← Directory

MiCA Article 75 custody liability insurance

Article 75 is not an insurance-shopping checklist. It is the custody and administration framework that shapes the liability story insurers and risk teams need to understand.

Prepare custody evidence Custody/security providers

Informational only. Not legal, regulatory, brokerage, underwriting, or insurance advice.

What Article 75 covers

Article 75 applies to CASPs providing custody and administration of crypto-assets on behalf of clients. It covers client agreements, custody policies, client position registers, statements, asset return procedures, segregation, outsourcing, and liability where crypto-assets or means of access are lost.

Why it matters for insurance

Insurance markets do not only ask whether a CASP “has custody.” They ask how custody is designed, how keys or access are controlled, what happens when systems fail, which vendors are involved, what clients are promised, and how the firm proves that assets can be returned quickly.

Article 67 explicitly references CASP liability towards clients under Article 75(8) as a risk area for the relevant insurance policy. That makes Article 75 evidence commercially important even when the buying conversation starts as “Article 67 insurance.”

Article 75 evidence pack

Client agreement

Duties, responsibilities, service description, custody policy, communication methods, authentication, security systems, fees, and applicable law.

Custody policy

Internal rules and procedures for safekeeping, control, or access control, plus how fraud, cyber-threat, and negligence risk is minimized.

Position register

How each client’s rights to crypto-assets are recorded, updated after instructions, and reconciled to underlying transaction records.

Return procedures

Procedures to return crypto-assets or means of access to clients as soon as possible, including incident and business-continuity workflows.

Segregation and outsourcing

How client crypto-assets are segregated from the CASP estate and what controls exist around third-party custody or administration providers.

Liability story

How the firm describes losses due to incidents attributable to it, what exclusions may apply, and how responsibility is allocated across vendors and clients.

Typical coverages to discuss

Depending on business model and underwriting appetite, an Article 75 conversation can connect to professional indemnity, cyber, crime/specie-style digital-asset cover, technology E&O, directors and officers, and business interruption. The right structure depends on the activity, client terms, custody design, and source-backed risk facts.

The useful first step is not a quote request. It is a custody-risk memo that explains what can go wrong, who is responsible, which controls exist, and what evidence supports that story.