MiCA Article 75 Crypto Custody — Segregation and Safeguarding

The most demanding workstream in a custody-providing CASP

Article 75 looks short on the page. Five paragraphs of regulation plus the ESMA RTS specifying implementation detail. Operationally it is the most demanding single workstream in any custody-providing CASP. The reason: the safeguarding obligation is substantive, the supervisory expectation is detailed, and the consequence of failure is direct loss to clients.

The obligation breaks into five operational requirements:

1. Segregation. Client crypto-assets in wallets distinct from the CASP’s own assets and (where individual segregation is offered) distinct from other clients’ assets.
2. Ledger accuracy. Internal ledger tracks each client’s holdings continuously; daily reconciliation with on-chain holdings.
3. Bankruptcy-remoteness. Client crypto-assets ring-fenced from the CASP’s insolvency estate under home-state insolvency law.
4. Loss compensation. CASP liable for loss except where the strict Article 75(7) defence applies.
5. Sub-custody rules. Permitted only with authorised sub-custodians; CASP retains primary liability.

Each requirement involves substantial operational engineering. Together they produce a custody infrastructure that costs orders of magnitude more than the marketing-website screenshot suggests.

The segregation architecture in practice

Article 75 segregation can be operationalised through two structures:

Individual segregation. Each client’s crypto-assets held in a wallet specific to that client. Easy to demonstrate to supervisors; expensive operationally — each wallet has its own gas costs, key-management overhead, monitoring requirement. Used by some institutional custodians for high-value clients.

Omnibus segregation. Client crypto-assets pooled in an omnibus wallet (or set of wallets) separate from the CASP’s own assets. Internal ledger tracks each client’s share. Operationally cheaper at scale; requires more rigorous ledger and reconciliation. Used by most retail-facing custodians.

The ESMA RTS allows both structures under conditions. Omnibus is permitted but requires:

• Internal ledger system that identifies each client’s holdings at any moment
• Daily reconciliation between internal ledger and on-chain holdings
• Documented procedure for handling reconciliation discrepancies
• Capability to demonstrate each client’s share on demand

In practice, a hybrid model — institutional clients in individually-segregated wallets; retail clients in omnibus — is common. The choice depends on operating economics and client preference.

The hot/cold storage allocation

ESMA’s RTS sets a minimum cold-storage percentage for client crypto-assets. The current standard:

• 80% minimum cold storage for retail client crypto-assets
• Up to 20% in hot wallets for trading and withdrawal liquidity
• Deviations require documented risk assessment justified to the home NCA

The 80% cold floor is more conservative than industry pre-MiCA practice. Several large pre-MiCA exchanges operated with 50-60% cold; the MiCA standard raised the bar substantially.

Hot wallet allocation is one of the more frequently inspected aspects of CASP custody. Enforcement actions in Q1 2026 specifically targeted CASPs whose hot wallet percentages exceeded the RTS standard without documented risk justification. The number is not arbitrary — exceeding it produces immediate supervisory engagement.

Daily reconciliation — what it actually means

The reconciliation requirement is operationally specific:

• Frequency: At least daily, typically end-of-day
• Scope: Internal ledger vs on-chain holdings, by crypto-asset and by client
• Procedure: Documented, repeatable, formal
• Discrepancy handling: Investigated, escalated to compliance and CASP management, resolved within 24 hours

For a CASP custodying 100+ crypto-assets across 500,000+ clients, the daily reconciliation is a substantial operational workstream. Specialised vendors (Fireblocks, Anchorage, BitGo, Copper) provide tooling; in-house systems are typically more expensive to maintain.

The supervisory expectation has evolved. ESMA’s 2026 Q&A clarifies that the reconciliation must be system-level — not a spreadsheet exercise — with audit-trail capabilities and exception reporting that the home NCA can inspect.

Bankruptcy-remoteness as a legal structure

Article 75 requires client crypto-assets to be bankruptcy-remote from the CASP’s insolvency estate. This is not a marketing claim; it is a legal structure that has to actually produce that outcome under home-state insolvency law.

