Understanding Crypto Custody and Regulation

Understanding Crypto Custody and Regulation

May 15, 2023

In traditional finance, custody services generally involve the safekeeping of a customer’s securities or cash to prevent them from being lost or stolen. Custodians — especially those acting globally — are subject to various laws and regulations regarding liquidity, fiduciary responsibilities, anti-money laundering policies and more.

In the digital asset space, Externally-Owned Account wallets (wallets generated by a public-private key pair) can generally be divided into ‘custodial’ or ‘self-custodial’ wallets. Practically, a custodial wallet is provided by an entity that promises to safeguard the private keys of the wallet on behalf of the user. This entity essentially has control over the wallet because they control the private keys. Many users prefer custodial wallets because they trust the custodian, and because they often provide a simple user experience with the ability to reset passwords, for example.

With self-custodial wallets, by contrast, only the owner of the wallet has control over their private keys. A third party may provide the wallet owner with technology to create the wallet, to improve the user experience of these wallets, or to help protect their private keys through encryption algorithms. However, if the wallet is truly self-custodial, the private keys would always be generated, encrypted, and decrypted on the user’s end device — ensuring that no third party has access to the private key and therefore cannot sign transactions on behalf of the user.

Just like with traditional financial assets, and especially in countries with developed regulatory and financial regimes, custodying cryptocurrency or digital assets that are considered securities is subject to regulation and often requires licensing.

In the U.S., most states require a license in order to provide custody of cryptocurrency, just as they do for cash or securities, while custodying NFTs is generally permitted without a license. Once in effect in Europe, The Markets in Crypto Asset Regulation, better known as MiCA, cryptoasset custodians will be required to register as a Crypto Asset Service Provider, with minimum requirements around governance, safekeeping of assets, minimum capital requirements, communicating capital positions or facing potential liability for lost funds due to cyberattacks or malfunctions.

Majority of the Wallet-as-a-Service vendors in the market today provide a custodial solution, or claim to offer a self-custodial solution but offer a key management architecture that does not fully satisfy a non-custodial definition. Still others call themselves “semi-custodial”, which is not a recognized term in any regulatory environment.

Unlike these offerings, Tweed’s wallet technology is 100% self-custodial: wallet creation and private key encryption and decryption always happens on a user’s end device, with user secrets. With our infrastructure, neither Tweed nor the platform can ever access a user’s wallet or move assets without their permission.

By using a self-custodial wallet solution, platforms can ensure that no matter what asset types their users place in the wallet, or how regulators classify those assets, they cannot be classified as a custodian, removing a significant regulatory burden and risk.


Interested in gaining a deeper understanding on how evolving regulation is impacting your platform? Reach out to hello@paytweed.com for access to our full report on The Evolving Regulatory Landscape of Crypto Custody.

In traditional finance, custody services generally involve the safekeeping of a customer’s securities or cash to prevent them from being lost or stolen. Custodians — especially those acting globally — are subject to various laws and regulations regarding liquidity, fiduciary responsibilities, anti-money laundering policies and more.

In the digital asset space, Externally-Owned Account wallets (wallets generated by a public-private key pair) can generally be divided into ‘custodial’ or ‘self-custodial’ wallets. Practically, a custodial wallet is provided by an entity that promises to safeguard the private keys of the wallet on behalf of the user. This entity essentially has control over the wallet because they control the private keys. Many users prefer custodial wallets because they trust the custodian, and because they often provide a simple user experience with the ability to reset passwords, for example.

With self-custodial wallets, by contrast, only the owner of the wallet has control over their private keys. A third party may provide the wallet owner with technology to create the wallet, to improve the user experience of these wallets, or to help protect their private keys through encryption algorithms. However, if the wallet is truly self-custodial, the private keys would always be generated, encrypted, and decrypted on the user’s end device — ensuring that no third party has access to the private key and therefore cannot sign transactions on behalf of the user.

Just like with traditional financial assets, and especially in countries with developed regulatory and financial regimes, custodying cryptocurrency or digital assets that are considered securities is subject to regulation and often requires licensing.

