Notifications
Clear all
Topic starter
12/06/2026 9:49 pm
TL;DR: Digital finance is moving from experimentation to infrastructure, and Sumsub’s Consensus Miami podcast episode shows that institutions now care less about tokenization hype than about custody, payments, compliance, and fraud control across 24/7 rails. The operational lesson is that safer infrastructure does not remove fraud risk; it changes where identity, transaction, and governance controls must sit.
NHIMG editorial — based on content published by SumSub: Building Crypto Infrastructure, Insights from Consensus Miami
Questions worth separating out
Q: How should security teams govern digital-asset custody when third parties are involved?
A: Treat the third party as part of the identity model, not as an external exception.
Q: Why do custody controls not fully solve fraud risk in digital finance?
A: Custody controls protect how assets are stored, but fraud often happens through valid-looking transfer paths, delegated access, or manipulated approvals.
Q: What do institutions get wrong about tokenization and operational risk?
A: They often focus on whether assets can be tokenized and forget that distribution, compliance, and access governance are what make the model usable in production.
Practitioner guidance
- Map transaction-bearing identities Identify every service account, licensed provider, workflow role, and operator that can initiate or approve asset movement, then document the exact action each one can take.
- Separate custody controls from fraud controls Assign different owners to storage assurance, transaction monitoring, KYT, and approval logic so gaps do not hide behind a single control narrative.
- Rebuild third-party offboarding for digital assets Require explicit revocation steps when a provider’s role changes, including access removal, key retirement, and confirmation that no residual transaction paths remain active.
What's in the full article
SumSub's full article covers the operational detail this post intentionally leaves for the source:
- The full podcast conversation on institutional adoption, custody, tokenization, and payments infrastructure
- Direct commentary from Fireblocks, Citi, AMINA Bank, Polygon Labs, and Kraken leaders on how they see the market evolving
- Discussion of how fraud, AML, KYT, and compliance are being applied in real digital-asset operating models
- The practical differences between holding assets, moving assets, and outsourcing asset handling to licensed providers
👉 Read SumSub's podcast on building digital-asset infrastructure and fraud risk →
Crypto infrastructure, custody, and fraud risk: what teams need now?
Explore further
13/06/2026 12:09 am
Digital-asset infrastructure turns identity into a transaction-control problem: once institutions move from experimentation to production, the question is no longer whether the platform can custody assets, but whether every identity in the workflow can be trusted to initiate movement safely. That expands governance beyond user access into service accounts, partner entitlements, approval paths, and monitoring boundaries. Practitioners should treat the transaction itself as an identity-dependent control surface.
A few things that frame the scale:
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job, according to The 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who is accountable when a licensed provider moves assets on behalf of a bank?
A: Accountability stays with the institution that chose the operating model, even when execution is delegated. The provider may hold or move the asset, but the bank still needs clear scope, monitoring, approval boundaries, and offboarding evidence. Delegation does not remove governance obligations.
👉 Read our full editorial: Crypto infrastructure is shifting fraud risk into payments and custody
