Fundusze ochrony aktywów

Who Controls The Wallet When A Trust Holds Digital Assets?

Photo by Shubham Dhage (@theshubhamdhage) on Unsplash

A trust may own Bitcoin worth several million dollars and still be unable to move a single coin. The legal documents identify the trustee, the accounts record the asset and the beneficiaries understand that it forms part of the family wealth. None of that guarantees access to the private keys required to transfer it.

Digital assets create an unusual divide between legal ownership and practical control. A trustee may hold title under the trust instrument while a settlor, family member, adviser or external custodian retains the credentials needed to operate the wallet. The structure appears complete on paper, yet its most important asset remains dependent on one person, one device or one recovery phrase stored somewhere nobody else can find.

Conventional trust administration assumes that an asset can be identified, valued and transferred through an established intermediary. A bank can recognise a replacement trustee. A share register can record a new owner. A property can be sold by presenting the required legal documents. Blockchain networks work differently. They respond to valid cryptographic instructions, not probate documents, trustee resolutions or explanations of beneficial ownership.

A trust holding digital assets therefore needs two structures to work at the same time. The legal structure determines who should control the wealth. The technical structure determines who actually can.

Legal Title Does Not Move The Asset

Digital assets are often described as bearer-like property because control follows the private key. The description is not legally complete, but it captures the operational problem. A person who controls the key can generally instruct the network to transfer the asset, even when another person has a stronger legal claim to it. A trustee who lacks the key may be recognised as owner and remain unable to exercise the most basic rights of ownership.

This makes custody a fiduciary issue rather than a technical afterthought. Trustees must establish where the assets are held, how transactions are authorised and whether the arrangement allows them to discharge their duties independently. They should not accept a portfolio entry stating “cryptoassets” without identifying the wallets, networks, token types, custody providers and control arrangements behind it.

The distinction becomes particularly important when the settlor continues to trade from a personal wallet after transferring the economic interest to the trust. If the trustee cannot supervise activity, prevent unauthorised transfers or produce reliable accounts, the arrangement may not reflect the legal position described in the trust documents. Extensive retained control can also raise wider questions about whether the trustee is genuinely administering the property or merely recognising decisions made elsewhere.

A trust cannot protect an asset that remains operationally outside the trustee’s control.

Self-Custody And Institutional Custody Solve Different Problems

A trustee can hold digital assets directly through self-custody or appoint an external custodian. Neither model is automatically safer.

Self-custody gives the trust direct control and reduces dependence on an exchange, bank or technology provider. It also places responsibility for cybersecurity, key management and transaction approval inside the fiduciary structure. A lost key may be irrecoverable. A successful phishing attack or incorrectly entered address can produce a transfer that no central institution can reverse.

Institutional custody moves much of that operational responsibility to a specialist provider. The custodian may offer segregated wallets, approval workflows, transaction monitoring, insurance arrangements and recovery procedures. It can also provide records that fit more naturally into trust accounting and compliance processes.

The trustee then acquires counterparty risk. It needs to understand whether assets are held separately from the custodian’s own property, what happens during insolvency and whether the provider may lend, stake or otherwise use them. The contractual language describing custody can conceal materially different legal arrangements. A client may hold a direct entitlement to specific assets, an interest in a pooled wallet or merely a contractual claim against the provider.

The correct model depends on the assets, transaction frequency, jurisdictions involved and the trustee’s own technical capability. A trust holding a long-term Bitcoin allocation has different needs from one actively participating in decentralised finance. The former may prioritise secure offline storage and controlled access. The latter requires more frequent transactions, smart-contract interaction and continuous risk monitoring.

Convenience should not determine the custody structure. The trustee should be able to explain which risks it has retained and which it has transferred.

One Key Holder Is A Governance Failure

Digital wealth often begins as personal wealth. The founder or investor opens the wallet, controls the credentials and understands how the assets were acquired. When those assets later enter a trust, the original access model may remain unchanged because changing it feels risky.

The resulting structure can depend entirely on one individual. If that person dies, becomes incapacitated, loses the device or refuses to cooperate, the trust may lose access. Even where the credentials can be recovered, one key holder retains the practical ability to transfer assets without the trustee’s consent.

