COREDO – EU Legal & Compliance Services Expert legal consulting, financial licensing (EMI, PSP, CASP under MiCA), and AML/CFT compliance across the European Union. Headquartered in Prague, we provide seamless regulatory solutions in Germany, Poland, Lithuania, and all 27 EU member states.
Alena Sharykava
21.03.2026 | 6 min read
Updated: 21.03.2026
I have been heading COREDO since 2016 and can clearly sense how entrepreneurs’ expectations regarding the quality of legal and financial infrastructure are changing. When we enter a project to register a company in the EU or Asia, or to obtain a VASP, EMI, payment institution or forex broker license, we almost immediately arrive at the question: which custody model — segregated vs omnibus — to build into the operational architecture. This determines the legal liability of the custodian, settlement speed, capital requirements, AML controls, and, ultimately, the service’s reputation and ROI.
The COREDO team has implemented projects in the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore and Dubai, as well as in CIS countries, with a focus on international standards. COREDO’s practice confirms: proper segregation of client funds and a clearly drafted custody agreement reduce legal risks, simplify Licensing and accelerate the onboarding of banks and payment partners. In this article I systematize the approaches that have proven themselves in our projects and will show how to choose an asset custody model for specific objectives.
Segregated vs Omnibus: differences
The choice between the Segregated and Omnibus models is based on fundamental differences that directly affect asset custody and the allocation of legal liability. First we will examine the principles and advantages of the segregated asset custody model, then compare it with the omnibus approach in terms of risks and regulatory consequences.
Segregated asset custody model
The segregated asset custody model implies separation of each client’s assets at the level of a separate account or trust structure, as well as isolated accounting (client segregated account). The custodian keeps records so that the client’s ownership is not mixed with other clients’ assets or the provider’s own funds. This approach creates a strong legal framework for protection in the custodian’s bankruptcy and simplifies proving ownership.
The benefits of segregated custody for business include reduced co‑mingling risk, transparent auditing, flexibility regarding insurance (custody insurance) and a clearer Custody model legal liability. Our experience at COREDO has shown: with a segregated architecture banks and regulators approve the connection of correspondent accounts and the provision of real‑time settlement services more quickly, especially for providers under PSD2/EMI and VASP.
Omnibus model: savings and risks
The omnibus asset custody model pools the assets of many clients in a single master account with detailed sub‑ledgering (omnibus with sub‑ledger). This approach reduces the unit cost of custody (cost per AUM), speeds up netting in trades and lowers operational overhead. For brokers, market‑makers and exchanges this is often critical during phases of aggressive growth.
The risks of the omnibus model for investors and providers are obvious: client mixing (co‑mingling) complicates legal protection in disputes, increases the likelihood of an insolvency cascade if one link in the chain defaults, and places higher demands on accounting and reconciliation. Liability under omnibus accounts is more finely distributed: clients care about contract terms, the presence of an insurance wrap, liability limits and prohibitions on rehypothecation. The solution developed at COREDO often comes down to a hybrid scheme: omnibus for operational liquidity and segregation “pockets” for large or particularly sensitive assets.
Custodian’s legal liability
legal liability of the custodian is formed by a combination of law (trust law vs contract law), licensing and the terms of the agreement with the client. In jurisdictions that apply a trust approach, the client’s property is secured as a beneficial interest with priority in the custodian’s bankruptcy. In the contractual model the client relies on the terms of the custody‑agreement, where indemnity, representations & warranties, restrictions on asset use and the priority waterfall procedure are critical.
COREDO’s practice confirms: clear segregation of client funds reduces legal risks and forensic costs in case of discrepancies. In the omnibus scheme strict accounting rules, SLA for reconciliation, auditor: access to sub‑ledgers and the chain of custody are extremely important. These are the elements by which banks and regulators quickly assess the maturity of your operational model.
Regulatory frameworks EU/UK/Asia
Regulatory frameworks EU/UK/Asia include a variety of approaches to protecting client funds, from the UK’s CASS and ESMA requirements to MAS standards and other local rules. Below we will examine in detail how the CASS system is organized in the EU and the United Kingdom and what equivalents exist in other jurisdictions.
Protection of funds: CASS and equivalents
United Kingdom enshrined the CASS rules (Client Assets Sourcebook) under the supervision of the FCA. They set requirements for segregated accounts, the frequency of re-conciliation, reporting and disclosure formats, and for sub-custodians. In the EU, ESMA standards and directives apply, and at the national level, oversight is provided by BaFin, CSSF, CySEC and other regulators. For EMI/PI, PSD2 and local safeguarding laws apply: segregation of client funds, use of trust accounts or insurance.
