How Banks Choose a Crypto Custody Model: Self-Custody, Third-Party, and MPC Compared

When a bank decides to hold digital assets on behalf of clients, the most consequential decision it makes is not which blockchain to support. It is how to control the private keys. The custody model a bank selects determines its security exposure, regulatory posture, and operational flexibility. This article breaks down the three principal approaches to institutional digital asset custody, explains the trade-offs honestly, and outlines the criteria banks use to make this choice.

TL;DR

• Banks can choose from three custody models: self-custody, third-party custody, or hybrid models using MPC.
• Each model distributes risk differently. None is universally superior; fit depends on the bank's internal capabilities and regulatory environment.
• MPC-based custody is emerging as the preferred architecture for institutions that want key control without single points of failure.
• Compliance requirements, operational burden, and counterparty risk are the three decisive factors in model selection.
• Infrastructure providers like Cregis allow banks to deploy institution-grade custody without building the underlying cryptographic stack from scratch.

About the Author: Cregis serves as the Trust Layer for institutional digital asset infrastructure, safeguarding over $300 billion in transactions for more than 3,500 businesses across 50 countries. Its perspective on custody architecture is grounded in live deployments across banks, payment providers, and regulated exchanges worldwide.

What Does "Crypto Custody" Actually Mean for a Bank?

Crypto custody means controlling the private keys that authorize transactions on a blockchain. Whoever holds the keys holds the assets. For a bank, this is not an abstract cryptographic concern. It is a fiduciary responsibility.

Three structural questions define a bank's custody approach:

• Who generates the keys?
• Who stores the key material?
• Who must authorize a transaction?

The answers to these three questions determine whether a bank is operating self-custody, delegating to a third party, or using a shared-control model [aminagroup.com]. Each model answers those questions differently, and each carries a distinct risk profile.

What Is Self-Custody and When Does It Make Sense for Institutions?

Self-custody means the institution generates, stores, and controls its own private keys without relying on an external party [tetradg.com]. The bank owns the full cryptographic stack.

For institutions, self-custody is appealing because it eliminates counterparty risk entirely. There is no third-party custodian that can be breached, become insolvent, or restrict access [fortris.com]. On-chain transaction tracking is also cleaner because assets are never commingled with another institution's holdings [fortris.com].

The trade-offs are significant, however:

• Operational complexity: The bank must build and maintain key management infrastructure, including hardware security modules and access control systems.
• Internal threat surface: If key material is concentrated in a single location or controlled by a small number of staff, insider risk becomes acute.
• Regulatory scrutiny: Regulators increasingly want to see documented key management procedures and independent audit trails. Self-custody requires the bank to produce all of that internally.

Self-custody works best for banks that have mature security teams, clear internal governance frameworks, and the technical capability to manage cryptographic infrastructure at scale. For most banks entering digital assets today, that bar is high.

What Is Third-Party Custody and What Are the Institutional Trade-Offs?

Third-party custody means the bank delegates key management to a licensed custodian. The custodian stores private keys, manages signing infrastructure, and often provides insurance against loss [bitgo.com].

This model lowers the operational burden considerably. Banks do not need to build cryptographic infrastructure in-house. Regulated custodians typically hold relevant licenses, carry insurance, and maintain their own audit certifications [cobo.com].

The costs, however, are also real:

• Counterparty exposure: The bank's assets are only as secure as the custodian's operations. Custodian insolvency or breach directly affects the bank's clients.
• Loss of control: The bank cannot move assets without the custodian's participation. This creates dependency in time-sensitive settlement scenarios.
• Regulatory ambiguity: In many jurisdictions, regulators are still clarifying whether delegated custody satisfies the bank's own fiduciary duty to its clients [bitgo.com].

Third-party custody is a reasonable starting point for banks testing the market, but most institutions with meaningful digital asset exposure eventually reconsider this dependency.

What Is MPC-Based Custody and Why Are Banks Moving Toward It?

MPC stands for Multi-Party Computation. In an MPC custody model, the private key is never fully assembled in one place. Instead, cryptographic key shards are distributed across multiple parties or devices, and a transaction can only be signed when a defined threshold of those shards cooperate [stripe.com].

