Securing the corporate balance sheet: A treasurer’s guide to digital asset controls

As an emerging asset class, digital assets possess distinct characteristics that set them apart from traditional asset classes like stocks or bonds, requiring specialized custody solutions and robust risk management frameworks. Forward-thinking companies are embracing instruments like Bitcoin and Ethereum, moving beyond traditional cash management to explore dynamic portfolios. This shift is driven by the potential for enhanced efficiency, expanded investment opportunities, and novel payment mechanisms, offering avenues to optimize liquidity, access broader investor bases, and facilitate fast, borderless payments via stablecoins. However, this new frontier comes with amplified risks, necessitating a proactive, multi-disciplinary approach to safeguard financial integrity.

This guide explores the essentials of managing and securing digital assets, emphasizing the critical role of robust controls and advanced technology to navigate this exciting, yet complex, environment.

What are digital assets, and why do they matter to your treasury?

For corporate purposes, digital assets are broadly defined as any digital representation of value recorded on a cryptographically secured, distributed ledger or similar technology. While often considered "property" for tax purposes, their strategic value lies in their diverse applications. The digital asset ecosystem includes several key types:

1. Convertible virtual currencies/cryptocurrencies: Digital representations of value that can serve as a medium of exchange, a unit of account, or a store of value. Bitcoin and Ethereum are prime examples, native to specific blockchains.
2. Stablecoins: Designed to maintain a stable value by pegging to a reference asset, such as the U.S. dollar. They aim to provide stability within a blockchain ecosystem, potentially reducing administrative burdens and fees. Examples include USDT and USDC.
3. Non-Fungible Tokens (NFTs): Unique crypto assets with distinct identification codes, making them non-interchangeable. They can be associated with digital or real-world assets.
4. Tokenized securities: Traditional securities like stocks and bonds issued or transferred on blockchains. This innovation can enhance liquidity and streamline issuance.

When companies buy crypto, it is essential to use reputable and secure platforms to ensure the safety of their digital assets. Proper custody measures, such as using regulated custodians or banks, help mitigate risks like theft, fraud, and loss during and after the purchase process.

A corporate entity has a financial interest in a digital asset if it is recorded as the owner, holds an ownership stake in an account, or owns a wallet that holds these assets. Understanding these classifications is crucial for effective management.

The evolving landscape of corporate digital asset management

The year 2025 marks a significant period for digital assets in corporate treasuries. Accounting standards have “flipped" with FASB ASU 2023-08, mandating that most crypto assets be measured at fair value with changes recognized in earnings, making price volatility more visible. This new clarity, combined with the rescission of SAB 121 in January 2025, which eased balance-sheet disincentives for third-party crypto custodians, potentially improves banking participation and access to specialized services.

However, the threat level has also escalated. According to Chainalysis, crypto thefts in H1 2025 surpassed 2024 figures, with over $2.17 billion stolen, highlighting the critical need for advanced key management, segregation of duties, and robust transaction controls. The broader crypto industry continues to face ongoing security challenges, further underscoring the importance of robust custody solutions to foster trust and confidence among institutional participants.

Comprehensive risk assessment: Navigating the digital frontier

Incorporating digital assets introduces multifaceted and often amplified risks that demand a thorough and proactive assessment.

1. Depegging risk: Even stablecoins, despite their design, can experience "depegging," moving away from their intended stable price.
2. No traditional insurance for price shifts: Traditional insurance policies typically do not cover losses resulting from major price shifts in the cryptocurrency market. This places the burden of mitigation squarely on the corporate treasury, necessitating robust liquidity risk management and potentially higher liquidity buffers.

The nascent and often unregulated nature of certain digital asset platforms, combined with the inherent vulnerabilities of the digital environment, significantly amplifies operational and cybersecurity risks.

1. Unsupervised platforms: Many over-the-counter (OTC) cash-market trading platforms are not supervised by traditional financial regulators, leading to a lack of critical system safeguards and customer protections. Inadequate protection of client data on these platforms can result in breaches of confidentiality and regulatory issues, making it essential to choose platforms that prioritize data security.
2. Commingled customer assets: If platforms commingle customer assets or use them for operational purposes, the corporate entity risks losing assets in case of hacks, bankruptcy, or platform disappearance. It is crucial to work only with platforms registered as Money Service Businesses (MSBs) with FinCEN, and for derivatives, with the CFTC and National Futures Association.
3. Hacker attacks & phishing: The digital environment is a constant target for malicious actors, with phishing attacks being especially prevalent in the Web3 space.
4. Key management vulnerabilities: Compromised private keys are a leading cause of crypto hacks, and accidental loss can result in permanent and irreversible loss of digital assets.
5. New project failure/fraud: Many new digital asset projects fail or are fraudulent. Thorough due diligence is essential, including researching technology, use-case, demand, governance, team track record, and independent code audits.
6. Counterparty risk: The risks associated with third-party platforms highlight significant counterparty risk. Extensive due diligence on any professional custody provider is paramount.rs.

