CLPAI 2026.1 Methodology

Home Knowledge base Safeguarding Client Crypto-Assets and Funds Under MiCA

Client-asset safeguarding · MiCA rules

Safeguarding Client Crypto-Assets and Funds Under MiCA

A firm tells itself it does not 'do custody', so the safeguarding rules are someone else's problem. If it holds a single client's balance, they are its problem. This is the MiCA duty every CASP carries.

Safeguarding client crypto-assets and funds under MiCA

By Jana Bistrikova · AML & Financial Crime Editor · Published 2026-05-18 · Last reviewed 2026-05-18

Safeguarding client crypto-assets and funds is the MiCA obligation, set in the client-asset safeguarding rule, that applies to any crypto-asset service provider holding clients' crypto-assets or funds — requiring segregation from the provider's own assets, protection of clients' ownership rights including in insolvency, and a prohibition on using client holdings for the provider's own account.

Quick facts

ParameterValue
What the rule coversAny CASP that holds clients' crypto-assets or funds — not only firms offering a custody service
Core dutySafeguard clients' ownership rights, especially against the CASP's own insolvency
SegregationClient holdings must be kept separate from the CASP's own crypto-assets and funds
Own-account banA CASP must not use clients' crypto-assets or funds for its own account
Client fundsFunds that are not e-money tokens must be placed with a central bank or a credit institution promptly
Distinct from custodythe custody-service rulebook governs the custody service itself; the client-asset safeguarding rule is the cross-cutting client-asset rule for all CASPs
Why it mattersAn exchange or broker holding client balances is in scope even without offering custody

The safeguarding duty every CASP carries

There is a quiet assumption that does real damage. A firm decides it is “an exchange, not a custodian,” or “a broker, not a custodian,” and concludes that the rules about protecting client assets belong to somebody else. It then designs its wallets and accounts without those rules in mind.

MiCA does not let that assumption stand. The client-asset safeguarding rule — the obligation to safeguard clients’ crypto-assets and funds — is not switched on by calling yourself a custodian. It is switched on by holding clients’ crypto-assets or funds. Most CASPs do exactly that, somewhere in their model, and the client-asset safeguarding rule reaches all of them.

What the safeguarding duty requires

The client-asset safeguarding rule sets a safeguarding duty for any CASP that holds client crypto-assets or funds. Its core demands:

  • Safeguard clients’ ownership rights — and do so specifically against the risk of the CASP’s own insolvency
  • Segregate clients’ crypto-assets and funds from the CASP’s own holdings
  • Do not use clients’ crypto-assets or funds for the CASP’s own account
  • Hold and place client funds so that they are protected and identifiable

The throughline is simple: client assets belong to the client, in normal operation and — the part that gets skipped — when the firm fails. The client-asset safeguarding rule is written so that a CASP’s collapse does not become its clients’ loss.

Segregation: client assets are not the firm’s

Segregation is the operational heart of the rule. Clients’ crypto-assets and funds must be kept separate from the CASP’s own. Not labelled separately in a spreadsheet while sitting in the same place — actually separate.

For crypto-assets, that means client holdings are not commingled with the firm’s proprietary holdings. For funds, it means client money is not pooled into the firm’s operating accounts. The test that matters is identification: if a regulator, an administrator, or a client asked “which of these assets are the clients’?”, the answer has to be clean and immediate. A structure where that question is hard to answer is a structure that fails the client-asset safeguarding rule — and fails it precisely when the answer is needed most.

Client funds get bank or central-bank protection

MiCA treats client funds — money, as opposed to crypto-assets — with particular care. Funds that are not e-money tokens have to be placed, promptly, with a central bank or a credit institution, under arrangements that keep them protected and stop them being used for the CASP’s own account.

The logic is the same one that governs client money across regulated finance: a CASP is not a safe place to leave pooled client cash on its own balance sheet, so the cash is moved to an institution that is. A firm that holds client funds loosely, or treats the float as a convenient source of liquidity, is on the wrong side of this requirement.

How this differs from the custody rules

It is worth being precise, because two MiCA provisions are easy to blur.

The custody-service rulebook governs the custody and administration of crypto-assets on behalf of clients — the custody service. It is one of the crypto-asset services a CASP can be authorised for, and it has its own operational rulebook: a custody policy, a register of positions, liability for losses.

The client-asset safeguarding rule is broader. It is the cross-cutting safeguarding duty that applies to any CASP holding client crypto-assets or funds, whatever services it offers. A firm authorised for the custody service is subject to both. A firm that never offers custody — an exchange, a broker — is still subject to The client-asset safeguarding rule the moment it holds a client balance.

