Learn how new FASB rules and shifting SEC policy are reshaping crypto custody—and what small exchanges must do to stay compliant and competitive.
Small and regional crypto exchanges face mounting pressure to establish robust custody accounting practices as regulatory scrutiny intensifies and new accounting standards take effect. Key takeaways:
For small and regional crypto exchanges, custody was once an afterthought: a technical challenge to solve so you could focus on building trading features and acquiring users. Those days are over.
Today's regulatory environment has transformed custody from a back-office function into a front-and-center business imperative. Exchanges that once competed purely on trading fees and token selection now find themselves evaluated on the sophistication of their custody operations. The firms that get this right are attracting institutional partners, surviving regulatory examinations, and building sustainable competitive advantages. The ones that don't are finding themselves shut out of growth opportunities or facing costly remediation efforts.
This shift isn't just about regulation, though regulatory pressure is certainly intensifying. It's about the maturation of the crypto industry itself. As digital assets move from speculative trading instruments to legitimate components of institutional portfolios, the infrastructure supporting them must meet institutional standards. For small exchanges, that means developing custody accounting practices that can withstand the scrutiny of sophisticated investors, experienced auditors, and increasingly active regulators.
The Financial Accounting Standards Board (FASB) has issued Accounting Standards Update (ASU) 2023-08, officially ending the era of ambiguity in cryptocurrency accounting under Generally Accepted Accounting Principles (GAAP). For crypto exchanges, this represents far more than a technical accounting change: it's a fundamental shift in how custody operations must be designed, controlled, and documented.
Under the new guidance, cryptocurrency must be measured at its current fair market value and reported directly in a company's net income, replacing the previous cost-less-impairment model. For exchanges holding customer assets in custody, this creates several immediate challenges.
First, your financial statements will now reflect the full volatility of crypto markets. When assets rally, your balance sheet swells. When markets crash, your financials take an immediate hit. This isn't just a reporting change: it fundamentally alters how investors, lenders, and partners evaluate your financial position.
The FASB emphasizes robust internal controls surrounding crypto custody, valuation, and disclosure. The fair value measurements required under ASU 2023-08 must be supportable, consistent, and audit-ready. This means your custody operations need real-time pricing feeds, documented valuation methodologies, and controls that ensure accuracy across multiple cryptocurrencies and custody arrangements.
The separate presentation requirements under the new standard mean you can no longer bury custody-related assets in broader balance sheet categories, which increases scrutiny on how effectively you're managing custodial operations.
|
💡 Key Insight: The new fair value rules don't just change your financials—they expose weaknesses in your custody operations that auditors and regulators will scrutinize. |
In January 2025, the SEC rescinded Staff Accounting Bulletin 121 (SAB 121) via SAB 122, removing a significant barrier that had prevented traditional banks from offering crypto custody services. For small exchanges, this regulatory shift creates both opportunities and challenges.
The opportunity is clear: bringing banks back into the fold gives RIAs (and their clients) access to custodial partners that are highly regulated and experienced in protecting client assets. Small exchanges can potentially partner with established financial institutions rather than building every custody capability in-house.
The challenge is equally clear: you're now competing with institutions that have decades of experience in custody operations, established compliance frameworks, and deep regulatory relationships. Banks and large trust companies can once again step into the crypto custody space without the accounting burden that previously held them back, and they're bringing institutional-grade standards with them. But while banks and financial institutions understand custody operations, they lack an understanding of the crypto industry. That presents a unique opportunity for players in this space who can bridge the gap between custody and crypto and begin to develop relationships with RIAs.
