Bitcoin State Examination

State Regulatory Examination for Custody Compliance

This memo is published by CustodyStress, an independent Bitcoin custody stress test that produces reference documents for individuals, families, and professionals.

Custody Rule Interpretation For Bitcoin

State securities regulators examine registered investment advisors for compliance with custody rules. Examiners review how advisors safeguard client assets using protocols developed for traditional securities custody. An advisor holds client bitcoin alongside stocks and bonds. The bitcoin state examination applies custody rule frameworks designed for broker-dealers and qualified custodians to cryptocurrency holdings where those frameworks fit imperfectly.

State examination manuals describe custody verification procedures. Confirm account statements match custodian records. Verify assets are held in client name. Review surprise examination procedures. These protocols assume institutional custodians, standardized statements, and established verification methods. Bitcoin state examination encounters framework application problems when examiners apply traditional custody standards to seed phrase backups, hardware wallets, and multisignature arrangements that do not map to traditional custody concepts.

---

Custody Rule Interpretation For Bitcoin

State custody rules require advisors to maintain client assets with qualified custodians or meet specific safekeeping requirements. Bitcoin creates definitional questions. Is a hardware wallet in the advisor's safe a qualified custodian? The rule contemplates banks, broker-dealers, and registered entities. Hardware wallets are devices not institutions. Examiners applying custody rules to bitcoin encounter classification uncertainty when custody methods do not fit rule categories.

Some states follow SEC custody rule interpretations. Others have independent frameworks. An advisor operates across multiple states. Each state examiner interprets bitcoin custody requirements differently. One state accepts hardware wallet custody with proper controls. Another state deems it non-compliant requiring third-party qualified custodian. The advisor faces conflicting compliance obligations when state bitcoin examination standards diverge based on differing rule interpretations.

Custody rule exemptions may or may not apply to bitcoin. Rules exempt certain advisory relationships or account types. An advisor claims exemption for bitcoin held in separately managed accounts. The examiner questions whether bitcoin accounts qualify for the exemption when rule language contemplated traditional securities. Bitcoin state examination creates rule application ambiguity when exemption language lacks cryptocurrency-specific guidance.

---

Client Asset Verification Methodology Gaps

Examiners verify advisors actually hold reported client assets. For traditional securities, this means confirming custodian statements match advisor records. Bitcoin verification requires different procedures. An advisor reports client holds 5 bitcoin. The examiner wants verification. There are no account statements from qualified custodians. The advisor provides blockchain addresses showing 5 bitcoin. The examiner must determine whether blockchain records constitute adequate verification when traditional confirmation methods do not exist.

Some examiners request proof of control not just proof of existence. Blockchain shows bitcoin exists at certain addresses. This proves the bitcoin exists but not who controls it. The examiner wants demonstration that the advisor can actually access and transact with the bitcoin. This requires signing a message or executing a test transaction. Bitcoin state examination procedures must adapt from statement verification to cryptographic proof-of-control when blockchain transparency provides existence evidence but not control evidence.

Multisignature arrangements complicate verification further. An advisor holds client bitcoin in two-of-three multisig requiring advisor signature plus client signature. The examiner verifies the arrangement exists but cannot verify functionality without both parties participating. The advisor cannot unilaterally demonstrate control. Verification depends on client cooperation during examination. Bitcoin state examination encounters participation requirements when multisig custody prevents independent advisor control verification.

---

Surprise Examination Procedure Adaptation

Custody rules require surprise examinations for advisors with custody. An independent accountant must verify client assets annually without advance notice. For traditional custody, this means contacting custodians and confirming client account holdings. Bitcoin creates surprise examination challenges when there are no institutional custodians to contact and verification requires advisor cooperation to demonstrate seed phrase functionality.

Some advisors store bitcoin seed phrases in safe deposit boxes or with attorneys. The surprise examiner cannot access these without advisor assistance. The element of surprise disappears when verification requires the advisor to retrieve materials from offsite locations. Bitcoin state examination surprise procedures lose effectiveness when custody verification depends on advisor participation that advance notice would not have prevented anyway.

