What "RWA custody" actually means in practice
The phrase "RWA custody" suggests something new: real-world assets (RWAs) like US Treasuries, money market fund shares, and private credit sitting on a blockchain, controlled by a wallet. In practice, almost no institutional RWA product works that way. The token is a digital receipt that points back to a claim in a traditional financial structure, and the underlying security is still held by a regulated custodian inside a bankruptcy-remote special purpose vehicle (SPV).
This matters because the legal rights a token-holder has are governed by the same securities, bankruptcy, and trust laws that govern a normal brokerage account. The blockchain makes the receipt transferable and visible in real time, but it does not change who is the custodian of record, where the cash gets swept, or what happens in an insolvency. When marketing material says a token is "backed 1:1 by US Treasury bills," the word "backed" is doing a lot of quiet work.
For a compliance or treasury professional, the right mental model is to treat the token as a wrapper, not a replacement. The wrapper improves settlement speed, transparency of supply, and composability with DeFi, but the asset itself, plus the legal rights attached to it, still lives in TradFi infrastructure. Understanding which TradFi entity sits behind the token is the whole job.
Where RWA custody inherits from traditional finance
The most important thing to internalize is that RWA products borrow custody architecture from TradFi rather than reinventing it. Three TradFi concepts show up in nearly every institutional tokenized product: the qualified custodian requirement, segregation of client assets, and bankruptcy-remote SPV structures.
\h3>Qualified custodian requirements. In the US, the SEC's Custody Rule (Rule 15c3-3 for broker-dealers, and the broader Advisers Act framework) restricts where client assets can be held. A "qualified custodian" is generally a bank, a broker-dealer, a futures commission merchant, or a qualifying foreign financial institution, and the rule is designed to keep client assets out of the custodian's own balance sheet. When an RWA issuer markets a token, the legal opinion they commission almost always confirms that the underlying security is held at a qualified custodian. Without that, the product cannot be sold to US RIAs or ERISA accounts.
Segregation of client assets. Even within a custodian, the law requires that client assets be kept separate from the firm's own assets. In an RWA context, this means the Treasury bills backing a token are held in an account that is identifiable as belonging to the SPV or the fund, not commingled with the tokenization platform's operating funds. This is what gives token-holders a fighting chance of recovering their pro-rata share in a custodian failure, rather than becoming unsecured creditors.
Bankruptcy-remote SPV structures. This is the structural trick that makes tokenized fixed-income products work. The issuer sets up a special purpose vehicle that is contractually siloed from the parent company. If the parent (the tokenization platform, the fund manager) goes bankrupt, the SPV's assets are not part of the estate. Token-holders' claims run against the SPV, not the parent. It is the same legal device that has been used for asset-backed securitizations, CLOs, and repack vehicles for decades.
Where on-chain recordkeeping actually changes something
If RWA custody is mostly TradFi plus a token, what does the blockchain add? Three things, and each has limits.
Real-time visibility of supply. Anyone can read the smart contract and see how many BUIDL, USYC, or OUSG tokens exist. That is genuinely useful for auditors and for secondary market makers, and it is a meaningful upgrade over waiting for a fund administrator's monthly report. The supply figure is, however, only as trustworthy as the mint and burn controls on the contract. A poorly designed contract can mint unlimited tokens or fail to burn on redemption, which is why most institutional products use a whitelist of approved minters rather than public minting.
Faster settlement and transfer. A tokenized Treasury share can move from one address to another in seconds, and (depending on the chain) for a few dollars. A wire of traditional money market fund shares can take a day and incurs intermediary fees. This is the part that genuinely changes treasury workflows for institutions that move size regularly.
Composability with DeFi. Tokenized Treasuries can be used as collateral on-chain, posted to lending markets, or wrapped into derivative structures. This is a real innovation, but it also creates new risks: a token that is legally a securities claim becomes a building block in permissionless money markets, which regulators are still figuring out how to police.
The limit on all three is the same: the on-chain layer is a representation of an off-chain claim. If the off-chain claim fails, the on-chain token is functionally worthless, regardless of what the contract says.
The real risks for RWA token-holders
This is where the comparison gets sharp, and where the marketing materials tend to go quiet. RWA custody inherits the failure modes of TradFi custody, plus a small set of new ones.
Insolvency waterfall risk. If the issuer, the SPV, or the custodian fails, where does a token-holder land in the creditor stack? In a well-structured product, the token-holder is a beneficial owner of segregated assets held at a qualified custodian, and they come out largely intact (subject to settlement delays). In a poorly structured product, the token-holder may be an unsecured creditor of an SPV with no employees and a thin balance sheet. The legal opinion is what tells you which scenario you are in, and the law may still differ between Delaware, the Cayman Islands, and the regulator's home jurisdiction.
Reconciliation breaks between on-chain and off-chain supply. The mint and burn process has to match the deposit and redemption process at the custodian. If the smart contract mints a token before the underlying deposit clears, or fails to burn on redemption, you can end up with more tokens than assets or vice versa. This is not a hypothetical: the Wormhole bridge lost roughly $320 million in 2022 to a signature verification bug, and the Terra collapse showed what happens when an algorithmic peg diverges from its supposed backing. Those were not RWA products, but they illustrate that on-chain and off-chain systems can desynchronize, and recovery is messy when they do.
