Articles

Crypto Custody for Family Offices: A 2026 Decision Framework

Written by RYKI | Jun 22, 2026 3:17:22 PM

Family offices crossed the "should we hold digital assets" bridge a few years ago.

The harder question - the one that decides whether a crypto allocation reads on the audit as a clean asset or a slow-burning operational risk - is who holds the keys, under whose regulation, behind what insurance, and through what trust structure.

That is custody.

And in the last twelve months, the rules around it have moved enough that any family office working from a 2023 custody policy is working from a stale document.

Custody is the architecture decision, not the asset-selection one

Most of the airtime in family-office crypto conversations still goes to allocation: how much, which assets, what risk band. Custody gets treated as the implementation detail you handle after the strategic call. That ordering is backwards.

Allocation can be unwound.

A custody mistake where keys mismanaged by a trustee, assets pooled with an insolvent custodian, an heir without recovery instructions is a category of loss that doesn't reverse.

The scale of the question has changed, as well. BNY Mellon's October survey found that 74% of family offices are now investing in or actively exploring crypto, up 21 percentage points in a year.

The J.P. Morgan 2026 Family Office Report and the UBS Global Family Office Report 2025 both place digital assets inside the standing portfolio conversation rather than the exploratory one. Which means the custody question is now in front of every office, not just the early adopters. Most published guidance frames this decision as a technology choice, hot versus cold, multi-sig versus MPC.

That framing is incomplete.

The right framing is fiduciary architecture: who has authority, what survives a custodian's bankruptcy, what an auditor sees, what passes cleanly to heirs. RYKI’s custody offering is built around that architecture rather than the wallet question, and the rest of this article is a walk through the architecture itself.

Why self-custody usually fails at family-office scale

Self-custody works fine when one person owns the keys, owns the risk, and is also the beneficiary. The structure breaks the moment a trustee or CIO sits between the principal and the keys. At that point, three load-bearing failures show up: personal fiduciary liability for key mismanagement, audit defensibility that depends on documentation no hardware wallet produces, and a succession path that cannot be enforced through ordinary trust language.

The retail principle that anchors self-custody arguments ("not your keys, not your coins") is genuinely correct for a sole principal with personal holdings.

Family offices answer to a different set of constituents. Trustees answer to beneficiaries. CIOs answer to investment committees. And every one of them eventually answers to an auditor reading a SOC report.

There’s also a practical limit that custody research tends to agree on: once digital assets reach roughly $500,000 to $1 million, the effort and risk involved in managing self-custody usually outweigh the benefit of having full control.

Family offices are usually an order of magnitude beyond that. They're also dealing with a permanent loss problem the rest of the market knows about but rarely names: between 2.3 and 3.7 million Bitcoin roughly 11–18% of total supply are estimated to be permanently lost, almost entirely to self-custody failures.

The number is the entire policy argument. The SEC's investor education bulletin on custody frames the same risk in plainer language: the keys are the assets, and once they're gone, no court can summon them back.

What "qualified custody" actually means after September 2025

A key regulatory update in September 2025 changed how family offices, RIAs, and funds can hold digital assets like crypto.

1) State trust companies now count as “banks” for crypto custody

A September 30, 2025 SEC Division of Investment Management no-action letter clarified that certain state-chartered trust companies can be treated as “banks” under the Advisers Act custody rules.

This includes institutions regulated under regimes such as New York DFS trust companies and Wyoming’s SPDI framework, among others.

2) But this is not a blanket approval

Use of these custodians is allowed only if specific conditions are met. An adviser or fund must:

    • Have a reasonable basis that the trust company is authorized to provide crypto custody in its state
    • Review audited GAAP financial statements and a recent SOC report
    • Use a custody agreement that prohibits lending or asset transfers without written consent
    • Disclose material risks to clients
    • Document a “best interest” determination

In other words, it’s permitted, but tightly conditional.

3) Regulatory risk is still part of the picture

Commissioner Caroline Crenshaw publicly dissented, arguing the letter weakens the custody framework. Her view signals that this approach is politically contested and could be narrowed or revisited in future enforcement or rulemaking.

For family offices, this means reliance on state trust company custody is not just a legal question it also carries regulatory uncertainty that should be part of ongoing due diligence.

4) Jurisdiction still matters

Finally and most importantly, the U.S. is only one option for crypto custody. Many international family offices already evaluate custody solutions across multiple jurisdictions, and in some cases may find stronger or more stable frameworks outside the U.S.

The custody technology stack, decoded

Once a family office, fund, or institution uses a professional crypto custody provider, the underlying security is usually built on three core technologies. Marketing often blends them together, but they serve different purposes.

1) Hardware Security Modules (HSMs)

HSMs are physical devices designed to store cryptographic keys in a highly secure environment.

