Custody Challenges in DeFi: Navigating Compliance for Institutions

For institutions managing assets on behalf of clients, the path to DeFi is marked by significant hurdles—particularly when it comes to complying with existing custody regulations. Regulatory frameworks present a significant challenge in an ecosystem where assets are often held in self custody wallets rather than by traditional custodians. 

Institutional DeFi is inherently at odds with the Custody Rule

The SEC’s Rule 206(4)‑2 (the “Custody Rule”) requires private fund managers in the US to maintain client assets with a qualified third-party custodian, ensuring that assets are protected in the event of insolvency, fraud, or other events. However, the decentralized nature of DeFi complicates compliance with this regulation. In DeFi, assets are typically stored in decentralized wallets or locked in smart contracts rather than held by a custodian.

The recent case of Galois Capital is a prime example of the challenges institutions face. After a two-year investigation, Galois Capital, formerly an SEC-registered investment advisor, settled with the SEC for $225,000 due to failures to comply with the Custody Rule while managing crypto assets. This case marked the first action taken against an institution for custody violations involving crypto assets and signals the need for institutions to carefully consider custody requirements in the DeFi space.

Institutions interested in DeFi must reconcile traditional custody rules with a decentralized framework that operates outside the conventional financial system. Unlike traditional custodians that meet regulatory definitions, smart contracts and decentralized wallets do not easily fit the mold of "qualified third-party custodians". Without a clear path to compliance, how can institutions mitigate the risk of regulatory scrutiny and keep assets secure while still benefiting from the advantages of DeFi?

Solutions for custody compliance in DeFi

Despite these challenges, institutions can adopt several strategies to reduce the risk of regulatory actions and safeguard digital assets. Through our experience working with institutional clients in DeFi, we've identified several potential solutions:

1. Selecting an institutional-grade custody solution

Institutions must be proactive in choosing a custody solution that balances DeFi’s decentralized nature with the security and oversight expected by regulators. One option is to opt for an enterprise-grade self-custody solution from reputable providers that help ensure that assets are secure both in custody and during transfer. Institutional-grade custody solutions also offer features to support a firm’s internal controls, such as multiple approvals or different levels of approvals depending on the size of the transaction. These solutions can help bridge the gap between DeFi best practices and traditional custody requirements. 

2. Making transparent disclosures

Disclosure is key when managing DeFi investments on behalf of clients. Institutions must clearly disclose the risks associated with their chosen custody solution as well as the risks inherent in DeFi itself. Proper disclosure not only helps fulfill regulatory requirements, but also builds trust with clients by informing them of potential risks.

3. Securing insurance coverage

DeFi protocols often lack the comprehensive insurance coverage that traditional third-party custodians offer. However, working with the right insurer can help institutions secure coverage to mitigate the risks associated with self custody. Some even provide specific coverage for smart contract failures and hacks, which institutions can use to hedge against risks associated with DeFi smart contracts.

Conclusion

While full compliance with custody regulations may not always be possible when transacting in DeFi, institutions can adopt smart solutions to minimize risks and safeguard assets. From selecting the right custody and insurance partners, to managing disclosures and security, there are ways for institutions to responsibly engage with DeFi while minimizing regulatory concerns and potential risks around custody.

-----

Talos has helped numerous institutions navigate DeFi’s complexities. Contact us to explore how we can support your institution in overcoming these challenges to unlock the potential of DeFi. 

In the next and last chapter, we discuss the technology and knowledge gaps that present challenges for institutions. Click below to read the previou chapters:

1. The AML/KYC Challenge in DeFi: Risk Mitigation Techniques
2. Cybersecurity Challenges in DeFi: Addressing the Risks

^{Disclaimer: Talos offers software-as-a-service products that provide connectivity tools for institutional clients. Talos does not provide clients with any pre-negotiated arrangements with liquidity providers or other parties. Clients are required to independently negotiate arrangements with liquidity providers and other parties bilaterally. Talos is not party to any of these arrangements. Services and venues may not be available in all jurisdictions. For information about which services are available in your jurisdiction, please reach out to your sales representative.}