Custodian concentration risk. Most tokenized Treasuries sit at one of a handful of banks. BUIDL (issued by Securitize, with BlackRock as the asset manager) is held at BNY Mellon. USYC (issued by Hashnote, backed by a yield-bearing wrapper) is custodied with Coinbase, with the underlying cash management business structured to keep assets segregated. OUSG (issued by Ondo Finance) sits inside Ondo's own structure that involves a feeder fund arrangement. If the custodian fails, or is sanctioned, or simply changes its terms, token-holders are exposed. Diversification is harder than it sounds because the qualified custodian market for tokenized securities is thin.
Smart contract and key management risk. Even if the legal structure is bulletproof, the smart contract can have a bug, the admin keys can be compromised, or the upgrade mechanism can be misused. Audit reports and bug bounties reduce the probability, not the impact. This is a category of risk that simply does not exist for a traditional money market fund share sitting at a custodian, and it is the part that crypto-native commentary underweights.
Regulatory reclassification risk. A product that is a security in one jurisdiction may not be one in another, and a regulator can change its mind. The legal opinion that says "this token is not a security" is a snapshot in time, and enforcement priorities shift. If the token is reclassified, transfers may be halted, secondary markets may close, and the DeFi composability that made the token useful becomes a liability.
Who is the actual custodian of record
This is the question that matters most for compliance and treasury, and it is the one that product pages tend to bury. The custody chain for the three products in the brief looks roughly like this.
BUIDL. Issued on Ethereum by Securitize for BlackRock's USD Institutional Digital Liquidity Fund. The underlying US Treasury bills and cash are held at BNY Mellon, which acts as the qualified custodian. The token itself sits on a public chain, and transfers require KYC. In an insolvency, token-holders' claim is against the fund, with the assets held at BNY Mellon, and BNY is not the issuer, so the firewall between custodian and issuer is real.
USYC. Issued by Hashnote, structured as a yield-bearing short-duration Treasury product. The underlying cash and Treasuries are custodied with Coinbase, which acts as a qualified custodian under NYDFS oversight for its custody arm. The structure includes a master-feeder arrangement designed to keep operating risk separate from custody risk. Token-holders' claim runs against the issuing vehicle, and Coinbase sits in a custodial role, not an issuer role.
OUSG. Issued by Ondo Finance. OUSG holders are effectively shareholders in a fund that holds short-duration Treasuries; the structure uses a feeder fund arrangement and involves Ondo's own management company. The custody layer is in the structure, and the legal claim runs against the fund, not Ondo the protocol. This makes OUSG a slightly different product from a pure tokenized Treasury: it is a tokenized share of a fund, not a tokenized Treasury bill.
The same logic applies to the broader set of tokenization platforms: Securitize, Ondo, Maple, and Provenance each operate as the issuer and transfer agent, while the actual custody and asset management sit with third parties. The "ticker" on a wallet screen is the last link in a chain, not the first.
What this means for compliance and treasury teams
If you are evaluating RWA custody against a traditional custody relationship, the comparison is not "blockchain vs bank." It is "blockchain plus bank" against "bank alone." That changes the practical questions you should be asking.
First, ask for the legal opinion and read it. Specifically, look for the jurisdiction, the insolvency waterfall, the segregation language, and the named qualified custodian. If the product does not have a legal opinion from a credible firm, the rest of the diligence is moot.
Second, ask who holds the keys. For an institutional tokenized product, the mint and burn keys are usually held by a regulated entity, often the transfer agent, and operations are run through a multi-sig with documented procedures. If the keys are held by an anonymous team, walk away, no matter how attractive the yield.
Third, ask how reconciliation works. Mature RWA issuers run daily reconciliation between the smart contract supply and the custodian's holdings, and they publish attestations from an independent accountant. If the issuer cannot show you a SOC report or equivalent, you are trusting an honor system.
Fourth, consider operational integration. Holding a tokenized Treasury does not mean you can skip your existing custody review. Most institutional players treat the token as a settlement format on top of their existing custody relationship, with the actual cash and Treasuries still sitting at a bank they have already vetted. That is the boring answer, and it is the right one.
Finally, do not be sold on "self-custody" as a feature for tokenized securities. Self-custody of a token does not give you self-custody of the underlying security; it gives you a wallet holding a token whose legal claim still runs through the SPV. The traditional custody review is still required.
How to follow RWA custody the smart way
RWA custody is one of the most quickly evolving corners of crypto, and the gap between marketing language and legal reality is wide. New issuers, new chains, and new custodian relationships appear every quarter, and the regulatory framing is being actively written. Tracking the underlying tokenization platforms, the legal opinions they commission, and the actual reconciliation attestations manually is a losing game. Zippfeed surfaces RWA headlines with sentiment scoring (bullish, neutral, or bearish) and an importance rating, so you can spot custody, legal, and regulatory developments before they hit the mainstream financial press.
