Qualified Digital Custody in Canada. The Map.
Custody is the layer where Canadian regulatory clarity is strongest and where the institutional adoption gate sits hardest. Without a qualified Canadian digital asset custodian, no Canadian regulated counterparty can hold a tokenized real-world asset in a manner that clears institutional mandates. The CIRO Digital Asset Custody Framework, formalized in 2025, defined the operational requirements; a small set of Canadian custodians now meets them. This report maps the active providers, the capital tiers, the regulatory standing, the supported asset types, and where 4orm Finance's CustodyCo entity fits inside the layered HoldCo / OpCo / CustodyCo model the framework requires.
Executive summary
Custody is the gate. Without a qualified Canadian digital asset custodian, no Canadian regulated counterparty (chartered bank, pension fund, insurance company, asset manager operating under provincial securities regulators) can hold a tokenized real-world asset in a manner that clears its institutional mandates. The CIRO Digital Asset Custody Framework, formalized in 2025, defined the operational requirements that a qualified custodian must meet. A small but credible set of Canadian custodians now operates under that framework. This report maps the active providers, the capital tiers, the regulatory standing, the supported asset types, and where 4orm Finance's CustodyCo entity fits inside the layered HoldCo / OpCo / CustodyCo model the framework requires.
The picture in early 2026 is that Canada has more credible qualified custody capacity than the international narrative usually acknowledges, that the regulatory framework around it is among the clearest globally, and that the layer is well-positioned to support the institutional volume that the maturing Canadian tokenization layer will eventually produce. The bottleneck has migrated from custody to venue. That is the constructive read.
1 Why custody is the institutional gate
Institutional mandates almost universally require that securities held on behalf of a beneficiary sit with a qualified custodian, in a structure with defined segregation, insurance, and operational safeguards. The reasons are conservative and standard: protection against custodian insolvency, protection against operational error, protection against fraud, and clarity on beneficial ownership in the event of distress.
For tokenized real-world assets, the same logic applies. A regulated counterparty cannot hold a tokenized security in a self-custody wallet, on an unregulated exchange, or with a custodian that does not meet the operational and regulatory bar. The mandate constraints are binding, not aspirational. They define what is and is not investable.
For Canadian regulated counterparties, the qualified custodian requirement for tokenized real-world assets is set by a combination of provincial securities-regulator expectations, the CIRO Digital Asset Custody Framework, and the standard prudential expectations that already govern conventional custody for the same counterparty.
The CIRO framework is the operational specification. Custodians that meet it can hold regulated digital assets on behalf of Canadian regulated counterparties. Custodians that do not, cannot. The framework is the gate.
2 What the CIRO framework requires
The CIRO Digital Asset Custody Framework, formalized in 2025 after several years of staff notice and consultation, sets out the operational expectations for qualified digital asset custodians in Canada. The framework is detailed; the core requirements organize into seven categories.
Segregation of customer assets from custodian's own assets. Customer-owned digital assets must be held in segregated, identifiable accounts, not commingled with the custodian's house assets. This is a conventional custody requirement applied to digital assets.
Tiered capital and bond requirements. Custodians must hold minimum regulatory capital that scales with assets under custody, plus carry a defined level of insurance or surety bonding against losses from operational failure or theft.
Operational and technology controls. Multi-signature key management, hot-wallet and cold-wallet separation with defined limits, hardware security module standards, defined private-key generation procedures, defined disaster recovery and continuity protocols.
Independent attestation and audit. Regular third-party attestation of asset holdings and reserves, with reporting cadence aligned to risk profile.
Reporting to regulators. Periodic and event-driven reporting to CIRO and to relevant provincial securities regulators, including weekly custody monitoring data, incident reports, and material event disclosures.
Three-entity separation (HoldCo / OpCo / CustodyCo). The framework requires the custodial function to be operated in a legally and operationally separate entity from any trading, marketplace, or proprietary activities. This is the architectural requirement that distinguishes the Canadian framework from many international frameworks. It applies bankruptcy-remote protections to custody and prevents conflicts between custody and trading activity.
Customer due diligence and AML/CFT. Standard financial-crime regime requirements, applied to the custodian's onboarding and ongoing monitoring of clients.
