Subscribe to the Non-Human & AI Identity Journal

Client asset segregation

Client asset segregation means customer assets are kept separate from the firm’s own holdings and cannot be reused for the firm’s purposes. In regulated crypto markets, it is a core protection for customer funds and a key audit point for proving responsible custody.

Expanded Definition

Client asset segregation is the operational and legal separation of customer holdings from a firm’s proprietary assets so that client property is not commingled, rehypothecated, or used to cover the firm’s liabilities. In regulated digital-asset and custody environments, the concept is broader than simple accounting classification: it includes ledger separation, wallet architecture, internal approvals, and audit evidence that prove the firm cannot treat client assets as its own.

Usage in the industry is still evolving across jurisdictions, but the underlying control objective is consistent. A strong segregation model should make ownership traceable at every stage of the asset lifecycle, from deposit to transfer to withdrawal. That often includes distinct wallets or sub-ledgers, restricted administrator access, and reconciliation processes that can demonstrate balances at any point in time. Guidance from the NIST Cybersecurity Framework 2.0 is relevant because segregation depends on governance, access control, and traceable protection of critical assets, even though it does not define custody rules itself.

The most common misapplication is treating a bookkeeping label as proof of segregation, which occurs when organisations record customer balances separately but still allow operational reuse, sweeping, or pooled control over the underlying assets.

Examples and Use Cases

Implementing client asset segregation rigorously often introduces operational friction, requiring organisations to weigh stronger custody assurance against reduced treasury flexibility and more complex reconciliation.

  • A crypto exchange maintains separate hot and cold wallet structures for customer funds, with internal controls preventing treasury staff from moving client balances for operational expenses.
  • A regulated custodian uses per-client sub-ledgers and daily reconciliation to prove that each customer’s holdings match on-chain and internal records.
  • A bankruptcy-remote trust or fiduciary account is used to hold client property, reducing the risk that a platform failure turns customer assets into general creditor claims.
  • An asset servicer enforces dual approval for any transfer out of segregation-controlled wallets, creating a review point before assets can leave custody.
  • A firm documents segregation controls in policies, then supports them with audit evidence, access logs, and incident records to satisfy supervisory review.

For custody and resilience teams, the key question is not whether assets are “tagged” as client-owned, but whether the operating model actually prevents reuse and preserves traceability under stress. That is why auditability matters as much as storage design, especially where regulators expect evidence of control intent and control operation.

Why It Matters for Security Teams

Client asset segregation is both a custody control and a trust control. When it fails, the consequences are rarely limited to a single transaction: commingling can obscure ownership, weaken recovery options, and create legal exposure if insolvency, fraud, or insider misuse occurs. Security teams need to understand segregation because the control boundary often spans identity, access, and finance systems at once. Administrators with excessive privileges, weak approval workflows, or poorly governed service accounts can all undermine segregation even when the policy language looks sound.

The identity connection is especially important where privileged access management, key custody, and non-human identities support wallet operations. If machine credentials can initiate transfers without clear approval logic, segregation can collapse into an administrative fiction. That makes access reviews, separation of duties, and logging central to assurance, not just to IT hygiene. Industry expectations are also shaped by broader control frameworks such as the NIST Cybersecurity Framework 2.0, which reinforces governance over critical assets and access paths.

Organisations typically encounter the true impact of segregation failures only after a withdrawal freeze, audit exception, or insolvency event, at which point client asset segregation becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST SP 800-63 set the technical controls, while ISO/IEC 27001:2022 and DORA define the regulatory obligations.

Framework Control / Reference Relevance
NIST CSF 2.0 PR.AC Access control governance supports protecting client assets from improper reuse or transfer.
NIST SP 800-53 Rev 5 AC-3 Access enforcement is central to preventing staff or systems from misusing segregated assets.
ISO/IEC 27001:2022 A.5.12 Asset management supports clear ownership and handling rules for client-held property.
NIST SP 800-63 IAL2 Identity assurance matters when privileged staff approve movements affecting client assets.
DORA Operational resilience and control evidence are relevant where custody services support regulated financial assets.

Maintain evidence of control design and testing so custody segregation survives supervisory review.