The CIRO Digital Asset Custody Framework is a Canadian regulatory guidance framework for the custody of digital assets by Dealer Members that operate Crypto-Asset Trading Platforms, or CTPs. CIRO published Guidance Note 26-0033 on February 3, 2026, and stated that the guidance note was effective immediately. As of June 26, 2026, this profile treats the framework as in force for CryptoSlate taxonomy purposes, while noting that CIRO describes the related terms and conditions as an interim approach rather than permanent CIRO Rules.
What the CIRO digital asset custody framework covers
The framework addresses the safekeeping and control of digital assets, including crypto assets and tokenized assets. CIRO’s notice explains that existing custody, segregation and capital requirements for securities and derivatives were not designed for digital-asset risks such as private-key compromise, cyberattack exposure, reliance on technology providers, insolvency uncertainty and custodian concentration. Instead of amending permanent rules immediately, CIRO imposes custody expectations through terms and conditions of membership for certain Dealer Members.
The framework separates crypto assets from tokenized versions of traditional financial instruments. Crypto assets are digital assets that do not represent traditional financial assets or equivalent legal rights. Tokenized financial assets are digital representations of instruments such as deposits, debt and equity. CIRO states that tokenized assets remain tied to traditional legal regimes, but their digital custody still introduces key-management, transfer and ledger-finality risks.
Key provisions for Canadian crypto-asset trading platforms
Approved custody locations and internal custody
Under the terms and conditions, Dealer Members must ensure that crypto assets are held with one or more Approved Crypto Custody Locations, or through approved internal custody that meets the framework’s controls. Tokenized assets must be held with Approved Tokenized Asset Custody Locations. CIRO approval for digital-asset custody is separate from recognition as an Acceptable Securities Location under the CIRO Rules.
Tiered crypto custodian model
The framework uses a tiered model for crypto custodians. CIRO says the model establishes baseline requirements for all acceptable crypto custodians, adds enhanced requirements for custodians permitted to hold larger proportions of client assets, and links holding limits to each custodian’s capability and risk profile. Tier 1 and Tier 2 crypto custodians may hold up to 100% of a Dealer Member’s crypto assets, Tier 3 custodians may hold up to 75%, and Tier 4 custodians may hold up to 40%.
Common requirements include capital thresholds, SOC 2 or ISAE 3000 Type 2 assurance, regulation as a bank or trust company in a Basel Accord jurisdiction, written custody agreements, annual board approval, and security policies. Higher-exposure arrangements may also require broader assurance coverage, crypto-specific assurance, independent penetration testing, cybersecurity assurance, insurance, regulatory supervision, information-sharing arrangements and insolvency or trust documentation.
Segregation and reporting expectations
CIRO identifies segregation as a core investor-protection outcome. The framework does not prescribe one digital-asset segregation method, but it expects fully paid client assets to be held in a way that protects them from creditor claims and preserves client ownership rights in insolvency proceedings. CIRO may require legal opinions or assurances about how custody and segregation work under the relevant insolvency regime.
Dealer Members may self-custody up to 20% of crypto assets held for clients and for their own account, excluding certain proprietary positions backed by Risk Adjusted Capital. CIRO also expects daily segregation calculations, prompt deficiency resolution, weekly monitoring of custody limits, and reporting of holdings, custody locations and breaches.
Status and implementation timeline
CIRO’s media release states that the guidance note is effective immediately. The notice says staff will consider transition arrangements case by case for Dealer Members operating CTPs, based on proportionality, existing custody arrangements and the nature, scale and risk profile of the member’s activities. CIRO also expects Dealer Members to provide a Material Change Notification before initiating or materially expanding tokenized asset activity.
Why the framework matters
The framework gives Canadian crypto-asset trading platforms a structured custody framework before permanent CIRO Rules are adopted. It also shows how CIRO is handling tokenized assets: preserving traditional custody treatment where the underlying financial asset remains governed by existing law, while adding digital-custody controls for technology-specific risks. This profile is informational and does not provide legal, compliance, tax, investment or trading advice.