In the U.S., most states require a license in order to provide custody of cryptocurrency, just as they do for cash or securities, while custodying NFTs is generally permitted without a license. Once in effect in Europe, The Markets in Crypto Asset Regulation, better known as MiCA, cryptoasset custodians will be required to register as a Crypto Asset Service Provider, with minimum requirements around governance, safekeeping of assets, minimum capital requirements, communicating capital positions or facing potential liability for lost funds due to cyberattacks or malfunctions.

Majority of the Wallet-as-a-Service vendors in the market today provide a custodial solution, or claim to offer a self-custodial solution but offer a key management architecture that does not fully satisfy a non-custodial definition. Still others call themselves “semi-custodial”, which is not a recognized term in any regulatory environment.

Unlike these offerings, Tweed’s wallet technology is 100% self-custodial: wallet creation and private key encryption and decryption always happens on a user’s end device, with user secrets. With our infrastructure, neither Tweed nor the platform can ever access a user’s wallet or move assets without their permission.

By using a self-custodial wallet solution, platforms can ensure that no matter what asset types their users place in the wallet, or how regulators classify those assets, they cannot be classified as a custodian, removing a significant regulatory burden and risk.


Interested in gaining a deeper understanding on how evolving regulation is impacting your platform? Reach out to hello@paytweed.com for access to our full report on The Evolving Regulatory Landscape of Crypto Custody.

In traditional finance, custody services generally involve the safekeeping of a customer’s securities or cash to prevent them from being lost or stolen. Custodians — especially those acting globally — are subject to various laws and regulations regarding liquidity, fiduciary responsibilities, anti-money laundering policies and more.

In the digital asset space, Externally-Owned Account wallets (wallets generated by a public-private key pair) can generally be divided into ‘custodial’ or ‘self-custodial’ wallets. Practically, a custodial wallet is provided by an entity that promises to safeguard the private keys of the wallet on behalf of the user. This entity essentially has control over the wallet because they control the private keys. Many users prefer custodial wallets because they trust the custodian, and because they often provide a simple user experience with the ability to reset passwords, for example.

With self-custodial wallets, by contrast, only the owner of the wallet has control over their private keys. A third party may provide the wallet owner with technology to create the wallet, to improve the user experience of these wallets, or to help protect their private keys through encryption algorithms. However, if the wallet is truly self-custodial, the private keys would always be generated, encrypted, and decrypted on the user’s end device — ensuring that no third party has access to the private key and therefore cannot sign transactions on behalf of the user.

Just like with traditional financial assets, and especially in countries with developed regulatory and financial regimes, custodying cryptocurrency or digital assets that are considered securities is subject to regulation and often requires licensing.

In the U.S., most states require a license in order to provide custody of cryptocurrency, just as they do for cash or securities, while custodying NFTs is generally permitted without a license. Once in effect in Europe, The Markets in Crypto Asset Regulation, better known as MiCA, cryptoasset custodians will be required to register as a Crypto Asset Service Provider, with minimum requirements around governance, safekeeping of assets, minimum capital requirements, communicating capital positions or facing potential liability for lost funds due to cyberattacks or malfunctions.

Majority of the Wallet-as-a-Service vendors in the market today provide a custodial solution, or claim to offer a self-custodial solution but offer a key management architecture that does not fully satisfy a non-custodial definition. Still others call themselves “semi-custodial”, which is not a recognized term in any regulatory environment.

Unlike these offerings, Tweed’s wallet technology is 100% self-custodial: wallet creation and private key encryption and decryption always happens on a user’s end device, with user secrets. With our infrastructure, neither Tweed nor the platform can ever access a user’s wallet or move assets without their permission.

By using a self-custodial wallet solution, platforms can ensure that no matter what asset types their users place in the wallet, or how regulators classify those assets, they cannot be classified as a custodian, removing a significant regulatory burden and risk.


Interested in gaining a deeper understanding on how evolving regulation is impacting your platform? Reach out to hello@paytweed.com for access to our full report on The Evolving Regulatory Landscape of Crypto Custody.