The COREDO team implemented projects in the EU and UK where the CASS approach was supplemented by an omnibus model at the intermediary level, but with daily reconciliation and automated control procedures. Such a design satisfies the regulator and makes the auditor’s job easier, while the business gains T+1/T+2 settlement speed without compromises to security.
Licensing of custody providers in Asia
In Singapore, MAS sets a strict framework for licensing capital-market and payment services, including requirements for safeguarding and reporting. In Hong Kong, the SFC specifies custody of digital assets in detail, including cold wallets and access procedures. Middle Eastern markets, including Dubai, are actively developing VASP regimes with an emphasis on AML/CFT and technical security.
Licensing of VASPs and custody providers in Asia often requires description of HSM, MPC architecture, multisignature procedures and air-gapped infrastructure. Our experience at COREDO has shown: a detailed engineering runbook for access (IAM), RTO/RPO and disaster recovery speeds up approval and reduces the volume of additional regulator requests.
AML/CFT, KYC: beneficial owner registry and GDPR
FATF Recommendations set the AML/CFT framework, and local regulators raise the bar for KYC for institutional clients and beneficial ownership disclosure. Company beneficial owner registries directly affect custody compliance: the custodian must verify ultimate owners and document the ownership chain. GDPR and equivalents require care in cross-border data transfer and client data.
At COREDO we implement client KYC processes based on a risk-based approach: client segmentation, enhanced Due Diligence for PEPs/high-risk industries, transaction monitoring and regular periodic reviews. Such a system reduces the custodian’s operational risk and increases the confidence of banking partners.
Key provisions of the custody agreement
Contractual architecture largely determines the allocation of risks and liabilities in a custody agreement, so it is prudent to identify its key provisions in advance. In the following subitems we will examine indemnity, representations and warranties, insurance wrap and limit of liability, how these elements interact and what consequences they have for the parties.
Indemnity and limitation of liability
The asset custody agreement is the core of the client relationship. Key provisions include the indemnity mechanism, the parties’ representations and warranties (representations and warranties), limits of liability and insurance coverage. We build risk allocation so that the client clearly understands the boundaries of liability and compensation mechanisms, and the provider: requirements for controls and reporting.
The insurance wrap enhances resilience: policies covering criminal intent of employees, cyber incidents and custody risks in cold infrastructure. COREDO’s practice shows: transparent limits and well‑defined exclusions reduce negotiation time and improve investors’ perception of risks.
Sub-custodian and subcontracting
If the custodian uses subcontractors, chain of liability clauses are critical in the agreement. It is important for the client to know who the sub‑custodian is, how liability is allocated and which standards apply down the chain. We set requirements for the sub‑custodian’s due diligence, rights to audit and periodic risk reassessment.
The solution developed at COREDO includes a standard set of appendices to the agreement: a list of sub-custodians, SLA/KPI, reporting requirements and procedures for emergency replacement of a counterparty. Such a preconfigured matrix reduces friction during scaling.
Rehypothecation and asset restrictions
Rehypothecation is a sensitive topic, especially in the omnibus model. We set out a clear prohibition or strict limits, a client consent procedure and collateral requirements. For digital assets, we record a ban on staking/lending without an explicit mandate, as well as reporting on any form of yield related to the client’s assets.
The COREDO team combines legal restrictions with operational controls: real prohibitions in systems, regular reconciliation checks and audit trails of changes. This approach prevents unexpected interpretations of the terms and reduces the risk of dispute.
Custodian operating model
An effective custodian operating model relies on transparent bookkeeping and regular reconciliation, ensuring balance accuracy and tracking of asset movements. SLA and BCP set mandatory timelines and incident response scenarios, including forensic reconciliation procedures for omnibus accounts.
Reconciliation and accounting for omnibus accounts
An omnibus requires impeccable sub-ledger accounting. We implement daily reconciliation, independent source-level checks, edit journaling and forensic reconciliation for any discrepancies. Clients are provided with a transparent audit trail and auditor access in case of dispute.
Our experience at COREDO has shown that an «omnibus account with a sub-ledger» operates safely when there are automated rules for transaction allocation, limits on manual adjustments and mandatory compliance exception reports. Then even under stress the team quickly restores accurate balances.
SLA, KPI, RTO/RPO and business continuity plan
SLA defines availability, settlement timelines, recovery time objective (RTO) and data loss (RPO). We set KPIs for posting time, reporting accuracy, incident management and support quality. The business continuity plan (BCP) and disaster recovery are tested at the scenario level: failure of a key sub-custodian, HSM outage, data-center unavailability.
COREDO’s practice confirms: a documented and tested BCP increases the regulator’s and the fund’s investment committee’s confidence. When an investor sees that the provider can operate on T+1/T+0 and withstands stress scenarios, the discussion moves from concerns to growth.
