World Federation Of Exchanges Sets Out Good Practice For Crypto-Asset Custody Providers

The World Federation of Exchanges (WFE), the global industry association for exchanges and central clearing counterparties, has published recommendations that establish good practice for crypto-asset custody providers, drawing lessons from traditional financial markets to guide the emerging digital asset space. 

Nandini Sukumar, WFE
Nandini Sukumar

The ruling against FTX and Alameda in the US earlier this month exemplifies the broader shift in expectations for the crypto industry to be held to higher standards closer to that of well-functioning finance, ensuring stronger protections for investors. 

The next area that needs addressing is the inadequate custody control amongst crypto platforms, which underscores the risk to both market integrity and investor protection. Without proper custody controls there is a heightened risk of financial loss, fraud and mismanagement. This undermines investor confidence and the overall integrity of markets.

The report addresses the urgent need for regulation and best practices in the wake of high-profile failures within the crypto industry and this can make the difference in attracting investment from institutions yet to allocate to crypto.

Nandini Sukumar, Chief Executive Officer, at the WFE commented, “The FTX collapse and longstanding worries about insufficient custody controls in the crypto industry highlight risks to both market integrity and investor protection. Crypto custody providers should learn from more traditional markets that have a track record of functioning well and can start by following the recommendations we have set out today.”

The WFE recommends that crypto custody providers:

  • Consider segregating client assets to ensure they are protected in the event of a company’s bankruptcy.
  • Ensure client assets remain bankruptcy-remote, ie, separate from those of other persons, whether legal or natural.
  • Address cyber risks through thoughtful technology architecture decisions and the operation of mature cyber security programmes.
  • Provide more than a place to hold or administer assets.
  • Ensure that conflicts of interest are adequately managed and addressed.
  • Manage all aspects of operational resilience across their support model.
  • Disclose risks in a way that is clear and understandable, particularly for retail customers.
  • Have adequate insurance and/or surety bonds and disclose these policies in clear understandable terms.
  • Seek independent audits from reputable and credible auditors to provide an assessment of financial statements, process and controls.


Richard Metcalfe, Head of Regulatory Affairs at the WFE, commented: “While these technological innovations and the associated concerns about managing generative AI are significant, it is important to remember that, as trusted third parties providing secure and regulated platforms for trading securities, our members are already carefully scrutinising tools and establishing controls to govern AI use. The US Treasury should therefore take care to design an AI regulatory framework which is principles based, to maintain flexibility and encourage innovation. We also need to have an incremental approach to AI regulation, allowing for gradual adjustments and learning, ensuring that regulations do not hinder technological progress.”

Read the full paper here.