image

Description of Custody and Administration Policy

Home | Description of Custody and Administration Policy
image
Fincryptou UAB

Description of Custody and Administration Policy

DESCRIPTION OF CUSTODY AND ADMINISTRATION POLICY

  • INTRODUCTION
    • The Company provides Custody Services to the Clients. Accordingly, this Description serves as a summary od the Custody and Administration Policy (the Policy) approved by the Company, which establishes internal rules and procedures: (i) to ensure the safekeeping or the control of the crypto-assets held in custody by the Company on behalf of the Clients and the means of access to them; and (ii) to minimise the risk of a loss of the crypto-assets or the rights related to those crypto-assets or the means of access to them due to fraud, cyber threats or negligence. This Description is a public disclosure to the Clients intended for informational purposes.
  • GENERAL REQUIREMENTS
    • The Company is responsible for ensuring that holdings of the crypto-assets in custody by the Company on behalf of the Clients are legally and operationally segregated from the Company's own holdings and that the means of access to crypto-assets belonging to the Clients are clearly identified as such.
    • The Company is responsible for ensuring that, on the distributed ledger, the Clients' crypto-assets are held separately from the Company's own crypto-assets.
    • The technologies and platforms used to safely keep the Clients' crypto-assets in custody shall be the same as indicated in the Description of the Safekeeping of Clients’ Crypto-Assets and Funds Policy of the Company, which shall be applied mutatis mutandis for the Clients' crypto-assets held in custody.
    • The Company generates a unique wallet address for each order initiated by the Client, and crypto-assets belonging to the Client in custody by the Company are held in that unique wallet address per order.
    • The Company is responsible for recording the movements of crypto-assets taking place on the Register of Positions and controlling the means of access to the crypto-assets.
  • REGISTER OF POSITIONS
    • The Company keeps the Register of Positions, opened under each Client's name, corresponding to each Client's rights to the crypto-assets. The Company is recording any movements following instructions from the Clients as soon as possible in the Register of Positions. The Company actively monitors each incoming and outgoing transaction and logs it into the Register of Positions to support thorough activity tracking and ensure accountability. Also, the Company ensures that all movements affecting the Register of Positions are evidenced by transactional data processed in response to instructions from the Clients.
  • SEGREGATION OF CRYPTO-ASSETS HELD IN CUSTODY
    • Operational segregation of crypto-assets held in custody
      • The Company ensures that all the crypto-assets belonging to the Clients and in custody by the Company are separated and clearly identified as separate from the crypto-assets belonging to the Company. Access to the crypto-assets belonging to the Clients is strictly limited to designated personnel within the Company.
      • The Company generates a unique wallet address for each order initiated by the Client for the crypto-assets belonging to them. These wallets are locked with API keys that are only reachable via the third-party provider, by using secure Intel SGX enclaves and cryptographic protections as described in the Distributed Ledger Technology (DLT).
      • The crypto-assets belonging to the Clients are managed through secure Intel SGX, a secure digital asset custody platform that meets industry standards for asset protection. The Company ensures that private keys remain secure and inaccessible to external parties, with access strictly limited to authorized systems and personnel within the Company.
    • Legal segregation of crypto-assets held in custody
      • The aim of legal segregation is that creditors of the Company have no recourse to the crypto-assets belonging to the Clients and in custody by the Company, particularly in the event of insolvency of the Company.
      • The legal segregation of the crypto-assets belonging to the Clients and in custody by the Company is ensured: (i) by clearly marking the separate wallets as the wallets attributed for holding these crypto-assets in custody by the Company; (ii) by including relevant provisions in the Terms and Conditions between the Company and the Clients that clearly indicate the attribution of ownership to the crypto-assets.
      • In case of insolvency of the Company or other type of event where the enforcement is initiated against the Company, the CEO of the Company is responsible for informing the insolvency administrator, the bailiff or any other similar officer about the fact that certain crypto-assets are held in custody by the Company, i.e. that these crypto-assets do not belong to the Company, and providing relevant evidence.
  • FACILITATION OF RIGHTS
    • The Company facilitates the exercise of rights attached to the crypto-assets, ensuring that any event likely to create or modify the Client’s rights will be recorded in the Register of Positions immediately.
    • The Company will not make use of the crypto-assets belonging to the Clients and in custody by the Company and the rights attached to these crypto-assets.
    • The Company will not be liable for any changes to the underlying distributed ledger technology or any other event likely to create or modify a Client's rights, and that the Client will not be entitled to any crypto-assets or any rights newly created on the basis and to the extent of the Client's positions at the time of the occurrence of that change or event.
  • RETURNING CRYPTO-ASSETS HELD ON BEHALF OF THE CLIENTS