Combating insider risk in IAM
Access control tools (IAM), the principle of least privilege, four‑eyes and segregation of duties mitigate the custodian’s operational risk. We implement regular access attestations, anomaly monitoring, key rotation and mandatory incident investigations. For critical operations: multi-authorization and hardware tokens.
The COREDO team configures KRI (Key Risk Indicators): incident closure time, share of manual adjustments, reconciliation latency, attempts to escalate privileges. These metrics translate the discussion of operational risk into a language of manageable numbers.
Tax consequences of choosing a model
When assessing the tax, accounting and investment implications of choosing a specific model, it is important to rely on measurable financial metrics. The fund’s NAV, the service ROI and the unit storage cost will show how tax and accounting regimes are reflected in reporting and actual returns.
Fund NAV/Service ROI/Storage cost
Omnibus vs segregated affects NAV calculation and cost structure in different ways. Omnibus saves on infrastructure and speeds up netting, but creates requirements for enhanced control and insurance. The segregated model increases accounting and processing costs, but simplifies audit and lowers the cost of capital thanks to investor trust.
Our clients often create a hybrid: critical assets in segregated “cells”, operational liquidity in an omnibus with transparent limits. Such a balance increases the ROI of the financial service and leaves room for scaling as AUM grows.
Settlement risks: T+2, T+1 and real-time
Shortening the settlement cycle to T+1/T+0 imposes requirements on segregated accounts and on the quality of integration with clearing and settlement agents. In some real-time settlement modes regulators and counterparties expect full isolation of client funds. This is especially noticeable in payment services under PSD2/EMI and in certain VASP models.
The solution developed at COREDO provides a “fast corridor” for payments with instantaneous segregation of balances and automatic transfer of the “excess” to an omnibus liquidity pool. This achieves speed without sacrificing legal protection.
COREDO Case Studies and Lessons
COREDO’s practice includes real case studies and practical lessons demonstrating how companies adapt to the requirements of the crypto asset market. Below we will examine in detail examples from the EU, VASP compliance, specifics of tokenized assets and nuances of working with NFTs — to move from theory to concrete solutions.
VASP and NFTs in an EU crypto exchange
A European crypto exchange approached us with the task of obtaining VASP registration and implementing custody for tokenized assets and NFTs. We chose a cold-first architecture: HSM, air-gapped, multi-signature and MPC for hot-level operations. The agreement prohibited re-hypothecation of assets and any use without the client’s mandate, and also established enhanced due diligence for institutional clients.
The result was registration in one of the EU jurisdictions, onboarding of a banking partner and an audit of client asset protection procedures. The client achieved significant insurance savings thanks to segregated “high-importance wallets” and reduced regulatory scrutiny of the omnibus part.
Payment provider in the UK/EU
An electronic money provider planned to scale in the UK and EU. We implemented safeguarding based on the CASS approach: segregated trust accounts, daily reconciliation, reporting and audit. For specific scenarios we implemented escrow structures as a hybrid solution for mutual obligations.
COREDO’s practice showed: transparent segregation and an SLA for restoring client access to funds accelerate bank compliance processes and open doors to large corporate counterparties.
Fund in Singapore/Dubai, custodian selection
An asset manager from Singapore was expanding into Dubai. We conducted best-practice due diligence when selecting a custodian: checked licenses, prudential requirements, BCP/DR, insurance, chain of liability and reporting. To improve NAV calculation we configured omnibus liquidity with restrictions on co-mingling and daily forensic reconciliation.
Result: increased fund liquidity without loss of trust from LPs. The regulator in both jurisdictions accepted the structure without additional requirements.
Forensics and dispute in an insolvency cascade
In one of the cases a partner-custodian announced liquidity problems. Thanks to segregated accounts and a clear priority waterfall clients quickly gained access to their assets. We initiated emergency injunctive relief, provided auditor access and carried out forensic reconciliation of balances.
This scenario reinforced the understanding: in an omnibus circuit without transparent “chains of ownership” rules the restoration of rights would have been delayed. Segregation and a properly drafted custody agreement save time and reputation.
Choosing a custody model and provider
The roadmap for a sound selection includes a sequence of key steps for assessing the custody model and provider. Special attention should be paid to best practices in due diligence, auditor access and assessment of third‑party risk: these aspects are covered in detail in the following subsections.
Due diligence: auditor access and risks
The roadmap starts with mapping risks and objectives. We assess the business model, client profile, AML requirements/CFT and licensing, and then build a matrix of criteria for the custodian: licenses, capital, SLA, BCP, insurance, reporting, technical infrastructure, auditor rights and arbitration clauses.
