Stablecoin Custody and Counterparty Risk: What Corporate Treasurers Need to Know

Ask a corporate treasurer how the company's cash is held and you'll get a straightforward answer. It sits in operating accounts at the primary banking partner, with some portion allocated to money market funds or short-duration Treasuries at the custodian bank. The mechanics are understood and the counterparty risk is well-defined, as it hasn’t fundamentally changed for hundreds of years. The legal framework, including FDIC insurance, deposit protection, and securities safekeeping rules, has been refined over decades.

Ask the same treasurer how they would custody a stablecoin position, and the conversation gets considerably more complicated.

This isn't because stablecoin custody is inherently exotic, but simply that the entire mechanism of cryptocurrency doesn't quite fit neatly into the traditional counterparty model. Stablecoins are bearer instruments recorded on a blockchain, and controlling one requires controlling a cryptographic private key. In that sense, the closest traditional analogue isn't a bank deposit at all. It's gold.

Why Stablecoin Custody Looks More Like Gold Than Cash

As you know a bank deposit is a claim on the bank. The bank holds your dollars on your behalf, and the bank owes them to you. If the bank fails, deposit insurance protects you up to a limit, and the broader resolution framework typically makes depositors whole.

A stablecoin is different. Ownership is determined by control of the private key that can sign transactions moving the asset. Whoever holds the key, holds the asset. In that respect, stablecoins behave much more like a physical bearer asset, which is where the gold analogy becomes useful.

Gold in a treasury context can be held three ways:

1. You can store it yourself in your own vault, which gives you total control and full operational burden. 

2. You can allocate it with a custodian who holds it in a segregated, titled account in your name. 

3. You can hold it on an unallocated basis where the custodian owes you the gold but doesn't segregate specific bars. 

Each arrangement produces a very different legal and risk profile, and the choice of arrangement matters enormously if the custodian fails.

Stablecoin custody works the same way, with the same structural tradeoffs. The treasurer's job is to understand which model they're using, because the consequences of getting it wrong don't show up until something goes wrong, and by then it's too late.

The Three Custody Models

In our article on building a digital asset treasury policy, we covered at a high level the three custody models a corporate treasurer needs to choose between. They're worth unpacking in more detail here.

Exchange and Platform Custody

The simplest model is to hold stablecoins in an account at a trading venue or payments platform. The company opens an account, moves dollars in, converts them to stablecoins, and holds the balance there until it's needed.

This is operationally straightforward, effectively the equivalent of holding working capital in a brokerage sweep account. The venue handles key management, transaction signing, and reconciliation. From the treasurer's perspective, it just looks like a balance.

The problem is that ‘just looks like a balance’ is precisely the issue. On most platforms, your assets are part of a larger pool of customer assets held in the platform's omnibus wallets. You have a contractual claim on a share of that pool, not legal title to specific coins. If the platform fails, you're an unsecured creditor in a bankruptcy, subject to whatever the estate can recover and however the court chooses to allocate it.

This isn't a hypothetical concern. The 2022 FTX collapse and the 2023 failure of Prime Trust both demonstrated what happens when platforms that treasurers assumed were holding assets safely turned out to be operating without the controls, segregation, or solvency those treasurers had assumed.

It’s also precisely this concern that created the saying in cryptocurrency circles of ‘Not your keys, not your coins.’ However, it’s also worth noting that the controls and transparency of many platforms have improved as a result of these failures, and their use should be considered on a case-by-case basis.

Qualified Custodians

The institutional middle ground is the qualified custodian. This is a regulated trust company or bank subsidiary that holds digital assets under fiduciary standards, with clear legal separation between customer assets and the custodian's own balance sheet.

A qualified custodian is the closest functional analogue to the traditional custody banks that treasurers already know. The custodian holds assets in segregated accounts, maintains books and records tied to specific customers, provides SOC 2 attestation, carries crime and cyber insurance, and is subject to regular regulatory examination. When the custodian goes to transfer assets on the customer's instruction, it does so from clearly titled accounts rather than from an undifferentiated pool.

The qualified custody landscape has expanded significantly over the past eighteen months. The Office of the Comptroller of Currency (OCC), through a series of interpretive letters issued in 2025, has reaffirmed that national banks and federal savings associations may provide crypto-asset custody services and may outsource those services to qualified sub-custodians, subject to standard third-party risk management.

That has opened the door to a growing number of national trust bank charters. Between late 2025 and early 2026, more than ten institutions, including Coinbase, Fidelity, and several crypto-native firms, applied for or received conditional OCC national trust bank charters, each structured specifically to serve as a qualified custodian for digital assets.

For most corporate treasury functions, qualified custodians should be the default. They are the only model that combines institutional-grade controls, insurance, regulatory oversight, and legal segregation.

Self-Custody

The third model is self-custody, where the company itself controls the private keys, typically through a multi-signature wallet or institutional-grade key management solution that distributes signing authority across multiple individuals or hardware security modules.

Self-custody gives you total control. No counterparty can freeze your assets, no custodian insolvency can trap them, and no third party needs to approve a transaction. If you can sign it, you can move it.

The flip side is that total control means total responsibility. If keys are lost, the assets are gone. There is no help desk to call and no account recovery process. If internal controls fail, whether through error, fraud, or cyberattack, there is no third-party risk absorber to fall back on. The operational requirements, including key ceremony procedures, segregation of signing roles, secure key storage, tested recovery processes, and audit trails, are significant, and getting any of them wrong can have permanent consequences.