This architecture addresses the central weakness of both prior models:

MPC does not eliminate single points of failure by adding more people. It eliminates the concept of a single point of failure at the cryptographic level [fireblocks.com]. Even if one key shard is compromised, an attacker cannot sign transactions without the remaining shards.

For banks, this matters for several reasons:

• Regulators can hold one shard, giving them audit access without full custody.
• The bank retains operational control while distributing internal risk.
• MPC is compatible with both hot and cold storage architectures, allowing banks to balance liquidity needs against security posture [taurushq.com].

The model does introduce its own complexity. MPC implementations vary significantly in their security properties depending on the underlying protocol, the number of signers required, and how key refresh is managed [fireblocks.com].

How Do Banks Actually Evaluate These Models in Practice?

Stepping back from the technical architecture, the harder question for most banks is not which model is theoretically superior. It is which model they can operate within their existing regulatory, technical, and organizational constraints.

Banks typically evaluate custody models across five dimensions:

1. Regulatory compliance: Does the model satisfy local licensing requirements and satisfy auditors?
2. Key recovery: What happens if a key shard is lost, a signing party is unavailable, or a hardware device fails?
3. Settlement speed: Can assets move in real time, or does the custody model introduce signing latency?
4. Audit trail quality: Can every transaction be traced, attributed, and reported independently of the custodian?
5. Scalability: Does the model hold up at institutional transaction volumes without degrading security controls?

These criteria consistently push banks toward MPC-based shared-control models hosted on infrastructure that they can audit but do not have to build themselves [cobo.com].

This is where institutional infrastructure enters the picture. Cregis functions as the Trust Layer for banks and regulated institutions that need Secure. Efficient. Compliant. custody. Its Nexus On-Premise solution provides a self-hosted custody architecture built on MPC, hardware security modules compatible with FIPS 140 standards, and a Zero Trust framework. Banks retain key control and full audit capability without constructing the underlying cryptographic stack. Certifications including SOC 2 Type II, ISO 27001, and PCI DSS provide the documented assurance that regulators and internal risk committees require. Cregis positions this not as a feature bundle, but as the infrastructure layer that institutional digital asset custody demands.

Frequently Asked Questions

What is the main risk of self-custody for banks? The primary risk is key concentration. If private keys are held internally without distributed controls, a single breach or insider threat can result in irreversible asset loss.

Is MPC custody regulated differently than third-party custody? Regulatory treatment varies by jurisdiction. In most markets, regulators focus on the adequacy of key management controls rather than the specific model. MPC arrangements can satisfy these controls, but banks should confirm local requirements with legal counsel.

Can a bank use MPC and still work with a third-party custodian? Yes. Hybrid models allow a bank to hold one or more key shards internally while a licensed custodian holds others. This distributes both control and liability [stripe.com].

What certifications should a bank look for in a custody infrastructure provider? SOC 2 Type II, ISO 27001, and PCI DSS are the baseline. FIPS 140-compatible hardware and independent smart contract audits add further assurance [bitgo.com].

How does custody model selection affect settlement speed? Third-party custody typically introduces signing latency because the custodian must authorize each transaction. MPC models with pre-defined threshold rules can enable near-real-time signing without sacrificing security.

What is "key refresh" in MPC and why does it matter? Key refresh is the process of replacing key shards with new ones without changing the underlying key. It limits the window during which a compromised shard can be exploited. Robust MPC implementations perform this automatically and regularly.

Is institutional digital asset custody insured? Coverage depends on the provider and the custody model. Third-party custodians often carry crime or specie insurance. Self-custody and MPC arrangements require banks to structure their own coverage or work with providers that carry relevant policies.

About Cregis

Cregis serves as the Trust Layer for institutional digital asset infrastructure. It operates across 50 countries, securing more than $300 billion in annual transactions for over 3,500 businesses. Its platform combines MPC-based custody, a Wallet-as-a-Service layer supporting 40-plus blockchain networks, stablecoin payment infrastructure, and built-in compliance tools including real-time AML monitoring. For banks and regulated institutions navigating the custody decision, Cregis provides the infrastructure layer that meets the first tier of security standards the industry demands, without requiring institutions to build that infrastructure themselves.

Ready to evaluate which custody model fits your institution? Visit cregis.com to speak with the team.