Governance & Institutional Standards
Independent Governance Over On-Chain Risk: What Institutional Investors Cannot Afford to Overlook
On-chain asset management has introduced a category of governance, compliance, and counterparty risk that many digital asset fund structures have not resolved and that institutional investors are only beginning to examine with the rigour the issue demands. The absence of verifiable AML and KYC controls, the delegation of compliance responsibilities to exchanges that cannot be relied upon to perform them, and the lack of independent governance over on-chain activity represent structural deficiencies that disqualify a significant portion of the current digital asset fund market from genuine institutional participation.
By CV5 Capital | April 2026
The Governance Gap That the Industry Has Not Resolved
The digital asset fund industry has made meaningful progress over the past three years in addressing the operational and governance deficiencies that were exposed by the failures of 2022. Independent custody, audited financials, credible regulatory registration, and the appointment of genuinely independent directors have become increasingly standard elements of institutional fund formation in the asset class. These developments are genuine and important. They do not, however, address a more fundamental category of governance risk that sits at the level of how on-chain asset management activities are conducted, monitored, and governed within fund structures that claim to meet institutional standards.
The risk in question is not hypothetical. It arises directly from the operational model that a significant number of digital asset fund managers use when they manage assets through centralised exchange accounts, execute trades via APIs connected to accounts that are nominally held in the fund's name but operationally controlled by exchange relationships that have not been subject to the fund's own AML and KYC procedures, and deploy capital into on-chain protocols whose participants have not been screened against sanctions lists and whose transaction counterparties are entirely pseudonymous. Each of these activities, individually, raises compliance questions that a properly governed institutional fund should be able to answer. Collectively, in a fund structure that lacks independent oversight of the on-chain activity layer, they create a compliance exposure that institutional investors are taking on without full awareness of its dimensions.
This article examines that exposure directly, without the hedging that characterises most industry discussion of on-chain compliance risk. It addresses the specific governance failure represented by the practice of designating client accounts on centralised exchanges, the compliance obligations that are created by on-chain asset management and that cannot be discharged by relying on the exchange, the audit implications of on-chain activity that is inadequately governed, and the standard that institutional investors should insist upon before committing capital to any fund whose strategy involves meaningful on-chain or exchange-based activity.
The Designated Account Problem: Who Is Actually Responsible for Compliance?
A practice that has become widespread in the digital asset fund management industry involves the fund manager operating client assets through accounts on centralised exchanges that are designated, or named, in the fund's name but that rely on the exchange's own onboarding and ongoing monitoring procedures to satisfy the AML, KYC, and sanctions screening obligations applicable to the activity conducted through those accounts. In its most common form, the arrangement works as follows: the fund or the fund manager opens an account on one or more centralised exchanges, provides the exchange with whatever onboarding documentation the exchange requires, and then operates the fund's trading activity through that account on the basis that the exchange's onboarding procedures constitute sufficient compliance with the applicable AML and KYC requirements.
This arrangement raises a question that every institutional investor should ask before committing capital to a fund that uses it: if the exchange's compliance procedures are the primary or sole mechanism through which the fund's trading activity is screened against AML, KYC, and sanctions obligations, and those procedures fail, are inadequate, or are applied inconsistently, who bears the compliance responsibility for the transactions that pass through the account?
The answer, in the regulatory frameworks applicable to fund managers in the Cayman Islands and most other jurisdictions, is the fund manager. The investment manager's obligation to maintain an adequate AML and CFT programme is not discharged by relying on the compliance procedures of a third-party exchange. The manager's AML obligations run to the fund and to the applicable regulatory authority. They require the manager to implement and maintain its own AML programme, its own KYC procedures for its own investors and counterparties, and its own sanctions screening for transactions conducted on behalf of the fund. The exchange's procedures, whatever their quality, satisfy the exchange's own compliance obligations. They do not satisfy the fund manager's.
Why Exchange-Reliance Is Structurally Insufficient
The compliance limitations of relying on a centralised exchange to perform AML, KYC, and sanctions screening functions on behalf of a fund manager are not theoretical. They arise from specific and well-documented characteristics of how centralised exchanges operate, the standards to which they are held by the regulatory frameworks applicable to them, and the interests that shape how they apply those standards in practice.
Centralised exchanges are required to perform customer due diligence on the accounts they onboard, which in the context of a fund manager means due diligence on the fund or the fund manager as an entity, not on the underlying investors in the fund or on the counterparties with whom the fund transacts on-chain. The exchange's KYC procedures address the identity of the account holder. They do not address the identity of the beneficial owners of the capital being deployed through that account, the source of those funds, the sanctions status of the fund's investors, or the compliance profile of the on-chain counterparties with whom the fund's transactions ultimately settle. These are the compliance questions that the fund manager's own programme is required to answer, and they are not answered by the exchange's onboarding procedures for the account.
