Executive summary
Custody is the first question every allocator asks of a digital asset fund, and in 2026 it is no longer a technology question. Institutional survey data shows regulatory compliance has become the dominant factor in custodian selection, cited by roughly two thirds of institutions this year against a quarter the year before, with key-signing protocols showing a similar jump. The custody market itself has changed shape: federal trust charters, the sector's first public listing, and the EU's MiCA authorisation deadline have separated a regulated core of providers from a long tail that will not survive institutional diligence.
For a fund manager, the practical consequence is that custodian selection is now a governance decision that allocators will later audit. This article sets out a fund-side due diligence framework across eight domains: regulatory status, segregation and bankruptcy remoteness, technology and key management, insurance, operational controls, asset and staking support, financial resilience, and integration. It also covers the common mistakes that surface in operational due diligence, and how the decision should be documented so it stands up when an allocator's ODD team asks who chose the custodian, and why.
Introduction
Every digital asset fund makes one decision that allocators, auditors, administrators and banks will all examine: where the assets sit and who can move them. A manager can recover from a mediocre first quarter. A manager cannot recover from a custody failure, and increasingly cannot raise institutional capital with a custody arrangement that was chosen on price, familiarity or the recommendation of a trading counterparty.
The difficulty is that almost all published guidance on custodian selection is written by custodians. Comparison pages, feature matrices and security whitepapers are useful inputs, but they are marketing documents. What has been missing is a neutral, fund-side framework: the questions a manager should ask, the evidence a manager should keep, and the standard an allocator will later apply. That is what follows.
Why this matters now
Three developments have reset the custody landscape in the past eighteen months.
First, regulation has become the selection criterion. In the most recent institutional investor survey data, the proportion of institutions citing regulatory compliance as a key factor in custodian selection rose to around 66%, from 25% a year earlier. Security and key-signing protocols rose even more sharply. Allocators have converged on a simple heuristic: if the custody arrangement cannot be explained in regulatory terms, the fund is not institutional.
Second, the market has stratified. A small group of custodians now hold bank or trust charters from federal or state regulators, and one major custodian completed the sector's first public listing in early 2026, bringing audited financial statements and public-market scrutiny into a segment that historically offered neither. In Europe, the MiCA authorisation deadline in mid 2026 is forcing providers either to obtain authorisation or to retreat from EU-facing business. The gap between the regulated core and everyone else is now visible and widening.
Third, the operational bar has moved. The March 2026 joint regulatory clarification on staking in the United States has made staking support a mainstream custody requirement rather than a specialist feature, and tokenised fund structures have added register and wallet-control questions that did not exist in earlier custody decisions.
A custodian decision made in 2023 and never revisited is unlikely to pass a 2026 operational due diligence review.
Industry background: the shape of the custody market
The term "custodian" is used loosely in digital assets, and the first task in any diligence exercise is to establish what kind of counterparty is actually being assessed. The market falls into four broad categories.
Chartered custodians. Entities holding a banking or trust charter, for example from a federal banking regulator or a state trust regime, that provide segregated custody as a regulated fiduciary activity. These providers most closely resemble traditional securities custodians and are typically the default answer for allocators applying a "qualified custodian" lens.
Wallet infrastructure platforms. Technology providers whose core product is key management infrastructure, most commonly multi-party computation (MPC), used by the fund or its delegates to operate wallets under the fund's own control. Some route regulated custody through affiliated or partner trust entities. The technology is often excellent; the legal character of the arrangement requires careful analysis, because infrastructure is not custody.
Exchange custody. Assets held with a trading venue, whether in ordinary exchange accounts or in a segregated custody arm of the venue's group. Post 2022, allocators treat unsegregated exchange balances as trading float, not custody, and expect them to be minimised and monitored.
Self-custody. The fund or manager operating its own key infrastructure. Defensible in narrow cases with strong internal controls, but it concentrates operational risk in the manager and attracts the most searching ODD questions.
Most institutional digital asset funds now operate a blended model: a chartered custodian for the reserve of assets, wallet infrastructure for operational flows, minimal exchange balances governed by exposure limits, and off-exchange settlement arrangements where available. The diligence exercise therefore usually covers several counterparties, not one.
The due diligence framework: eight domains
The following framework reflects the questions that recur in allocator operational due diligence. A manager who works through these domains, and keeps the evidence, has effectively pre-answered the custody section of any institutional DDQ.
1. Regulatory status and legal character
Establish precisely which legal entity holds the assets, in which jurisdiction, and under which licence or charter. Group structures matter: the entity with the strong brand is not always the entity on the custody agreement. Confirm whether the arrangement constitutes regulated custody, a technology service, or a hybrid, and whether the provider's regulatory permissions actually cover the services the fund will use, including staking and settlement. Where the fund has EU touchpoints, confirm MiCA authorisation status rather than accepting "MiCA-ready" language.
