A custodian looks after an actors private key. For institutions, self custody - that is self insuring against loss - may not be the best solution. Hence outsourcing to a custodian, who has the technical expertise and insurance, may be a better solution

As with any outsourcing the key risk is trust.

Code risk (1)
Does the custodian use cold storage?
1.53 Storing part or all of a private key makes it more challenging to access a public key
Does the custodian use secret sharing or multi sig on its wallets?
1.54 Hot wallets need protecting
Governance risk (3)
Are the owners and controllers of the Custodian known?
3.59 Proper governance should be ensured
Does the Custodian have ISO 27001 certification?
3.114 Certain ISO standards provide comfort that the Custodian has adequate systems and controls regarding information security
Is the Custodian regulated by a government agency?
3.117 For some actors, a VASP regulated by a government agency helps de-risk governance issues
Loss or Theft risk (12)
Does the custodian offer any insurance in case of loss or theft?
12.56 Insurance policies should cover all actors
Does the Custodian have bankruptcy remote procedures?
12.58 Procedures for an orderly wind down will ensure customer actors will have the ability to recover their assets
Dependency risk (22)
Have you consider a redundancy policy to avoid over reliance on their services?
22.131 Over reliance on a VASP withou a contigency backup or substitute VASP can be problematic
Operated by BinariiLabs
Privacy disclosure

We respect, as should all of us, your privacy. We aim to collect as little as possible. We use no marketing cookies and try to keep our code dependancies to a minimum. If you think we can do better, let us know. Further information: Privacy Policy

Show cookies (should be none)

No financial advice

These global standards, best practice guidance and risk due diligence questions are an attempt to make DeFi a level playing field. They are not intended to provide any investment advice. Claims made in this website do not constitute investment advice and should not be taken as such. In the meantime, it would be very useful if the jurisdictional regulators would start working together and treating these new financial related projects as a different form of instrument. The Howey Test (1946) was designed in an era of deeds of title and paper bearer certificates. DeFi can be humanless and profit is not always the motive for using protocols. TradFi Derivatives for example are based on underlyings of real assets like the fair value of incorporated companies whose value is derived from fiat currencies which are themselves derivatives on an underlying like gold or a printing machine. Fiat is seen to be a real asset which it clearly is not. The new DeFi world matches actors with agendas. Most of the time the agenda is to do things better and faster. Defi enables everyone including the bankless and unserved members of the community to transact without having to understand how to use Excel or have an MBA from an elite university or be able to able to decipher the millions of pages of legal text opinions as to whether a bitcoin is a currency, a security, a commodity, a derivative, an underlying, a valueless number, type of gambling or something that will just go away. While we wait for a consensus by the old guard, the new guard will create their own computer based standards. Our aim is to turn these standards into bots or smart contracts that do all of this behind the scenes. Image a world where the community agree on how to transact and just do it without a parental overseer who is always a bit behind the curve...


You can grab this data (=importdata(api)) for free. The full data set is here at


If you have a key you can grab completed rddqs for the most current relevant actor services at


Collateral & Code

Hero image from

Actor Icons from

Other icons from cryptoLogos.

DeFi Universe

Our Logo Icon (svg).

Our Brand Logo (svg).

See our tech profile at




VASP lists.