Prepared in accordance with the Rules on the Licensing of Crypto-Asset Service Providers, approved by Resolution No. 03-157 of the Board of the Bank of Lithuania of 17 December 2024, point 7.
UTRG UAB provides custody and administration services for client crypto-assets under a robust policy framework designed to keep your assets safe, accessible, and properly managed at all times. Our practices comply with strict regulatory standards, including Article 75 of the EU Markets in Crypto-Assets Regulation (MiCA), which governs how crypto custodians must safeguard client assets. Below is an overview of how we implement our Cryptoasset Custody and Administration Policy:
Formal Custody Agreements: Before safeguarding your crypto-assets, UTRG UAB will sign a written custody agreement with you, clearly detailing the scope, responsibilities, security measures, fees, and regulatory framework. This custody agreement clearly identifies both parties (you as the client and UTRG UAB as the service provider) and describes the scope of the service and our duties. It covers details such as the nature of the custody service, security measures in place, how we will communicate with and authenticate you, the applicable fees, and the governing legal framework. This ensures you have full transparency about how your assets will be held and the protections in place from the very start of our relationship.
Complete and Accurate Records: UTRG UAB maintains meticulous records for all client assets under custody. We keep a dedicated crypto-asset register (or ledger) for each client that shows exactly what assets are held for you, down to each fractional unit. Every deposit, withdrawal, or transfer involving your assets is recorded in real time with a timestamp and transaction details. Our custody system essentially logs the entire lifecycle of your holdings so we can always reconstruct your account activity. These records are maintained with a high degree of accuracy and are available for you to review. In fact, we provide periodic (at least quarterly) secure statements listing your crypto-assets, transactions, values, and notifying you of significant blockchain events affecting your holdings.. (You may request statements more frequently as well.) Additionally, if there are any blockchain events like protocol forks or token airdrops that affect assets we hold for you, our policy is to ensure you receive the corresponding assets or benefits. We will notify you of such events and allocate any new tokens to you in proportion to your holdings at the time of the event. In summary, you can expect comprehensive reporting and communication regarding the assets you’ve entrusted to us.
Asset Segregation and Ownership: Crypto-assets held in custody by UTRG UAB are segregated on both blockchain and balance sheet levels to protect your ownership rights, ensuring your ownership is clear and protected even in case of our insolvency. Technically, your assets are kept in wallets that are distinct from any UTRG UAB corporate wallets, often in addresses uniquely assigned to you or in pooled client addresses that are strictly designated for clients only. Internally, these assets are recorded off the Company’s balance sheet, meaning they are not counted as UTRG UAB’s property but as assets we safeguard for clients. We do not lend, invest, or otherwise reuse the crypto-assets you place in custody with us except to carry out your direct instructions. Importantly, if UTRG UAB were to encounter financial distress or insolvency, your custody assets would remain yours and would not be available to our creditors. This legal and operational separation is a critical element of our custody service and is strictly maintained at all times.
Security of Wallets and Private Keys: We employ state-of-the-art security measures to safeguard the crypto-assets under custody, recognising that protecting private keys is paramount. UTRG UAB protects your assets using a multi-tier wallet architecture, leveraging a combination of “hot wallets” (online wallets for day-to-day transactions) and “cold wallets” (offline, highly secure storage) to balance accessibility with security. Only the minimal amount of crypto-assets needed to facilitate normal withdrawals or trades in the short term is kept in hot wallets. These hot wallets are secured with strict operational controls – for example, private keys for hot wallets are managed through an encrypted key management system (such as HashiCorp Vault integrated with hardware security modules) and are never exposed in plaintext. We also enforce automated checks and alerts on hot wallet transactions to detect any anomalies or unauthorised activity. The majority of client assets are held in cold storage. Our cold wallets are kept offline and use multi-signature technology, which means that no single person can move funds alone. Multiple designated officers must provide independent approvals (signatures) before any transfer from cold storage can occur, providing a powerful defence against internal compromise or human error. All private keys (whether for hot or cold storage) remain encrypted and under strict access controls at all times. Key generation, storage, and usage follow rigorous protocols – keys are stored in secure hardware or encrypted vaults, and when they are needed to sign a transaction, they are only decrypted temporarily in memory and immediately re-secured after use. By combining limited exposure of assets, strong encryption, multi-factor approvals, and continuous monitoring, we ensure that your crypto-assets are stored as securely as possible.