These requirements are exacting. They are intentionally so. Custodians that meet them are credible institutional counterparties; custodians that do not, are not. The framework collapses ambiguity in a way that is genuinely useful for the Canadian institutional buy side.
3 The active Canadian qualified custodians
Three Canadian providers are operating at credible institutional scale under the framework, with several others in various stages of build-out.
Tetra Trust (Calgary). The earliest and most institutionally backed Canadian digital asset custodian. Tetra Trust Company is a regulated provincial trust company with explicit authority to custody digital assets on behalf of regulated Canadian counterparties. Tetra has been operational since the late 2010s, has institutional backing from major Canadian fintech stakeholders, and has reported interest from traditional financial institutions. Tetra's positioning is institutional-first, with deep relationships across the Canadian banking and capital-markets community.
Balance (Toronto). Balance is an insurance-backed institutional digital asset custodian with a growing client roster through 2024 and 2025. Balance operates with a focus on insured cold-storage custody and has expanded the asset coverage across regulated digital securities and major digital asset classes. The insurance-backed positioning is distinctive and is well-received by certain institutional segments where insurance recovery is a primary risk-mitigation expectation.
Brane Inc. (Ottawa). Brane operates as a trust-company-backed digital asset custodian, with focus on regulated Canadian institutional flows. Brane has built out the technology and operational capacity to meet the CIRO framework requirements and has positioned itself as a domestic alternative to international qualified custody providers.
Several other Canadian institutional entities have qualified digital asset custody initiatives in various stages of maturation, including activity within the Tetra group, within the major Canadian fintech operators, and within the institutional digital asset infrastructure operators that adjacent to Cybrid and Stablecorp. The active institutional capacity will likely expand over the next 24 months as additional providers complete the CIRO operational requirements.
4 The capital tier and asset coverage map
The relevant institutional question is not just "who can custody," but "who can custody what, at what scale, with what capital backing." A working summary as of early 2026:
For tokenized regulated securities issued under Canadian securities law (the majority of the institutional tokenization use cases that this report series covers), the three active providers above can all custody at institutional scale, with capital and bond coverage that meets the framework. The differentiation among them comes down to client-fit considerations: existing institutional relationships, technology stack compatibility, fee structure, reporting cadence, and the specific asset types each provider has built operational support for.
For tokenized stablecoins and tokenized digital cash (QCAD, regulated CADC), custody is typically held by the stablecoin issuer's custody arrangement, with end-counterparty access through one of the qualified custodians above. The custody chain is well-defined.
For tokenized commodities (AuCan-style tokenized bullion), the custody model is hybrid: the underlying physical commodity is held in regulated insured vault custody (independent of the digital asset custodian), and the on-chain digital security is held by a qualified digital asset custodian. The two layers need to be operationally tightly coordinated; the framework expectations apply to both.
For tokenized real estate, tokenized credit, and other RWA classes, the institutional custody pattern is similar: the on-chain digital security held by a qualified digital asset custodian, with separate registrar and trustee functions for the underlying asset rights.
The aggregate picture is that the active Canadian qualified custody layer can support the institutional tokenization use cases that are credible today. It is unlikely to be the constraint that prevents institutional volume from scaling.
5 How 4orm Finance's CustodyCo entity fits
The CIRO framework requires the three-entity HoldCo / OpCo / CustodyCo separation. 4orm Finance is being structured to comply with this requirement from the start, with a separate CustodyCo entity that operates under independent governance from the OpCo (which runs the trading, marketplace, and settlement functions) and the HoldCo (which is the parent regulatory entity).
The structural posture of 4orm Finance's CustodyCo is that it sits alongside, not instead of, the existing Canadian qualified custodians. The expectation is not that 4orm Finance becomes the sole custody provider for assets traded on its venue. The expectation is that institutional counterparties choose the qualified custodian that fits their existing operational and mandate posture, and that the 4orm Finance venue interoperates with all qualified Canadian custodians, plus selected international qualified custodians where cross-jurisdictional flows require it.
This is the layered architecture that the framework was designed to support: a multi-venue, multi-custodian, multi-issuer model where the institutional counterparty can choose its own qualified custodian without being forced into a venue-controlled custody arrangement. The architecture is the Canadian alternative to vertically integrated single-bank or single-platform models that exist in other jurisdictions.
