Qualified Custodian Requirements for Tokenized Funds

Qualified Custodian Landscape for Tokenized Fund Assets

The qualified custodian requirement is the regulatory mechanism ensuring that fund assets are held by supervised financial institutions with adequate safeguards against loss, theft, or misappropriation. For tokenized funds, the qualified custodian determination encompasses both the underlying portfolio assets and the tokenized fund shares, creating a dual custody challenge that requires institutions with both traditional securities custody capabilities and digital asset custody infrastructure.

Qualified Custodian Categories

Under SEC rules, qualified custodians include four categories of entities:

Banks: National banks (OCC-chartered), state-chartered banks, and foreign banks meeting specific conditions. For digital asset custody, several banks have obtained specific authority: Anchorage Digital Bank (OCC-chartered, January 2021) was the first federally chartered digital asset bank. Standard Chartered (through its Zodia Custody subsidiary) and BNY Mellon have obtained or expanded authorities for digital asset custody.

Registered broker-dealers: FINRA-member broker-dealers maintaining customer securities are qualified custodians. For digital asset securities — including tokenized fund shares — broker-dealers must demonstrate operational capabilities for blockchain-based asset custody, including private key management and wallet infrastructure.

Futures commission merchants (FCMs): Registered FCMs are qualified custodians for assets within their regulatory scope, though FCM custody of tokenized fund shares presents regulatory questions that the CFTC and SEC have not jointly addressed.

State-chartered trust companies: Trust companies with fiduciary authority under state banking law qualify as custodians for the assets they are authorized to hold. Key digital asset trust companies include: BitGo Trust Company (South Dakota); Coinbase Custody Trust Company (New York); Gemini Trust Company (New York); and Paxos Trust Company (New York).

Key Management and Operational Standards

Qualified custodians holding tokenized fund assets must implement key management systems that satisfy both traditional custodial standards and blockchain-specific security requirements. Industry standards include:

Multi-party computation (MPC): Private keys are split into shares distributed across multiple parties or servers, with threshold signatures requiring a specified number of shares to authorize transactions. MPC eliminates single points of failure without requiring hardware-specific implementations.

Hardware security modules (HSMs): Dedicated cryptographic hardware devices that generate, store, and manage private keys in tamper-resistant environments. HSMs meeting FIPS 140-2 Level 3 or higher certification provide the physical security baseline for institutional key management.

Geographic distribution: Key material (whether MPC shares or HSM-stored keys) is distributed across geographically separated facilities — typically 3+ locations across 2+ jurisdictions — to protect against localized risks (natural disasters, political instability, physical attacks).

Custodian Selection for Tokenized ETF Sponsors

Fund sponsors selecting qualified custodians for tokenized ETF operations should evaluate: blockchain platform support (which networks the custodian supports for tokenized fund share custody); insurance coverage (limits and scope of digital asset custody insurance); regulatory track record (SEC examination history, no-action correspondence); operational capabilities (integration with fund’s transfer agent and administration systems); and disaster recovery (ability to recover fund assets in the event of key loss or custodian failure).

The custody framework comparison across jurisdictions reveals different qualified custodian standards and institutional landscapes, affecting fund sponsors’ custodian options for multi-jurisdictional tokenized fund products.

SEC Custody Rule Evolution for Digital Assets

The SEC’s custody framework has evolved significantly since the Commission first addressed digital asset custody:

SAB 121 (March 2022) and rescission (early 2025): SEC Staff Accounting Bulletin 121 required entities custodying crypto-assets to recognize a liability on their balance sheet equal to the fair value of customer digital assets, with a corresponding asset. This accounting treatment imposed significant capital costs on banks and broker-dealers providing digital asset custody, effectively discouraging traditional financial institutions from entering the digital custody market. The SEC rescinded SAB 121 in early 2025 under new Chair Paul Atkins’s administration, removing the balance sheet recognition requirement and opening the custodian market to traditional banks — a development that coincided with the tokenized treasury market reaching $11.70 billion across 73 products by March 2026.

Proposed custody rule amendments (2023): The SEC proposed amendments to Advisers Act Rule 206(4)-2 that would expand the custody rule to cover all client assets (not just securities and funds), explicitly including digital assets. The proposed amendments would require investment advisers to maintain client digital assets with a qualified custodian that demonstrates: segregation of client assets from the custodian’s proprietary assets; operational controls specific to digital asset custody; insurance or bonding requirements; and regular examination by the SEC or a banking regulator.