Professional administration requires segregation of authority. No single employee, family member or adviser should ordinarily possess everything needed to move a significant holding without detection or approval. Multi-signature arrangements can require several independent keys to authorise a transaction, while institutional custody platforms can apply approval thresholds and role-based permissions.

The number of required approvals should balance security with continuity. A structure requiring every participant to approve every movement can become unusable when one person is unavailable. A structure allowing one participant to act alone provides little protection against error or misconduct. Backup signatories, defined emergency powers and periodic testing are therefore as important as the original configuration.

Technical authority should reflect the trust’s governance. The investment adviser may propose a transaction, the trustee approves it and a custodian executes it. Combining all three roles in one wallet weakens the control framework, even when the arrangement has functioned without incident for years.

Recovery Planning Must Work Without Revealing The Keys

A succession plan that places a private key or seed phrase directly into a will creates another problem: wills may become accessible to courts, advisers, beneficiaries or other parties involved in estate administration. A document intended to preserve access can expose everything needed to remove the assets.

The safer approach separates the instructions from the credentials. The trust records should explain that the wallets exist, who controls each part of the access structure and how recovery is initiated. The sensitive components can be divided between secure locations, professional custodians or independent key holders.

The arrangement needs to function after predictable changes. A trustee may retire, merge with another fiduciary business or be removed. An authorised signatory may die. A hardware wallet can become obsolete. A custodian can leave the market. Recovery planning should address these ordinary events rather than concentrate only on theft.

Testing matters because a plan that has never been rehearsed may contain unnoticed assumptions. The replacement trustee may lack the technical device required to sign. Two key holders may discover that their recovery material relates to the same part of a multi-signature arrangement. Instructions written five years earlier may refer to software that is no longer supported.

A controlled test does not require moving the whole portfolio. The trustee can verify signatures, restore access in a secure environment and confirm that the documented procedure still corresponds with the wallet structure. Digital-asset succession should be treated as a live operating process, not a sealed envelope intended for an unknown future date.

The Asset Register Needs More Than A Token Name

Trust accounts often record traditional investments through statements supplied by a recognised institution. Digital assets may sit across private wallets, exchanges, staking platforms and decentralised protocols, each producing different forms of evidence.

A useful asset register should identify the blockchain, wallet address, token, quantity and custody arrangement. It should distinguish assets owned directly from tokens representing lending positions, liquidity-pool interests or claims against another protocol. A stablecoin held in a wallet is not equivalent to a stablecoin deposited into a lending contract, even when the headline balance appears similar.

Transaction history should also be reconciled. Blockchain records can show that a transfer occurred, but they do not automatically explain its purpose, beneficial owner or tax treatment. The trustee needs records linking transactions to resolutions, investment instructions and supporting documentation.

Token names can be deceptive. Different assets may use the same or similar ticker, while fraudulent tokens can be sent unsolicited to a public wallet. Recording every visible balance without verifying its origin can produce inaccurate accounts and expose staff to malicious links or smart contracts.

The trustee should also know which holdings can be valued reliably. Major traded assets usually have observable prices, although the appropriate market and valuation time still need to be selected. Thinly traded tokens, locked positions and governance rights may require a significant discount or specialist assessment. A quoted price has limited meaning when the trust could not sell its position without moving the market.

Staking And DeFi Change The Nature Of The Holding

A trustee may begin with a straightforward cryptocurrency investment and later encounter proposals to stake the assets, lend them or provide liquidity through a decentralised protocol. The additional yield can obscure how much the legal and operational exposure has changed.

Staking may involve locking assets, delegating them to a validator or receiving a token representing the staked position. The trustee needs to understand slashing risk, withdrawal delays and whether the service provider takes custody. Lending introduces borrower, protocol and liquidation risk, while liquidity pools can expose the trust to changing asset ratios, smart-contract failure and losses relative to simply holding the underlying tokens.

The transaction may also alter the legal and tax character of the asset. Depositing tokens into a protocol can involve transferring them to a smart contract and receiving a different token in return. The trustee may no longer hold the original asset directly. It holds a contractual or protocol-based claim whose enforceability during failure is uncertain.

