Institutional Crypto Custody 2026: Segregation, Controls, and Why Banks Keep Coming Back

Crypto custody is the infrastructure layer that determines whether institutional capital can enter digital assets safely. It is also the layer where the gap between marketing language and operational reality is widest. In 2026, the institutional custody landscape includes crypto-native custodians, exchange-affiliated custody arms, traditional banks building bespoke solutions, and a growing number of hybrid models -- and the differences between them in terms of actual asset protection are more significant than their sales materials suggest.

The FTX collapse demonstrated that custody was the central failure point: customer assets were not segregated, were not subject to independent controls, and were available for the platform to deploy at will. Every serious institutional investor learned the same lesson, and the custody question has moved from back-office detail to front-of-mind diligence item. Understanding how custody actually works -- the segregation models, the control frameworks, the insurance realities, and the regulatory requirements -- is no longer optional for anyone allocating meaningful capital to digital assets.

For related coverage on how regulated wallet infrastructure intersects with tokenisation, see our earlier piece on tokenisation and the regulated wallet.

The Custody Landscape in 2026​

The institutional custody market has stratified into several distinct categories, each with different risk profiles, regulatory standings, and operational characteristics.

Crypto-Native Qualified Custodians -- Coinbase Custody (New York Trust Company charter), BitGo Trust, Anchorage Digital Bank, Fireblocks -- were first to build institutional-grade custody for digital assets. They hold state or federal charters qualifying them under the Investment Advisers Act.

Exchange-Affiliated Custody -- Binance Custody, Kraken, and exchange prime brokerage products -- integrates custody with trading but raises structural questions about custodian independence from trading operations. The FTX experience made this integration a red flag.

Traditional Bank Custodians -- BNY Mellon, State Street, Standard Chartered -- bring regulatory credibility and institutional relationships but also legacy technology stacks not designed for blockchain key management.

Self-Custody Infrastructure Providers -- Ledger Enterprise, Taurus, Copper -- provide technology for institutions to custody their own assets, shifting responsibility to the institution itself.

The market is not converging on a single model. Different institutional investors have different requirements based on their regulatory regime, asset size, trading frequency, and internal capabilities. A pension fund has different custody needs than a hedge fund, which has different needs than a corporate treasury.

Asset Segregation: Omnibus vs. Segregated​

The single most important structural question in crypto custody is how client assets are segregated -- or whether they are segregated at all.

Omnibus custody pools all client assets in shared wallets with internal accounting tracking each client's entitlement. This is operationally efficient but carries insolvency risk: commingled assets may be treated as part of the custodian's estate. The FTX bankruptcy demonstrated that recovering from an omnibus pool is slower and less certain than recovering separately held property.

Segregated custody maintains distinct on-chain wallets for each client, providing stronger property claims in insolvency and enabling independent verification. The cost is higher operational complexity and on-chain fees.

Hybrid models are increasingly common: large holdings in segregated wallets, smaller operational balances on an omnibus basis.

For institutional investors, the segregation model should be a primary due diligence question. The answer directly affects their recovery position in a worst-case scenario.

The Control Framework: Key Management and Signing Ceremonies​

The technical core of crypto custody is private key management. Whoever controls the private keys controls the assets. The institutional custody framework builds multiple layers of control around key generation, storage, and usage.

Key Generation​

Institutional custodians generate keys in secure environments -- typically hardware security modules (HSMs) or secure multi-party computation (MPC) protocols. HSMs are dedicated hardware devices certified to tamper-resistant standards (FIPS 140-2 Level 3 or 4) that prevent key extraction. MPC distributes key generation and signing across multiple parties such that no single party ever holds the complete key.

HSM-based systems create clear security boundaries but introduce single points of failure and geographic constraints. MPC-based systems eliminate single points of failure but add complexity around node coordination. Both approaches are institutional-grade when properly implemented. The important question is how the implementation handles key ceremony procedures, backup and recovery, and access controls.

Signing Ceremonies​

A signing ceremony is the process by which a transaction is authorized and signed. For institutional custody, this typically involves multiple authorization steps:

1. Transaction initiation by an authorized party (e.g., portfolio manager).
2. Compliance and policy checks -- the transaction is screened against whitelisted addresses, transaction limits, and AML/sanctions requirements.
3. Multi-party approval -- multiple authorized signers must approve the transaction, typically through an m-of-n quorum (e.g., 3 of 5 key holders must approve).
4. Signing execution -- the approved transaction is signed using the HSM or MPC protocol.
5. Broadcast -- the signed transaction is submitted to the blockchain.

