On February 3, 2026, CIRO released its Notice on the Digital Asset Custody (DAC) Framework. The Notice sets out CIRO’s expectations for how Dealer Members operating Crypto Asset Trading Platforms (CTPs) must custody digital assets in Canada.
CIRO describes the framework as an interim, risk-based approach implemented through terms and conditions of membership, pending further rule development. The Notice also makes clear that it is not intended to pre-judge CSA policy direction on tokenization.
Below, we summarize CIRO’s position and outline practical considerations for digital asset custodians and regulated crypto trading platforms.
What CIRO Set Out in the Notice
1) CIRO’s taxonomy treats stablecoins as tokenized assets and not crypto assets for custody purposes
CIRO’s classification means that crypto-asset custodians are eligible to custody stablecoins only if they also meet the ASL requirements.
CIRO classifies digital assets into two categories:
- Crypto assets are digital assets that are not tokenized assets. This includes cryptocurrencies, protocol-based tokens, and digital tokens linked to non-financial assets.
- Tokenized assets are digital representations of traditional financial assets that confer legal rights and obligations equivalent to those of the underlying instrument. It includes tokenized equities, debt, deposits, and other financial instruments, including stablecoins.
CIRO states that tokenization does not change the underlying ownership structure, rights to cash flows, priority in insolvency, or treatment under existing custody legislation. On that basis, tokenized assets must be held by entities that qualify as ASLs under the traditional custody framework and that also meet additional digital custody safeguards. Importantly, Tokenized Asset Custodians have a fiduciary relationship with Dealer Members that should be reflected in the standard of care under the custody and sub-custody agreements.
CIRO explains that this dual application is intended to preserve continuity of investor protection, avoid regulatory arbitrage between tokenized and non-tokenized instruments, and support participation in tokenized markets without weakening established protections.
It may be more appropriate to treat stablecoins as “digital assets” given its function as a payment instrument (retail payments), and as a settlement instrument for trading crypto assets and potentially tokenized assets in the future.
2) Custody requirements for traditional securities remain unchanged and will now apply to stablecoins
CIRO is explicit that it is not amending traditional securities custody rules. Those rules remain in force and continue to apply to traditional financial instruments. However, classifying stablecoins as Tokenized Assets means that digital asset custodians must also meet ASL requirements.
The DAC Framework is intended to address risks unique to digital assets, including irreversible loss arising from the compromise or mismanagement of cryptographic keys, heightened exposure to cyberattacks, operational reliance on complex technology stacks and third-party providers, legal uncertainty in cross-jurisdictional insolvency scenarios, and concentration risk among a limited number of crypto custodians.
3) Digital assets must be held with approved digital asset custodians or internally, subject to requirements and limits
CIRO emphasizes that approval as a digital asset custodian is distinct from qualification as an Acceptable Securities Location (ASL) under the CIRO rules. A digital asset custodian may qualify under both categories, but approval for securities custody alone does not establish suitability for digital asset custody.
CIRO has the discretion to require tokenized asset custodians to adopt enhanced safeguards commensurate with the nature, scale, complexity, or risk profile of the tokenized asset, the arrangement, or the custodian itself.
Under the applicable terms and conditions, Dealer Members must ensure that digital assets are held either:
- With one or more CIRO-approved digital asset custodians, and/or
- Under rules governing internal custody.
Internal custody of crypto assets is limited to 20 percent of the value of crypto assets held for clients and for the Dealer Member’s own account. However, the 20% limit excludes the value of the Dealer Member’s proprietary positions that are provided for out of its Risk-Adjusted Capital.
4) The framework establishes a four-tier model for approved crypto asset custodians
CIRO adopts a tiered framework for approved crypto asset custodians. It establishes baseline requirements and links concentration limits to custodians’ exposure to crypto assets, custodian capabilities, and risk profiles.
CIRO’s tiered approach for crypto asset custodians:
| Tier | Custody Limit | Minimum Capital (Canadian) | Minimum Capital (Foreign) | CIRO Description of Requirements |
|---|---|---|---|---|
| Tier 1 |
Up to 100% of a Dealer Member’s crypto assets |
$100,000,000 | $150,000,000 | Meet the highest standards for capital, and enhanced controls for regulatory oversight, technology assurance, fidelity insurance over custodied assets, and operational resilience. |
| Tier 2 |
Up to 100% of a Dealer Member’s crypto assets |
$10,000,000 | $100,000,000 | Have lower capital requirements but meet the highest standards for regulatory oversight, insurance, and operational resilience. |
| Tier 3 |
Up to 75% of a Dealer Member’s crypto assets |
$10,000,000 | $100,000,000 | Meet robust but comparatively lower requirements as compared to Tier 2 custodians. Not required to satisfy certain enhanced crypto-specific technology assurance standards or demonstrate external cybersecurity and operational resilience safeguards. |
| Tier 4 |
Up to 40% of a Dealer Member’s crypto assets |
$10,000,000 | $100,000,000 | Meet baseline requirements suitable for limited custody exposure and serve as the benchmark for internal custody equivalency. |
CIRO states that reliance on capital thresholds alone is insufficient to address crypto custody risks. In addition to capital, the tiered framework specifies requirements for minimum institutional-grade infrastructure, controls, and insurance, as well as legal and jurisdictional risks.