Furthermore, several of the largest centralised exchanges have themselves been subject to significant regulatory enforcement actions in multiple jurisdictions relating to failures in their own AML, KYC, and sanctions screening programmes. A fund manager whose compliance framework relies on the exchange's procedures to satisfy obligations that the manager is independently required to discharge is building its compliance architecture on a foundation that has demonstrably failed in the past and that operates to the exchange's commercial standards rather than to the regulatory standards applicable to the fund.
"The exchange's compliance programme satisfies the exchange's regulatory obligations. It does not satisfy the fund manager's. These are different entities, subject to different regulatory frameworks, with different obligations to different authorities. Conflating them is not a compliance strategy. It is a compliance gap."
— David Lloyd, Chief Executive Officer, CV5 Capital
On-Chain Activity: The Compliance Frontier That Most Fund Structures Have Not Crossed
Beyond the designated account problem sits a broader and in some respects more challenging compliance frontier: the on-chain activity conducted by funds that interact directly with decentralised finance protocols, execute peer-to-peer transactions on public blockchains, and receive assets from and send assets to counterparties whose identity is known only as a wallet address. On-chain activity of this kind sits at the boundary of the compliance frameworks that fund managers have developed for traditional financial activity, and the majority of fund managers operating strategies with significant on-chain exposure have not developed compliance programmes that adequately address its specific characteristics.
!
No wallet-level sanctions screening
Fund managers executing on-chain transactions frequently do not screen the wallet addresses of counterparties, liquidity pools, or protocol smart contracts against OFAC and equivalent sanctions lists before transacting with them. Receiving assets from or sending assets to a sanctioned wallet address constitutes a sanctions violation regardless of whether the manager was aware of the address's sanctions status at the time of the transaction.
!
No source of funds verification for on-chain counterparties
On-chain transactions involve counterparties whose identity is entirely pseudonymous. The absence of any mechanism to verify the source of funds received from on-chain counterparties, or the ultimate beneficial ownership of assets deposited into DeFi protocols, creates an AML exposure that is not addressed by the fund's investor-level KYC procedures.
!
No independent monitoring of on-chain transaction activity
The fund manager's own trading desk controls the execution of on-chain transactions. Where there is no independent monitoring of that activity, including no independent review of the wallet addresses interacted with and no independent assessment of the compliance profile of the protocols used, the fund's compliance programme has no visibility into a category of activity that creates material regulatory exposure.
!
Protocol governance and smart contract risk not addressed in the compliance framework
Funds deploying capital into DeFi protocols interact with smart contracts whose governance, development team, and regulatory status may change without notice. The fund's compliance programme should address the protocol-level due diligence conducted before deployment and the ongoing monitoring of protocol governance changes, but in most fund structures this is left entirely to the investment manager's discretion without independent oversight.
!
No audit trail for on-chain compliance decisions
In a traditionally structured fund, compliance decisions including counterparty due diligence, transaction monitoring alerts, and sanctions screening results are documented and available for regulatory examination. In a fund whose on-chain trading activity is not subject to independent monitoring and documentation, the compliance decision trail required to demonstrate that the fund's AML programme was applied to on-chain transactions may simply not exist.
!
Fund administrator has no visibility into on-chain compliance activity
Fund administrators calculate NAV and maintain investor records, but in most digital asset fund structures the administrator has no role in monitoring or documenting the compliance dimensions of on-chain trading activity. The compliance oversight function that the administrator provides in relation to investor onboarding does not extend to the on-chain activity of the portfolio, leaving a material gap in the fund's independent oversight architecture.
The AML and Sanctions Screening Standard That Institutional Investors Should Require
Institutional investors who are serious about the compliance standards applicable to funds in which they invest should be asking a specific set of questions about how AML, KYC, and sanctions screening obligations are discharged in relation to on-chain activity. The questions that follow are not aspirational. They are the baseline compliance governance standard that a fund managing institutional capital and conducting material on-chain activity should be able to answer clearly and affirmatively. A fund that cannot answer them has a compliance programme that does not adequately cover the on-chain dimension of its operations.
On-Chain Compliance: Questions Every Institutional Investor Should Ask
- Does the fund's AML programme explicitly address on-chain transaction activity, including the screening of wallet addresses against sanctions lists prior to transacting?
- What blockchain analytics tools does the fund use to screen on-chain counterparties, and who within the governance structure is responsible for reviewing and acting on the outputs of those tools?
- How does the fund's compliance programme address the receipt of assets from DeFi protocols whose liquidity pools contain funds contributed by unknown or potentially sanctioned counterparties?
- Who is responsible for sanctions screening of on-chain transactions: the investment manager, the fund's AML officer, or is it assumed to be the exchange's responsibility?
- Is the on-chain transaction activity of the fund subject to independent monitoring by a party other than the investment manager's own trading desk?
