Vai al contenuto principale
Tutte le prospettive
8-10 min di lettura

Disclosures That Matter: What We Publish, What We Don’t, and Why

Private custody works because the relationship is legible.

Not loud. Not constantly explained. Legible.

Disclosures exist to make a custody relationship understandable in advance so a client can evaluate it without relying on tone, branding, or reassurance.

This note sets out a disclosure posture for a bitcoin custody institution: what should be public, what should be controlled, and why.

Disclosure exists for decision making

Good disclosure is not an attempt to comfort. It is an attempt to clarify.

It should allow a careful client to answer:

  • What exactly is the relationship?
  • What rights do I have, in normal conditions and abnormal ones?
  • What can change, and how will I know?
  • What am I relying on: people, processes, providers, jurisdictions?

If those answers are clear, the client can make a decision without relying on reassurance.

Two obligations that must coexist

Custody disclosure has a built-in tension, and mature institutions embrace it:

  1. Client clarity: the rules must be explicit.
  2. Operational discretion: sensitive security detail must not be broadcast.

The goal is not maximum disclosure. The goal is maximum evaluability without increasing attack surface.

Premium custody has always operated this way. Disclose the relationship, not the blueprint.

What belongs in public disclosure

Public disclosure should focus on stable categories, the parts of the relationship that should not change week to week.

1) Relationship definition

A custody institution should state plainly:

  • what the service is and is not,
  • what the institution is responsible for,
  • what the client controls and can do at any time.

This is the “what am I buying” layer.

2) Client rights and boundaries

This is the highest signal area of disclosure. It should cover:

  • client withdrawal rights and the basic workflow category (request → verification → processing → on-chain completion),
  • how the institution treats client instructions,
  • what circumstances can delay handling and how those are communicated.

This is not about publishing internal procedures. It is about stating the rules clients can rely on.

3) Fees and calculation method

Pricing should be disclosed so a client can estimate it without surprises:

  • what is charged,
  • when it is charged,
  • and how it is calculated.

A simple sentence that prevents confusion is often enough (for example, “billed monthly, calculated on daily average balance,” if that is true).

4) Disclosure cadence and change policy

High-net-worth clients care less about frequent updates and more about stability. A custody institution should state:

  • where official disclosures live,
  • how clients are notified of material changes,
  • and what qualifies as “material.”

This is a quiet but powerful trust signal. It prevents policy drift from becoming invisible.

5) Assurance methods at a high level

Rather than overpromising, a custody institution should describe the types of assurance it uses:

  • independent audits or assessments of controls, as applicable,
  • reserve attestations or reporting practices, as applicable,
  • ongoing internal controls and governance.

Keep it high level publicly and provide detail in controlled settings.

What should remain controlled (not public)

Some information is appropriate for regulated sharing with clients or auditors, but unsafe as public content.

It should generally avoid publicly disclosing:

  • detailed key management procedures and internal control sequences
  • specific physical security design, facility layouts, or storage location specifics
  • precise internal timing windows, thresholds, routing logic, or escalation triggers
  • vendor and dependency mapping that would help an adversary target choke points
  • names or roles of individuals in sensitive operational positions

Clients can still receive assurance through audits, attestations, controlled documentation, and direct channels without turning sensitive detail into public instruction.

Why single artifacts do not solve transparency

Clients often ask for one decisive proof: a report, a dashboard, a cryptographic scheme, a proof of reserves.

Any single artifact can be useful. None is sufficient on its own.

A custody relationship is defined by:

  • rules (what is permitted),
  • rights (what clients can do),
  • operability (how it behaves under stress),
  • and governance (how decisions are controlled).

A durable disclosure posture treats proofs and reports as supporting evidence, not as replacements for a clearly defined relationship.

The disclosure posture that ages well

Over time, the best disclosure style tends to look like this:

  • Low volume, high signal (few pages, high clarity)
  • Stable definitions (no moving goalposts)
  • Predictable updates (material changes are explicit)
  • Verifiable where appropriate (assurance that can be checked)
  • Discreet where necessary (no operational blueprint)

This is what institution-grade disclosure looks like: measured, consistent, and designed to help clients decide.

A practical way to read a custodian’s disclosures

When evaluating a custodian, look for three qualities:

  1. Explicitness: do policies read like commitments, or like marketing?
  2. Stability: do the rules feel designed to survive stress, or to survive sales?
  3. Consistency: does what is published match how the institution behaves over time?

Good disclosures do not try to impress you. They let you evaluate the relationship calmly.

Torna a tutte le prospettive