Small exchanges can compete, but the bar to capitalize on these opportunities is high. Exchanges that can demonstrate mature custody controls, comprehensive documentation, and audit-ready processes will find themselves well-positioned to serve institutional clients or partner with traditional financial institutions. Those that can't may find themselves relegated to serving only retail customers in an increasingly competitive market.
|
💡 Key Insight: While SAB 121's removal helps traditional institutions, small exchanges must prove they can match institutional-grade custody standards to remain competitive. |
Effective custody accounting starts with operational controls designed specifically for the unique risks of digital assets. Unlike traditional securities, crypto assets exist on blockchains where transactions are irreversible, private keys can be permanently lost, and a single mistake can result in the total loss of funds.
Multi-Signature Wallet Operations & Access Controls: Implement strict access controls combining multi-signature requirements with formal authorization matrices. Use multi-signature requirements for high-value transactions and establish clear escalation procedures for different transaction sizes. Document access permissions across systems and review them regularly as personnel change. For customer funds, consider requiring multiple authorized signatures for any withdrawal, with clear procedures governing who can access custody systems, under what circumstances, and with what level of authorization.
Transaction Validation & Cold Storage Management: Create procedures for validating transactions before execution, including checking recipient addresses, confirming transaction amounts and documenting the business purpose. Most institutional-grade operations maintain customer funds in cold storage—offline systems that aren't connected to the internet. Develop documented procedures for moving funds between hot and cold storage, including approval requirements and security protocols.
Key Management & Recovery: The secure generation, storage, and backup of private keys represents the most critical aspect of crypto custody. This includes both technical aspects (hardware security modules, secure key generation) and procedural aspects (who has access, how keys are backed up, what happens if key holders leave the company). Regular review and rotation of access permissions is essential.
Reconciliation & Monitoring: Establish regular reconciliation processes to verify that recorded transactions match blockchain activity. Given the 24/7 nature of blockchain networks, these reconciliations may need to occur more frequently than traditional cycles. Automated monitoring tools can track activity across chains, exchanges, and custodians, flagging unusual transactions and potential compliance issues in real-time.
Routine Reviews: Whether or not audits are required for the organization, financial leadership must regularly assess the effectiveness of the measures and safeguards put in place. These practices and procedures should be reviewed at least annually, as well as whenever new regulations are promulgated for digital assets.
|
💡 Key Insight: Effective custody controls require both technical safeguards and documented procedures that can withstand audit scrutiny and regulatory examination. |
In traditional custody, you can rely on established clearing and settlement systems to provide transaction records. In crypto custody, you're responsible for creating and maintaining your own comprehensive audit trail.
Real-Time Transaction Tracking: Modern control systems can enhance your ability to manage crypto risks through automated monitoring tools that track blockchain activity across chains, exchanges, and custodians. These tools can flag unusual transactions, reconciliation discrepancies, and potential compliance issues in real-time. However, the tools are only as good as the procedures governing their use and the documentation supporting their outputs.
Proof of Reserves and Asset Segregation: Regulators and auditors increasingly expect crypto custody providers to demonstrate that customer assets are properly segregated from proprietary assets and that the exchange actually controls the assets it claims to hold. This requires both technical capabilities (the ability to sign transactions from custody addresses) and comprehensive documentation showing the segregation of customer funds.
Control Testing and Evidence Retention: Maintain comprehensive documentation of all crypto transactions and control activities. For each control, document its purpose, who performs it, how often it's tested and evidence of its effectiveness. This documentation proves invaluable during audits and regulatory examinations. Consider implementing systems that allow you to perform control tests and document results within a single platform, creating comprehensive audit trails.
Audit Trail Maintenance: Custody-related transactions should be supported by documentation showing the business purpose, authorization, execution, and subsequent reconciliation. This includes not just customer transactions, but also internal transfers, rebalancing activities, and operational transactions.
|
💡 Key Insight: In crypto custody, your documentation isn't just for compliance—it's proof that you can safely handle institutional assets and survive regulatory examination. |
Small exchanges often make predictable mistakes when building custody accounting systems. Learning from these common pitfalls can save significant time and cost.