Approval procedures should therefore reflect more than the expected return. The trustee needs an explanation of the protocol, custody model, exit mechanics and worst-case outcome. It should know whether administrators can change the code, whether assets can be frozen and which jurisdiction would address a dispute.

A yield of several % does not compensate for a risk the trustee cannot identify or monitor.

Compliance Starts With The Original Acquisition

Blockchain transparency does not remove the need for source-of-wealth evidence. A public ledger may show that assets reached a wallet without revealing how the owner originally acquired the money used to purchase them or whether earlier transactions involved illicit activity.

Trustees need a defensible history. This may include exchange statements, purchase records, mining documentation, tax returns, bank transfers and wallet analysis. Assets received through decentralised exchanges, mixers, privacy tools or unknown counterparties may require enhanced review.

The compliance burden continues after acceptance. Transfers to and from the trust should be screened, while transactions involving sanctioned addresses, stolen assets or high-risk services may require investigation. A trustee should not assume that a long-held wallet is low risk merely because it predates the trust.

Beneficial-ownership requirements also remain relevant. Trustees and authorities increasingly expect accurate information about the people who ultimately benefit from or exercise control over legal arrangements. Cryptoassets do not sit outside that framework merely because ownership is represented on a blockchain.

Tax transparency is moving in the same direction. Reporting regimes are extending automatic information exchange into cryptoasset transactions that were historically less visible to tax authorities. This increases the importance of accurate tax residence, beneficial ownership and transaction records.

Tax Reporting Cannot Wait Until Distribution

A trustee may view tax as an issue arising when assets are sold or distributed. Digital assets can create reporting consequences much earlier.

Exchanging one token for another may constitute a disposal. Staking rewards, lending income and tokens received through protocol incentives can have separate treatment. Moving assets between wallets controlled by the same trust may be tax-neutral, but the records still need to demonstrate that ownership did not change.

Trust residence, trustee residence, settlor status and beneficiary location can each influence the result. Digital assets are mobile in a technical sense, yet their legal location may be determined differently across jurisdictions. This affects tax, succession and enforcement.

Executors and trustees also need to include cryptoassets when accounting for an estate. Many jurisdictions increasingly treat them as ordinary estate property for reporting and taxation, although valuation and situs rules differ.

The difficulty is often evidential rather than conceptual. A trustee may know that tax is due but lack reliable acquisition costs, transaction histories or valuations at the relevant dates. Records should therefore be built while the portfolio is active rather than reconstructed years later from incomplete blockchain data.

Distributions Need A Digital-Asset Policy

A trust deed may permit in-specie distributions, but transferring cryptocurrency directly to a beneficiary raises questions that do not arise with an ordinary bank payment. Does the beneficiary have a secure wallet? Has the address been verified independently? Is the person legally and technically able to receive the asset? Will the transfer create an immediate tax liability or expose the beneficiary to an asset they do not understand?

The trustee may decide to sell the holding and distribute cash, yet a forced sale can be contrary to the investment purpose or badly timed in a volatile market. A beneficiary may prefer the digital asset but reside in a jurisdiction where the token, exchange or custody service is restricted.

Address verification is critical because an incorrect blockchain transfer is generally irreversible. A sensible procedure can include a small test transfer, confirmation through a separate communication channel and a formal acknowledgement from the beneficiary. Staff should not rely on an address received through a single email that may have been compromised.

The distribution policy should also address minors, vulnerable beneficiaries and disputes. A trustee cannot simply send a seed phrase to someone unable to manage the security implications. In some cases, continued custody, a managed account or gradual distribution will be more appropriate.

Trustee Replacement Is The Real Continuity Test

Digital-asset arrangements are frequently built around the knowledge of the people who established them. The weakness becomes visible when the trustee changes.

A successor should be able to identify every holding, verify control and assume authority without depending indefinitely on the outgoing trustee. This requires more than handing over hardware wallets. The successor needs the legal records, wallet architecture, transaction history, valuation method, compliance evidence and relationships with custodians or technical providers.

The transfer must also preserve security. Sharing credentials through ordinary email or placing complete recovery material in one handover folder defeats the controls created during the trust’s operation. Keys may need to be replaced, multi-signature participants updated and obsolete access revoked.

