Custodians should disclose third-party custody dependencies to clients whenever those relationships create a material risk to the safekeeping, availability, or clear title of client assets. Guidance from the U.S. Securities and Exchange Commission staff and the Office of the Comptroller of the Currency emphasizes that firms must identify and communicate risks that a reasonable client would consider important to decision-making. Disclosure is not merely a formality: it supports transparency, helps clients assess trust, and reduces downstream harm from operational failures or conflicts.
Scope and timing of disclosure
Disclosure is required at key moments: when onboarding a client, when entering or materially changing a third-party arrangement, and promptly when a dependency becomes compromised. The U.S. Securities and Exchange Commission staff requires advisers and custodians to describe custody arrangements and material conflicts in written disclosures and regulatory filings. Similarly, the Office of the Comptroller of the Currency guidance on third-party relationships stresses continuous monitoring and timely client notification when risk profiles change. Routine mention of trivial, non-material providers may create noise; timely focus should be on dependencies that affect asset control, settlement, or auditability.
Causes and consequences
Outsourcing core functions to subcustodians, correspondent banks, cloud providers, or affiliates creates dependency chains that increase concentration and systemic risk. The Financial Stability Board highlights how reliance on a small set of third parties can amplify operational shocks across jurisdictions. Consequences of nondisclosure include delayed recovery after incidents, regulatory sanctions, financial loss to clients, and reputational damage for custodians. In cross-border custody, territorial legal differences and cultural expectations about fiduciary duty can magnify harm for clients in emerging markets where local recourse is limited.
Practical indicators for disclosure
Custodians should treat as material and disclose relationships that involve control of keys or accounts, sole-provider settlement paths, lack of independent auditability, or significant geographic concentration. Disclosures should explain the nature of the dependency, the jurisdictional implications, mitigation measures such as redundancy or insurance, and the custodian’s incident response commitments. Plain-language explanations that respect client sophistication and local cultural norms increase comprehension and trust.
Clear, timely disclosure aligned with regulatory guidance and honest appraisal of risks preserves client autonomy and strengthens systemic resilience.