Subscribe to the Non-Human & AI Identity Journal

Custody Routing

Custody routing is the path value follows from issuance or receipt to its final controlled destination. For digital assets, the route matters as much as the asset itself because each hop can introduce approval, monitoring, or concentration risk that security and compliance teams need to evidence.

Expanded Definition

Custody routing describes the controlled path an asset takes from issuance or receipt to its final destination, with each transfer, approval, and storage point treated as part of the security model. In digital-asset and identity-adjacent environments, the route is not just an operational detail; it determines who can touch value, when a handoff is valid, and where monitoring must be applied.

Definitions vary across vendors and sectors, so custody routing should be treated as a governance concept rather than a single technical control. In practice, teams use it to document approval chains, segregation of duties, exception handling, and evidence retention across exchanges, wallets, custodians, and internal control points. That makes it closely aligned with the lifecycle thinking in the NIST Cybersecurity Framework 2.0, especially where asset protection and traceability depend on clear ownership transitions.

The most common misapplication is treating custody routing as a payment processing detail, which occurs when organisations map transaction flow but ignore who controls each hop.

Examples and Use Cases

Implementing custody routing rigorously often introduces more approval overhead and logging, requiring organisations to weigh stronger control evidence against slower asset movement.

  • A digital-asset platform routes client holdings from an intake wallet to segregated cold storage, with recorded approvals at each transfer point.
  • An insurer handling tokenised settlement assets routes value through a licensed custodian and an internal treasury account, preserving evidence of each controlled handoff.
  • A finance team uses custody routing to show where API keys, signing materials, or tokens were held before they were used to authorize an on-chain action, which is a recurring governance concern in the Ultimate Guide to NHIs.
  • An exchange defines exception routes for urgent movement, requiring secondary approval when assets bypass standard vaulting workflows.
  • A managed custody provider documents third-party transfers so auditors can verify whether concentration risk increased at any step in the chain.

For security teams, the practical value of custody routing is that it creates a defensible map of where control changed hands and where oversight should have been active. That matters in environments where Ultimate Guide to NHIs notes that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, because routing decisions often depend on those same non-human control points.

Why It Matters for Security Teams

Custody routing becomes critical when security, treasury, compliance, and platform teams need to prove not only that an asset existed, but also that it remained under valid control throughout its journey. Weak routing logic can hide concentration risk, blur accountability, and create blind spots in audit evidence. In NHI-heavy workflows, the routing path often depends on service accounts, API keys, and automated approvals, so poor custody design can turn an identity problem into an asset-loss problem.

NHIMG research shows that 92% of organisations expose NHIs to third parties, raising supply chain security concerns that often surface through custody handoffs rather than core systems. That is why custody routing should be reviewed alongside the control expectations in the NIST Cybersecurity Framework 2.0, especially where evidence, monitoring, and least-privilege access must extend across every transfer boundary. The operational question is not only who owns the asset, but who can move it next and under what proof.

Organisations typically encounter custody-routing failures only after a disputed transfer, stalled recovery, or failed audit, at which point the routing trail becomes operationally unavoidable to reconstruct.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 PR.AC-4 Custody routing depends on least-privilege access and controlled transfer points.
NIST SP 800-63 AAL2 Custody routing often relies on stronger authentication for high-value transfer actions.
OWASP Non-Human Identity Top 10 Custody routing often depends on NHI ownership, token handling, and secret movement.

Map each handoff to explicit access approval and verify least privilege at every custody boundary.