top of page
  • J Huang and S Pettigrove

Is your crypto Safu? Institutional crypto custody in Australia

Updated: Mar 28

After the US approved its' first spot Bitcoin exchange traded funds (ETF) earlier this year, Bitcoin has soared to historically high prices. The successful ETF launch has led to increased interest among Australian fund managers in exploring new crypto-asset specialised funds, or extending their asset portfolio to crypto-assets in order to provide their customers regulated pathways to invest in the asset class. One of the key issues for investors and asset managers to consider are custody obligations for holding this unique asset class.

Crypto-assets raise unique custody considerations under existing laws and regulatory guidance. Crypto-assets are recorded on blockchains and transfers are generally irreversible. The bearer nature of these assets requires an enhanced focus on security measures and internal compliance. Moreover, the need for asset managers to hold crypto-assets securely and compliantly is vital to instilling confidence in customers to invest in their funds.

While the Australian government is currently considering a new legal framework to regulate crypto custody activities, it will be some time before these laws and accompanying rules come into force. Before then and under the current legal framework, asset managers must determine whether the assets they propose to custody are financial products and, in any event, their custody obligations under regulatory guidance published by the Australian Investments and Securities Commission (ASIC).

ASIC Regulatory Guide 133

Regulatory Guide 133—Fund management and custodial services: Holding assets (RG 133) was published by ASIC in June 2022, it applies to certain licensed entities under the Australian Financial Services Licence (AFSL) regime and other asset holders holding assets under the AFSL umbrella of their client.

When ASIC published RG 133, it likely did not have crypto-asset custody in mind, hence RG 133 does not establish bespoke requirements specific to the custody of crypto-assets. Nevertheless, RG 133 sets out general minimum standards that apply to AFSL holders who custody crypto-assets, and extend to third parties that hold crypto-assets for AFSL licensees.

If asset holders fail to satisfy the minimum standards, the AFSL holder (e.g. the fund manager of a retail managed fund, called a Responsible Entity) may breach RG 133 by failing to "do all things necessary" to ensure compliance. This may lead to legal, financial and reputational consequences for the AFSL holder. It is for this reason that AFSL holders should expect and seek assurance that the third parties they engage to hold crypto assets are complying with RG 133.

Information Sheet 225 and Report 705

In addition, ASIC has issued guidance that is specifically related to the custody of crypto-assets in Information Sheet 225 (INFO 225) and in Report 705 – Response to submissions on CP343 Crypto-assets as underlying assets for ETPs and other investment products (REP 705).

INFO 225 and REP 705 should be read together as the latter seeks to clarify the former. Together they offer good practice guidance for operators of registered managed investment schemes that are authorised to hold and deal in crypto-assets. Some of the key guidance include:

  • methods and solutions to safeguard private keys;

  • segregation of crypto-assets on a blockchain;

  • signing approaches;

  • physical and cyber security practices;

  • competency and resourcing; and

  • compensation arrangements.

In particular, ASIC has emphasised that the security of private keys is of critical importance, as private keys are necessary to sign transactions that assign crypto-assets to new addresses. If private keys are compromised, unauthorised parties can use them to transfer the scheme’s crypto-assets to addresses (and parties) that are outside the control of the fund manager. Accordingly, retail fund managers and their custodians should ensure that the private keys used by the scheme are protected from unauthorised access – both online and offline. They may need to consider using hot and cold wallets, or a combination of them.

INFO 225 and REP 750 do not impose any requirement on retail fund managers to engage an Australian domiciled custodian to hold crypto-assets.

Although the guidance in INFO 225 and REP 750 does not have direct force of law, when a retail fund manager engages a third party to hold crypto-assets, they should expect the third party to have considered this good practice guidance in establishing key systems and processes for holding crypto-assets as fund property. A failure to comply with the guidance is likely to evidence breaches of a licensee's general obligations, including the obligation to maintain adequate resources to carry on a financial service.


While many fund managers are eager to add crypto-assets to their fund portfolio, they must do so carefully to comply with regulatory requirements. Given the unique nature of crypto-assets, many fund managers may find it more time-efficient and cost-effective to seek professional crypto-asset custodians who can hold crypto-assets securely and compliantly on their behalf. When choosing the right crypto custodian, Australian fund managers should consider whether the custodians have measures comparable to those outlined in RG 133, INFO 225 and REP 750.

Written by J Huang, S Pettigrove and M Bacina


bottom of page