Implementing robust digital asset custody solutions: Your foundation of security

Secure custody of digital assets is the cornerstone for protecting the corporate balance sheet. Unlike traditional assets, digital assets are controlled by cryptographic private keys, making their safeguarding a specialized and critical function.

Custody models: Finding the right balance
Digital asset custody involves the secure storage and management of digital assets, primarily by safeguarding their cryptographic private keys.

1. Self-custody: The corporate entity directly holds and controls its own digital assets and private keys. This model gives the corporate entity direct control over its digital assets, which can enhance security and operational flexibility, but exposes the holder to significant internal risks like key mismanagement, theft, and accidental loss.
2. Third-party custody: Involves relying on a professional, specialized custodian. These providers, often referred to as a crypto custody provider, offer secure storage, often coupled with regulatory compliance and insured custody services. Traditional financial institutions are increasingly offering digital asset custody services, leveraging their experience and regulatory standing. Examples include XBTO, BitGo, Coinbase Custody, Gemini, Fireblocks, and Anchorage Digital.
3. Hybrid models: Combine elements of both self-custody and third-party services to enhance security while maintaining liquidity and flexibility.

When evaluating custody options, corporations must weigh the strengths and weaknesses of each model. Self-custody offers direct control but increases operational risk. Third-party custody, especially through established financial institutions or crypto custody providers, can provide greater security, regulatory compliance, and insurance, but may reduce flexibility. Hybrid models seek to balance these factors, offering a mix of security, control, and operational efficiency.

For most corporations, especially those new to digital assets or with significant holdings, institutional third-party custodians are often favored due to the complexity and specialized security requirements, provided rigorous due diligence is performed.

Security protocols: A multi-layered defense

A multi-layered security approach is essential, strategically combining various solutions with an emphasis on offline storage.

1. Hot wallets: Internet-connected wallets, offering high accessibility but a higher security risk. Best practice is to keep a minimum of funds for immediate spending/trading. Enabling two-factor authentication is a critical security measure to prevent unauthorized access.
2. Cold wallets (Offline storage): Keep digital assets completely offline, providing the highest level of security against online hacking attempts. Strongly recommended for the majority of holdings.
3. Multi-signature (Multi-sig) wallets: Require multiple cryptographic keys to authorize a transaction, eliminating single points of failure by distributing control.
4. Multi-party computation (MPC) wallets: Distribute cryptographic key material among multiple independent parties, ensuring no single party possesses the full private key. This eliminates a single point of compromise and enhances security. Companies like Fireblocks and io. Finnet leverages MPC technology.
5. Hardware wallets: Physical devices designed to securely store private keys offline, enhancing protection against malware.
6. Key backups: Crucial for preventing permanent loss due to hardware failure, disaster, or primary key loss. Best practices also require custodians to segregate client assets, ensuring that each client's holdings are kept separate for security and regulatory compliance.

Evaluating custodians: Due diligence is paramount

Selecting a digital asset custodian requires rigorous due diligence. Strong customer protection measures are a hallmark of reputable custodians, ensuring clients' assets are safeguarded. Prioritize institutional-grade providers with:

1. Robust security measures: Look for comprehensive cold storage, MPC, Hardware Security Modules (HSMs), continuous monitoring, and advanced fraud detection. Consider the range of cryptocurrency custody solutions available, including direct and sub-custody models offered by exchanges, financial institutions, and specialist custodians.
2. Insurance coverage: Reputable custodians offer insurance for digital asset theft and operational risks. Verify coverage and terms; policy limits can reach up to $1 billion for species/custody. Remember, these policies generally do not cover losses from major price shifts in the market.
3. Asset segregation: Ensure the custodian offers segregated wallets, meaning your assets are not commingled with the custodian's or other clients' assets, protecting them in case of custodian insolvency. XBTO Vault, for example, offers purpose-built protection with a three-tiered custody architecture and segregated wallets.
4. Regulatory licenses: Verify the custodian holds necessary licenses from relevant authorities. XBTO, for instance, is licensed by the Bermuda Monetary Authority (BMA) and the Financial Services Regulatory Authority (FSRA) in Abu Dhabi Global Market (ADGM).
5. Institutional-grade infrastructure: Look for bank-grade infrastructure and enterprise controls. Leading custodians like BitGo and Fireblocks offer comprehensive services beyond basic storage, including staking, trading, and settlement, all from regulated cold storage.

