Custody is the compliance issue that tokenized real estate sponsors consistently underestimate. The pitch for tokenization focuses on speed, accessibility, fractional ownership, and streamlined transfer mechanics. Custody — who holds the securities, who controls them, how they are accounted for, and what happens when something goes wrong — rarely makes it into the marketing materials. It makes it into enforcement actions.
The legal framework governing custody of tokenized real estate securities sits at the intersection of four distinct bodies of law: the investment adviser custody rule under the Investment Advisers Act; the customer protection rule for broker-dealers under the Securities Exchange Act; the transfer agent regime; and the recordkeeping and control requirements that apply specifically to digital securities under more recent SEC guidance. The 2026 Project Crypto Release — Release Nos. 33-11412 and 34-105020 — adds a fifth layer by confirming, at the Commission’s highest level of interpretive authority, that digital securities are subject to the full federal securities law framework. That confirmation matters here because it forecloses the argument that blockchain-based recordkeeping or on-chain settlement satisfies custody obligations on its own.
This post works through what custody actually requires in the tokenized real estate context: which rules apply to which parties, what the SEC’s most recent guidance says about digital asset securities control and recordkeeping, where the 2026 Release changes or clarifies the analysis, and what sponsors and platform operators need to address before a tokenized offering goes live.
What the 2026 Release Confirms About Digital Securities and Custody
The 2026 Project Crypto Release established a formal five-category taxonomy for crypto assets: digital commodities, digital collectibles, digital tools, stablecoins, and digital securities. For custody purposes, the operative category is the last one. A digital security is a crypto asset that constitutes a security under the federal securities laws — an instrument that confers investment rights analogous to equity, debt, or profit participation, or that constitutes an investment contract under the Howey test. The 2026 Release confirmed that digital securities are subject to the full federal securities law framework, including all custody, control, recordkeeping, and investor-protection obligations.
The Release also superseded the 2019 SEC staff framework for digital asset analysis, which means any custody analysis grounded in the prior staff guidance needs to be updated. The Commission’s current position — that digital securities are securities for all purposes, and that on-chain or off-chain recording does not alter the application of federal law — is the operative framework. Sponsors and their counsel who have not revisited their custody structure in light of the 2026 Release are working from a legal baseline the Commission has formally replaced.
The Release’s endorsement of hybrid on-chain/off-chain recordkeeping is particularly significant for custody architecture. The 2026 Release confirmed that securities recordkeeping can be structured as a hybrid model: on-chain records can serve as the cap table ledger or a component of the master securityholder file, while off-chain records maintained by a registered transfer agent handle personally identifying information and satisfy the recordkeeping, safeguarding, and examination requirements that federal securities law imposes. This is not permission to abandon traditional custody infrastructure. It is a framework for integrating blockchain records into a structure that satisfies existing regulatory requirements rather than substituting for them.
| On-chain recording does not satisfy custody. It can be part of a compliant recordkeeping architecture — but only if the off-chain infrastructure, qualified custodian, and transfer agent obligations are also addressed. |
One aspect of the 2026 Release that is easy to overlook in the custody context is its treatment of investment contracts involving non-security crypto assets. The Release explains that a crypto asset that is not itself a security can still be offered and sold subject to an investment contract, which is a security. In that scenario, the investment contract — not the underlying token — is the security. The custody analysis applies to the investment contract, meaning the party holding or controlling the investor’s interest in that contract has the same custody obligations as a party holding a traditional security. Sponsors structuring real estate investments around token mechanics that are designed to avoid the “digital securities” category should understand that the custody analysis follows the economic substance of the arrangement, not the token label.