    • The Clients may request the return of crypto-assets belonging to them and in custody by the Company by submitting a formal request via email or an authorized communication channel.
    • The request must specify the amount, receiving wallet address, and reason for return.
    • Upon approval, the transaction is executed through the Company’s internal systems, leveraging Intel SGX enclaves and cryptographic key controls to ensure the safe transfer of crypto-assets to the wallet designated by the Client.
  • LIABILITY TO THE CLIENTS
    • The Company remains liable to the Clients for the loss of their crypto-assets or the means of access to these crypto-assets as a result of an incident attributable to the Company.
    • The liability of the Company is capped to the market value of the crypto-assets lost at the time when the loss occurred.
    • In the event of loss of the Client’s crypto-assets for reasons independent of the provision of the relevant service or independent of the operations of the Company, such as a problem inherent in the operation of the distributed ledger that the Company does not control, the Company is not held liable for the loss of the crypto-assets if it demonstrates that the loss occurred independently from the provision of the mentioned service or operations of the Company.
  • SECURITY
    • The Company prioritises the security of the Clients’ crypto-assets in custody through a layered and comprehensive security framework. This framework includes organisational, technical, and procedural measures to mitigate risks and prevent unauthorised access, as outlined in detail in the Description os the Safekeeping of Clients’ Crypto-Assets and Funds Policy of the Company.
    • Specifically, the Company ensures:
      • Crypto-assets are managed by using the Company’s secure internal infrastructure, which leverages Intel SGX technology for trusted execution and key protection. Private keys are securely generated within SGX enclaves and are never stored in a single location or made accessible to any third party..
      • Access to unique wallets for each order initiated by the Client and the means of access (e.g., cryptographic keys) are limited to a small number of authorised personnel within the Company. Role-based access control (RBAC), dual-approval workflows, and segregation of duties are enforced to prevent misuse.
      • Outgoing transactions require multi-level internal approvals and are subject to monitoring by designated compliance and operations personnel.
      • Internal systems used to manage custody operations are protected through up-to-date firewalls, endpoint detection and response (EDR), intrusion detection systems (IDS), and regular vulnerability assessments. All systems are regularly patched and hardened.
      • All activities, including access and transaction requests, are logged and monitored for anomalies. Logs are stored securely and are subject to regular audits.
      • The Company maintains an Incident Response Plan and Business Continuity Plan to ensure operational resilience in the event of cyber incidents or other disruptions. Tabletop exercises and incident simulations are periodically conducted.
      • All employees with access to custody systems receive regular training on cybersecurity awareness, phishing prevention, and incident reporting.
      • Regular internal and third-party audits of the Company’s custody framework are conducted. Risk assessments are documented and reviewed periodically in accordance with regulatory expectations and internal risk appetite.
  • CLIENT REPORTING
    • The Company shall provide the Clients who hold their crypto-assets in custody, at least once every three months and at the request of the Client concerned, with a statement of the position of the crypto-assets recorded in the name of the Clients. The statement will be provided in an electronic format, unless such information is already visible at the Client’s portal.
    • The statement shall indicate the crypto-assets concerned, their balance, their value, and the transfer of crypto-assets made during the period concerned. The Company shall also provide the Clients with any information about operations on crypto-assets that require a response from the Clients as soon as possible.
  • USE OF THIRD-PARTY SERVICE PROVIDERS
    • If the Company makes use of other crypto-asset service providers for the Custody Services, the Company will only make use of crypto-asset service providers authorised in accordance with Article 59 of MiCAR.
    • If the Company makes use of other crypto-asset service providers for the Custody Services, the Company will inform the Clients thereof.
  • FINAL PROVISIONS
    • This Description has been approved by the Chief Executive Officer of the Company.
    • The Description may be subject to changes as required under the Applicable Law, or in case of a change of the Policy.
Cookie Icon

We are using Cookies! For more information please view the Cookie Policy.

image
image
(370) 5 2080750
Vytenio g. 9-101, LT-03113, Vilnius, Lithuania
info@fincryptou.com

One Click to Your Journey

Get a Demo

Fincryptou, UAB, legal entity code: 306068445, a company duly established and existing under the laws of the Republic of Lithuania, authorized and officially registered in the Register of Legal Entities, is a listed and regulated Crypto-Asset Service Provider, supervised by the Financial Crimes Investigation Service (‘FCIS’) operating under the Ministry of Internal Affairs of the Republic of Lithuania, legal entity code: 188608786, address: Šermukšnių str. 3, LT - 01105 Vilnius, Lithuania. The authority of Fincryptou, UAB as a regulated Crypto-Asset Service Provider is listed and verifiable through the official and publicly available registers available here.

Legal

© 2025 | All Rights Reserved