US vs EU Custody Frameworks for Tokenized Fund Assets
Custody of digital assets is the single highest-risk operational function in tokenized fund management — over $3 billion in crypto assets have been lost to custody failures, exchange hacks, and key management errors since 2014 — and the United States and European Union have constructed fundamentally different regulatory architectures to address this risk. With the tokenized treasury market alone reaching $11.70 billion across 73 products and 55,520 holders by March 2026 (and the broader RWA market exceeding $20 billion excluding stablecoins), understanding these divergent custody frameworks is essential for fund sponsors operating cross-border tokenized products and for institutional investors evaluating custody arrangements during operational due diligence.
The US qualified custodian framework — based on Section 17(f) of the Investment Company Act and Rule 206(4)-2 under the Investment Advisers Act — establishes entity-based eligibility criteria defining who may hold fund assets. The EU UCITS depositary regime — based on Articles 22-26 of the UCITS Directive — establishes function-based requirements defining what the depositary must do, including asset safekeeping, cash flow monitoring, and management company oversight. The addition of MiCA CASP authorization requirements — with 53+ CASP licenses already granted EU-wide under the transitional regime and full MiCA CASP enforcement effective July 2026 — creates a dual-authorization layer unique to the EU framework.
Structural Comparison
| Requirement | US Framework | EU Framework |
|---|---|---|
| Primary custodian type | Qualified custodian (bank, BD, FCM, state trust company) | UCITS depositary (credit institution with UCITS authorization) |
| Custodian oversight role | Asset safekeeping only | Safekeeping + cash flow monitoring + management company oversight |
| Digital asset authorization | Entity-level qualification (no separate digital asset license) | UCITS depositary qualification + MiCA CASP custody authorization |
| Segregation standard | Separate account requirement (Rule 206(4)-2) | Asset segregation + UCITS-specific protections (Article 22(5)) |
| Insurance | Market practice, no regulatory minimum ($100M-500M typical) | CASP prudential requirements specify minimums |
| Audit requirement | SOC 2 Type II (market practice, not SEC-mandated) | ESMA technical standards (forthcoming) |
| Cross-chain custody | Permitted if custodian qualified | Depositary must verify DLT register integrity across all chains |
| Key management standards | Not specified by SEC (industry practice) | MiCA CASP technical standards specify requirements |
| Liability regime | Common law + contract (varies by custodian agreement) | Strict UCITS depositary liability (Article 24) |
| Sub-custody | Permitted with reasonable care in selection | Permitted with UCITS Directive delegation requirements |
The US Qualified Custodian Framework
Entity-based qualification: Under SEC rules, a qualified custodian for registered fund assets is: a bank as defined under the Investment Company Act; a registered broker-dealer; a futures commission merchant registered with the CFTC; or a trust company organized under state law. The qualification is entity-based — if the institution holds the correct registration or charter, it can custody any type of asset the fund holds, including tokenized assets.
Post-SAB 121 landscape: The SEC’s rescission of Staff Accounting Bulletin No. 121 (SAB 121) in early 2025 removed a significant obstacle to bank custody of digital assets. SAB 121 had required banks to recognize crypto-asset custody obligations as on-balance-sheet liabilities, imposing punitive capital charges that effectively prevented banks from offering digital asset custody at scale. Post-rescission, banks can custody tokenized fund assets without these capital charges, opening the qualified custodian market to traditional banking institutions alongside crypto-native custodians. BlackRock’s BUIDL fund ($2.01 billion AUM across 8 chains) now uses five custodian providers — Anchorage Digital, BitGo, Coinbase, Copper, and Fireblocks — with BNY Mellon serving as fund-level custodian, illustrating the expanding multi-custodian model enabled by SAB 121’s removal.
Current market structure: Following the January 2024 spot Bitcoin ETF approvals, the US digital asset custody market is dominated by Coinbase Custody, which holds approximately 78% of spot Bitcoin ETF assets under custody. This concentration creates systemic risk — a Coinbase Custody failure would affect the vast majority of US crypto ETF assets. Post-SAB 121, banks including BNY Mellon and State Street are developing digital asset custody capabilities that will gradually diversify the custody market.
Limited custodian role: The US qualified custodian’s role is narrowly defined: hold assets safely, maintain proper account records, and release assets only on authorized instructions. The custodian does not monitor the fund’s compliance with investment restrictions, verify NAV calculations, or oversee management company conduct. These oversight functions are performed by the fund’s chief compliance officer (under Rule 38a-1) and board of directors.