Crypto Asset Custodians in Tiers 1 and 2 are both permitted to hold 100% of a Member Dealer’s crypto assets. CIRO’s own table shows that Tier 2 Crypto Asset Custodians must demonstrate the strongest technical infrastructure to hold crypto assets, while Tier 1 Canadian Crypto Asset Custodians require 10x more capital. However, CIRO has the discretion to require Tier 1 Crypto Asset Custodians to elevate their standards to the level of a Tier 2 Crypto Asset Custodian.
Practical Considerations for the Industry
The interim framework’s design has practical considerations for custodians and regulated CTPs.
Stablecoins and tokenized asset classification
Under the interim framework, stablecoins must be held by custodians that meet the ASL requirements under the CIRO rules.
The impact of treating stablecoins as tokenized assets and excluding stablecoins from crypto assets requires further discussion:
- Where does settlement finality occur: in a digital wallet or in a bank account?
- Does this taxonomy create transactional friction for Dealer Members and their custodians, given the functional role of stablecoins in crypto markets currently, and what about its potential role in tokenized capital markets in the future?
- Does the ASL requirement provide a more seamless on/off-ramp for stablecoin payments that improves redemption settlement times for stablecoin issuers?
- Does this create additional compliance obligations for CTPs to monitor multiple custodians?
- Do custodians who meet ASL requirements have the technology to safely custody stablecoins?
Taken together, these factors may influence how a Dealer Member structures its custodial arrangements. Some believe it may have the unintended consequence of increasing concentration, favouring large foreign crypto-asset custodians in the short term, given Canada’s capacity constraints. Market structure is also a consideration.
Potential partnership structures between custodians who are ASLs and crypto custodians
Given CIRO’s taxonomy, Dealer Members must carefully structure their digital asset custodial arrangements to enable frictionless crypto trading and to interoperate with existing payment systems. CTPs must also ensure that a tokenized asset custodian has the necessary technical infrastructure to custody stablecoins and protect investors.
In practice, this approach may create opportunities for partnerships between traditional custodians that qualify as ASLs and crypto custodians with institutional-grade digital asset custody technology. For example, an ASL could provide the traditional custody baseline for tokenized assets, while a crypto custodian provides compliant digital custody infrastructure under an approved arrangement. However, these opportunities need to be assessed against the capacity of Canadian regulated financial institutions to provide digital asset custodial services. This capacity will be determined by prudential requirements governing the capital and liquidity treatment of crypto asset exposures.
The interim framework allows market participants to structure their custodial arrangements to ensure that crypto assets and tokenized assets, including stablecoins, are custodied using institutional-grade infrastructure.
Tier 2 Canadian custodians and competitive positioning
Under the interim framework, a Tier 2 Crypto Asset Custodian can now hold up to 100% of a Dealer Member’s crypto assets with $10M of capital and the highest technical and assurance requirements. While this is believed to be a positive outcome, this arrangement excludes custodying stablecoins.
If a Tier 2 Crypto Asset Custodian wants to custody stablecoins, it must meet CIRO’s ASL criteria either on the strength of its own balance sheet or by entering an arrangement with a qualified custodian that meets the ASL criteria under the CIRO rules. This could either consolidate digital asset custody with large foreign custodians or enable new arrangements between existing crypto-asset custodians and technology-enabled custodians that meet ASL requirements. The feasibility of the latter will need to be explored.
Capital and operational safeguards
CIRO is explicit that capital thresholds alone do not address digital custody risk. The framework combines financial thresholds with institutional-grade infrastructure requirements, assurance reporting (e.g., SOC 2 Type II or ISAE 3000), independent penetration testing, insurance expectations, legal enforceability considerations, regulatory oversight, and information-sharing arrangements.
A comparison of the requirements for Tier 1 and 2 crypto asset custodians shows that capital remains central within the tiered model and is intended to operate alongside operational and governance safeguards, rather than serving as the sole proxy for custodial strength. However, these safeguards are currently discretionary. CIRO can require Tier 1 crypto-asset custodians to elevate their operational and governance controls to the level of a Tier 2 custodian. Robust digital asset custody requires specialized technology, particularly for crypto assets and stablecoins, and digital asset custodians should be incentivized to continue investing in such infrastructure.
Implications for regulated CTPs
From an operating perspective, regulated CTPs will need to structure their digital asset custodial arrangements (and technology architecture) to facilitate seamless crypto payments, avoid negative impact on Risk-Adjusted Capital, minimize operational friction, improve operational risk monitoring and management, and meet compliance obligations.
For example,
- CIRO establishes expectations around segregation outcomes, monitoring, reporting, and breach remediation.
- Dealer Members are expected to perform daily segregation calculations and monitor compliance with custody limits at least weekly.
- Breaches must be reported and remediated in accordance with the Notice, and repeated or unresolved breaches may result in supervisory action.
Ciro’s DAC Framework represents an important first step in formalizing expectations for digital asset custody in Canada. However, long-term market structure will depend not only on regulatory clarity, but on domestic custodial capacity. Canada must create the conditions that incentivize custodians to build and scale institutional-grade digital asset custody infrastructure capable of serving CIRO Dealer Members, institutional asset managers, and federally regulated issuers and users of payment stablecoins. As tokenized capital markets develop and stablecoins play a growing role in payment and settlement systems, the framework should evolve in a manner that supports competitive Canadian custody providers while maintaining robust investor protection and prudential safeguards.
Read CIRO’s full notice