2. Segregation and bankruptcy remoteness
The central legal question: if the custodian fails, are the fund's assets part of the estate? Review the custody agreement for segregation of client assets, on-chain segregation practices (omnibus versus segregated wallets), the governing law of the arrangement, and any rights of use, rehypothecation or lending buried in the terms. Ask for the provider's own legal analysis of client asset treatment on insolvency, and have Cayman and onshore counsel review how it interacts with the fund's structure.
3. Technology and key management
Understand the key management model in enough depth to explain it to a board: MPC key sharding, multi-signature arrangements, or hardware-isolated cold storage, and how hot, warm and cold tiers are used. The diligence questions are about lifecycle, not acronyms: how keys are generated and by whom, how shares are distributed across people, devices and geographies, how the transaction policy engine enforces limits and allowlists, and what the recovery procedure is if a shareholder, device or facility is lost.
4. Insurance
Custodian insurance headlines rarely mean what managers assume. Establish what the policy actually covers (crime, specie, professional liability), whose loss it covers (the custodian's balance sheet or clients directly), the aggregate limit shared across all clients, and the exclusions, which commonly include losses arising from the client's own compromised credentials. Then consider what fund-level cover is appropriate, because the custodian's programme is not the fund's insurance.
5. Operational controls and attestations
Request the current SOC 1 and SOC 2 reports and read the exceptions, not just the cover page. Review penetration testing cadence, incident history and disclosure practice, business continuity and disaster recovery arrangements, and the provider's own personnel controls: background checks, joiner-mover-leaver processes and administrative access governance. A provider that resists sharing attestation reports under NDA is answering the question by other means.
6. Asset and activity support
Map the fund's strategy to the custodian's actual capabilities: supported networks and tokens, staking (custodial or delegated, and how slashing risk is handled), settlement and off-exchange arrangements with the venues the fund trades on, stablecoin operations, and support for tokenised instruments where relevant. Confirm service levels for withdrawals and policy changes; a custodian that takes two days to process a withdrawal is a liquidity term, and should be treated as one in the fund's redemption design.
7. Financial and business resilience
Custody is a going-concern service. Review the provider's financial condition to the extent visible (audited accounts where available, funding history where not), client concentration, and dependence on affiliated trading or lending businesses. The 2026 environment makes this easier for public and chartered providers and correspondingly harder for the long tail, which is itself information.
8. Commercial terms and integration
Finally, the operating fit: fee structure and its interaction with the fund's expense ratio, API and reporting integration with the fund's administrator, data access for NAV and audit purposes, termination and asset migration mechanics, and the practical exit plan. Asset migration between custodians is a project measured in weeks; a fund should know before signing how it would leave.
Regulatory considerations
From a Cayman perspective, custody sits inside several overlapping frameworks, and the analysis depends on the fund's structure and regulatory classification. Open-ended funds registered under the Mutual Funds Act and closed-ended funds under the Private Funds Act are generally expected to have appropriate arrangements for the safekeeping of fund assets, with the Private Funds Act containing express custody, title verification and cash monitoring provisions. The 2026 amendments introducing tailored requirements for tokenised investment funds have added specific expectations around register control, wallet authority and reconciliation for funds issuing tokenised interests. Whether a particular digital asset custody arrangement satisfies these expectations is a structure-specific question on which managers should obtain Cayman legal advice.
Managers should also be aware of the perimeter questions: where custody-like services are provided in or from Cayman, the virtual asset service provider regime may be engaged, and since April 2025 custody and trading-platform services generally require a CIMA licence rather than registration. For funds with US investors or US-adviser touchpoints, the qualified custodian analysis under the Advisers Act custody rule remains a live and evolving area, and EU-facing arrangements increasingly turn on MiCA authorisation status. None of this needs to be resolved by the manager alone, but an allocator will expect the manager to know which questions apply to its own structure and to show counsel has been through them.
Operational implications
A custody decision is not finished at signature. Three operational workstreams follow.
Wallet and transaction governance. The custodian's policy engine has to be configured to the fund's own wallet governance policy: transaction limits, allowlists, approval quorums, separation between trading and settlement authority, and emergency freeze procedures. The board should approve the policy and receive exception reporting against it.
Administrator integration. The fund's administrator needs independent data access, whether by API, read-only console access or standing reports, to reconcile on-chain and custodial balances to the NAV. A custody arrangement the administrator cannot independently verify is an audit finding waiting to happen.
Ongoing monitoring. Custody diligence is annual, not once. Attestation reports, insurance renewals, regulatory status and financial condition should be re-reviewed on a cycle, with the results minuted. Allocators increasingly ask not "who is your custodian" but "when did you last re-diligence your custodian".
Common mistakes
Six failures recur in operational due diligence reviews of digital asset funds:
- Diligencing the brand, not the entity. The custody agreement is with a subsidiary in a different jurisdiction with a different licence, or with no licence.
- Treating infrastructure as custody. Excellent key management technology operated by the manager is self-custody, with everything that implies for ODD, whatever the vendor's marketing says.
- Reading the insurance headline. Assuming a provider's headline insurance programme covers the fund's assets pound-for-pound, without reading limits, exclusions and beneficiary structure.