No-action letters and interpretive guidance: The SEC Division of Investment Management has issued informal guidance confirming that: state-chartered trust companies with digital asset custody authority qualify as qualified custodians for Investment Company Act purposes; qualified custodians may delegate custody operations to sub-custodians (including blockchain-specific infrastructure providers) while retaining custodial responsibility; and multi-party computation (MPC) and hardware security module (HSM) key management arrangements are consistent with qualified custodian operational standards.

Insurance and Bonding for Digital Asset Custody

Insurance coverage for digital asset custody remains a developing market, with coverage structures and capacity evolving rapidly:

Crime and theft insurance: Digital asset custodians typically maintain crime insurance policies covering theft of private keys, unauthorized transactions, and employee fraud. Coverage limits range from $50 million to $500 million among major custodians (Coinbase Custody, BitGo, Anchorage), though these limits may be insufficient for large fund products. BlackRock’s BUIDL fund ($2.01 billion AUM across Ethereum, Avalanche, Polygon, Arbitrum, Optimism, Aptos, and Solana) uses five custodian providers — Anchorage Digital, BitGo, Coinbase, Copper, and Fireblocks — with BNY Mellon as fund-level custodian, demonstrating the multi-custodian approach required for institutional-scale tokenized fund products.

Errors and omissions (E&O) insurance: Coverage for operational errors in digital asset custody, including smart contract interaction errors, incorrect token transfers, and blockchain network failures. E&O coverage for digital asset custody is relatively new, with limited market capacity and high premium costs.

Directors and officers (D&O) coverage: Fund boards overseeing digital asset custody arrangements require D&O insurance that covers blockchain-specific liability, including liability for smart contract failures, oracle manipulation events, and key management incidents.

Lloyd’s of London digital asset market: Lloyd’s has emerged as the primary insurance market for digital asset custody coverage, with several syndicates offering specialized policies. The Lloyd’s market provides capacity that domestic US insurers have been slower to develop, making London-market coverage a standard component of institutional digital asset custody arrangements.

EU Depositary Requirements for Tokenized Fund Assets

In the European context, the qualified custodian concept is replaced by the depositary function under the UCITS Directive (Articles 22-26) and AIFMD (Articles 21-22). EU depositaries face specific requirements for tokenized fund asset custody:

Safekeeping obligation: The depositary must hold tokenized fund assets “in custody” (where custody is possible) or verify and maintain records of ownership (where custody is not possible). For tokenized fund shares issued as blockchain tokens, the CSSF has confirmed that depositaries can satisfy safekeeping obligations through DLT platform access — verifying token ownership on-chain without necessarily controlling private keys directly.

Cash flow monitoring: Depositaries must monitor all cash flows related to tokenized fund operations, including: subscription and redemption payments (whether in stablecoins, CBDC, or fiat currency); dividend and income distributions executed on-chain; and management fee payments and other fund expenses. This monitoring requirement extends to all blockchain platforms on which fund operations occur.

Oversight function: The depositary must verify that: fund share issuance and redemption comply with UCITS/AIFMD requirements and the fund rules; NAV is calculated correctly; and investment restrictions are observed. For tokenized funds, oversight extends to smart contract operations — the depositary must verify that smart contract logic accurately implements the fund’s rules.

Liability standard: Under UCITS Article 24, the depositary is liable for loss of financial instruments held in custody, with a strict liability standard (liability regardless of fault) unless the depositary proves the loss resulted from an “external event beyond its reasonable control.” For tokenized fund assets, this liability standard creates significant risk exposure: if tokenized fund shares are lost due to a smart contract exploit, blockchain network failure, or key compromise, the depositary may bear liability. This liability exposure drives depositary demand for comprehensive insurance and rigorous smart contract security standards.

Emerging Custody Technology

Several technology developments are reshaping the qualified custodian landscape:

Multi-party computation (MPC) custody: MPC eliminates single points of failure by distributing key material across multiple parties. Institutional MPC providers (Fireblocks, Curv — acquired by PayPal, Sepior — acquired by Blockdaemon) enable custodians to distribute signing authority across geographies, reducing the risk of key compromise.