The outgoing trustee should remain accountable until the transition is complete. A resolution stating that responsibility has passed does not move an on-chain asset. The practical transfer should be verified before the former signatories and accounts are deactivated.

A trust structure that cannot survive a change of trustee is not administering digital assets institutionally. It is relying on personal continuity.

Insurance Has Limits

Digital-asset custody providers often refer to insurance, but the scope can be narrower than the headline amount suggests. A policy may cover theft from specific storage systems while excluding client error, unauthorised instructions, smart-contract failure or losses above an aggregate limit shared by all clients.

Trustees should understand who is insured, which events qualify and whether the policy would respond to the actual custody arrangement used by the trust. An insured custodian does not necessarily mean that every asset held there is fully protected.

Self-custodied assets may be difficult to insure or subject to demanding security conditions. Failure to follow those conditions can invalidate coverage. A trust that changes its signing process without notifying the insurer may discover the problem only after a loss.

Insurance should support a control framework, not substitute for one. The principal protections remain limited permissions, segregation of duties, secure storage, tested recovery and careful verification before any transfer.

The Trust Deed May Need To Say More

Older trust documents may contain broad investment powers sufficient to include digital assets, but legal permission alone does not provide an operating framework. The trustee may need express authority to use custodians, participate in staking, hold tokenised assets, interact with smart contracts and maintain assets through nominee or pooled structures.

The deed can also clarify whether the trustee is expected to retain a concentrated holding established by the settlor or apply conventional diversification standards. This matters when the trust’s principal value consists of one volatile digital asset. A direction to preserve the asset may conflict with the trustee’s general duty to manage risk unless the drafting and governing law address the tension.

Exculpation clauses cannot be assumed to protect poor administration. A trustee accepting an unfamiliar asset still needs appropriate expertise, advice and controls. Where it lacks the capability, the responsible decision may be to appoint a suitable custodian or decline the asset.

Letters of wishes can explain the family’s intentions, but they should not carry technical information that requires formal governance. The division of authority belongs in binding documents, trustee policies and custody agreements rather than informal instructions alone.

Digital Assets Need An Institutional Memory

The greatest risk may not be market volatility. It may be the gradual loss of knowledge about how the structure works.

The employee who configured the wallet leaves. A family adviser who understood the original acquisition retires. The custodian updates its platform. A protocol migrates to a new version. The trust still reports the asset, but fewer people understand how to control or exit it.

Digital-asset governance needs documentation that can outlive the individuals involved. The records should explain the structure clearly enough for a competent successor to operate it without exposing the credentials themselves. They should be reviewed after changes in personnel, technology, custody or investment strategy.

Training matters as well. Trustees do not need every member of staff to become a blockchain engineer, but decision-makers should understand the differences between custody, ownership, staking, lending and smart-contract exposure. They should be able to recognise when a proposal introduces a risk requiring specialist advice.

An institution that cannot explain its wallet structure should not assume that its assets are secure merely because they remain visible on-chain.

Control Must Be Legal, Technical And Practical

Digital assets can sit comfortably within a trust only when the trustee’s authority is reflected in the way the assets are actually held. Legal title without access leaves the trustee powerless. Technical access without governance creates the possibility of unauthorised transfer. Detailed policies without tested recovery provide only administrative comfort.

The structure should answer several questions without hesitation. Who can initiate a transaction? Who must approve it? Where are the keys or institutional credentials held? What happens if a signatory becomes unavailable? Can a successor trustee take control? Are the assets identifiable in the accounts and traceable to their source? Can they be distributed without exposing the trust to an avoidable security or tax problem?

These questions are not unique to cryptocurrency. Trustees have always needed to establish ownership, custody, valuation and succession. Digital assets make the consequences of ambiguity more immediate because a transaction can be irreversible and a lost credential may have no replacement process.

The wallet should therefore be treated as part of the trust’s governance architecture rather than a container sitting outside it. The strongest arrangement is not necessarily the most technologically sophisticated. It is the one in which authority, access and accountability remain aligned through death, incapacity, market stress and changes in trustee.

A trust can hold digital wealth for generations. Its control system must be able to survive the people who created it.

Who Controls The Wallet When A Trust Holds Digital Assets?