Examiners conducting surprise examinations expect to complete verification during the visit. Traditional custody verification involves phone calls to custodians. Bitcoin verification may require technical procedures the examiner cannot perform onsite. Testing seed phrase recovery takes time and technical knowledge. The examiner must either trust advisor representations or return later for verification completion. Bitcoin state examination surprise timing conflicts with technical verification requirements that do not complete during single-day examiner visits.

---

Documentation Standard Interpretation

Custody rules require advisors to maintain adequate documentation. For traditional assets, this means custodian statements, trade confirmations, and account agreements. Bitcoin documentation consists of seed phrase backups, address lists, and transaction histories that look nothing like traditional custody documentation. Examiners reviewing bitcoin state examination files must decide whether non-standard bitcoin custody documentation meets adequacy standards designed for institutional custodian paperwork.

Some advisors document bitcoin custody using blockchain explorers. They maintain lists of addresses with blockchain links showing holdings. Examiners accustomed to formal statements question whether informal tracking constitutes adequate documentation. The blockchain data is accurate but presentation format differs from traditional statements. Bitcoin state examination documentation review encounters format versus substance questions when accurate records do not follow traditional presentation conventions.

Transaction documentation for bitcoin includes blockchain transaction IDs rather than trade confirmations. An examiner reviewing client account activity wants trade confirmations. The advisor provides blockchain transaction hashes. The examiner cannot read blockchain data without technical tools. Bitcoin state examination documentation standards require either examiner technical capability or acceptance that bitcoin transaction documentation differs fundamentally from securities transaction documentation.

---

Physical Security Review Expectations

Examiners review physical security for custody arrangements. Office visits examine safes, locked filing systems, and access controls. An advisor stores hardware wallets in a safe. The examiner inspects the safe checking whether it meets security standards. But what standards apply? Rules for physical securities custody assume specific safe ratings and alarm systems. Do these standards apply to hardware wallets? Bitcoin state examination physical security review applies traditional safe custody standards to devices where the value is cryptographic not physical creating standard application uncertainty.

Some advisors use geographically distributed seed phrase storage. Shamir backup splits shares across multiple locations. The examiner visits the main office. Three of five backup shares are elsewhere. The examiner cannot verify complete custody arrangement during office visit. Bitcoin state examination of distributed custody requires either multi-site inspection or reliance on advisor representations about offsite storage security.

Advisors using institutional bitcoin custodians face different examiner review. The examiner verifies the custodian is legitimate and reviews account agreements. This resembles traditional custody examination. But many institutional bitcoin custodians are new entities without long operational histories. Examiners must evaluate custodian reliability without established track records or familiar names. Bitcoin state examination custodian vetting applies institutional reliability criteria to cryptocurrency companies that may not meet traditional qualification benchmarks.

---

Segregation and Commingling Review

Custody rules prohibit commingling client assets with advisor assets. For traditional securities, segregation means separate accounts. Bitcoin segregation means separate addresses or wallets. An examiner reviews how advisor segregates client bitcoin from firm bitcoin. The advisor uses separate hardware wallets for each. The examiner must determine whether separate devices constitute adequate segregation when both devices could be in the same physical location.

Some advisors segregate client bitcoin using different addresses within the same wallet. Each client has designated addresses but all addresses derive from one master seed. Technically segregated but cryptographically related through common seed phrase. The examiner must decide whether this meets segregation requirements. Bitcoin state examination segregation review encounters questions about whether cryptographic separation equals physical separation when underlying key material is shared.

Address reuse complicates segregation verification. An examiner reviews transaction history. Some addresses received deposits from multiple clients before the advisor implemented proper segregation. Old transactions show commingling even though current practice segregates properly. Bitcoin state examination catches historical segregation failures through blockchain transparency in ways traditional custody review would not detect unless account statements were preserved showing prior commingling.

---

Disaster Recovery and Business Continuity Testing

Examiners review disaster recovery plans. Advisors must demonstrate asset recovery capability if main systems fail. For traditional custody, this means showing backup account access or custodian relationship continuity. Bitcoin disaster recovery means demonstrating seed phrase backup functionality. The examiner wants proof backups work. Testing requires restoration attempt that could create operational risk if testing goes wrong. Bitcoin state examination disaster recovery verification encounters risk-reward tension when testing itself could jeopardize actual custody.