The EU UCITS Depositary Framework
Function-based requirements: The EU depositary framework defines what the depositary must do rather than who the depositary is. Under UCITS Directive Articles 22-26, the depositary must perform three functions:
Safekeeping of assets (Article 22(5)): The depositary must hold all financial instruments that can be registered or held in custody in an account (including tokenized fund assets on a blockchain) and ensure proper segregation from the depositary’s own assets. For tokenized assets, this means the depositary must either directly hold the private keys controlling the fund’s token assets or verify that a sub-custodian holds them with equivalent safeguards.
Cash flow monitoring (Article 22(4)): The depositary must monitor the fund’s cash flows, ensuring that investor subscriptions and redemptions are properly processed and that all cash movements are legitimate and compliant. For tokenized funds using stablecoin or CBDC settlement, the depositary must monitor on-chain payment flows in addition to traditional bank account movements.
Oversight of the management company (Article 22(3)): The depositary must independently verify that the management company complies with: UCITS investment restrictions (concentration limits, eligible asset rules, leverage constraints); the fund’s stated investment policy and restrictions; NAV calculation accuracy (independently verifying the fund’s NAV against the depositary’s own calculation); unit pricing and dealing procedures; and application of fund income and distributions.
This oversight function is the most significant difference from the US framework. The EU depositary effectively serves as an independent watchdog over the management company — a role that has no direct US equivalent. For tokenized funds, this oversight extends to DLT infrastructure: the depositary must verify the integrity of the on-chain shareholder register, confirm that smart contract operations comply with fund rules, and ensure that on-chain NAV calculations reconcile with independently calculated values.
MiCA CASP overlay (effective July 2026): EU custody of tokenized fund shares requires a dual-authorization: the depositary (or its sub-custodian) must be a credit institution satisfying UCITS depositary requirements AND hold MiCA CASP authorization for crypto-asset custody services. The MiCA CASP custody authorization imposes additional requirements including: specific technical standards for key management (HSM, MPC, key generation ceremonies); segregation of client assets in separate on-chain addresses; mandatory insurance or equivalent coverage for custody losses; and regular reporting to the national competent authority (CSSF, BaFin, AMF) on digital asset custody operations. ESMA maintains the CASP register at esma.europa.eu.
Strict depositary liability (Article 24): The UCITS Directive imposes strict liability on the depositary for loss of financial instruments held in custody. If tokenized fund assets are lost — whether through hacking, key compromise, smart contract exploit, or blockchain failure — the depositary is liable to the fund for the full value of the lost assets, regardless of fault. This strict liability regime creates strong incentives for depositaries to implement robust digital asset safekeeping procedures, but also makes EU depositaries cautious about accepting tokenized fund mandates.
Key Differences for Tokenized Fund Operations
Depositary oversight of DLT infrastructure: The EU depositary’s oversight function requires capabilities that US qualified custodians do not need. EU depositaries overseeing tokenized funds must: run blockchain nodes or maintain verified access to blockchain data for real-time monitoring of fund token transactions; reconcile on-chain shareholder registers with the depositary’s own records (at minimum daily, with emerging practice moving toward real-time); verify that smart contract operations (minting, burning, transferring, pausing) comply with fund rules and the management company’s instructions; and monitor oracle network inputs to the fund’s on-chain NAV calculation, verifying accuracy against independently sourced price data.
These requirements mean that EU depositaries must develop significant blockchain infrastructure capabilities — or sub-contract them to qualified technology providers — adding operational complexity and cost that US qualified custodians do not face.
Reconciliation requirements: EU depositaries must reconcile the on-chain shareholder register with their own records, as specified in national regulator guidance from the CSSF and Ireland’s Central Bank. This reconciliation obligation creates operational requirements for DLT access and data extraction. The reconciliation must identify: discrepancies between on-chain token balances and the depositary’s shareholder register; unauthorized token transfers (transfers not initiated through the fund’s authorized creation-redemption or dealing process); and smart contract state changes that affect fund operations (pausing events, oracle updates, contract upgrades).
US qualified custodians face no equivalent regulatory reconciliation requirement for on-chain records. US funds rely on the transfer agent (registered under Exchange Act Section 17A) to maintain the official shareholder register, with the custodian responsible only for safekeeping the assets themselves.
Practical Implications for Multi-Jurisdictional Fund Sponsors
Fund sponsors operating tokenized ETF products in both the US and EU must navigate significant complexity.