The Regulatory Map: Which Rules Apply to Which Parties
Custody for tokenized real estate securities does not fall under a single regulatory framework. It depends on who is holding or controlling the securities, in what capacity, and under what registration status. The table below maps the key parties against the governing legal framework, the core custody obligation, and its practical implication for a tokenized real estate structure:
| Party | Governing Framework | Key Custody / Control Obligation | Practical Implication |
| Registered Investment Adviser | Advisers Act Rule 206(4)-2 (the “Custody Rule”) | Client securities must be maintained with a qualified custodian. Authority to transfer client assets — including via wallet control or smart-contract permissions — can independently create custody. | Ensure qualified custodian is engaged. Evaluate whether wallet access, smart-contract roles, or transfer authority independently create custody. Confirm quarterly statement delivery. |
| Registered Broker-Dealer | Exchange Act Rule 15c3-3 (the “Customer Protection Rule”) | Broker-dealer must obtain and maintain physical possession or control of all fully paid and excess margin securities held for customers. Applies to crypto asset securities. 2019 Joint Staff Statement withdrawn May 15, 2025. | Establish compliant control under Rule 15c3-3 paragraph (c) control locations. Do not rely on the withdrawn 2019 guidance. Address possession-or-control for each digital security held. |
| Transfer Agent | Exchange Act Section 17A; Transfer Agent Rules | May use DLT as official master securityholder file or component thereof if all federal securities-law recordkeeping, safeguarding, and examination requirements are met. Personally identifying information may be maintained off-chain. | Reconcile on-chain records with master securityholder file. Maintain compliant retention, accuracy, and producibility standards. Do not treat a public blockchain explorer as a substitute for complete recordkeeping. |
| Tokenized Real Estate Issuer / Sponsor | Securities Act; Exchange Act; applicable exemption conditions | Tokenization does not alter the issuer’s obligation to maintain accurate ownership records, enforce transfer restrictions, and provide investors with the disclosures required under the applicable exemption. | Align smart-contract transfer restrictions with the offering’s legal restrictions. Maintain reconciled ownership records. Ensure transfer agent or other recordkeeper satisfies applicable requirements. |
Each of these frameworks operates independently. A registered investment adviser that also serves as the manager of a tokenized real estate fund has custody obligations under the Advisers Act regardless of whether a registered broker-dealer is also involved. A broker-dealer that holds tokenized real estate securities for customers has obligations under Rule 15c3-3 regardless of how the transfer agent maintains the ownership records. A transfer agent using blockchain-based records has recordkeeping obligations under the Exchange Act regardless of how visible those records are on a public ledger. The frameworks overlap and interact — they do not substitute for one another.
The Investment Adviser Custody Rule: Where Sponsors Most Often Get Caught
For registered investment advisers managing tokenized real estate funds or advising separately managed accounts that hold real estate tokens, the custody analysis starts with Rule 206(4)-2 under the Investment Advisers Act — commonly called the Custody Rule. The rule makes it a fraudulent, deceptive, or manipulative act for an adviser to have custody of client funds or securities unless specific conditions are met: a qualified custodian must maintain the assets, the client must be notified, and the adviser must have a reasonable basis to believe the custodian is sending account statements at least quarterly.
The first question sponsors ask is whether they “have custody” at all. The SEC’s answer is broader than most people expect. Custody includes not only physically holding client assets, but also having the authority to obtain them. Password access or wallet control that allows an adviser to move client securities creates custody, even when the adviser has no present intention of doing so. In a tokenized real estate context, this means that a fund manager who controls the smart-contract permissions governing token transfers, who has signing authority over a multisig wallet holding investor tokens, or who can unilaterally instruct a platform to process transfers on behalf of investors may have custody regardless of how the arrangement is described in the operating agreement.
