the parties involved. However, the core responsibilities for all parties remain the same. Here's a quick breakdown of the responsibility of each party involved in a software escrow agreement.

The Licensor, or the software development agency or vendor, is responsible for depositing the source code and other relevant materials with the escrow authority. They also have to make sure that they release all essential updates and changes to the source code as per the agreement. Finally, they must also provide the required warranties and support for the material held in escrow.

This is the party that has initiated the escrow agreement and is also known as the client. Their responsibilities include monitoring compliance between the Licensor and the Escrow agent.

The Escrow Agent is the final party involved in the escrow agreement. Their responsibilities include receiving the deposited material and confirming the receipt to the licensee. After this, they are required to hold and control the deposited material for the duration of the agreement or until release conditions are met. On request from the client, they might also provide additional verification.

Why Do You Need A Software Escrow In The First Place?

So, now we've gained an understanding of what software escrow is and how it works. But the question remains, why do you even need the services of a software escrow agent? In this section, we're going to answer that question.

Consider the case of regular, off-the-shelf software tools that you can buy. In this case, the EULA, or the End-User-License-Agreement, grants users access only to the object code. This is the form of the code that's merely executable, and the user has no rights over the source code. In such a situation, escrow services become something of overkill.

However, in commercial software licensing deals, the licensee may require access to both object code as well as source code. This is essential to ensuring that their business processes can continue unhindered. When the licensee can access the source code, they can figure out how the software is processing their business data, performing essential functions, and even change the code to modify the software's operation.

Seen from that perspective, getting access to the source code is a vital aspect of maintaining business process integrity. Without access to the source code, developers won't be able to modify the code as per the business's requirements.

Now consider the situation where your software vendor suddenly goes out of business. This means that the software is essentially dead. If the software is critical to your business, then it's a given that your business will be affected. In extreme cases, you might even be forced to temporarily halt operations as you migrate to a new software solution. 

Software escrow services help you overcome such sudden disasters. By being party to a software escrow agreement, both Licensor and Licensee can rest assured that their operations will continue unhindered even in the face of unforeseen situations. The moment a release condition is triggered, the escrow service makes the source code and related data items available for the Licensee. In this way, their business doesn't suffer. 

But what are the release conditions that can trigger an escrow agreement? We’ll take a look at that in the following section.

Some Common Examples Of Release Conditions

In general, the Licensor and the Licensee are free to put in place any mutually agreed upon release condition, provided it can be independently validated by the escrow agent. In most cases, the release condition tends to involve the Licensor's operational or financial situation. For instance, a common release condition would be a situation where the Licensor goes bankrupt or fails to continue with their business.

As soon as a release condition is triggered, it's the job of the escrow agent to inform the Licensor that the Licensee has requested the release of materials held in escrow. Such notification is usually sent as a written communique. At the same time, the Licensor is given a chance to contest the request. In case the Licensor fails to contest the claim, the escrow agent releases the materials held in escrow to the Licensee.

Now, let's tackle the money problem: who will pay for the escrow services? This is something of a lacuna, and there's no established standard here. In some instances, it's the beneficiary, i.e., the licensee who pays for the services. But in most cases, it's the Licensor who has to bear the cost of software escrow services. In fact, most licensing businesses include this as a part of their running costs.

In this section, we're going to discuss the many benefits of software escrow for developers as well as beneficiaries. Let's discuss the benefits for beneficiaries first. 

Protection in case the vendor goes out of business

Protection in case the vendor discontinues support for the software

Provides a legal framework in case of complications

Acts as an agreement and reduces chances of unwanted litigations

 So, seen in the light of the above benefits, Software Escrow Services offer a win-win deal for both parties concerned.

Vaultinum provides dedicated escrow management services that help you ensure your business continuity. We have over 40 years of experience as a trusted third party in the software field. We have clients based all over the world who trust us to secure their business.

We are one of the few service providers who have the means to connect to the repository system of software providers. This way, we help to ensure automated, streamlined updates of all escrow elements. When you're working with us, you get the benefit of different levels of escrow verification from qualified experts. 

Vaultinum provides escrow services for software as well as SaaS products. Our ISO 27001-certified technical infrastructure, along with Swiss data center redundancies, help you provide complete access to all elements held in escrow. With Vaultinum, you don't have anything to worry about.

In the fast-moving business world that we live in today, fortunes are made at the turn of a hat. With billions of data bytes moving between intelligent tools, businesses today are dependent on software like never before.

However, unforeseen situations can arise at any time. Your vendor may fail, the software may lose support, and updates may stop for no good reason. In such a case, your business stands to suffer.

Software escrow services can help you overcome such situations. It not only provides a guarantee to clients but also helps vendors gain trust and close deals. In the future, software escrows should become the norm rather than the exception.

Just make sure you go with a suitable escrow service provider like Vaultinum. We ensure that your software needs are fulfilled and your business stays on track, come what may.

So, reach out to Vaultinum today and take advantage of our software escrow services. We promise you won't need to look anywhere else. Just place a call, and we'll take care of the rest.

In the age of AI, you can't really hope to run a business without software development. Yet, the truth remains that in the real world, software vendors often fail due to financial or operational difficulties. In such cases, your business needs to ensure that it remains fully functional.  That’s why professionals all over the world are opting for software escrows to protect their business continuity. Such agreements can help safeguard the interests of all parties involved in a software deal.

What is escrow? Everthing you need to know about Software Escrow services. A step-to-step guide to the escrow process.

The Ultimate Guide To Software Escrow Services

Protect your innovations and investments

Protecting and Securing your Digital Universe

They trust Vaultinum

Our safety

Latest articles

Why Is Due Diligence Important?

Lose your password and lose out on millions?

The Ultimate Guide To Software Escrow Services