What to Look for in an Institutional Crypto Custody Provider

If you manage cryptocurrency assets at an institutional level, you’re in a trusted position with an important responsibility to protect your company’s and clients’ digital assets. But those extensive crypto holdings can also make you a target for hackers and cybercriminals looking to empty your crypto wallets and steal all your bitcoin, ether, and other valuable crypto. In 2024 alone, cryptocurrency losses reported to the FBI totaled over $6.5 billion. 

An institutional crypto custody provider handles the heavy lifting of securing digital assets and managing critical functions, including compliance, liquidity, key management, audits, and reporting. Here’s a closer look at how institutional crypto custody works and what to look for in best-in-class custodians.

Key Takeaways

• Institutional cryptocurrency custodians provide secure digital asset storage and services, including third-party security audits, compliance with cryptocurrency regulations, and quick access to funds when required.

• Cold storage, multi-signature wallets, hardware security modules, and multi-factor authentication (MFA) are among the critical safeguards employed to protect against internal and external threats.

• The best institutional crypto custody providers offer value-added services such as trading, staking, API integration, and audit-ready reporting.

• Choosing a discount provider or trying to do it yourself can lead to costly mistakes, government action, or falling victim to cybercrime.

The Need for Institutional crypto custody

A quick online search yields countless stories of lost cryptocurrency. Bitcoin wallet keys wind up thrown away with an old hard drive. Major exchanges have been hacked and fallen victim to insider fraud. Nation-state hackers, errors in sending or receiving currency, and mishandled passwords are just a few of the many ways cryptocurrency can be lost.

The blockchain transactions underlying cryptocurrencies are irreversible. Unlike a bank that may restore funds lost to fraud, you’re essentially acting as the bank if you’re holding the crypto yourself, and there’s very little chance of recovery of lost digital assets. When you deposit the crypto with a quality crypto custody provider, funds are stored using the highest levels of security available, and assets are insured for worst-case scenarios.

Major institutions or registered investment advisors (RIAs) offering digital wealth management have fiduciary obligations to protect client assets, and outsourcing crypto custody to a trusted partner also offloads the risks associated with crypto storage to that partner.

Institutional crypto custody solutions put your client assets in the care of a dedicated expert. Self and exchange-custody management may be appropriate for some retail traders, but professionals handling assets for others can’t afford the risk.

Crypto Custody Provider Models

Some companies may be uncomfortable handing over complete control over their crypto asset wallets. Some crypto custody providers offer different models with varying levels of access shared between the asset manager and the crypto custodian.

When asset security is the primary concern, full custody is the safest arrangement. With full custody, the experienced custodian is responsible for protecting the private keys used to withdraw cryptocurrency from a digital wallet.

If the financial institution wants a level of control, it can leverage the benefits of multi-signature wallets, which should be used almost always for institutional-level cryptocurrency management, regardless of the custody arrangement. For example, the asset manager could require a three-signature wallet, with two signatures needed to access the contents. The custodian and the financial company each hold one or two of the three keys, ensuring enhanced security if a key is lost or compromised.

However, if the institution retains control over the cryptocurrency, all of the security and insurance benefits from the crypto custody provider may not apply. It’s important to weigh the pros and cons of each potential custody model before moving forward.

Evaluating Custody Providers: What to Look For

No two platforms are the same. Read on to learn about the key factors for choosing institutional crypto custody.

Security Tools Used By Custody Providers

Institutional investors have teams of people spread across roles and geographic locations who may be interacting with any given assets. These tools balance making access straightforward for authorized individuals while preventing unauthorized withdrawals.

• Offline Cold Storage: It’s normal to facilitate the speed of day-to-day trading by keeping some assets in online “hot” wallets. However, most funds should be stored in offline cold wallets, which help protect against cyber threats by storing private keys on hardware disconnected from the internet.

• Hardware Security Modules (HSMs): These hardware devices are designed to store sensitive cryptographic keys. Random numbers generate keys in secure, offline environments, and access is granted only to authorized personnel or quorums. As an added security measure, they’re also designed to be tamper-evident, leaving a clear trail of access.

• Multi-Site Storage: Requiring private keys to be accessed and authorized in varied geographic locations creates redundancy if sites are unavailable, and it provides security by separating authorization across multiple locations.

• Multi-Signature Approval: By requiring multiple parties to approve transactions, a single point of failure won’t compromise security.

• Multi-Factor Authentication (MFA): Authenticator apps generate one-time codes to provide an additional layer of security.

When implemented effectively, these controls reduce the risk of private key exposure, whether through hacking, physical theft, or operational failure.

Insurance and Fund Segregation

Custodians that offer insurance understand that insurance is essential for institutional investors to conduct due diligence and feel comfortable entering the digital asset space. No matter how many security measures are in place, something can still go wrong.

In most cases, institutional-grade insurance will cover cold storage and criminal acts. However, broader policies may also cover scenarios involving key management, theft, internal collusion, or administrative errors and omissions. For reference, BitGo offers up to $250 million in coverage for loss, theft, and misuse when BitGo holds all the keys.

Fund segregation is another critical safeguard. Some custodians operate affiliated trading platforms, which can introduce risk if legal entities or asset flows are not clearly separated. Segregated funds mean client assets are isolated in the event the custodian’s trading platform goes bankrupt.

Trading Services

The right institutional crypto custody provider is valuable to profit margins and trading desks on a day-to-day basis. Key capabilities to look for include: 

• Off-Exchange Settlement and Over-the-Counter (OTC) Trades: Sizable trades on exchanges can move markets and negatively impact strike prices. Custodians that facilitate off-exchange trading tend to offer more competitive prices. 