Self-custody makes sense for some organizations, particularly those with deep operational experience in digital assets and specific business reasons to hold assets directly. For most corporate treasury functions starting out, the operational burden outweighs the marginal benefits, and a qualified custodian is the cleaner starting point.

Counterparty Risk Is the Core Question

Everything above comes back to one core question. If the entity holding your stablecoins fails, what happens?

For bank deposits, the answer is well-understood. Deposits are insured up to the FDIC limit, and bank resolution processes have been refined over decades. For stablecoins held at a qualified custodian, the answer depends almost entirely on how the custodial arrangement is structured.

The 2023 bankruptcy of Prime Trust, a Nevada-chartered trust company widely regarded as a reliable custodian until it collapsed, has become the defining case study. Prime Trust had been operating under a state trust charter, had published reserves, and had institutional clients across the crypto industry. When it failed, it emerged that the company had lost access to some cold storage wallets years earlier and had been using customer funds to meet withdrawal requests, a shortfall that ran to tens of millions of dollars.

The critical development came two years later. In July 2025, the Delaware bankruptcy court ruled that cryptocurrency Prime Trust held in omnibus wallets was "hopelessly commingled" and therefore constituted property of the bankruptcy estate rather than property of individual customers. Judge J. Kate Stickles held that commingled customer assets under the debtor's control were presumptively property of the debtor, regardless of what the customer agreements said and regardless of whether the assets could be traced on-chain. The assets were converted to dollars and distributed to creditors on a pro-rata basis.

The legal principle is the one treasurers should be clear on. Customer agreements that say assets are held "for the benefit of" the customer aren't sufficient on their own. What matters is whether the custodian's operational structure actually achieves legal segregation, which means separate accounts, separate books and records, and clearly traceable ownership that survives insolvency.

The practical implication is that custodian selection isn't primarily a technology decision or a pricing decision, but a legal structure decision. Your policy should require, at minimum:

• Clear legal segregation of company assets from the custodian's balance sheet, documented in the custody agreement and reflected in the custodian's account structure.

• Bankruptcy remoteness, meaning the custodial arrangement is structured so that customer assets are not available to the custodian's creditors in insolvency. A qualified trust structure is the cleanest way to achieve this.

• Regulatory oversight by a competent banking regulator (OCC, state banking authority, or foreign equivalent), with documented examination history.

• Attestation and audit, including SOC 2 Type II reports, financial audits, and, ideally, proof-of-reserves where the custodian can demonstrate on-chain holdings that match customer balances.

• Insurance coverage for theft and operational loss, with clearly defined scope and limits.

None of this is exotic. It's the same diligence a treasury team would apply to a traditional custody bank relationship. The difference is that for stablecoins, the legal infrastructure is newer, the regulatory frameworks are still maturing, and the consequences of a misstep are less well-protected by the safety nets that exist for traditional banking.

Issuer Risk Is the Other Half of the Equation

Custodian risk gets most of the attention, but the issuer is the other counterparty in the picture, and the risk profile is fundamentally different. Just like regular fiat currencies, which are created and managed by governments, each stablecoin has behind them an issuing organisation. A qualified custodian holding USDC on your behalf doesn't change the fact that USDC itself is a liability of Circle, backed by reserves that Circle holds and manages. If the issuer fails, or if the reserves turn out to be insufficient, the asset itself loses value regardless of who is custodying it. No custody arrangement can insulate you from a broken peg.

It’s something that can and has happened. USDC briefly de-pegged in March 2023 when a portion of Circle's reserves were held at Silicon Valley Bank during its collapse, recovering only after federal intervention guaranteed the deposits. The lesson wasn't that USDC was structurally unsound. It was that even well-regulated, fully-reserved stablecoins inherit the risk profile of wherever their reserves are actually held.

For treasury purposes, issuer diligence should cover reserve composition (cash and short-duration Treasuries as the baseline), reserve location and concentration, attestation cadence (monthly from a recognized accounting firm at minimum), direct redemption rights with the issuer, and regulatory status under frameworks like the GENIUS Act or MiCA. Custody risk and issuer risk are independent, and policy needs to address both, with concentration limits applied at the issuer level as well as the custodian level.

Pulling It Together

Stablecoin custody is not a simple problem, but it's a tractable one. The key is to recognize that the mental model of ‘digital dollars in a bank account’ is misleading, and that the more useful analogue is a bearer asset like gold. From that starting point, the three custody models (exchange and platform, qualified custodian, self-custody) map cleanly to familiar treasury concepts, and the diligence framework applied to traditional custody banks largely carries over.

For most corporate treasury functions, a qualified custodian is the right starting point. The infrastructure is maturing rapidly, the regulatory posture is clarifying, and the legal structures needed to achieve proper bankruptcy-remote segregation are well-established. Counterparty risk doesn't go away, but it becomes manageable through the same diligence, documentation, and ongoing monitoring that applies to any banking relationship.

The final piece is visibility. Even the best custodial arrangement is only as useful as the reporting infrastructure that surfaces balances, transaction history, and counterparty exposure in the same connected view as traditional bank and treasury data. Without that, concentration limits and exposure monitoring become manual processes, and manual processes don't scale.

While there are a number of steps to consider, the benefits for organizations implementing stablecoins into their treasury workflow can be well worth the effort.

Trovata helps treasury teams bring digital asset custody positions into the same normalized visibility layer as their traditional bank and treasury data, making counterparty risk and concentration monitoring a real-time capability rather than a spreadsheet exercise. Book a demo today.