Establishing a comprehensive internal control framework

A robust internal control framework is indispensable for managing the unique risks of digital assets. Regulators explicitly require adequate controls before engaging in digital asset activities.

Strong governance is fundamental to securing digital assets, involving clearly defined roles, responsibilities, and oversight mechanisms.

1. Segregation of duties (SoD): A foundational principle where no single individual should control all aspects of a digital asset transaction (initiation, authorization, recording, custody). This prevents conflicts of interest and reduces fraud. Proper governance also ensures the company uses its own assets for collateral or operational purposes, rather than client assets, reducing risk and potential conflicts.
2. Access controls: Restrict access to systems and information based on defined roles, applying the principle of least privilege. Regular reviews are necessary.
3. Audit trails: Comprehensive and immutable audit trails are critical for transparency, accountability, and compliance. Every permission, policy, and transaction related to digital assets should be logged, tagged, and exportable for auditors.
4. Policy enforcement: Companies should have clear, board-approved governance policies for buying, selling, and trading cryptocurrencies, covering eligible assets, risk limits, concentration thresholds, and approved venues/custodians.

Risk management policies and procedures

Effective risk management requires a proactive and continuous approach.

1. Secure key management: Utilize multi-signature (multi-sig) and Multi-Party Computation (MPC) wallets to distribute control and eliminate single points of failure. Store keys in hardware wallets and maintain off-site, offline backups.
2. Infrastructure security: Implement traditional Web 2 security best practices such as endpoint security, end-to-end encryption, and robust network security.
3. Social engineering protection: Train employees on scams like phishing and implement technical controls.
4. Continuous monitoring and reporting: Essential for suspicious and anomalous activity, as crypto hacks are often quick and irreversible. Automated monitoring of on-chain transactions supports compliance efforts.
5. Security audits: Regular audits of on-chain and off-chain infrastructure are often mandated for compliance and risk reduction.

Leveraging technology for digital asset management

Appropriate technology is crucial for efficient and secure digital asset management, reporting, and compliance.


1. Treasury management systems (TMS): Modern TMS solutions are evolving to support digital asset management, offering cash positioning, forecasting, payments, and risk management.
2. Data integration and real-time reporting: Distributed Ledger Technology (DLT) provides real-time, consistent data, optimizing internal controls and allowing for informed decisions through real-time insights and dashboards.
3. Blockchain analytics and compliance tools: Solutions should offer integrated transaction monitoring with capabilities to flag or freeze risky transactions based on automated screening policies.
4. Audit and compliance readiness: Technology solutions should ensure every permission, policy, and transaction is logged, tagged, and exportable to prove compliance, enabling faster reconciliation and traceable data for audit purposes.

Securing your digital future

Integrating digital assets into the corporate balance sheet represents a significant evolution, offering innovation alongside substantial challenges. Securing these assets is a strategic imperative that demands a holistic and continuous commitment to robust controls, meticulous compliance, and adaptive technology. To effectively secure your balance sheet and capitalize on the strategic potential of digital assets, corporate treasurers should:

1. Establish a multi-disciplinary digital asset strategy: Form a cross-functional team (finance, IT, risk management) to define your organization's risk appetite and strategic rationale.
2. Conduct rigorous due diligence on third-party providers: Prioritize institutional-grade providers with demonstrable regulatory licenses, robust security frameworks (cold storage, MPC, HSM), and adequate insurance coverage for theft and operational risks.
3. Implement a multi-layered security architecture: Adopt a defense-in-depth approach to digital asset custody, strategically utilizing hot, warm, and cold storage, with the majority of assets held offline. Mandate the use of multi-signature and Multi-Party Computation (MPC) wallets.
4. Strengthen internal controls and governance: Implement stringent Segregation of Duties (SoD), enforce least privilege access controls, and maintain comprehensive, immutable audit trails for all digital asset activities.
5. Prioritize employee training and cybersecurity awareness: Implement mandatory and ongoing training programs focused on identifying and mitigating social engineering attacks like phishing.

By embracing these recommendations, corporate treasurers can proactively secure their balance sheets, manage complex risks, and strategically position their organizations to leverage the transformative potential of this evolving financial paradigm.