For pooled vehicles — which describes most tokenized real estate SPVs and funds — the Custody Rule offers an alternative compliance path: the audited financial statement exception. Under this approach, the pooled vehicle distributes audited financial statements prepared by an independent public accountant to all investors within 120 days of the fiscal year end (or 180 days for funds of funds). If the audit is conducted in accordance with GAAP and the auditor is registered with the PCAOB, this approach satisfies the Custody Rule without requiring quarterly custodian statements. It is a widely used path for private real estate funds, and it remains available for tokenized structures — but it requires an actual annual audit, conducted by a qualified firm, and delivered to investors on time. The blockchain does not perform the audit.
| Custody Triggers Sponsors Frequently Miss in Tokenized Structures The following situations can independently create custody under the Advisers Act Custody Rule, even when the adviser believes the arrangement is purely administrative: • Signing authority over a wallet holding investor tokens • Smart-contract permissions that allow the adviser to initiate or approve token transfers • Authority to instruct a platform or transfer agent to process investor transactions • Serving as general partner, managing member, or trustee of the fund vehicle • Password or key access to an account from which client securities can be moved Each of these situations requires either engagement of a qualified custodian or reliance on the audited financial statement exception for pooled vehicles. Neither is optional. |
Rule 15c3-3 and Broker-Dealer Custody of Tokenized Securities
For broker-dealers holding tokenized real estate securities for customers, the governing framework is Exchange Act Rule 15c3-3 — the Customer Protection Rule. The rule requires a broker-dealer to obtain and maintain physical possession or control of all fully paid securities and excess margin securities it carries for customers. The SEC has made clear in multiple 2025 staff statements that this obligation applies to crypto asset securities because they are securities, subject to the same possession-or-control requirements as any other customer security.
Two specific developments from 2025 are essential background for any broker-dealer custody analysis in this space. First, the SEC’s May 2025 FAQ on broker-dealer custody of digital asset securities clarified that Rule 15c3-3 applies only to securities — not to non-security crypto assets — and that a broker-dealer may establish control of a crypto asset security through the paragraph (c) control locations specified in the rule, even when the asset is not in certificated form. Second, and critically, the 2019 Joint Staff Statement on broker-dealer custody of digital asset securities was withdrawn on May 15, 2025. Any broker-dealer whose custody analysis still relies on that withdrawn statement is working from guidance the SEC no longer endorses.
The practical implication of the withdrawal is that broker-dealers cannot treat the Special Purpose Broker-Dealer framework from the 2020 statement as the only permissible path to compliant digital securities custody. The regulatory emphasis has shifted back to the text of Rule 15c3-3 itself: can the broker-dealer demonstrate possession or control of the digital security in a way that satisfies the rule’s requirements? That requires an asset-specific analysis that takes into account the distributed ledger infrastructure, the control mechanisms available for the particular token, and whether those mechanisms constitute a qualifying control location under paragraph (c).
| The 2019 Joint Staff Statement on broker-dealer custody of digital asset securities was withdrawn on May 15, 2025. If your custody analysis references it as current guidance, it needs to be updated. |
Transfer Agents, Recordkeeping, and the DTC Tokenization Pilot
Transfer agents occupy a specific and increasingly important role in tokenized real estate structures. A registered transfer agent maintains the official master securityholder file, processes transfers, monitors for unauthorized issuances, and performs the bookkeeping functions that establish who legally owns a security at any given time. In a tokenized structure, the question is how those functions interact with on-chain records — and the SEC has provided meaningful guidance on this in recent years.
The SEC’s May 2025 FAQ confirmed that a registered transfer agent may use distributed ledger technology as its official master securityholder file, or as a component of it, provided that the transfer agent still complies with all applicable federal securities-law requirements for recordkeeping, reporting, safeguarding, examination, and related controls. The FAQ also recognized that some information may be kept on-chain — including transfer history and ownership balances — while personally identifying information is maintained off-chain. This is consistent with the 2026 Release’s endorsement of hybrid recordkeeping models.
What the May 2025 FAQ does not permit is treating a public blockchain explorer as a substitute for a complete and compliant ownership record. A legally valid transfer agent record requires reconciled data, accurate identification of record holders, retention of transfer history, tracking of applicable restrictions, and the ability to produce records promptly for examination. The fact that token transfers are visible on-chain satisfies none of these requirements on its own. The blockchain is evidence of what happened; the transfer agent’s records are the legal account of who owns the security.
