Service scope
Which crypto-asset services are covered, which assets or means of access are in scope, and which client instructions the CASP will accept.
What the custody agreement should make easy to verify
MiCA Article 75 says CASPs providing custody and administration on behalf of clients conclude an agreement that specifies their duties and responsibilities. The useful operational question is whether a reviewer can understand the service, the controls, the records, the return process, and the liability allocation without reverse-engineering the business.
Agreement checklist
Duties and responsibilities
The CASP’s duties and responsibilities, client responsibilities, approval flows, incident responsibilities, and any excluded services or unsupported assets.
Custody policy reference
How the agreement points to the custody policy, internal safekeeping rules, access-control procedures, and the controls used to minimize fraud, cyber-threat, or negligence risk.
Client statements and records
How client positions are recorded, reconciled, updated after instructions, and reported to clients at least quarterly or when requested.
Return and continuity
Procedures to return crypto-assets or means of access as soon as possible, including business-continuity, incident, and vendor-failure scenarios.
Terms clients can inspect
The custody agreement should set out communication methods, authentication systems, security procedures, fees, and applicable law, written plainly enough for client, broker, counsel, and risk-review use.
Broker and insurer evidence questions
For insurance conversations, attach evidence rather than conclusions: custody architecture diagrams, vendor roles, segregation controls, key/access-control approvals, reconciliation samples, incident logs, client communication templates, and the Article 75 loss-scenario owner for each major failure mode.
Do not describe this as proof of compliance. Describe it as an evidence pack that helps qualified advisers and markets ask sharper questions.