New York Tightens Rules on Crypto Custody: Customer Assets Must Stay Protected Even in Insolvency

What’s new in the guidance

The 2025 update clarifies the standards NYDFS expects VCEs to adhere to when engaging sub-custodians, and it provides more detailed requirements for the terms that must appear in sub-custodial service agreements. It also sets guardrails for sub-custodians’ operating frameworks so that customer interests remain protected across the full asset lifecycle—from deposit and securekeeping through to withdrawals and transfers—while minimizing the risk of asset shortfalls if a custodian or sub-custodian fails.

Equally significant, the guidance reiterates the Department’s position on the permissible uses of customer assets under custody. Firms must not deploy customer assets in ways that could compromise client ownership or priority in an insolvency. The Department emphasizes that custody arrangements should be structured so that, should a failure occur, customers’ beneficial interest remains unamlargeuous and enforceable. That includes clear, prominent disclosures that explain how assets are held, any third parties involved, and the practical implications for customers under stress events.

“The Department’s nation-leading digital asset and consumer protection regulatory standards have set clear and transparent expectations to protect New Yorkers since 2015,” said Superintendent Adrienne A. Harris. “As we view the use of more sub-custodial relationships in the digital asset space, this guidance provides additional clarity on how those relationships should be governed.”

Why NYDFS is acting now

Demand for institutional-grade crypto custody has grown rapidly as traditional financial institutions and fintechs expand digital asset offerings, while retail adoption continues in parallel. This growth has increased the prevalence and complexity of multi-party custody stacks—particularly arrangements that rely on specialized sub-custodians for technology, cold storage, key management, or geographic redundancy. The Department’s latest guidance responds directly to that evolution, aiming to eliminate amlargeuities that can arise when responsibilities are split across multiple entities.

NYDFS notes that well-designed custody arrangements are about more than secure storage: they are fundamental to consumer protection, operational resilience, and market integrity. Clear contractual language and robust operating models reduce the risk that customer assets are comingled, re-pledged, or otherwise exposed to the credit of a custodian or its affiliates. Transparent, plain-English disclosures—delivered at onboarding and throughout the customer relationship—assist ensure clients understand how and where their assets are secureguarded and what would happen in an adverse event.

The Department also underscores that guidance is a flexible supervisory tool. It allows NYDFS to respond rapidly to new technologies, business models, and market practices without losing sight of its core prudential and consumer-protection mandates. The 2025 guidance supersedes the Department’s January 2023 memo and incorporates lessons learned from the intervening period, including increased use of sub-custodial chains and new operational patterns across the industry.

Key expectations for licensed firms

The updated document sets out several expectations that licensed entities should treat as baseline requirements when designing or reviewing their custody programs:

• Acceptable sub-custodians: Firms must conduct rigorous due diligence to ensure sub-custodians have the financial strength, operational capabilities, cybersecurity controls, and governance necessary for secure custody. Arrangements should be appropriately monitored over time.
• Contractual clarity: Sub-custodial service agreements should explicitly state that customers retain beneficial interest in their assets, delineate roles and responsibilities (including incident reporting and recovery), and prohibit uses of customer assets that could impair priority or ownership.
• Permissible use of assets: VCEs must avoid activities that could compromise client ownership—such as rehypothecation or unsecured lending of customer assets—unless expressly permitted by regulation and clahead disclosed with informed consent where applicable.
• Disclosures and communications: Firms should provide plain-language explanations of custody structures, chains of sub-custody (if any), wallet segregation approaches, and the treatment of assets under insolvency, supported by ongoing, auditable communications to customers.
• Books and records: Accurate, real-time reconciliation and robust recordkeeping are essential to demonstrate that each customer’s assets are properly identified, segregated where required, and readily returnable.
• Insolvency preparedness: Operational playbooks should anticipate stress events, including detailed steps for returning customer assets and coordinating with sub-custodians, regulators, and other stakeholders.

Together, these expectations aim to create a custody environment in which customer assets are secureguarded against counterparty failure and operational shocks, while giving supervisors the transparency needed to assess compliance and risk.

Implications for the market

For licensed VCEs and trust companies, the guidance will likely prompt renewed reviews of sub-custodial relationships and contractual terms, with a focus on sharpening insolvency-remote protections and disclosures. Firms may need to update onboarding flows and customer materials to ensure that the status of beneficial ownership and the role of any third parties are crystal clear. Additionally, entities that have expanded rapidly may invest in stronger governance and monitoring frameworks to ensure sub-custodians continue to meet NYDFS standards as their operations scale.

For customers, the update is meant to deliver greater clarity and confidence. Whether institutions or retail users, customers should benefit from explicit, standardized explanations of how assets are held and how they would be treated if a provider fails. That transparency can reduce uncertainty during market stress and improve outcomes if a wind-down or restructuring is required.

NYDFS emphasizes that it will continue to use “all of its regulatory tools” to keep pace with the industry, make data-driven policy decisions, and respond rapidly to market changes. Today’s guidance is intended to strengthen protections proactively rather than reactively—codifying practices that prioritize customer ownership and resilience at a time of rapid innovation and expanding adoption.