Inadequate Wallet Reconciliation Procedures: Many exchanges treat wallet balances as authoritative without regularly reconciling to blockchain records. This can mask significant problems, including unauthorized transactions, technical failures, or accounting errors. Implement daily reconciliations between internal records and blockchain balances, with documented procedures for investigating and resolving discrepancies.
Weak Controls Over Private Key Access: The irreversible nature of blockchain transactions makes private key security paramount. Avoid single points of failure by implementing multi-signature requirements, segregating key storage from operational systems, and maintaining comprehensive logs of key access. Regular review and rotation of key access permissions is essential as personnel change.
Poor Documentation of Custody-Related Transactions: Every movement of customer funds should be supported by clear documentation showing the business purpose, authorization, and subsequent reconciliation. Avoid generic transaction descriptions or inadequate approval documentation that can't withstand audit scrutiny.
Failure to Properly Segregate Customer vs. Proprietary Assets: The determination of whether an entity has an obligation to safeguard crypto-assets will depend on an entity's specific facts and circumstances, but proper segregation is essential for both regulatory compliance and customer protection. Maintain separate wallet structures, accounting records, and control procedures for customer assets versus proprietary trading positions.
|
💡 Key Insight: The most common custody failures aren't technical: they're procedural, stemming from inadequate internal controls and documentation practices. |
The regulatory and accounting changes affecting crypto custody represent more than compliance challenges; they're opportunities to build sustainable competitive advantages. Exchanges that invest in sophisticated custody accounting systems today will benefit from reduced regulatory risk, enhanced institutional relationships, and operational efficiencies that compound over time.
Companies that demonstrate responsible crypto management and transparent reporting under the new rules can gain significant trust and confidence from investors seeking exposure to the digital asset market. This trust translates into access to institutional capital, partnerships with traditional financial institutions, and the ability to serve sophisticated customers who increasingly expect institutional-grade infrastructure.
Moreover, implementing strong internal controls for crypto custody, valuation, and disclosure, as required by the new rules, can significantly strengthen a company's overall risk management framework. These improvements reduce the risk of fraud, loss, or unauthorized access to crypto assets while improving data accuracy and financial reporting reliability.
The exchanges that thrive in this new environment won't be those that view custody accounting as a compliance burden, but rather those that recognize it as a core competency that enables growth, reduces risk, and differentiates their business in an increasingly competitive market.
Building institutional-grade custody accounting systems requires specialized expertise that bridges blockchain technology, traditional accounting principles, and evolving regulatory requirements. Most traditional accounting firms lack the technical depth to guide crypto exchanges through these challenges, while many blockchain-focused advisors lack the accounting sophistication to ensure compliance with GAAP and regulatory expectations.
At Iota Finance, we specialize in helping small and regional crypto exchanges build accounting frameworks that meet today's regulatory requirements while positioning for future growth. We combine deep technical knowledge of blockchain operations with the accounting expertise needed to satisfy auditors, regulators, and institutional partners.
Whether you're building custody capabilities from scratch or upgrading existing systems to meet new standards, we provide the specialized guidance needed to turn regulatory requirements into competitive advantages.
Schedule a consultation with Iota Finance today to assess your cryptocurrency accounting framework and build controls that will scale with your business while keeping you ahead of regulatory expectations.
Disclaimer: This article reflects the regulatory environment as of mid-2025 and is for informational purposes only. For personalized guidance tailored to your platform’s technical architecture and jurisdictional exposure, contact Iota Finance.
Discover the steps your crypto exchange needs to take to ensure you're in full compliance with the broker reporting enforcement guidelines for 2025.
Crypto payment processors may trigger sales tax nexus in 30+ states without realizing it. Learn the risks—and how to stay compliant.
Learn how an IRS-compliant accountable plan can provide tax-free reimbursements and reduce payroll taxes. Discover setup steps and key compliance...
Stay ahead of the game with the latest tax and accounting insights, empowering you to enhance and optimize your accounting function using cutting-edge tools and industry knowledge.