The specific parameters -- how many approvals are required, who can initiate, what limits trigger escalation, how the signing infrastructure is geographically distributed -- define the control framework's strength. Institutional investors should understand these parameters for their custodian and verify that they match the custodian's marketing claims.

Insurance Coverage and Its Real Limitations​

Custody insurance is one of the most misunderstood aspects of institutional crypto custody. Many custodians advertise insurance coverage, but the details -- what is covered, what is excluded, and how much coverage is actually available -- often do not match the impression created by the headline number.

What Is Typically Covered​

Most crypto custody insurance policies cover losses resulting from theft of private keys through external hacking, internal fraud by custodian employees, and physical destruction of key material. Some policies extend to cover loss during transit (key ceremony transfers) and social engineering attacks that compromise key access.

What Is Typically Excluded​

Most policies exclude: losses resulting from software bugs or smart contract vulnerabilities, losses due to blockchain protocol failures or forks, losses from regulatory action (government seizure), market value fluctuations during the claims process, and losses resulting from the client's own operational errors (sending to the wrong address).

The Coverage Gap​

The total insurable capacity for crypto custody in the global insurance market is estimated at $5 to $10 billion as of 2026. The total value of assets held in institutional crypto custody exceeds $300 billion. The math is simple: there is not enough insurance capacity to cover a major systemic event. Individual custodians may carry $100 million to $500 million in coverage -- significant in absolute terms, but potentially a fraction of the assets under custody.

Institutional investors should ask for the certificate of insurance, understand the policy limits relative to total assets under custody, and recognize that insurance is a partial mitigation, not a guarantee.

SAB 121 and Its Impact on Bank Custody​

Staff Accounting Bulletin 121 (SAB 121), issued by the SEC in 2022, has been one of the most significant regulatory obstacles to bank entry into crypto custody. SAB 121 required that entities custodying crypto assets on behalf of customers must recognize those assets as liabilities on their own balance sheet, with a corresponding asset for the obligation to return the crypto.

For banks, this treatment is punitive. Balance sheet recognition of crypto custody liabilities triggers capital reserve requirements that make custody economically unviable at scale. A bank custodying $1 billion in Bitcoin would need to set aside capital against that $1 billion liability -- a treatment that does not apply to traditional securities custody, where customer assets are held off-balance-sheet.

Congress passed legislation to overturn SAB 121, which was vetoed in 2024. The SEC's position evolved through 2025, with staff guidance providing narrow relief for certain banking organizations. As of early 2026, some banks have obtained sufficient regulatory comfort to proceed while others remain on the sidelines. The trajectory is toward resolution, but the delay has cost the industry several years of bank custody development.

Why Banks Keep Entering Despite Complexity​

Given the regulatory friction, the technical challenges, and the reputational risk, a reasonable question is: why do banks keep entering digital asset custody?

Client demand is the primary driver. Institutional investors -- pension funds, endowments, family offices, sovereign wealth funds -- want exposure to digital assets, and many of them are required by their own mandates or regulations to use a qualified custodian. If their existing banking relationship cannot provide custody, they will go to a competitor who can. Banks are entering crypto custody defensively, to retain client relationships.

Revenue opportunity is secondary but real. Custody fees for digital assets are meaningfully higher than for traditional securities. Traditional securities custody has been compressed to single-digit basis points; digital asset custody commands 10-50 basis points depending on the service level and asset class. For a bank custodying billions in digital assets, this represents meaningful revenue.

Infrastructure positioning is the longer-term play. Banks that build digital asset custody capability now are positioning themselves for tokenized securities, tokenized deposits, and other digital asset categories that are expected to grow substantially. The custody infrastructure for native crypto assets and tokenized traditional assets shares significant overlap. Investing in custody now creates optionality for future product lines.

The pattern across BNY Mellon, State Street, Standard Chartered, and others is consistent: announce, build slowly, navigate regulatory complexity, and gradually expand. The pace frustrates crypto-native observers, but the direction has not reversed.

