In the wake of high-profile exchange collapses, asset reconciliation and custody controls have emerged as the cornerstone of crypto exchange integrity. These practices answer one fundamental question that keeps investors awake at night: are my assets actually there?

The Reconciliation Imperative

Daily reconciliations are no longer optional—they’re the price of entry for credible exchanges. Leading platforms maintain documented reconciliation policies that align on-chain reserves with customer ledgers at least daily for hot wallets and weekly for total positions. This isn’t just good practice; it’s the regulatory baseline under frameworks like MiCA.

The gold standard involves automated on-chain balance pulls, real-time comparison to internal ledgers, and exception reporting that triggers dual-control investigation workflows. When discrepancies arise—and they will—time-bound thresholds should kick in, forcing root-cause analysis, incident logging, and sign-off by both finance and risk teams. Trend reports must flow to senior management, not disappear into operational silos.

Poor practice reveals itself through ad-hoc reconciliations performed only at reporting dates, manual spreadsheet checks with no linkage between wallet addresses and customer records, and management’s inability to demonstrate reserve sufficiency. When differences age without resolution and ‘plug entries’ become routine, investors should take notice.

Segregation: The First Line of Defense

Customer assets must be segregated from operational funds—legally, technically, and operationally. This means separate on-chain addresses and bank accounts with controls preventing commingling. MiCA-style client asset safeguarding policies should clearly prohibit using customer funds for treasury purposes.

The cold storage versus hot wallet split is equally critical. Leading exchanges document their storage strategy based on risk, keeping the majority of assets in cold storage with clear thresholds and approval requirements for movements. Excessive reliance on hot wallets without justification or large balance transfers without documented approval should raise red flags during any inspection.

Multi-Signature Controls and Key Management

Multi-signature controls represent the technical manifestation of segregation of duties. Robust platforms implement multi-sig or equivalent strong key management with clear segregation of key shares, hardware security modules, and documented key ceremonies with comprehensive logs.

Single points of failure—whether a sole individual controlling private keys or keys stored in plain text on unsafeguarded devices—create existential risks. The absence of backup and recovery procedures compounds this vulnerability, turning operational incidents into catastrophic loss events.

Proof of Reserves: Transparency with Substance

Regular proof-of-reserves publications with independent assurance have become table stakes for credible exchanges. However, substance matters more than frequency. Effective proof-of-reserves programs include clear methodologies with appropriate caveats, reconciliation to audited financials, and coverage of all material liabilities—not just the easy-to-prove assets.

One-off or marketing-driven attestations without independent verification signal more about an exchange’s public relations priorities than its control environment. Opaque methodologies that conveniently exclude key liabilities undermine the entire exercise.

Management Review and Accountability

Documentation of management review transforms reconciliation from a compliance exercise into a governance control. Electronic sign-offs with evidence of challenge and escalation of material breaks to board committees demonstrate that reconciliation outputs actually inform decision-making.

When preparers approve their own work, sign-offs lack dates, or management remains unaware of outstanding breaks, reconciliation becomes theater rather than control. These gaps typically emerge during inspections or—worse—during crises when timely information becomes critical.

Asset reconciliation and custody controls ultimately serve one purpose: ensuring customer assets remain available for withdrawal on demand. Everything else—the technological sophistication, the regulatory compliance, the marketing messaging—means nothing if the fundamental custody promise fails. As inspectors and investors increasingly understand, trust in crypto exchanges must be verified through robust, documented, and independently validated controls.