Bastion Surpasses $40 Million in Funding Amid Explosive Growth in the Stablecoin Market
Issue
Hold
Move
BlogCareers
Blog
Careers
Back to all Posts
Main featured post image
Education
Enterprise Crypto Custody: What It Is, Why You Need It, and How to Choose the Right Provider
A crypto custodian is a specialized fintech provider that safeguards an enterprise’s digital assets in secure and compliant ways. The right custodian not only protects assets but also makes them easy to use in business operations.
Post Author
Bastion Team
September 30, 2025

A crypto custodian is a specialized fintech provider that safeguards an enterprise’s digital assets in secure and compliant ways. The right custodian not only protects assets but also makes them easy to use in business operations.

Regulatory momentum is driving more enterprises to explore stablecoins and digital assets and looking for regulated custody providers they can trust. What they may not realize is the impact custody can have on their products. Six months into a launch, teams may find that the custodian they selected limits what they can build. At that point, expanding product capabilities can require a costly rebuild, sometimes increasing budgets by millions.

For a long time, “custody” in finance really was a back-office function about safekeeping and record-keeping, making sure assets didn’t get lost or mishandled. It was necessary, but invisible, a lot like buying insurance. In the digital asset world, custody does much more. It shapes what a team can deliver, from instant settlements to DeFi integrations to multi-entity treasury flows.

By 2030, trillions of dollars in assets are expected to be tokenized. Enterprises that move early with the right custodian will capture the first wave of opportunities while those that wait will be forced to play catch-up. The right choice creates a secure foundation for stablecoins, treasury automation, and new revenue streams. That’s why defining broader requirements up front is critical. Custody is becoming infrastructure for digital finance and enterprise innovation.

What Are the Components of Institutional Grade Crypto Custody?

What makes a custody solution enterprise-ready isn’t just storing assets safely. It’s the set of features that determine whether an institution can operate securely, meet regulatory standards, and grow without disruption. These features fall into five key components: security, regulatory compliance, transparency, insurance, risk management, and scalability.

#1 Security

Hardware security modules’ (HSMs’) provide tamper-resistant protection by generating and managing cryptographic keys. These devices produce secure digital signatures to authenticate transactions. At Bastion, HSMs run inside AWS Nitro’s protected enclave environment with extra safeguards from geographic distribution and quorum approvals for sensitive actions.

#2 Regulatory Compliance and Cybersecurity

Enterprises need custody partners that meet strict regulatory and security standards. At a minimum, custodians should comply with AML/KYC requirements and provide robust transaction monitoring. A strong regulatory foundation, like an OCC Trust Charter or NYDFS Trust Charter, ensures customer assets are managed under clear guardrails and can withstand scrutiny from auditors, regulators, and enterprise risk teams.

On the cybersecurity side, institutional-grade custodians follow frameworks such as New York’s Part 500 cybersecurity requirements. Best practices include:

  • Regular risk assessments to identify potential vulnerabilities
  • Scheduling regular updates and conducting patch management for systems
  • Team-wide cybersecurity training and fully developed incident response planning
  • Annual cybersecurity policy reviews
  • Secure remote access and data encryption, even at rest
  • Role-based permissions with activity monitoring
  • Frequent backups and tested recovery protocols

#3 Transparency

A qualified custodian should provide robust auditing and reporting of its security controls. Leading providers also participate in industry groups, like the Crypto Information Sharing and Analysis Center (ISAC), that strengthen overall security standards. Just as important, enterprises should expect clear, written disclosures about a custodian’s products, services, and operations.

#4 Insurance and Risk Management

Custodians should carry appropriate insurance coverage, such as director and officer insurance and crime insurance, to mitigate potential asset losses. Enterprises should confirm that customer assets are fully segregated from the custodian’s corporate funds. Strong disaster recovery and business continuity plans are also essential to minimize operational risk.

#5 Scalability

Enterprises often grow quickly, with increasing transaction volumes and expanding user bases. As with many things, security and custody challenges are compounded by scale. Custodians need infrastructure that can handle this growth, including support for sub-accounts, risk assessments, and flexible account structures. A scalable custody solution ensures that enterprises don’t face disruption as volumes rise.

While simply checking the regulation box may work when buying insurance, this approach can backfire when selecting a crypto custodian. Crypto architecture shapes everything you build on top, so it’s crucial to have precisely the right foundation comprising all five components of industrial grade custody.

