Global standards and anti-money laundering
Crypto custody is shaped first by international standards that seek to reduce illicit finance and harmonize supervision. Financial Action Task Force issued Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers and set expectations on know-your-customer controls and transaction monitoring. International Organization of Securities Commissions published reports that emphasize operational resilience and client segregation for custodians. These global documents drive national rulemaking because AML obligations and cross-border trading risks create systemic exposure if custody is weak. Different countries interpret these standards unevenly, producing patchwork compliance burdens for global firms.
United States: securities, banking, and AML
In the United States custody operations fall under multiple regulators with overlapping mandates. U.S. Securities and Exchange Commission enforces securities laws and applies the Investment Advisers Act custody rule to registered advisers holding client assets, with additional staff guidance addressing digital assets. Financial Crimes Enforcement Network issued long-standing guidance on how anti-money laundering and money transmitter rules apply to virtual currency businesses, requiring registration and reporting. Office of the Comptroller of the Currency issued interpretive guidance that allowed national banks and federal savings associations to provide custody services for crypto assets under bank safety and soundness standards. New York Department of Financial Services established the BitLicense regulatory framework that imposes licensing, capital, cybersecurity, and consumer protection requirements for virtual currency businesses operating in New York. The practical consequence is that custodians in the United States must satisfy a mix of securities custody rules, banking supervision, and AML licensing, creating high compliance costs and often favoring larger, regulated institutions.
European Union and territorial harmonization
European Union law now directly governs many aspects of custody through Markets in Crypto-Assets Regulation adopted by the European Commission which creates a single regime for issuance, custody, and service providers across member states. European regulators emphasize investor protection, operational custody segregation, and prudential safeguards for custodians. Member states retain some discretion on topics such as licensing timelines and prudential backstops, so cross-border firms still manage local variations.
Causes, consequences, and human context
The regulatory layering is a response to several causes: high-profile custody failures that harmed retail investors, the anonymity and irreversibility of many crypto transfers, and the rapid institutional demand for custody as a precondition to pension and mutual fund investment. As a consequence, regulated custody provides higher consumer protections but raises costs that can exclude smaller providers and shape market geography. Culturally, jurisdictions with strong banking traditions tend to integrate crypto custody into existing bank supervision while more innovation-focused territories create bespoke licensing regimes. Environmentally, custody choices intersect with consensus mechanisms because custodians of proof-of-work assets may face reputational and policy scrutiny related to energy use.
Practical compliance therefore involves aligning AML/KYC, custody segregation, sanctions screening, and prudential capital or insurance requirements across the applicable frameworks set by international bodies and the principal national regulators named above. Operators and clients must map which rule applies to their asset type, legal classification, and the territories where services are offered to avoid regulatory gaps or enforcement risk.