    • Certified under standards like FIPS 140-2 Level 3 or 4
    • Keys never leave the secure hardware
    • Even if someone gains access, they still need physical device access + authentication
    • Same type of infrastructure used by banks and government systems

In simple terms: the key lives inside a locked hardware box and cannot be copied out.

2) Multi-signature (M-of-N)

Multi-sig spreads control across multiple keys and people.

    • Example setup: 3-of-5 approval
    • 5 keys exist, but at least 3 are needed to move funds
    • Keys are held by different people in different locations
    • No single person or compromised key can move assets alone

In simple terms: transactions require group approval, not individual control.

3) Multi-Party Computation (MPC)

MPC is the newer approach used in modern digital assets custody systems.

    • A single private key is split into encrypted “shards”
    • Each party holds only a fragment
    • Signing happens without ever reconstructing the full key
    • The full key never exists in one place at any time

In simple terms: no one ever has the full key, only pieces that work together mathematically.

How institutions actually use them

Most serious custody providers don’t choose just one.

Instead, they layer them:

    • Cold storage (HSM + multi-sig): majority of assets, long-term holdings
    • Warm/operational layer (often MPC): day-to-day transfers and liquidity needs

So:

    • Cold, warm, and hot storage describe operational risk levels
    • The technologies (HSM, multi-sig, MPC) are what secure each layer

In practice, most institutional custodians use a layered model: the bulk of long-term holdings sits in cold-storage HSMs with multi-signature authorization, with a smaller operational tier handled by MPC for movement.

Cold, warm, and hot storage are the operational tiers, not the technology.

Technology is what protects each tier. The most useful framing I've found for non-engineers is to read these three as risk-management primitives, not as competing products. A serious custodian uses all three in different combinations across different parts of the portfolio.Knowing how the keys are protected, though, doesn't tell you what happens to the assets themselves if something goes wrong at the corporate level.

That question is where the post-FTX lesson lives.

Segregated, bankruptcy-remote, and the lesson FTX wrote

The collapses of FTX, Celsius, and Genesis all reinforced one core lesson for family offices and institutions using crypto and digital assets: when customer assets are mixed with a company’s own funds, they can become tied up in bankruptcy proceedings and take years to recover if they are recovered at all.

The key question in modern custody

For any family office or institutional setup, the real test is whether custody is:

    • Segregated
    • Bankruptcy-remote
    • Verifiable (provable)

These are related, but not the same.

1) Segregated

Client crypto and digital assets are held separately from the custodian’s own assets.

    • Stored in identifiable wallets (not pooled accounts)
    • Separation exists in contracts, operations, and on-chain records
    • Clear ownership at all times

In simple terms: your assets are not mixed with the custodian’s money.

2) Bankruptcy-remote

Client assets are legally protected if the custodian fails.

    • Held by a separate legal entity (often a trust or special-purpose structure)
    • Not treated as part of the custodian’s bankruptcy estate
    • Designed so creditors cannot claim them

In simple terms: even if the custodian goes under, your assets are supposed to stay outside the bankruptcy process.

3) Provable (auditable)

Separation must be independently verified.

    • Confirmed through audits (e.g., SOC 1 or SOC 2 Type II reports)
    • Supported by third-party attestations of holdings
    • Not just contractual claims, but evidence-backed proof

In simple terms: you can actually verify the assets are where they’re supposed to be.

Regulatory direction

This model is increasingly becoming standard:

    • In the EU, MiCA (Article 75) requires segregation, no reuse of client assets, and bankruptcy-remote custody design
    • In the Cayman Islands, the updated VASP framework (Phase 2, effective April 2025) enforces similar custody protections for licensed providers
    • Other offshore regimes like BVI are moving in the same direction for regulated custody structures

What this means for family offices

For most family offices, custody through Cayman or similar structures is typically governed by contract plus regulation not informal trust.Insurance can help with operational risks (theft, error, hacking), but it does not replace the need for true segregation and bankruptcy protection.

Succession: the question that breaks self-custody and tests institutional custody

Crypto has a unique succession failure mode that no other asset class shares cleanly, and I'd argue it's the single most underweighted risk in the entire family-office digital-asset conversation. The assets exist, on-chain, visible to anyone who looks. But without the keys or without a process to obtain them, they are unreachable by heirs, by trustees, by courts. Bitcoin's blockchain does not have a probate function.

Self-custody, here, fails most completely. Heirs may know that the assets exist. They may know which exchange or wallet they once lived in. They may even have the hardware.

And without the seed phrase, the PIN, and a process that survives the principal's death, the assets are inert. The estate-planning bar has been writing about this gap for years, and a substantial body of practice has developed under the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) but RUFADAA gives fiduciaries authority to access accounts. It does not magically produce keys that the principal lost or never documented.