Threshold signature schemes (TSS): TSS enables a group of parties to collectively produce a valid signature, with any subset meeting the threshold able to sign transactions. TSS provides flexibility in custody governance — fund sponsors can require multiple approvals for different transaction types (e.g., 2-of-3 for routine transfers, 3-of-5 for large redemptions).

Secure enclaves and TEEs: Trusted execution environments (Intel SGX, ARM TrustZone, AWS Nitro Enclaves) provide hardware-isolated environments for key management and transaction signing. TEE-based custody is emerging as a complement to MPC and HSM approaches, particularly for cloud-native custody architectures.

Self-custody with institutional controls: Some tokenized fund structures explore self-custody models where the fund’s smart contract itself controls fund assets (rather than an external custodian holding assets separately). While this approach eliminates custodian dependency, it raises SEC custody rule compliance questions and concentrates risk in the smart contract’s security. The SEC has not approved self-custody arrangements for registered fund assets.

Multi-Jurisdictional Custody for Global Tokenized Fund Products

Tokenized fund products distributed across multiple jurisdictions face multi-jurisdictional custody requirements that compound the complexity of qualified custodian arrangements. A tokenized fund domiciled in Luxembourg with US, European, and Asian investors requires custody arrangements that satisfy the UCITS depositary requirements (EU), qualified custodian standards (US investors accessing through private placement), and local custody rules in each distribution jurisdiction.

The practical solution for multi-jurisdictional tokenized fund custody involves a primary depositary or custodian that satisfies the fund’s domicile regulatory requirements, supplemented by sub-custody arrangements in distribution jurisdictions where local custody rules apply. For tokenized fund shares specifically, the blockchain-based custody layer adds a global element — token custody is technically jurisdiction-agnostic (the blockchain does not recognize borders), but regulatory custody requirements remain jurisdiction-specific.

Fund sponsors must evaluate whether their custodian’s qualified status extends to all distribution jurisdictions, or whether separate custody arrangements are needed for investors in specific markets. The US-EU custody comparison examines the specific divergences between qualified custodian standards and UCITS depositary requirements that affect cross-border tokenized fund distribution.

Custodian Selection Due Diligence Framework

Fund sponsors should evaluate qualified custodians for tokenized fund operations across eight dimensions:

1. Regulatory status: Verify the custodian’s qualified custodian status under applicable regulations — federal charter (OCC), state trust charter, or FINRA broker-dealer registration. Confirm the custodian has not received SEC examination deficiency letters related to digital asset custody.

2. Blockchain platform support: Confirm support for all networks where fund tokens are or will be deployed. Verify that the custodian’s platform support includes full transaction signing capability (not just balance viewing).

3. Key management architecture: Evaluate whether the custodian uses MPC, HSM, or hybrid key management. Assess geographic distribution of key material, threshold signing configuration, and key rotation procedures.

4. Insurance coverage: Review the custodian’s insurance coverage — policy limits, covered perils (theft, hack, employee fraud, key loss), exclusions, and deductible amounts. Compare coverage against fund AUM to assess the coverage gap.

5. SOC 2 Type II certification: Obtain and review the custodian’s most recent SOC 2 Type II report. Evaluate any control exceptions or qualified opinions. Confirm the report covers digital asset-specific controls.

6. Operational track record: Assess the custodian’s operational history — including any security incidents, network outages, or customer asset losses. Review the custodian’s response to industry-wide events (blockchain network outages, protocol exploits, market stress periods).

7. Integration capabilities: Evaluate the custodian’s API capabilities for integration with the fund’s transfer agent, on-chain administration platform, and NAV calculation systems. Assess whether the custodian supports automated creation and redemption workflows.

8. Financial stability: Review the custodian’s financial statements, capital adequacy, and parent company support (if applicable). Evaluate the custodian’s business viability — particularly for smaller digital-native custodians that may face sustainability challenges in competitive market conditions.

The transfer agent integration analysis examines how custody arrangements interact with on-chain shareholder register management. The FINRA broker-dealer requirements cover custody obligations for broker-dealers handling tokenized fund shares. The institutional investor guide examines how custody arrangements factor into institutional due diligence for tokenized fund products. The smart contract audit guide covers how custody-related smart contracts should be audited. The SEC publishes custody rule guidance at sec.gov.

For inquiries regarding this analysis: info@etftokenisation.com