- What due diligence is conducted on DeFi protocols before capital is deployed, who conducts it, and is the outcome of that due diligence reviewed and approved by the fund's independent board?
- How are compliance decisions relating to on-chain transactions documented, and is that documentation available to the fund's administrator and auditor for the purposes of the annual audit?
- Does the fund's annual audit specifically address the compliance governance of on-chain activity, or does the audit scope cover only the traditional financial statements without addressing the on-chain compliance dimension?
Why This Is Not a Business That Institutional Investors Can Participate In
The governance and compliance failures described in this article are not edge cases. They characterise a substantial portion of the digital asset fund market that presents itself to investors as offering institutional-grade fund structures while operating an on-chain compliance programme that falls materially short of the standard that institutional investors apply in any other context. The gap between the institutional presentation and the operational reality is wide enough, and the consequences of investing in a fund whose compliance programme cannot withstand regulatory scrutiny are severe enough, that a clear statement of the issue is warranted.
Institutional investors, including pension funds, endowments, insurance mandates, and family offices with formal investment mandates, operate within fiduciary frameworks that require them to satisfy themselves that the funds in which they invest maintain adequate compliance programmes. Those fiduciary frameworks do not distinguish between on-chain and off-chain activity. They require compliance adequacy across the full scope of the fund's operations. A fund whose compliance programme cannot account for the on-chain activity through which a material portion of its returns are generated is a fund whose compliance programme is inadequate, regardless of the quality of its investor-level KYC procedures or its CIMA registration status.
The practical consequence for institutional investors who invest in such funds is exposure to regulatory risk that may materialise in their own jurisdiction rather than, or in addition to, the fund's jurisdiction. Institutional investors subject to ERISA, UK Financial Conduct Authority requirements, or European AIFMD regulations have their own compliance obligations in relation to the funds they invest in, and those obligations include satisfying themselves that the fund's compliance programme meets applicable standards. An allocation to a fund whose on-chain compliance governance cannot withstand scrutiny creates exposure for the institutional investor's own compliance programme as well as for the fund itself.
There is also the question of what happens when a compliance failure materialises. Sanctions violations, AML failures, and the receipt of assets linked to illicit activity are not administrative infractions in most jurisdictions. They carry significant financial penalties, reputational consequences, and in serious cases criminal liability exposure for the responsible individuals. A fund whose on-chain compliance programme is inadequate is not simply operating below institutional standards in an abstract sense. It is creating a specific and identified pathway through which regulatory enforcement action, asset freezing, and reputational damage can occur, with consequences that extend to the fund's investors as well as its management.
The Audit Dimension: What Auditors Cannot Certify Without Independent Governance
The annual audit of a digital asset fund is, among other things, the mechanism through which the fund's financial statements are independently verified and the compliance dimensions of the fund's operations are examined by a party independent of the investment manager. For funds with material on-chain activity, the audit should include specific procedures addressing the completeness and accuracy of the on-chain transaction records, the compliance governance of those transactions, and the reconciliation of on-chain activity with the fund's traditional books and records.
In practice, auditors auditing digital asset funds with inadequate on-chain compliance governance face a specific limitation: they can audit what they can see, but they cannot certify the compliance adequacy of a programme that does not exist or that does not generate the documentation required to assess it. A fund whose on-chain trading activity is not subject to independent monitoring, not documented in a manner accessible to the auditor, and not reviewed against a compliance framework that addresses the specific characteristics of on-chain transactions will produce financial statements in which the auditor's ability to express an opinion on the fund's compliance with applicable AML and sanctions requirements is materially constrained.
For institutional investors who review audited financial statements as part of their ongoing monitoring of fund investments, the presence or absence of specific audit commentary on on-chain compliance governance is itself an informative signal. An audit that does not address the compliance governance of the on-chain activity that generated a material portion of the fund's returns is not a clean institutional audit in any meaningful sense. It is an audit that has been conducted over the portion of the fund's operations that lent themselves to traditional audit procedures, with the on-chain compliance dimension either unaddressed or addressed only at a level of generality that provides limited assurance.
The Standard That a Properly Governed On-Chain Fund Should Meet
The compliance and governance failures described in this article are not arguments against on-chain asset management as an institutional strategy. They are arguments for the standard of governance, compliance infrastructure, and independent oversight that on-chain asset management requires before it is appropriate for institutional capital. That standard is achievable. Funds that meet it exist, and they are distinguished from those that do not by a set of specific operational and governance characteristics that institutional investors can identify and verify in due diligence.
Independent AML Officer
The fund's AML officer is independent of the investment manager and has specific responsibility for the compliance governance of on-chain transaction activity, including documented procedures for wallet-level sanctions screening and on-chain counterparty due diligence.