The Qualified Custodian Question​

Under SEC rules, registered investment advisers must generally custody client assets with a "qualified custodian" -- a bank, broker-dealer, FCM, or foreign financial institution. Crypto-native custodians have used various structures: state trust company charters (Coinbase, BitGo), national bank charters (Anchorage), and broker-dealer registrations. Whether crypto-native trust companies provide equivalent protection to traditional bank custodians remains contested, and the ambiguity affects advisers' willingness to allocate through certain custodians.

Our Exchange Watch coverage tracks how these regulatory dynamics affect platform operations and user access.

MiCA Custody Requirements​

MiCA establishes specific custody requirements for EU crypto-asset service providers: asset segregation from the CASP's own assets, custody policies specifying applicable measures, adequate safeguards against loss including insurance or own-funds coverage, and asset return requirements in insolvency. The framework is more prescriptive than the US approach, directly addressing the failure modes exposed by FTX, but creates compliance costs that favour larger custodians.

The Gap Between Marketing and Protection​

A final note on institutional due diligence: custodians' marketing materials and the operational reality often diverge. Common areas of divergence include:

Insurance coverage. Headline numbers may include crime insurance, specie insurance, and errors-and-omissions insurance aggregated together, even though each covers different scenarios. The effective coverage for any single loss event may be much lower than the aggregate number suggests.

Segregation claims. Some custodians claim segregated custody while maintaining omnibus wallet structures with internal sub-accounting. This provides the operational efficiency of omnibus custody with the marketing language of segregation. The legal protection in insolvency may be weaker than true on-chain segregation.

Audit and attestation. SOC 2 Type II certification is the industry standard for operational controls, but it certifies the existence and operation of controls -- not their effectiveness against all attack vectors. A SOC 2 report does not mean the custodian is immune to compromise.

Institutional investors should request and review: the custody agreement's insolvency treatment of client assets, the actual wallet architecture (omnibus vs. segregated), the insurance policy details (not just the headline number), the latest SOC 2 report, and the signing ceremony and key management procedures. Any custodian unwilling to provide this information does not deserve institutional capital.

For broader research on the institutional infrastructure landscape, our research section provides ongoing analysis.

FAQ​

What is the difference between a custodian and an exchange?​

A custodian holds assets on behalf of clients with a fiduciary duty to safeguard them. An exchange is a trading venue that may also hold assets but whose primary function is facilitating trades. Some exchanges offer custody services (Coinbase, for example, operates both an exchange and a separate custody entity), but the regulatory standards, asset segregation requirements, and fiduciary obligations may differ between the exchange and custody functions.

Is self-custody safer than using an institutional custodian?​

It depends on the institution's and the individual's operational capability. For an entity with strong internal controls, experienced key management personnel, and robust backup procedures, self-custody eliminates counterparty risk. For an entity without these capabilities, self-custody introduces operational risk (key loss, procedural errors) that may exceed the counterparty risk of using a regulated custodian. Most institutional allocators use professional custodians because the operational risk of self-custody at scale is substantial.

How does insurance work if a custodian is hacked?​

The client would file a claim through the custodian, who would trigger their insurance policy. The insurer would investigate the loss to determine whether it falls within the policy's coverage. If covered, the insurer would pay out up to the policy limit, subject to deductibles and sub-limits. If total losses exceed the policy limit, recovery is pro-rata among affected clients for the insured amount, with remaining losses unrecovered or subject to the custodian's own balance sheet.

Has SAB 121 been fully resolved?​

Not as of early 2026, though the trajectory is toward resolution. The SEC has provided partial relief through staff guidance for certain banking organizations, and legislative efforts continue. The practical impact varies by bank -- some have obtained sufficient regulatory comfort to operate, while others remain constrained. Full resolution would likely require either SEC rulemaking that formally supersedes SAB 121 or successful legislation.

What should I verify before choosing an institutional custodian?​

Key diligence items include: regulatory status and charter type, asset segregation model (omnibus vs. segregated), insurance policy details and limits, SOC 2 Type II certification, key management architecture (HSM vs. MPC), signing ceremony procedures and quorum requirements, insolvency treatment of client assets under applicable law, track record and incident history, and the independence of the custody function from any affiliated trading operations.