Canada introduces new crypto custody rules

Key points:

• CIRO introduced a tiered framework for crypto custodians.
• Limits were placed on how much client crypto can be held by a single custodian.
• The rules aim to strengthen investor protection and reduce systemic risk.

Canada’s financial self-regulatory body, CIRO, has approved a new framework governing how crypto assets must be stored by trading platforms. The rules apply to firms dealing with cryptocurrencies and tokenized assets and are being implemented as interim membership conditions for CIRO-regulated entities.

According to the regulator, existing custody rules designed for traditional securities fail to address the unique risks of crypto assets — including private key loss, cyberattacks, and legal uncertainty in bankruptcy scenarios.

Canada introduces long-term ban on cryptocurrency mining to conserve energy

Priority is now given to industrial projects that create public value

Читать дальше

How the new custody framework works

At the core of the new rules is a risk-based, tiered system that classifies crypto custodians into four categories. Each tier is determined by factors such as capital strength, regulatory oversight, insurance coverage, and operational resilience.

Top-tier custodians are permitted to hold up to 100% of client crypto assets. Lower-tier custodians face stricter limits, with baseline providers capped at 40%. In addition, trading platforms are now restricted to self-custodying no more than 20% of total client crypto holdings.

SEC accuses Canadian businessman of $42 million fraud

The regulator is seeking to confiscate illegally obtained profits and impose fines.

Читать дальше

Stronger security and oversight requirements

The framework introduces enhanced standards for private key management, cybersecurity, and incident response. Large custodians are required to undergo independent audits, conduct regular penetration testing, maintain insurance coverage, and demonstrate accountability for losses caused by negligence or technical failures.

CIRO also drew a clear distinction between crypto assets and tokenized financial instruments. Tokenized equities and bonds must be held within traditional market infrastructure, supplemented by additional protective measures specific to digital assets.

The regulator explicitly linked the new custody rules to the collapse of crypto exchange QuadrigaCX in 2019, which left thousands of investors unable to access their funds. CIRO said the interim nature of the framework allows regulators to respond more quickly to emerging risks while a permanent regulatory regime is being developed.