6 The international comparison
The Canadian qualified custody framework is, on a credible read, among the clearest globally. The comparison to adjacent jurisdictions is informative:
United States. Custody for tokenized securities sits at the intersection of SEC custody rules (the "qualified custodian" requirement under the Investment Advisers Act), state-level trust company regulation, and OCC guidance on national-bank digital asset custody. The aggregate framework is less codified than the CIRO framework, has shifted multiple times under different SEC and OCC postures, and has been subject to litigation. The result is institutional-grade custody capacity exists (BNY Mellon, State Street, Anchorage Digital Bank, Fidelity Digital Assets) but the regulatory clarity around it is more fragmented than the Canadian equivalent.
United Kingdom. The FCA's crypto-asset regime is conservative and evolving. Custody-specific framework is less codified than CIRO and has fewer active qualified custodians serving institutional flows at scale.
Singapore and Hong Kong. Both jurisdictions have built credible qualified custody frameworks, with active institutional providers. The frameworks are more codified than the US position but are designed primarily for institutional-flow domestic activity in each jurisdiction.
Switzerland. SDX-aligned custody under Swiss FINMA oversight is well-developed and is the European reference for institutional tokenized securities custody.
The Canadian framework is competitive with the strongest international peers in clarity and conservative-design rigor. The active provider count is smaller than in the US or Switzerland, but the per-provider capacity and the framework around them is institutional-grade.
7 The risk register
The honest read of the Canadian qualified custody layer includes three considerations that institutional risk teams will need addressed.
Concentration risk among providers. With a small number of active institutional-grade providers, concentration risk is non-trivial. Mandate-level diversification across multiple custodians is the standard institutional response, and the active provider count is sufficient to support this for most use cases. It is, however, a watch item.
Insurance coverage capacity. The total insurance and bond capacity available for digital asset custody is finite. As institutional assets under custody grow, the coverage-per-dollar ratio compresses. This is an industry-wide consideration, not Canada-specific, and is being addressed by the global insurance industry expanding capacity. It is, however, a real consideration for the institutional buy side.
Operational resilience under stress. Digital asset custody at scale has not been stress-tested against a major operational failure event in the Canadian framework yet. The framework is conservatively designed and the providers are operationally credible, but the empirical stress test has not occurred. This is a feature of the framework's maturity, not a critique.
These are addressable risks. None of them is a reason for institutional buyers to defer onboarding to Canadian qualified custodians. They are the standard institutional considerations that mandate-level diligence will address.
8 The constructive read
Canada has built a qualified digital asset custody layer that is institutionally credible, regulatorily well-defined, and operationally aligned with the conservative posture that Canadian institutional buyers require. The framework (CIRO Digital Asset Custody Framework, formalized 2025) is among the clearest globally. The active providers (Tetra Trust, Balance, Brane) operate under it at institutional scale.
The custody layer is no longer the bottleneck for Canadian institutional tokenization. The bottleneck has migrated to the regulated, multi-institution venue layer that institutional counterparties need in order to actually transact tokenized RWAs on terms that meet their mandates. That layer is what 4orm Finance is being designed to operate, with a CustodyCo entity that sits inside the framework alongside the existing qualified custodians, not in competition with them.
The constructive read is that the Canadian institutional tokenization stack has the custody layer it needs. The remaining work is on the venue layer, the issuance layer, and the settlement layer. The custody layer is ready.
Background and Sources
- Canadian Investment Regulatory Organization, "Digital Asset Custody Framework," 2025.
- Canadian Securities Administrators, staff notices and joint statements on crypto-asset trading platforms and tokenized securities, 2021 to 2025.
- Tetra Trust Company, public materials and provincial trust authority documentation, 2024 and 2025.
- Balance, public materials and insurance-backed custody disclosures, 2024 and 2025.
- Brane Inc., public materials and trust-company-backed custody disclosures, 2024 and 2025.
- SEC, Investment Advisers Act qualified custodian rule, current as of 2025.
- FINMA, SDX-aligned custody framework documentation, 2024.
This report is institutional research from KCS Capital. It is for informational purposes only and does not constitute an offer or solicitation to buy or sell securities. KCS Capital Inc. is an independent technology and research firm; 4orm Finance operates as a separate regulated entity.