United States -- Custody Regulations Regulatory Overview

Cryptocurrency and digital asset custody in the US is regulated by federal agencies like the OCC, SEC, and FinCEN, with requirements varying by institution type (e.g., banks, broker-dealers, investment advisers). There are no uniform nationwide custodial licenses, but entities must comply with entity-specific rules under banking, securities, and AML laws; state-level trust charters may apply for some custodians.[1][2][6]

Custodial License Requirements

• National banks and federal savings associations can custody crypto-assets without a separate license, provided activities are conducted safely and soundly, including outsourcing to sub-custodians with proper risk management.[1]
• Broker-dealers custody crypto asset securities under SEC oversight, with no special license beyond registration, but must meet possession/control standards.[2][3]
• State trust companies (STCs) can act as qualified custodians for RIAs and registered funds if authorized by state banking authorities; RIAs must verify this annually via due diligence.[6]
• FinCEN regulates virtual asset service providers (VASPs), including custodians, under AML rules requiring registration as money services businesses (MSBs).[5]

Segregation of Client Assets Rules

• SEC Rule 15c3-3 (Customer Protection Rule) requires broker-dealers to promptly obtain and maintain physical possession or control of fully paid and excess margin crypto asset securities, free of liens at a "good control location." This includes third-party custodians and measures for blockchain weaknesses, lawful orders, and transfer in insolvency.[2][3][4]
• Banks must operate in a safe and sound manner, implying segregation but without explicit crypto-specific rules beyond general custody standards.[1]
• STCs for RIAs/Registered Funds must implement policies to safeguard assets from theft, loss, misuse, or misappropriation, including private key management.[6]

Insurance/Bonding Requirements

• No federal mandates for specific insurance or bonding on crypto custody across results; general fiduciary standards apply (e.g., safe and sound operations for banks).[1]
• Investor bulletins highlight risks of loss in third-party custody (e.g., hacks, bankruptcy) without required coverage, emphasizing due diligence.[7]

Cold Storage Mandates

• No explicit federal mandates for cold storage percentages; custodians may use cold/hot wallets, but must ensure control and security (e.g., private key management for STCs).[6][7]
• Broker-dealers must address distributed ledger risks to maintain "possession" under Rule 15c3-3.[2][3]

Qualified Custodian Definitions

• Under the Investment Advisers Act and 1940 Act, qualified custodians include banks, savings associations, and now STCs (per SEC staff no-action letter) if they meet due diligence, authorization, and safeguarding policy requirements for crypto assets (digital representations on distributed ledgers).[6]
• Broker-dealers qualify for securities custody if compliant with Rule 15c3-3 possession rules.[2][3][4]
• Banks qualify under OCC authority for crypto custody.[1]

Pending Custody Legislation

• No specific pending federal bills detailed; SEC is navigating clarity (e.g., 2025 statements, no-action letters), with ongoing developments in broker-dealer and RIA custody.[3][4][6][8]
• Recent shifts (e.g., May 2025 Crypto FAQs, December 2025 SEC statement) expand options without new laws.[2][4]

For full details, review primary sources: OCC Interpretive Letter 1184 https://www.occ.gov/news-issuances/news-releases/2025/nr-occ-2025-42.html; SEC Rule 15c3-3 statement https://www.sec.gov/newsroom/speeches-statements/trading-markets-121725-statement-custody-crypto-asset-securities-broker-dealers; SEC no-action letter via. Regulations evolve rapidly; consult legal experts for compliance.[1][2][3][6]