- Ignoring exchange balances. Running a rigorous process for the custodian while a third of the book sits in unsegregated exchange accounts without limits or monitoring.
- No documented rationale. Selecting a perfectly good custodian but keeping no record of the process, so the ODD answer to "why this custodian" is an anecdote.
- No exit plan. Discovering the mechanics of asset migration only when the relationship is already failing.
Practical recommendations
For a manager preparing a launch, or reviewing an existing arrangement, the sequence that works in practice:
- Define the fund's custody requirements from the strategy first: networks, venues, staking, settlement flows, liquidity terms. The requirement drives the model, not the reverse.
- Shortlist against regulatory status before technology. Establish the legal entity, licence and segregation position for each candidate before comparing platforms.
- Run the eight-domain review above with a standard question set, and score candidates consistently.
- Have counsel review the custody agreement, with specific attention to segregation, liability standards, sub-custody and termination.
- Configure governance before funding wallets: transaction policy, quorums, administrator access, board reporting.
- Document the decision in a short custody selection memorandum approved by the fund's directors, and diarise the annual re-review.
"Allocators no longer ask managers whether the fund uses a custodian. They ask who selected it, against what criteria, what the segregation analysis said, and when it was last reviewed. Managers who can answer with a document rather than a story clear the custody section of due diligence in one meeting," said David Lloyd, Chief Executive Officer of CV5 Capital.
Why institutional investors should care
For allocators, family offices and institutional investors reading a manager's custody arrangements, the diligence framework above doubles as a screening tool. The signal is not which provider the fund uses; several combinations are defensible. The signal is whether the manager can produce the segregation analysis, the selection memorandum, the wallet policy, the administrator's independent reconciliation, and the most recent annual review. Funds that hold those documents tend to hold the rest of their operational stack to the same standard. Funds that cannot produce them are asking the allocator to underwrite an undocumented risk, in the one asset class where custody failure is irreversible.
How the CV5 Capital platform model addresses custody
CV5 Capital is the Cayman-headquartered institutional fund infrastructure platform for hedge fund and digital asset managers who need to launch quickly, operate properly, and satisfy serious investors from day one. Funds launch as segregated portfolios within CV5 Digital SPC, a CIMA-regulated umbrella structure, with custody arrangements established at the fund level under a governance framework that includes board-approved wallet and transaction policies, administrator reconciliation access, and documented service provider selection and review.
The platform does not replace the manager's judgement on custody, and it does not act as custodian; custodians are appointed at the fund level under their own agreements. What the platform provides is the institutional wrapper around the decision: the selection and review process, the policy framework, the reconciliation and reporting plumbing, and the governance record that allocators expect to see. For an emerging manager, that converts custody from a diligence vulnerability into one of the stronger pages of the DDQ.
Conclusion
Custody selection in 2026 is a regulatory and governance exercise with a technology component, not the reverse. The market has stratified into a regulated core and a long tail; allocators have raised the evidential bar; and Cayman's own framework now asks sharper questions of tokenised and digital asset structures. Managers who run a documented, eight-domain diligence process, configure governance before assets move, and re-review annually will find that custody becomes a strength in capital raising rather than the first difficult conversation. Managers who inherit an arrangement from a prior trading life and leave it unexamined should expect ODD teams to find it before they do.
Frequently asked questions
Does a Cayman digital asset fund have to appoint a custodian?
The requirements depend on the fund's regulatory classification and structure. Cayman regulated funds are generally expected to have appropriate arrangements for the safekeeping of fund assets, and the Private Funds Act contains specific custody and title verification provisions for funds within its scope. What is appropriate for a particular digital asset strategy is a structure-specific question that should be reviewed with Cayman counsel.
What is a qualified custodian for digital assets?
"Qualified custodian" is a US concept under the Advisers Act custody rule, generally referring to banks, trust companies, registered broker-dealers and certain other regulated entities. Its application to digital assets remains an evolving area, and whether a given provider satisfies it depends on the provider's charter and the adviser's own regulatory position. Managers with US touchpoints should take specific advice.
Is MPC wallet infrastructure the same as custody?
No. MPC is a key management technology. It can be operated by a regulated custodian as part of a custody service, or by a fund or manager as self-custody infrastructure. The legal character of the arrangement depends on who controls the keys and under what agreement, not on the technology itself.
How often should a fund re-diligence its custodian?
Annually is the standard institutional expectation, with the review minuted and covering regulatory status, attestation reports, insurance, financial condition and service performance. Material events, such as a change of control or a security incident at the provider, should trigger an interim review.
Does custodian insurance protect the fund's assets?
Not automatically. Custodian insurance programmes typically carry aggregate limits shared across all clients, cover specific loss events, and contain material exclusions. Managers should understand what the programme actually covers and consider fund-level insurance separately.
This article is for general information only and does not constitute legal, regulatory, tax, or investment advice. Fund managers should obtain advice based on their specific structure, investors, strategy, and regulatory obligations. CV5 Capital is registered with the Cayman Islands Monetary Authority (Registration Number 1885380, LEI 984500C44B2KFE900490).