Withdrawal and Transfer Procedures: When you request a withdrawal or transfer of your crypto-assets from our custody, UTRG UAB follows a strict “four-eyes” principle and other security checks to process the request. In practice, this means every withdrawal instruction undergoes multiple layers of verification. First, you must initiate the withdrawal through our secure client interface (web or app) – this action requires you to authenticate with your credentials and a second factor (e.g. an OTP code) to ensure it’s really you making the request. Once we receive your instruction, our operations team verifies the details: we confirm your identity and account, check that the requested assets are indeed available in your balance, and run automated anti-fraud and AML (anti-money laundering) screenings on the transaction. Standard risk checks might include ensuring the destination wallet address is one you have used before or is otherwise verified, especially for larger transfers. For any large or unusual withdrawal, our system may flag it for additional manual review by a compliance officer or manager to ensure everything is in order. After these checks, the transaction must be approved internally by at least two authorised employees (hence “four-eyes”) before it is executed. This dual-approval process means no single staff member can unilaterally release your assets. Only once all validations are passed and approvals given will the crypto transfer be broadcast to the blockchain. We then confirm the transfer has been completed by providing a transaction hash or similar proof, typically in real time. These procedures are designed to give you confidence that withdrawals are legitimate, accurate, and secure.
Client Asset Statements and Transparency: To keep you fully informed, UTRG UAB will provide you with regular statements of the crypto-assets we hold in your name in custody. Under MiCA and our policy, we issue a Statement of Position for each client at least every three months (quarterly), and you may request one at any time in between. The statement is delivered via our secure client portal and lists all crypto-assets in your account, along with their quantities and the market value as of the statement date. It also details any transfers into or out of your custody account during the period. This way, you have a consistent record for reconciliation with your own records. Additionally, as noted above, we will promptly inform you of any noteworthy events affecting your assets (such as network upgrades, forks, airdrops, or changes to supported assets), and we’ll outline any actions you need to take. We believe in complete transparency about the status and changes to your holdings.
Return of Assets on Demand: One core principle of our custody service is that you retain the right to your crypto-assets at all times. You are entitled to withdraw your assets from custody whenever you wish. UTRG UAB maintains procedures to return crypto-assets (or the means to access them, such as private keys if applicable) to you immediately upon your request or upon termination of the custody agreement. For example, if you decide to stop using our custody service or want to transfer your assets to another platform, we will fully cooperate in transferring your holdings. We will promptly initiate the return of assets following our standard security verifications and approval process (as described above), so that you receive your crypto-assets or can control them directly through another wallet in a timely manner. There are no unnecessary delays or hurdles – aside from confirming your identity and authorisation – when it comes to you reclaiming your own assets. This practice ensures that you can confidently use our custody service without fear of being unable to access your investments.
Oversight, Controls, and Insurance: UTRG UAB’s custody operations are subject to robust governance and continuous oversight to uphold the highest safety standards. Internally, we follow a “three lines of defence” model of risk management: our operational teams implement day-to-day custody controls, our Compliance and Risk departments monitor compliance with policies and regulatory requirements, and our Internal Audit independently reviews and tests the effectiveness of our controls on a regular basis. The Management Board of UTRG UAB oversees the entire custody program, ensuring that adequate resources are devoted and that we meet all legal obligations. We also utilise advanced monitoring and reconciliation processes: for instance, we automatically reconcile on-chain wallet balances to our internal ledger every day to catch any inconsistencies immediately. Comprehensive logs and audit trails of all custody-related activities are maintained and stored securely (with retention periods of at least eight years or more, in line with law). We subject our custody systems to periodic security audits and penetration tests, and staff in sensitive roles receive ongoing training in cybersecurity and fraud prevention. Furthermore, to provide extra assurance, UTRG UAB endeavours to obtain insurance coverage for custodial assets where such products are available on the market. This insurance is intended to cover losses in extreme scenarios such as theft or hacking. We inform clients of any applicable insurance arrangements in the custody agreement or policy summary. In combination, our strong internal controls, regular audits, and insurance measures mean that our custody service is reliable and resilient. We continuously improve these safeguards in response to evolving best practices and regulatory guidance. Ultimately, UTRG UAB’s custody policy is about earning your trust: we take every reasonable step to protect your crypto-assets and administer them in your best interest, as a faithful and compliant custodian.