Some advisors claim seed phrase backups are tested but provide no documentation. The examiner wants verification. Undocumented testing cannot be confirmed. The advisor must either test during examination or accept examiner skepticism. Bitcoin state examination backup verification requires live testing or detailed historical testing documentation beyond what traditional custody disaster recovery reviews demanded.

Business continuity plans describe key person dependencies. For bitcoin custody, this often means certain individuals know seed phrase locations or passphrases. The examiner reviews succession planning. What happens if the key person leaves or dies? The plan says backup locations are documented. But the documentation itself may be controlled by the key person. Bitcoin state examination continuity review reveals single-point-of-failure risks traditional custody succession planning did not create because institutional custodians provided continuity independent of advisor personnel changes.

---

Fee Billing Verification From Bitcoin Holdings

Advisors billing fees based on assets under management must accurately report holdings. Examiners verify fee calculations. For traditional assets, this means confirming market values and account balances. Bitcoin fee billing verification requires confirming address ownership and accurately pricing volatile assets. An examiner reviews fee billing. The advisor charged fees on bitcoin holdings valued at month-end. Bitcoin price moved 20% during the month. The examiner questions whether monthly snapshots fairly represent holdings or whether more frequent pricing is required. Bitcoin state examination fee billing review encounters volatility questions traditional asset fee verification rarely faced.

Some advisors bill fees in bitcoin. Clients pay advisory fees from their bitcoin holdings. The examiner must verify fee transactions occurred correctly and at appropriate rates. This requires reviewing blockchain transactions and confirming bitcoin amounts converted correctly to fee percentages. Bitcoin state examination fee verification becomes technical requiring blockchain analysis capability examiners may not possess.

---

Third-Party Service Provider Review

Examiners review advisor use of third-party service providers. For bitcoin custody, this includes exchanges, wallet software providers, and custodians. The examiner wants due diligence documentation showing the advisor vetted providers appropriately. Traditional custody provider vetting includes reviewing SEC registration, financial statements, and insurance. Bitcoin providers may lack these traditional credentials. Bitcoin state examination service provider review applies traditional due diligence criteria to cryptocurrency companies operating under different regulatory frameworks.

Some bitcoin service providers are foreign entities. An advisor uses a Swiss custody provider. The examiner wants proof of adequate oversight and regulation. Foreign bitcoin custodians may operate under non-US regulatory frameworks examiners are unfamiliar with. Bitcoin state examination of foreign providers requires evaluating unfamiliar regulatory systems or accepting that traditional US-focused oversight standards do not apply internationally.

Wallet software presents unique provider questions. Is an open-source wallet a service provider requiring due diligence? There is no company to vet. The advisor uses software maintained by anonymous developers. The examiner's framework assumes identifiable provider entities. Bitcoin state examination service provider review encounters software-as-provider questions when custody tools lack traditional corporate structures requiring due diligence.

---

Client Agreement and Disclosure Review

Examiners review client agreements and disclosures. For bitcoin holdings, this includes checking whether clients understood custody arrangements and risks. An advisor's client agreement mentions bitcoin holdings. The disclosure is brief stating bitcoin investments carry risks. The examiner wants more detailed risk disclosure. How much detail is adequate? Traditional securities risks have established disclosure standards. Bitcoin risk disclosure lacks templates or regulatory examples. Bitcoin state examination disclosure review applies general adequacy standards to cryptocurrency-specific risks without clear benchmarks for what constitutes sufficient disclosure.

Some client agreements were written before bitcoin holdings became significant. They contain generic alternative investment language. The examiner questions whether generic language adequately covers bitcoin-specific custody risks like seed phrase loss, fork handling, or exchange bankruptcy. Advisors must decide whether to amend existing agreements or argue existing language provides adequate notice. Bitcoin state examination agreement review reveals disclosure gaps when documents were drafted before cryptocurrency custody became relevant.

---

Trading Authorization and Limit Verification

Examiners verify advisors trade only within client-authorized parameters. For traditional securities, this means reviewing investment policy statements and trading limits. Bitcoin trading creates verification questions around what constitutes a trade. Is moving bitcoin between wallets a trade? Consolidating UTXOs? The examiner reviews transaction history. Numerous transactions appear. Some were trading activity. Others were custody management. Bitcoin state examination trading review requires distinguishing trading from custody operations when blockchain transparency shows all bitcoin movements without categorizing purpose.

