Cayman Islands -- Custody Regulations Regulatory Overview

The Cayman Islands regulates cryptocurrency/digital asset custody primarily through the Virtual Asset (Service Providers) Act (VASP Act, as revised and amended in 2025), enforced by the Cayman Islands Monetary Authority (CIMA). Custody providers must obtain a license (mandatory since April 1, 2025), segregate client assets, maintain insurance and robust risk controls, appoint specified personnel, and comply with AML/CTF rules, with no fixed minimum capital but operational scale considerations; cold storage is not explicitly mandated but implied in custody strategies, and "qualified custodian" aligns with licensed VASPs.[1][2][3][4][5][6]

Custodial License Requirements

Custody of virtual assets requires a CIMA license under the VASP Act (2025 amendments), effective April 1, 2025, replacing prior registration for custodians and trading platforms. Existing providers had until June 29, 2025, to comply. Applicants submit detailed operations info, including asset types/quantities, custodial strategies, business plans, cybersecurity, and risk mitigation. Licensing takes 4-10 months; initial fee KYD 1,000, annual fees KYD 5,000-200,000 based on services. Requirements include 3 directors (1 independent, CIMA-approved for custody), local AML officer, and minimum paid-up share capital of US$100,000. Audits, quarterly AML/KYC reports, transaction records, and suspicious activity reports to CIMA are mandatory.[2][3][4][5][6]

Segregation of Client Assets Rules

Custodians must segregate client assets from proprietary holdings, with controls like documented procedures and internal systems to protect funds. Records must be kept at the registered office and available for CIMA inspection.[4]

Insurance/Bonding Requirements

Custodians require insurance coverage as part of client asset protection controls, alongside segregation and procedures; no specific bonding amounts are detailed.[4]

Cold Storage Mandates

No explicit mandate for cold storage or minimum percentages in regulations; however, providers must justify custodial strategies, including cybersecurity and asset protection measures, which typically incorporate cold storage best practices.[2][4][7]

Qualified Custodian Definitions

"Qualified custodian" is not explicitly defined but corresponds to CIMA-licensed VASPs providing custody under the VASP Act, meeting segregation, insurance, and risk management standards. Virtual assets are "digital representations of value digitally traded/transferred for payment/investment, excluding fiat."[1][4][5]

Pending Custody Legislation

No pending legislation noted as of 2026; the Virtual Asset Regulations 2025 and VASP Act amendments (phased implementation completed by mid-2025) represent the current framework, with ongoing CIMA guidance like the Statement of Guidance for VA Custodians and Trading Platforms.[2][3][5][7]

For official details, refer to CIMA's VASP Act and guidance: https://www.cima.ky/upimages/regulatorymeasures/SOGforVACustodiansandTradingPlatforms_1734445089.pdf [7]. Additional rules may apply under the Securities Investment Business Act (SIBA) if assets qualify as securities.[1][5]