• Staking: Some coins use proof-of-stake consensus mechanisms to validate transactions and secure their network. For institutional investors, that means they can earn rewards (often greater than 3%) in exchange for locking funds for a period of time.  

• Integrated Trading APIs: Direct integration with brokers, exchanges, and internal systems is critical for scale. 

• Asset Coverage: With hundreds of coins on the market, broad coin coverage enables portfolio flexibility without compromising compliance standards. 

• Audit-Ready Trade Reporting: A top-tier custodian supports real-time trade reconciliation, reporting, and audit logs, helping satisfy internal controls and regulatory requirements without having to build those systems. 

Fees/Costs

Nobody understands the importance of fees more than finance professionals. Pricing models may include flat fees or a percentage of assets under management. Avoiding the highest-cost providers may be financially prudent.

It’s also essential to avoid the temptation to choose a provider based solely on cost. Discount providers may have less robust security or inadequate insurance, among other drawbacks. Finding the balance between cost and service offerings can help guide you to the best custodian.

Service Range

Cryptocurrency custody providers may offer a range of services you can mix and match to meet your needs. Those could include access to trading platforms and a combination of hot and cold storage.

Some services, such as SOC 2 audits, should be included with all other services. You may find different service-level agreements (SLAs) for different services as well.

Asset Support

While bitcoin is the best-known and most widely supported cryptocurrency, you or your clients may be interested in other coins and blockchains, such as ETH, XRP, SOL, TRON, DOGE, ADA, or XLM.

With dozens of potential cryptocurrency investments in a crowded market of more than 10,000 currencies, having access to a diverse set of assets is vital.

Institutional crypto custody in a Regulatory Context

The cryptocurrency market is still relatively new compared to the long histories of the stock and commodities markets. Crypto regulations are rapidly evolving in the United States and other jurisdictions.

In the United States, the crypto industry has drawn attention from leaders across the federal government. Clear guidelines help custodians and asset managers alike ensure they’re meeting guidelines designed to protect investors.

The European Union, the United Arab Emirates (UAE), and other countries have dabbled in cryptocurrency regulation. Some requirements, such as know-your-customer (KYC) and SOC audits, are becoming more common. When you work with a regulated custodian, the custodian is responsible for keeping up with compliance, including new laws that could impact your business.

Some resources for staying up-to-date with regulations include:

• Securities and Exchange Commission Crypto Task Force

• Commodity Futures Trading Commission

• National Conference of State Legislatures

• European Securities and Markets Authority

Regulations can change at any time with little notice, so having a trusted custodian handle international compliance can be a significant value.

BitGo’s Qualified Custody Solutions

Institutional crypto custody services are all about safeguarding clients, reputations, and operational futures in an emerging asset class. 

BitGo offers regulated, qualified custody solutions tailored to institutional needs. With SOC 1 Type II and SOC 2 Type II certifications, BitGo demonstrates the strength and reliability of its security and financial controls.

Its custody offerings include extensive insurance for accounts where BitGo holds all the keys. And its infrastructure is built to exceed global regulatory expectations.

From qualified custody to self-custody wallets, BitGo delivers the digital asset infrastructure institutions rely on to manage digital assets with control, compliance, and confidence.

FAQs

What is institutional crypto custody?

Institutional crypto custody refers to third-party services that securely hold digital assets on behalf of professional investors. These providers offer enterprise-grade infrastructure, regulatory compliance, and risk management tools that go beyond what’s available to retail investors on regular exchanges.  

How do institutional crypto custody providers enhance security?

They implement advanced security measures, such as cold storage, multi-signature wallets, hardware security modules (HSMs), and multi-factor authentication (MFA) to safeguard private keys and prevent unauthorized access. Many also undergo independent audits, maintain insurance coverage, and design systems with geographic and operational redundancies to eliminate single points of failure.  

What features should I look for in a crypto custody provider?

Find a provider that understands a financial institution’s unique needs. For instance, multiple employees serving different functions (from compliance to trading and operations) may need access to a particular crypto key.

Does that provider offer a security protocol that accounts for those users while also providing timely access to cold storage assets? 

Why is institutional custody necessary for digital assets?

Institutions face higher fiduciary, legal, and operational standards than retail investors. The right provider helps meet those standards by reducing counterparty risk, complying with regulations, and ensuring assets are held securely, are auditable, and readily accessible. 

What are the risks associated with institutional crypto custody?

While institutional custody significantly reduces risk compared with exchange custody, it still carries the risk of custodian insolvency, internal breaches, and human error. However, these risks can be mitigated by choosing a regulated, audited, and insured custodian with a proven track record.

As a CIO or Head of Trading, how do I run a practical RFP for a custody provider?

Decide what really matters to you up front, like security, ease of use, asset coverage, and quality of support, then turn that into a simple checklist and scoring sheet. Invite a small group of finalists to demo their platform with your team and push them for real examples of how they handled past problems, not just sales talk.

How should a CFO compare self-custody plus in-house infrastructure vs. using a qualified custodian from a cost perspective?

Add up the full cost of doing it yourself, including tools, people, around-the-clock monitoring, and the cost if something goes wrong. Compare that to the custodian’s fees and any capital requirements, and factor in the value of freeing your internal team to focus on core business priorities.

What red flags should a risk committee look for when evaluating a custodian?

Be cautious if the firm is secretive about who owns it, how it holds client assets, or how it handles outages and hacks. Also, treat big “too good to be true” yield promises, heavy reliance on one key vendor, or unclear conflicts with their trading or lending activities as warning signs.