The DTC’s tokenization pilot, addressed in a December 11, 2025 SEC staff no-action letter, illustrates how serious market infrastructure participants are approaching this problem. The pilot describes a structure in which DTC allows its participants to have security entitlements to DTC-held securities recorded using distributed ledger technology, while DTC continues to function as the central securities depository and registered clearing agency. Participants hold tokenized representations of their DTC entitlements; DTC holds the underlying securities. The model is not a template for every tokenized real estate offering — it reflects the specific operational and regulatory position of DTC as a registered clearing agency — but it demonstrates the level of infrastructure coordination that regulators expect when blockchain technology is integrated into securities recordkeeping at any meaningful scale.
| What a Legally Compliant Ownership Record Requires A blockchain explorer showing token balances is not a substitute for a compliant ownership record. A legally valid master securityholder file — whether maintained on-chain, off-chain, or in a hybrid model — must satisfy all of the following: • Accurate identification of each record holder, including personally identifying information maintained in a secure and compliant format • Complete transfer history, including the identity of transferors and transferees and the date of each transfer • Current tracking of all applicable transfer restrictions and investor eligibility conditions • Reconciliation between on-chain balances and the authoritative off-chain record, with documented procedures for resolving discrepancies • Retention for the periods required under applicable federal securities-law recordkeeping rules • The ability to produce records promptly and completely for SEC examination |
Who Qualifies as a Custodian — and What That Actually Requires
Under the Advisers Act Custody Rule, client securities must be maintained with a qualified custodian. The rule identifies banks, savings associations, registered broker-dealers, registered futures commission merchants, and certain foreign financial institutions as qualified custodians, depending on the circumstances. Banks and trust companies are the most common choice for private fund structures, including tokenized real estate funds, because they combine institutional credibility with established custody operations and are generally equipped to maintain both traditional and digital asset positions.
Being a bank or trust company is necessary but not sufficient. The qualified custodian must actually be capable of maintaining effective custody of the specific digital securities in question: providing the required account statements, supporting the issuer’s recordkeeping model, and addressing the blockchain-specific risks that arise in a tokenized securities context. Those risks include private-key compromise, smart-contract vulnerabilities, allowlist errors, chain governance changes, and the possibility that an on-chain transfer outpaces the legal ownership record. A qualified custodian that is not operationally prepared to address these risks provides a legal designation without the substance it is supposed to guarantee.
The custodial tokenization model discussed in the 2026 Release adds a layer of complexity worth understanding. In this structure, a third party issues a crypto asset that represents an underlying security held in traditional custody. Investors hold the token; the custodian holds the underlying security. The token evidences an interest in the custodied security, and transfer of the token represents transfer of that interest. This model has real utility in the real estate context: sponsors get blockchain transferability, while investors retain the protections associated with traditional custody infrastructure.
The tradeoff is that investors are now exposed to risk at two levels: the underlying property sponsor and the third-party custody and tokenization platform. The 2026 Release noted this directly, observing that holders of third-party tokenized securities may face risks with respect to the third party — including bankruptcy risk — that holders of the underlying security would not face in the same way. That risk needs to be disclosed in the offering documents. Sponsors who use custodial tokenization models without disclosing the third-party dependency are creating anti-fraud exposure, not solving a custody problem.
Private Keys, Smart Contracts, and Operational Control
At the operational level, digital asset custody lives and dies with private-key security. Whoever can move the token controls the asset. That is a straightforward statement with significant legal consequences: an unauthorized transfer, a compromised signing key, a smart-contract exploit, or a mistakenly broad allowlist permission can move investor assets in seconds. The legal ownership record may say one thing; the blockchain may reflect something else. Reconciling those two states — and doing so quickly, accurately, and in a way that protects investors — is part of what custody infrastructure is supposed to accomplish.