The COREDO team creates a checklist for third‑party risk management: test exports of the sub‑ledger, failure simulations, RTO/RPO, incident management and asset migration cases between providers. This approach removes blind spots and allows you to quickly reach a negotiating position.
Trust law versus contract law and structures
In some jurisdictions a trust structure strengthens protection: client assets are legally segregated and serviced by a fiduciary. The contractual model is more flexible and faster, but requires careful drafting of terms, including indemnity, warranties and insurance. We compare both approaches taking into account local insolvency law, regulator habits and cross‑border custody plans.
Our experience at COREDO has shown that for funds and family offices a trust structure often brings additional benefits for tax and estate planning. For exchanges and payment providers the contractual model with a strong compliance framework is optimal.
Legal entity registration: capital and licensing
When a client plans their own custody services in the EU, we select a jurisdiction taking into account capital requirements, prudential requirements and supervision. In Asia — we analyze VASP/capital‑market license regimes, MAS/SFC standards for security and reporting. COREDO’s portfolio includes solutions for the Czech Republic, Slovakia, Cyprus, Estonia, the United Kingdom, Singapore and Dubai.
The solution developed by COREDO includes standard AML policies/CFT, KYC procedures, operational SLAs, reconciliation policy, BCP/DR and contract templates. Such a package speeds up the dialogue with the regulator and reduces launch costs.
Custody: cold storage, HSM, MPC
Solutions in custody, from cold storage and HSM to MPC and smart contracts: form the foundation for storing and managing digital assets. The choice between custodial and non‑custodial models directly affects legal liability and the ability to prove the chain of custody in disputes or audits.
Custodial vs non-custodial
Custodial wallet means that the provider holds the client’s keys and bears a fiduciary duty to protect them. Non‑custodial transfers control to the user but complicates KYC/AML and support. We help clients clearly articulate the chain of custody and prove ownership of crypto assets, including scenarios of lost access and recovery.
The right choice affects licensing, insurance, and contractual obligations. COREDO’s practice confirms: a mix of custodial for corporate clients and non‑custodial for retail helps cover a broad market without unnecessary risk compromises.
Key management HSM/multisignature/MPC
Cold storage based on certified HSMs, air‑gapped infrastructure, multisignature and modern MPC solutions form the technological core of a custodian. We establish separate access domains, strict procedures for granting rights and rotation, as well as «theatricalization» of critical operations with video recording and role separation.
The COREDO team links technical controls with legal terms: the contract reflects which mechanisms ensure security, which SLAs apply during access recovery, and how insurance covers technological risks.
International and cross-border issues
Aspects of an international and cross-border nature require attention not only to jurisdictions but also to data processing rules when exchanging information between countries. In the following subsections we will examine the specifics of cross‑border data transfer, GDPR requirements and the practice of drafting data exchange agreements in order to understand the risks and ways to minimize them.
Data transfers abroad and GDPR
Cross‑border data processing requires a DPA, SCCs and consideration of GDPR requirements. In custody‑agreements we record data storage locations, backup arrangements, rights of regulatory access and rules for transferring information between jurisdictions. For clients from CIS countries this is especially important when establishing structures in the EU, UK, Singapore and Dubai.
Our approach combines legal provisions with technical measures: field‑level encryption, tokenization of sensitive data, an access matrix and monitoring of leaks. This set improves acceptance by banks and compliance with local law.
Cross-border asset custody
When storing assets internationally, we predefine the order of application of deposits and the priority of claims (priority waterfall) taking into account conflict of laws rules. We include arbitration clauses, court jurisdiction and the possibility of emergency injunctive relief. For tokens – we describe the legal nature and applicability of local law, as well as mechanisms for recognition of ownership.
The COREDO team uses verified formulations that have already been tested in real disputes. This saves time and reduces unforeseen risks during peak moments.
Custody as a competitive advantage
The choice of a Custody model, segregated vs omnibus, affects legal risks, access to capital, settlement speed and business resilience. Segregation of client funds creates stronger protection and accelerates dialogue with regulators and banks, omnibus increases efficiency and reduces costs with proper controls. In both cases custody agreement, operational SLAs, AML/CFT and technological discipline are decisive.
Over years of work our experience at COREDO has shown: a structure that logically links legal provisions, regulatory standards (FATF, ESMA, MAS, CASS), operational reliability and technical security builds trust and creates long-term value. My team and I at COREDO are ready to go through all stages with you – from company registration and licensing to implementation of custody infrastructure, insurance, BCP and forensic procedures. This partnership model gives the entrepreneur the essentials: transparency, time savings and a protected foundation for scaling in the markets of Europe, Asia and the CIS countries.