Custodian/depositary selection: Select institutions that satisfy both regulatory frameworks simultaneously. The custodian must be a US qualified custodian (for US-registered fund assets) AND an EU UCITS depositary (for EU-domiciled fund assets), with MiCA CASP authorization for digital asset custody. Currently, a limited number of institutions can serve both roles: BNY Mellon (developing digital asset custody), State Street (through State Street Digital), and select international banks with both US and EU banking licenses.
Alternatively, fund sponsors can use separate custodians for each jurisdiction — a US qualified custodian for the US fund and an EU depositary for the EU fund — but this creates operational complexity for any shared portfolio operations or cross-border rebalancing.
Compliance documentation: Maintain custody compliance documentation meeting both standards: US qualified custodian verification and SOC 2 Type II audit reports for SEC examination; EU depositary oversight reports, CASP authorization documentation, and ESMA technical standard compliance evidence for CSSF/CBI supervision; and reconciliation procedures satisfying EU requirements (which also serve US reporting needs, as a higher standard).
Cost implications: EU depositary services for tokenized funds typically cost more than US qualified custodian services due to the oversight function, reconciliation requirements, and MiCA CASP compliance burden. Estimated custody cost differential: 15-30 basis points annually for EU vs. 5-15 basis points for US, depending on fund size and complexity.
The DTCC’s and Euroclear’s respective development of DLT settlement capabilities may eventually provide interoperable cross-jurisdictional custody solutions, but current infrastructure requires separate custody arrangements for each market. The SEC vs ESMA regulatory comparison provides broader context for how custody differences fit within the overall regulatory divergence between jurisdictions. The regulatory filing guide details custody documentation requirements in each jurisdiction’s filing process. See the SEC’s custody guidance at sec.gov and the FCA’s custody requirements at fca.org.uk.
Asia-Pacific Custody Standards in Comparative Context
Asia-Pacific jurisdictions have developed custody standards for tokenized fund products that draw from both US and EU approaches while introducing regional variations:
Hong Kong: The SFC requires SFC-licensed custodians with digital asset capabilities, combining elements of the US qualified custodian model (entity-type requirements) with EU depositary-like oversight functions (active monitoring of fund operations). HSBC’s digital asset custody services for SFC-authorized tokenized funds represent the most advanced institutional custody deployment in Asia-Pacific.
Singapore: MAS’s custody requirements operate under the Capital Markets Services licensing framework, with the TRM Guidelines providing technology governance standards. Singapore’s approach emphasizes risk management over prescriptive technical standards — closer to the principles-based EU approach than the entity-type US approach.
Switzerland: FINMA requires custodian bank appointment for collective investment schemes, with DLT-specific operational requirements for digital asset custody. Switzerland’s DLT Act creates explicit legal authority for tokenized securities custody, providing a level of statutory certainty that neither the US nor EU currently matches.
These Asia-Pacific custody frameworks create additional complexity for global fund sponsors. A tokenized ETF product distributed across the US, EU, Hong Kong, and Singapore requires custody arrangements satisfying four distinct regulatory frameworks — a compliance burden that favors large, globally licensed custodians over specialist digital asset custody providers.
Emerging Custody Technology Standards
Both US and EU regulators are monitoring the development of custody technologies that could reshape the custody landscape for tokenized fund products:
Multi-party computation (MPC): MPC-based custody solutions distribute private key material across multiple parties, enabling transaction authorization without any single party possessing the complete key. This technology addresses key person risk and single-point-of-failure concerns that both the SEC and EU regulators have identified for digital asset custody. Neither the SEC nor ESMA has issued guidance on whether MPC custody satisfies their respective qualified custodian or depositary requirements.
Institutional self-custody: Some tokenized fund sponsors have explored institutional self-custody models where the fund manager maintains direct control over private keys. The SEC’s custody rules generally prohibit investment adviser self-custody (requiring an independent qualified custodian), while UCITS regulation requires an independent depositary. Both frameworks present obstacles to self-custody, though the Investment Company Act and UCITS Directive were drafted before digital asset custody was contemplated.
Insurance and guarantee arrangements: As the tokenized fund market grows, demand for digital asset custody insurance is driving product development among specialty insurers. The availability and cost of custody insurance varies significantly between US and EU markets, affecting the economics of tokenized fund operations. EU depositaries’ broader liability obligations (extending to sub-custodian failures) create higher insurance demand and costs compared to US qualified custodians.
The smart contract audit guide examines how custody technology interacts with the smart contract infrastructure governing tokenized fund operations, and the on-chain fund administration architecture analysis covers how custody integrates with broader fund operational infrastructure.
For inquiries regarding this analysis: info@etftokenisation.com