Executive Briefing
Investment advisers who add digital assets — tokenized funds, security tokens, or crypto — to client portfolios face a compliance requirement that does not disappear because the asset is blockchain-based: the qualified custodian rule. Rule 206(4)-2 under the Investment Advisers Act requires SEC-registered investment advisers to maintain client funds and securities with a “qualified custodian.” The rule was written for traditional assets, but the SEC has been clear that it applies to digital assets as well. For advisers navigating the tokenized asset landscape, understanding which custodians qualify — and what to do when the answer is uncertain — is foundational compliance work.
What Rule 206(4)-2 Requires
Rule 206(4)-2 — the “Custody Rule” — under the Investment Advisers Act of 1940 requires registered investment advisers that have “custody” of client assets to maintain those assets with a qualified custodian, provide clients with account statements, and ensure that an independent public accountant (IPA) conducts an annual surprise examination of client assets.
The rule defines “custody” broadly: any arrangement under which the adviser has authority to withdraw client assets (including if the adviser has possession of client login credentials, is authorized to withdraw funds from client accounts, or acts as general partner of a client fund). Most RIAs with typical investment management relationships have custody of client assets in the legal sense.
Qualified Custodian is defined in Rule 206(4)-2 as:
- A bank or savings association that is regulated and examined by a federal or state bank regulatory authority
- A registered broker-dealer holding client assets in customer accounts
- A futures commission merchant registered with the CFTC holding customer assets in futures accounts
- A foreign financial institution meeting specific regulatory requirements
The critical feature: qualified custodians must be subject to regulatory examination and have segregation requirements for client assets. The segregation requirement is the mechanism that protects client assets in a custodian bankruptcy — client assets are not available to general creditors because they are legally segregated from the custodian’s proprietary assets.
The Digital Asset Custody Problem
The qualified custodian rule creates a specific problem for digital asset custody: most entities that have historically provided digital asset custody services — Coinbase Prime, Anchorage, BitGo, Gemini Custody — are not clearly “qualified custodians” under Rule 206(4)-2 as historically interpreted.
Coinbase, for example, is a registered broker-dealer for certain activities. But Coinbase Custody Trust Company — the entity that holds customer digital assets — is chartered as a New York limited purpose trust company, not a bank or broker-dealer in the traditional sense. The question of whether New York limited purpose trust companies qualify as “banks” under the Custody Rule definition has not been definitively resolved by the SEC.
Anchorage Digital Bank, as a national bank chartered by the OCC, is the clearest case of a crypto-native custodian that is a qualified custodian under Rule 206(4)-2. Banks regulated and examined by a federal banking authority (the OCC, Federal Reserve, FDIC) clearly fall within the rule’s definition. Anchorage’s OCC charter — the first granted to a crypto-native entity — was specifically sought to resolve the qualified custodian ambiguity for RIA clients.
BitGo’s 2023 acquisition of a South Dakota trust charter provides a similar path: South Dakota-chartered trust companies are regulated and examined by the South Dakota Division of Banking, a state bank regulatory authority. Whether this state trust charter provides qualified custodian status under Rule 206(4)-2 depends on whether “bank regulatory authority” covers state trust company regulators — a question that has been debated but not definitively resolved.
The 2023 Proposed Custody Rule Amendments
In February 2023, the SEC under Chair Gary Gensler proposed significant amendments to Rule 206(4)-2 that would have materially changed the digital asset custody landscape. The proposed amendments were controversial, drew extensive industry comment, and had not been adopted in final form as of early 2026.
Key proposed changes relevant to digital assets:
Expansion to all assets. The proposed amendments would have extended the qualified custodian requirement to all client assets, not just “funds and securities.” This was explicitly designed to capture digital assets including crypto that might be characterized as commodities or currency rather than securities — assets not clearly covered by the current rule.
Heightened segregation requirements. The proposed rule would require qualified custodians to maintain client digital assets in a manner that provides clients with a “senior legal claim” that is superior to the custodian’s general creditors in bankruptcy. The proposal was a direct response to the FTX collapse, which exposed the failure of customer asset segregation at crypto exchanges.
Exclusion of many current crypto custodians. The proposed rule’s strict interpretation of who qualifies as a custodian for crypto assets would have excluded most state-chartered trust company crypto custodians (Coinbase Custody Trust, Gemini Trust, BitGo) from qualified custodian status, while potentially qualifying only OCC-chartered national banks (Anchorage), FDIC-insured banks with digital asset custody capabilities (BNY Mellon, State Street), and registered broker-dealers with clear digital asset custody authority.
The crypto industry objected strenuously, arguing that the proposed rule would create an artificial custody monopoly among a small number of bank-chartered entities and would disrupt functioning institutional custody relationships. The SEC under subsequent leadership (2025-) did not move forward with the proposed amendments as written, but the underlying compliance questions remain open.
Practical Guidance for RIAs Adding Tokenized Assets
For SEC-registered investment advisers adding tokenized securities, tokenized funds, or direct crypto assets to client portfolios, several practical guidance points apply in 2026:
Conduct a custodian-specific analysis. Do not assume that a custodian is or is not a qualified custodian. Conduct a specific analysis of the custodian’s regulatory status: What charter does it hold? Who regulates and examines it? How are client assets legally segregated? Request representations from the custodian regarding its qualified custodian status and the legal basis for that status. Document this analysis in your compliance records.