Institutional custody changes the shape of the problem without making it disappear.

Three things have to be in place: a trust structure that explicitly authorizes the trustee to hold and manage digital assets (standard trust language often does not), a documented death-and-incapacity protocol with the custodian that names the recovery custodian and the verification process, and a separate set of recovery instructions held outside the operating chain usually with a law firm or a designated secondary custodian.

RYKIs’s bespoke structuring work tends to sit at exactly this interface, coordinating with the family's outside counsel on trust language, working through the custodian's death protocol, and documenting the secondary recovery path.

The boutique advantage shows up here in a way the platform model rarely matches: a named relationship that an executor can call, with documentation that anticipates the failure mode rather than discovering it.

Even with the best succession protocol, the regulatory regime under which the custodian operates determines what gets enforced and how which makes jurisdiction the next decision.

Jurisdictional structuring: Canada, Cayman, BVI, EU, US

Jurisdiction matters more in crypto custody than in any adjacent asset class, because the legal characterization of the asset, the regulator's specific custody rules, the tax treatment, and the enforceability of the segregation all sit in different places under different regimes.

Most published custody guidance is implicitly American. International families need a broader map.

Regulator

Regime

Custody-specific rule

Typical fit

FINTRAC (Canada)

MSB / FMSB under the Proceeds of Crime Act

AML-driven; travel rule at CAD $1,000; large virtual currency reporting

Canadian onshore families; recurring fiat-to-crypto execution

CIMA (Cayman Islands)

VASP Act; Phase 2 custody licensing since April 2025

Segregation, governance, fitness-and-propriety, three-director minimum

International families wanting tax-neutral jurisdiction with a recognized regulator

BVI FSC

VASP Act 2022

Custody licensing with AML/CFT obligations

Funds and structured holdings, common with offshore trust structures

EU (MiCA)

CASP authorization under Article 75 MiCA

Statutory segregation, no reuse, liability for loss, wind-down plan

EU-resident families; institutions with European banking relationships

US (SEC)

Advisers Act custody rule + Sept 2025 no-action letter on state trust companies

Reasonable basis, SOC reports, no rehypothecation, disclosure, best-interest determination

US-based RIAs and registered funds investing in crypto

The strategic insight here is that multi-jurisdictional families almost never pick one regime. They place assets where the regulation, the trust structure, the family's residency, and the trustee's location align. A Canadian principal with a Cayman trust and BVI fund holdings will use different custody touchpoints for different pieces, with the same operational provider running across all of them.

RYKI is registered in all three of the offshore-and-onshore regimes that matter for that pattern - FINTRAC MSB #M19525430 in Canada, CIMA VASP #2208986 in the Cayman Islands, and BVI presence through Trinity Chambers, Road Town.

That multi-jurisdictional framework is one most custodians simply don't carry; for families with cross-border exposure, the overlap is the most useful kind of due-diligence shortcut.

One operational relationship that satisfies three distinct regulatory pictures.

Boutique desk versus platform custodian

By the time a family office has worked through the regulatory, technical, and operational filters, the surviving custodians divide into two recognizable categories. The platform custodians Coinbase Custody, BitGo, Anchorage, Fidelity Digital Assets, Bakkt, and a short list of bank-affiliated peers are operationally excellent at scale and run on standardized service models.

The boutique desks are smaller, less templated, and trade scale for relationship. Both are legitimate models. They serve different family offices.

Where platforms win: high-volume treasury operations, in-house teams that prefer self-service, and standardized reporting infrastructure that plugs cleanly into family-office accounting systems. Where boutique desks win: bespoke trust structuring, white-glove operational service, multi-jurisdictional placement, banking pass-through that the platform tier doesn't replicate, and named relationships that survive a 3 a.m. call.

Not boutique-as-a-style. Boutique-as-a-substantive-difference in what gets done for the client. I'd point readers to the operational test most family offices skip. Ask the prospective custodian to walk through, in concrete terms, what happens when the principal dies on a Friday night and the trustee discovers a custody position the family didn't know about. A platform custodian's answer will be a ticket and a customer support escalation. A boutique desk's answer will involve a name, a known law firm, and a documented protocol. Both eventually resolve the situation. They resolve it on very different timelines and with very different stress on the family.

RYKI’s model sits in the boutique category by construction. The firm's own framing is institutional-grade infrastructure delivered with boutique-level care, with named-relationship execution rather than a self-service portal and the multi-jurisdictional registrations cited earlier mean the structural piece is already in place.For family offices that have worked through this decision tree and arrived at the boutique end of it, the next step is a conversation rather than a sign-up.

Speak with the RYKI team when you're ready to have one.