Some advisors have limited authority to trade bitcoin but full authority for other assets. The client agreement specifies different authorization levels by asset type. The examiner must verify the advisor respected these limitations. For traditional securities, this means checking trade confirmations against authorization. For bitcoin, it means reviewing blockchain transactions and determining which involved trading versus custody operations. Bitcoin state examination authorization verification requires technical transaction analysis beyond what traditional securities trading review demanded.

---

Record Retention Compliance Verification

Securities rules require advisors to retain records for specified periods. An examiner reviews record retention compliance. For traditional securities, this means confirming trade records, account statements, and correspondence are preserved. Bitcoin record retention raises questions about what constitutes the record. Is the blockchain the record? Wallet software logs? Exchange confirmations? All of the above? Bitcoin state examination record retention review encounters scope questions when determining what must be retained for bitcoin transactions.

Some advisors rely on blockchain permanence for transaction records. They do not retain separate documentation believing blockchain provides perpetual record. The examiner questions whether blockchain access alone satisfies record retention requirements when the advisor may lose ability to identify which addresses belonged to which clients. Bitcoin state examination record retention must include address ownership documentation in addition to blockchain transaction data to create complete retained records.

---

Examiner Technical Knowledge Limitations

State examiners have varying bitcoin knowledge levels. Some examiners never encountered cryptocurrency in prior examinations. They review bitcoin custody using traditional frameworks because they lack cryptocurrency-specific examination training. The advisor explains multisignature custody. The examiner does not fully understand the technology but must determine compliance. Bitcoin state examination outcomes vary based on examiner technical knowledge creating inconsistent review experiences across different examiners and states.

Some states provide bitcoin examination guidance to examiners. Others do not. An advisor undergoes examination in a state without examiner training materials. The examiner improvises applying general custody rules to bitcoin without clear standards. The resulting examination findings may be based on misunderstanding rather than actual compliance failures. Bitcoin state examination quality depends on examiner education about cryptocurrency custody that many state programs have not yet developed.

---

Deficiency Letter Response Challenges

Examiners issue deficiency letters citing compliance concerns. For bitcoin-related findings, advisors must respond explaining why their practices comply or how they will remediate. Traditional deficiency responses cite established practices or regulatory guidance. Bitcoin deficiency responses often argue by analogy because direct guidance does not exist. An examiner cites lack of qualified custodian for bitcoin holdings. The advisor responds that hardware wallets with appropriate controls meet custody intent. The examiner may or may not accept this argument. Bitcoin state examination deficiency resolution occurs through interpretation rather than established precedent.

---

Outcome

Bitcoin state examination problems emerge when traditional custody rule frameworks meet cryptocurrency custody realities. Custody rule interpretation encounters classification uncertainty when hardware wallets and seed phrases do not fit qualified custodian definitions. Asset verification methodology gaps appear when blockchain records replace custodian statements. Surprise examination procedures lose effectiveness when verification requires advisor participation technical procedures prevent completing during single visits.

Documentation standards designed for institutional custodian paperwork meet non-standard bitcoin record formats. Physical security review applies safe custody standards to hardware devices where value is cryptographic. Segregation review questions whether cryptographic separation equals physical separation. Disaster recovery testing creates operational risk when backup verification requires live testing. Fee billing verification encounters volatility questions and bitcoin-denominated fee transaction analysis.

Third-party service provider review applies traditional due diligence criteria to cryptocurrency companies lacking conventional credentials. Client agreement disclosure adequacy lacks clear benchmarks for bitcoin-specific risks. Trading authorization verification requires distinguishing trading from custody operations in blockchain transaction histories. Record retention scope questions arise around what constitutes preserved bitcoin records. Examiner technical knowledge limitations create inconsistent review experiences. Understanding these gaps explains why bitcoin state examination applying traditional custody frameworks proves challenging when cryptocurrency custody practices diverge from institutional custody models examination protocols were designed to review.

---

System Context

Examining Bitcoin Custody Under Stress

Bitcoin SEC Examination Framework

Bitcoin Municipal Pension

← Return to CustodyStress