Prefer bank-chartered custodians for large positions. For substantial digital asset positions (above $5M per account), the unambiguous qualified custodian status of bank-chartered entities (Anchorage, BNY Mellon Digital Assets, State Street Digital) is worth a premium in custody fees. The compliance certainty reduces the risk of SEC examination findings regarding custody rule violations.
Structure tokenized fund investments carefully. For tokenized fund investments (KKR HCSG II, Apollo Diversified Credit, Hamilton Lane SCOPE), the fund’s transfer agent (typically Securitize) maintains the ownership record. Whether the RIA has “custody” of these interests for Rule 206(4)-2 purposes depends on whether the adviser controls redemption rights, whether the adviser is authorized to direct distributions, and whether the fund interests constitute “securities” under the rule. Fund-specific counsel should review each product structure.
Review the safe harbor for non-discretionary accounts. Rule 206(4)-2 includes a safe harbor for advisers that do not have custody of client assets — specifically, advisers that are not authorized to withdraw client assets. For non-discretionary advisory relationships (where clients control their own wallets and execute their own trades), the custody rule may not apply. Self-custody arrangements — where clients hold assets in self-custodied wallets and advisers provide only advice — may fall outside the rule’s scope. Document the relationship structure carefully.
Annual surprise examination. If the custody rule applies (which it does for most managed account arrangements), ensure that the IPA conducting the annual surprise examination has the technical capability to verify digital asset holdings. Traditional accounting firms are developing digital asset examination capabilities, but not all audit firms have deployed this capability. Confirm that your IPA can directly verify on-chain asset balances using blockchain address verification, not merely reviewing third-party custody statements.
Which Custodians Clearly Qualify
The qualified custodian landscape for digital assets as of 2026 can be mapped across three tiers of certainty:
Tier 1 — Unambiguous qualification:
- National banks with OCC charters offering digital asset custody (Anchorage Digital Bank)
- FDIC-insured commercial banks offering digital asset custody (BNY Mellon Digital Assets, State Street Digital)
- FINRA-registered broker-dealers holding digital assets in customer securities accounts (for security tokens specifically)
Tier 2 — Probable qualification with analysis:
- State-chartered trust companies supervised by state bank regulatory authorities (BitGo Trust, Coinbase Custody Trust Company under NYDFS)
- Wyoming Special Purpose Depository Institutions examined by Wyoming Division of Banking
- Federal savings associations with digital asset custody authority
Tier 3 — Uncertain qualification:
- Non-bank fintech companies without banking charter or broker-dealer registration
- DeFi-native self-custody infrastructure
- Multi-party computation custody providers without regulatory charter
- Foreign custodians not meeting US regulatory requirements
Exhibit: Major Digital Asset Custodians and Qualified Custodian Analysis
| Custodian | Charter Type | Regulator | QC Status | Notes |
|---|---|---|---|---|
| Anchorage Digital Bank | OCC National Bank (conditional) | OCC | Clear | First OCC-chartered crypto-native bank |
| BNY Mellon Digital Assets | FDIC-insured commercial bank | Fed/OCC/FDIC | Clear | SAB 121 reversal expanded capacity |
| State Street Digital | FDIC-insured commercial bank | Fed/OCC/FDIC | Clear | Building out digital asset services |
| Coinbase Custody Trust | NY Limited Purpose Trust | NYDFS | Probable | State trust charter, active NYDFS examination |
| BitGo Trust | South Dakota Trust | SD Div. Banking | Probable | State trust charter examination |
| Gemini Trust | NY Limited Purpose Trust | NYDFS | Probable | NYDFS examination, established operations |
| Fidelity Digital Assets | Massachusetts Chartered Trust | MA Div. Banks | Probable | Trust charter, active institutional client base |
| Fireblocks | Software Provider (no charter) | None (financial) | No | Technology only; requires chartered custodian overlay |
| Self-custody wallet | None | None | No | Not applicable for RIA custody rule purposes |
The Safe Harbor for Non-Discretionary Accounts
Rule 206(4)-2 includes a safe harbor for investment advisers that are not authorized to withdraw client assets from accounts: if the adviser cannot independently access client assets (cannot withdraw funds, cannot execute trades without client authorization), the adviser is not deemed to have “custody” under the rule, and the qualified custodian requirement does not apply.
For RIAs advising clients on digital asset investments in client-controlled wallets, the non-discretionary safe harbor may apply. If the client maintains control of their private keys, the adviser recommends but does not execute transactions, and the adviser has no authority to withdraw assets without client authorization, the custody rule analysis is materially different.
However, many wealth management relationships — particularly for high-net-worth clients with complex portfolios — involve discretionary authority, meaning the adviser can execute trades without client approval for each transaction. Discretionary authority in a digital asset context almost certainly creates custody under Rule 206(4)-2.
For institutional arrangements (RIA managing a pooled vehicle), the fund structure creates custody regardless of discretionary vs non-discretionary issues — the general partner or managing member typically controls fund assets, meeting the custody definition.
The most important compliance step for any RIA adding digital assets is a current-state custody analysis: mapping every client relationship and account structure to determine where custody exists, which custodians are being used, whether those custodians are qualified, and whether surprise examination arrangements are adequate. This analysis should be documented, reviewed by outside counsel, and updated as digital asset positions grow and new custody options become available.