How resilient is your crypto operation and could you prove it?
Fourteen questions on key management, recovery readiness and regulatory alignment. Your resilience score updates as you answer, and each gap is mapped to the regulation that expects you to have closed it.
Your risk profile
What the regulation expects
The requirements this assessment maps against. Not legal advice — but a useful starting point for your compliance conversation.
Safeguarding of clients' crypto-assets and funds. CASPs holding client assets must have adequate arrangements to safeguard ownership rights and prevent the use of client assets for their own account — which presumes those assets remain recoverable.
Custody and administration of crypto-assets. Custodians must operate a custody policy and are liable to clients for the loss of crypto-assets resulting from incidents attributable to them — up to the market value of what was lost. Losing keys is losing the assets.
Response and recovery. Financial entities must maintain ICT business continuity and response-and-recovery plans — documented, board-owned and tested, including for scenarios where critical functions like signing capability are lost.
Backup policies, restoration and recovery. Backup systems must be physically and logically segregated from source ICT systems, with documented restoration procedures and recovery methods. A backup that lives with production isn't segregation.
ICT third-party risk. Entities must assess concentration risk in their ICT providers. If one vendor both operates your wallet infrastructure and holds its only recovery path, that's exactly the concentration the regulation is pointing at.
Close the gaps before a regulator — or an incident — finds them.
CoinCover provides independent, third-party disaster recovery for institutional digital asset operations: sharded key backups held outside your infrastructure, segregated from your signing provider, independently attested and recoverable on demand.