Blockchain Analytics Integration
The fund's compliance programme incorporates blockchain analytics tools that screen on-chain transaction counterparties against sanctions lists and assess the risk profile of wallet addresses before transactions are executed. The outputs of these tools are documented and reviewed by an independent party.
Independent Board Oversight
The fund's independent board exercises oversight of the on-chain compliance programme, receives regular reporting on on-chain compliance activity and any identified issues, and approves the protocol due diligence framework within which the investment manager is authorised to deploy capital on-chain.
Documented Protocol Due Diligence
Before capital is deployed into any DeFi protocol, a documented due diligence assessment is conducted covering the protocol's audit history, governance structure, regulatory status, and sanctions risk profile. The assessment is reviewed and approved by the AML officer and, for new or higher-risk protocols, by the independent board.
Exchange Relationship Governance
The fund's use of centralised exchange accounts is governed by a documented framework that addresses the division of compliance responsibilities between the fund's own AML programme and the exchange's procedures, confirming that exchange-reliance does not discharge the fund's independent obligations.
Audit Scope Covering On-Chain Activity
The annual audit explicitly addresses the compliance governance of on-chain transaction activity, including independent verification of on-chain transaction records, review of the documented compliance procedures applied to on-chain activity, and specific commentary on the adequacy of the on-chain compliance framework in the auditor's report.
How CV5 Capital Approaches On-Chain Governance
CV5 Capital is a CIMA regulated fund formation and governance platform. The on-chain governance standards described above are not aspirational requirements that funds on the platform work toward. They are the baseline operational standard against which the governance framework of every fund on the platform is maintained from the point of launch.
The AML and CFT compliance programme maintained at the platform level addresses on-chain transaction activity as a distinct and specifically governed category of fund operations, separate from but integrated with the investor-level KYC and AML procedures applicable to subscriptions and redemptions. The programme includes documented procedures for on-chain counterparty assessment, exchange relationship governance that clearly defines the division of compliance responsibilities between the platform's own programme and those of exchange counterparties, and protocol due diligence requirements that are subject to independent board review before capital deployment.
The independent board oversight provided through the platform specifically addresses the on-chain compliance dimension of fund operations, including regular review of on-chain compliance activity reporting and board-level approval of any changes to the protocol eligibility framework within which the investment manager is authorised to deploy capital. The annual audit scope for all funds on the platform covers the compliance governance of on-chain activity as an explicit audit procedure, not as an incidental observation in the general audit process.
For institutional investors evaluating whether a digital asset fund meets the on-chain governance standard that genuine institutional participation requires, the CV5 Capital platform provides the governance documentation, independent oversight architecture, and compliance programme specificity that the questions in this article require answered. For managers seeking to build a digital asset fund that can withstand institutional due diligence on its on-chain compliance governance, the platform provides the infrastructure within which those standards can be met from day one rather than retrofitted after investor concerns have already surfaced.
Further information about CV5 Capital's approach to on-chain governance and the platform's compliance infrastructure is available at cv5capital.io or by contacting the team at info@cv5capital.io.
Conclusion: On-Chain Does Not Mean Outside Compliance
The most consequential misconception in the digital asset fund industry is that on-chain activity exists in a compliance space that is different from, and less demanding than, the compliance space applicable to traditional fund operations. This misconception is not supported by the regulatory frameworks applicable to fund managers, by the enforcement actions that have been taken by regulatory authorities against digital asset firms, or by the fiduciary standards applicable to institutional investors. On-chain transactions are transactions. They are subject to AML, KYC, and sanctions obligations. They must be governed, monitored, documented, and audited to the same standards as any other category of fund activity that carries compliance risk.
The practice of delegating those obligations to exchanges, relying on pseudonymous counterparty relationships to satisfy due diligence requirements, and operating on-chain trading activity outside any independent governance or monitoring framework is not a feature of institutional digital asset fund management. It is a characteristic of a category of digital asset fund that has not yet reached the institutional standard, regardless of the quality of its performance record or the sophistication of its marketing materials.
Institutional investors who apply rigorous governance standards across every other dimension of their alternative investment due diligence should apply exactly the same rigour to the on-chain compliance governance of digital asset funds. The consequences of not doing so are not limited to the fund. They extend to the institutional investor itself, through its own compliance obligations, its own fiduciary duties, and its own exposure to the regulatory and reputational consequences that follow from investing in a fund whose compliance programme cannot account for the activity through which it generates its returns.
This article is published for informational purposes only and does not constitute legal, regulatory, investment, or compliance advice. References to regulatory enforcement actions and compliance obligations are general in nature and the applicable requirements vary by jurisdiction and entity type. Managers and investors should obtain independent professional advice in relation to their specific compliance obligations and the due diligence standards applicable to their investment mandates. CV5 Capital is registered with the Cayman Islands Monetary Authority (CIMA Registration No. 1990085, LEI: 9845004EMS63A8938362).
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)