What Enterprises Should Know About Custody: Treat Custody as Both Compliance and Infrastructure

Large enterprises exploring custody typically follow an RFP process that may include some or all of these five core components and/or ask for proof of insurance and mTLS authentication protocols. These elements are important, but they’re also table stakes. They may not help your team to understand how your custody provider will support your product roadmap over time. Examples of this approach include:

  • Wallet architecture and settlement
    • Problem: Enterprises often discover too late that their custodian’s wallet model limits what they can deliver: instant settlement may be blocked, or compliance checks may not scale.
    • Question to ask: Does the custodian support omnibus, segregated, or hybrid wallets? What trade-offs will this create for instant settlement, trading flows, and compliance checks?
  • Key management and authentication
    • Problem: The single largest risk in custody is the loss or theft of private keys. Without strong key management, an enterprise’s entire digital asset strategy is exposed.
    • Question to ask: How are keys generated and secured? Are they always kept within HSMs or hardened enclaves, never exported, and deleted after signing? What authentication methods are supported (e.g., device-derived keys, passkeys)?
  • Insurance and audit posture
    • Problem: Even with the strongest technology, boards and regulators need proof of coverage. Without insurance and third-party audits, enterprises carry risk they can’t transfer.
    • Question to ask: What types of insurance cover assets under custody, and do limits scale as assets under custody grow? What independent audits (SOC 2, ISO 27001) has the custodian completed?

Instant settlement, DeFi integrations, and multi-entity treasury flows each require different custody models. Segregated wallets enable settlement and individual on-chain addresses; hybrid models add the flexibility needed for complex treasury operations. These architectural choices determine whether enterprises can launch new products quickly or face delays and rebuilds.

That’s why RFPs should look beyond compliance checkboxes and focus on how custody architecture supports both today’s needs and the roadmap for the next two to three years. The right questions now can mean the difference between costly limitations and a secure foundation for growth.

What Each of These Three Custody Architectures Enables

If custody architecture impacts what enterprises can build, it’s important to understand the most common models: omnibus custody, segregated custody, and hybrid custody models. Each model comes with its own set of pros and cons.

Omnibus Custody

Omnibus custody models combine customer assets into one shared account. This style of custody is already popular in traditional finance because it makes operations cheaper and simpler. By pooling assets, enterprises can process large transaction volumes efficiently and reconcile balances with fewer moving parts. For organizations that primarily need standard payment flows and do not require individual asset-level control, omnibus custody can be an attractive option.

  • Pros: Highly cost-efficient at scale; simplifies accounting and reconciliation; and reduces operational overhead for high-volume, routine transactions.
  • Cons: Lacks asset-level visibility and control; makes compliance and audit trails harder to maintain; and prevents use cases that depend on discrete wallets, such as DeFi integrations, tokenized collateral management, or complex multi-entity treasury flows.

Segregated Custody

Segregated custody keeps each client’s digital assets in a separate wallet, providing clear asset-level control and transparent onchain tracking. This model gives institutions the ability to manage individual accounts directly and connect with external systems, including DeFi protocols. It’s a strong fit for enterprises that need high visibility, regulatory clarity, or flexibility to integrate digital assets into more complex operations.

  • Pros: Full asset-level control and transparency; enables DeFi and external integrations; and simplifies regulatory reporting and audits.
  • Cons: Less cost-efficient at scale; creates more operational overhead compared to omnibus custody; and may be slower to manage in high-volume environments.

Hybrid Custody Models

Hybrid custody combines the efficiency of omnibus accounts with the flexibility of segregated wallets. By default, assets are managed in a shared account for cost efficiency, but institutions can segregate wallets when needed for control, transparency, or specific use cases. This model introduces more complexity, but it maximizes product optionality and can be well-suited for enterprises with evolving, multi-entity, or cross-border requirements.

  • Pros: Balances efficiency with flexibility; supports both high-volume operations and asset-level control; and is adaptable to changing business and regulatory needs.
  • Cons: More complex to manage and govern and may carry higher operational costs than pure omnibus models.

Select Your Architecture: How to Evaluate Custody Models for Your Roadmap

If you’re considering a custody solution, the first point of evaluation should be what heavy lifting you need it to do for your team: how will the roadmap change over three years, and do the solutions you’re reviewing support your product expansion goals? It may be useful to replace generic RFP compliance checks with outcome driven questions to force clarity, including:

  • What new user experiences do we want to enable in two to three years?
  • Will we need to integrate with DeFi protocols or external systems?
  • Do we anticipate complex multi-entity treasury requirements?
  • How important is asset transparency vs. operational efficiency?

Prioritize providers who lead with architectural capabilities rather than compliance features. Be wary of one size fits all solutions that don’t explain trade-offs or ones with limited API functionality or inflexible technical integrations. The custody solutions that can explain tradeoffs in their architecture and answer questions that are aligned to your roadmap are best positioned to scale with you over time.

The Architectural Decision: Aligning Custody Choice With Business Strategy

Although the “start simple, upgrade later” philosophy can succeed in numerous areas in the enterprise, it can fail in custody. Taking advantage of a hybrid solution allows enterprises to maintain optionality while controlling costs. It also provides future-proofing as regulations evolve, multi-chain support options open up, and programmable money provides new opportunities.


Share this article