The SEC’s December 2025 staff statement on broker-dealer custody of digital asset securities made this explicit: the control analysis for digital securities takes into account the characteristics of the related distributed ledger technology and associated network, access to the crypto asset security, and the ability to transfer the asset. In plain terms, the SEC is not satisfied with a custody claim that cannot be operationally supported. The ability to actually access and transfer the token — or the ability to prevent unauthorized transfer — is part of demonstrating control.
Good custody design for tokenized real estate securities therefore requires more than a smart contract with transfer restrictions coded in. It requires layered operational controls: role-based permissions that limit who can initiate or approve transfers; multi-party approval requirements for material transactions; tested incident-response procedures for private-key compromise or smart-contract exploit; restricted wallet architectures that segregate investor assets from operational accounts; and documented recovery protocols that work in a worst-case scenario. Each of these should be aligned with the legal ownership model so that the technology is implementing the law — not running ahead of it.
| A smart contract with transfer restrictions is not custody infrastructure. Custody infrastructure is what happens when the smart contract does something unexpected — and whether investors are protected when it does. |
Building a Custody Structure That Actually Works
Pulling this together, the custody analysis for a tokenized real estate offering requires answering a series of concrete questions before the offering goes live. The questions are not new — they are the same questions the SEC has been asking of custodians and advisers for decades. What is new is that the answers have to account for blockchain infrastructure, smart-contract architecture, and on-chain/off-chain record coordination in ways that were not contemplated when the underlying rules were written.
The first question is who has custody. In a tokenized real estate fund managed by a registered investment adviser, the manager almost certainly has custody by virtue of its authority over the fund vehicle and its ability to direct transfers. That custody needs to be satisfied — through a qualified custodian arrangement or the audited financial statement exception — before investors are brought in. In a tokenized offering using a platform or portal, the platform’s control over wallet permissions, transfer approvals, and investor onboarding may independently create custody that the platform operator has not analyzed.
The second question is who the qualified custodian is and whether that institution can actually perform the custody function for the specific digital securities involved. An institution that has agreed to serve as qualified custodian without the operational infrastructure to address private-key security, smart-contract risk, and on-chain/off-chain reconciliation is providing a legal designation that the Custody Rule requires to be backed by substance.
The third question is how the ownership record is maintained and whether it satisfies the recordkeeping requirements that apply to the parties involved. A blockchain cap table that is not reconciled to a compliant off-chain record maintained by a registered transfer agent is not a complete answer. The 2026 Release’s hybrid model provides the framework; the issuer and its service providers have to implement it.
The fourth question is what the offering documents say about all of this. Custody risk, third-party tokenization platform risk, transfer restriction mechanics, and the limitations of on-chain recordkeeping are all material disclosure items for a tokenized real estate offering. Anti-fraud liability under Section 17(a) of the Securities Act and Section 10(b) of the Exchange Act applies regardless of which offering exemption the issuer uses. If these risks are not disclosed, the omission is actionable.
The Bottom Line
Tokenization improves the mechanics of how real estate securities are issued and transferred. It does not improve the legal consequences of getting custody wrong. The 2026 Project Crypto Release confirmed that digital securities are subject to the full federal securities law framework, that on-chain or off-chain recording does not alter that analysis, and that hybrid recordkeeping models are available — but only when they satisfy, rather than substitute for, the obligations that existing law imposes.
The custody issues in a tokenized real estate offering are not back-office details to be addressed after the platform is built and investors are onboarded. They are front-of-the-line structural questions that determine whether the offering is legally sound, whether investor assets are protected, and whether the parties involved are meeting their regulatory obligations. Sponsors and platform operators who address them early, with experienced securities counsel, are in a fundamentally different position than those who discover them under pressure later.
If you are structuring a tokenized real estate offering, evaluating your custody architecture, or trying to understand what the 2026 Release means for your existing structure, the conversation should start before the tokens are minted.