The principal structures used:

Trust-style arrangement. Client crypto-assets held in a structure governed by trust law (where home-state law recognises trusts — Ireland, UK historically, Luxembourg). The CASP is trustee; clients are beneficiaries. The structure produces bankruptcy-remoteness because trust assets are not part of the trustee’s estate.

Separate corporate entity. A subsidiary or sister company holds the client assets. The CASP and the custody entity are separate legal persons with independent insolvency exposure. Used in jurisdictions where trust law is not available (Germany historically, France).

Statutory ring-fence. Some jurisdictions have introduced specific statutory provisions creating bankruptcy-remoteness for client crypto-assets at MiCA-authorised CASPs. Lithuania’s Law on Crypto-Asset Service Providers (amended 2024) is an example.

Each approach has trade-offs around tax, governance, and operational complexity. The choice is jurisdiction-specific and warrants legal opinion before launch.

Sub-custody and the authorisation chain

Article 75 permits sub-custody arrangements where the sub-custodian is:

• A MiCA CASP authorised in any EU member state
• A CRR credit institution
• An entity notifying under Article 60 to provide crypto-asset services
• A non-EU institution subject to equivalent supervisory standards

The CASP retains primary liability for sub-custody arrangements. Using a non-authorised sub-custodian is a substantive breach.

The sub-custody decision is one of the bigger structural choices for a CASP setting up custody operations. Building custody in-house produces full control but requires substantial infrastructure investment. Using a sub-custodian (Fireblocks, Anchorage, BitGo, Copper) produces faster time-to-market but introduces vendor risk and the operational dependency.

For mid-sized CASPs, sub-custody via a specialised provider is typically the right answer. For large CASPs with substantial custody volume, in-house custody plus selective sub-custody for specific asset classes (e.g., L2 chains) is common.

Loss compensation and the high-bar defence

Article 75(7) imposes a high standard for the CASP-defence to loss compensation. The CASP must demonstrate:

• The loss was caused by an event external to the CASP and beyond its reasonable control
• The loss could not have been avoided despite all reasonable efforts

The standard explicitly excludes:

• Smart-contract vulnerabilities in custody software (CASP responsibility)
• Hot-wallet hacks where security was sub-standard (CASP responsibility)
• Sub-custodian failures (CASP retains primary liability)
• Internal fraud (CASP responsibility)

The defence successfully applies to:

• Genuine force majeure events (war, natural disaster impacting infrastructure)
• Cryptographic-protocol failures at the consensus layer (extremely rare)
• Genuinely unforeseeable bugs that no reasonable security review would have caught

In practice the defence is hard to mount. CASPs that lose client crypto-assets typically pay compensation rather than litigate the defence.

The buyer’s view

For a CASP scoping the Article 75 lift in 2026:

1. Custody architecture is a structural choice, not a tactical one. Individual segregation, omnibus segregation, or hybrid — the choice shapes operating economics and supervisory relationship for the operating life of the CASP.

2. Sub-custody is often the right answer for non-specialist CASPs. Building in-house custody is a substantial engineering investment. Using a specialised sub-custodian (Fireblocks, Anchorage, BitGo, Copper) produces faster time-to-market with manageable vendor risk.

3. Daily reconciliation is non-negotiable. Plan for system-level reconciliation tooling with audit-trail and exception-reporting capabilities.

4. Bankruptcy-remoteness requires legal-structure work. Trust arrangements, separate corporate entities, or statutory ring-fence — pick the structure that fits home-state law and implement it properly.

5. The 80% cold-storage floor is real. Operating models that depend on hot-wallet liquidity above the RTS standard need to be re-engineered before authorisation.

For customers evaluating a custody-providing CASP, the questions to ask:

• What is the segregation structure (individual / omnibus / hybrid)?
• What is the cold-storage percentage?
• Is sub-custody used and with which authorised provider?
• What is the legal structure producing bankruptcy-remoteness?
• What is the daily reconciliation procedure and how is it audited?

Article 75 produces meaningful protection for client crypto-assets when properly operationalised. The operational complexity that protection requires is substantial. CASPs that invest in the infrastructure once and operate at scale realise economies; those that treat custody as a tactical bolt-on rarely operate it cleanly.