- Trending
- Comments
- Latest
Canada’s investment regulator has introduced a tiered custody framework that caps how much client crypto assets trading platforms can hold based on their operational risk profile, marking a significant expansion of oversight following major exchange failures.
The Canadian Investment Regulatory Organization (CIRO) released the Digital Asset Custody Framework on Tuesday, establishing four custody tiers and limiting self-custodial dealers to holding no more than 20% of total client crypto assets. The interim rules apply nationwide and respond directly to lessons from the 2019 QuadrigaCX collapse.
At the core of the framework is a tiered, risk-based custody structure that classifies crypto custodians into four categories based on capital adequacy, regulatory oversight, insurance coverage, and operational resilience.
Under Canada crypto regulation, the amount of client crypto a custodian may hold depends on its assigned tier.
Top-tier custodians may hold up to 100% of client crypto assets, while Tier 2 and Tier 3 providers face progressively lower thresholds.
Tier 4 custodians are capped at holding no more than 40% of client assets. Dealer members that choose to self-custody are subject to even stricter limits, with a maximum allowance of 20% of total client crypto value.
CIRO said the framework directly reflects lessons learned from prior collapses in the Canadian market.
“The framework addresses the technological, operational, and legal risks unique to digital assets,” — Canadian Investment Regulatory Organization, Digital Asset Custody Framework.
The regulator specifically referenced the 2019 collapse of QuadrigaCX, once Canada’s largest crypto exchange, which left thousands of customers unable to recover funds after the company’s founder died without sharing access credentials.
Beyond custody limits, Canada crypto regulation under the new framework introduces a broad set of operational and governance requirements for custodians and dealer members.
Firms must establish formal policies for private key management, cybersecurity, incident response, and third-party risk oversight.
Custodians are also required to carry insurance coverage, undergo independent financial and security audits, and provide compliance reports verifying adherence to recognized cybersecurity standards.
Regular penetration testing and system reviews are mandatory, reflecting regulators’ growing concern over hacking risks and internal control failures.
Custody agreements must clearly define liability in cases where losses result from negligence, misconduct, or preventable operational failures.
CIRO said this requirement is aimed at improving transparency and accountability for clients navigating complex custody arrangements.
The regulator emphasized that the framework is intentionally proportionate.
“The approach is designed to balance investor protection with continued innovation and competition,” — Canadian Investment Regulatory Organization, framework summary.
CIRO added that the rules were developed in consultation with crypto trading platforms, custodians, and other industry stakeholders, and were benchmarked against international regulatory practices.
The custody framework arrives amid intensifying enforcement activity that has reshaped Canada crypto regulation over the past year.
In October, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) fined local exchange Cryptomus approximately $126 million for failing to report suspicious transactions linked to darknet markets and fraud.
Earlier in the year, FINTRAC imposed penalties on offshore platforms KuCoin and Binance for similar anti-money laundering violations, signaling a tougher stance on compliance regardless of a firm’s geographic base.
As a national self-regulatory organization, CIRO has authority to investigate member misconduct and impose sanctions, including fines, suspensions, and trading restrictions.
The custody framework strengthens that oversight by creating clearer benchmarks for acceptable risk management practices.
The move also aligns with broader federal initiatives. Canada is preparing to introduce its first comprehensive regulatory framework for fiat-backed stablecoins under the 2025 federal budget, a development expected to further formalize Canada crypto regulation.
The Bank of Canada is projected to spend $10 million over two years beginning in fiscal year 2026–2027 to support oversight and implementation.
The initiative closely mirrors regulatory developments in the United States, where lawmakers passed the GENIUS Act in July, accelerating global momentum toward standardized stablecoin rules.
For policymakers and market participants, the custody framework marks a pivotal moment.
While interim in nature, it signals that Canada crypto regulation is shifting decisively from reactive enforcement toward structured, risk-based supervision.
As crypto markets mature and institutional participation grows, regulators say custody often overlooked during periods of rapid growth has become one of the most critical pillars of market stability.
The new framework suggests that future expansion of Canada crypto regulation will continue to focus on safeguarding client assets while maintaining Canada’s competitiveness in the global digital asset economy.