The client-asset safeguarding ruleThe custody-service rulebook
ScopeAny CASP holding client crypto-assets or fundsThe custody service specifically
NatureCross-cutting safeguarding dutyOperational rulebook for one service
Triggered byHolding client assets or fundsBeing authorised to provide custody

What a clean safeguarding posture looks like

A CASP file that holds up on client-asset protection shows:

  1. A clear answer to whether the firm holds client crypto-assets or funds — and if it does, that The client-asset safeguarding rule has been applied, not assumed away
  2. Segregation in fact — client holdings demonstrably separate from proprietary holdings, in wallets and in accounts
  3. Client funds placed with a central bank or credit institution, promptly, under protective arrangements
  4. A documented position that client assets are not used for the firm’s own account — and a business model that does not quietly rely on them
  5. Arrangements tested against the insolvency scenario, not only normal operation

Working with counsel on client-asset safeguarding

The diagnostic for counsel: ask them to confirm, in writing, whether the firm holds client crypto-assets or funds — and if so, to walk through the client-asset safeguarding rule segregation, the own-account prohibition, and the insolvency test, regardless of whether custody is a listed service. Counsel that waves off safeguarding because “the firm isn’t a custodian” has misread the trigger. For the custody service itself, see crypto custody under MiCA; for the wider rulebook, the crypto licensing pillar guide. The firms in our index with relevant client-asset experience are listed below.

Pitfalls and nuances

1 Assuming 'we don't offer custody' means the rule does not apply

the client-asset safeguarding rule is not triggered by offering a custody service — it is triggered by holding clients' crypto-assets or funds. An exchange that keeps client balances on the platform holds client crypto-assets. A broker that holds client money holds client funds. Both are in scope, in full, whether or not custody appears anywhere in their list of services. The 'we're not a custodian' defence misreads what switches the duty on.

2 Commingling client and firm assets

Client crypto-assets and funds must be segregated from the CASP's own. Holding client and proprietary crypto-assets in the same wallets, or client and firm money in the same account, is a breach of the segregation duty — and it is exactly the structure that fails when ownership has to be proven. Segregation is not a best-practice nicety; it is the rule.

3 Treating client funds as working capital

The own-account prohibition is absolute. Client crypto-assets and funds are not a balance the firm may draw on for liquidity, hedging, or operating expenses. Using them for the CASP's own account is prohibited outright — and a firm whose cash-flow model quietly depends on client balances has built a breach into its business plan.

4 Overlooking the insolvency test

Safeguarding arrangements are not judged only by how they look while the firm is healthy. The client-asset safeguarding rule specifically targets clients' ownership rights in the event of the CASP's insolvency. If client assets would be hard to identify, or would fall into the general estate, when the firm fails, the arrangement does not meet the standard — however tidy it looks in normal operation.

Frequently asked questions

Which CASPs does MiCA's client-asset safeguarding rule apply to?

the client-asset safeguarding rule applies to any crypto-asset service provider that holds clients' crypto-assets or funds — exchanges and brokers included, not only firms offering a dedicated custody service.

Does a crypto exchange have to segregate client assets?

Yes. If it holds clients' crypto-assets or funds, an exchange must segregate them from its own holdings and protect clients' ownership rights, including in the event of insolvency.

Can a CASP use client funds for its own account?

No. MiCA's client-asset safeguarding rule prohibits a CASP from using clients' crypto-assets or funds for its own account. Client holdings are not the firm's working capital.

Is the client-asset safeguarding rule the same as the MiCA custody rules?

No. The custody-service rulebook governs the custody service specifically. The client-asset safeguarding rule is the broader safeguarding duty that binds every CASP holding client crypto-assets or funds.

Get matched

Working through a crypto-licensing decision?

Get an editorial shortlist of firms matched to your business — customer market, model, jurisdiction, and stage. Free, and not influenced by sponsorship.

Get a firm shortlist →

Sources cited

  1. Regulation (EU) 2023/1114 (MiCA) — Article 70 — regulation
  2. ESMA — Markets in Crypto-Assets Regulation (MiCA) — regulator
  3. European Banking Authority — crypto-assets and MiCA — regulator
  4. Crypto custody under MiCA — Article 75 explained — industry publication

Practitioners covering this topic

Named lawyers from the Crypto Law Index practitioners directory whose practice intersects with this guide. Every entry is sourced from public records.

Ganna Voievodina Manimama · Estonia, Lithuania, European Union, Ukraine MiCA CASP · Crypto AML ★ Watch Mihhail Sherle Gofaizen & Sherle · Estonia, Lithuania, European Union MiCA CASP · Crypto AML ★ Watch Filipe Vaz Pinto Morais Leitão, Galvão Teles, Soares da Silva & Associados · Portugal, European Union MiCA CASP · Token classification ★ Watch Franck Guiader Gide Loyrette Nouel · France, European Union MiCA CASP · Token classification ★ Watch

Firms in our index that handle this work

Firms below are ranked according to the published CLPAI methodology. Inclusion here is editorial — see our disclosure policy.

#1 Gofaizen & Sherle Estonia #5 Sygna Legal Lithuania #10 Coinfirm Legal United Kingdom Best for compliance-led engagements

Related reading

MiCA Annex IV · Class selection

Choosing CASP Class 1, 2, or 3: A Decision Guide for MiCA Applicants

MiCA Annex IV groups crypto-asset services into three nested classes — Class 2 includes all of Class 1, Class 3 includes all of Class 2. Pic…

Staking & lending · MiCA scope

Does MiCA Regulate Crypto Staking and Lending? The Honest Answer

MiCA does not comprehensively regulate crypto staking, lending, or borrowing — they sit largely outside its current scope. But 'outside MiCA…

MiCA CASP timeline · Authorisation clock

How Long a MiCA CASP Licence Takes: The Real 2026 Timeline

MiCA's statutory clock for CASP authorisation is 25 working days for completeness plus 40 for assessment. The real-world timeline is longer …