# Token Custody

Silsilat partners with regulated **Digital Asset Custody Providers (DACPs). Her we explain** how custody workflows operate, and how this ensures **trust, compliance, and investor protection** in a hybrid DeFi–TradFi model.

***

### **Token Custody & Licensed Custodian Integration**

Silsilat’s architecture bridges decentralized liquidity with real-world finance. To achieve institutional-grade **security, compliance, and accountability**, all investor and pool tokens are safeguarded by a **licensed Digital Asset Custody Provider (DACP)**.

This ensures that even while Silsilat operates on a distributed ledger, every digital asset, whether a tokenized gold receipt (*SAG*), liquidity share (*LQT*), or treasury token (*SLC*)  is **stored, managed, and audited under regulated custody standards**.

***

#### Why Custody Matters

In traditional finance, trusted intermediaries (banks, trustees, or depositories) hold client funds securely.\
In decentralized finance, assets are typically held in self-custody wallet which are powerful but risky for retail and institutional investors alike.

To build confidence with pawnshops, investors, and regulators, Silsilat introduces **hybrid custody** combining **on-chain transparency** with **off-chain legal assurance**.

**Key Objectives of Custody Integration:**

| **Objective**             | **Explanation**                                                                                             |
| ------------------------- | ----------------------------------------------------------------------------------------------------------- |
| **Investor Protection**   | Prevent unauthorized access or loss of investor funds through regulated key management.                     |
| **Regulatory Compliance** | Align with Bank Negara Malaysia (BNM), Labuan FSA, and Securities Commission (SC) digital asset guidelines. |
| **Operational Integrity** | Ensure segregation of client assets from platform operating accounts.                                       |
| **Audit & Insurance**     | Provide full audit trails and coverage under licensed custodian insurance policies.                         |
| **Institutional Access**  | Enable banks, funds, and corporates to participate under existing fiduciary regulations.                    |

***

#### Role of the Licensed Digital Asset Custodian

Silsilat integrates with **licensed DACPs** in Malaysia and abroad (e.g., Labuan, Singapore) to ensure compliance with local and cross-border asset management rules.

**Custodian Responsibilities**

1. **Wallet Management & Key Security**
   * Custodian manages segregated wallet addresses for:
     * Pawnshops (collateral management)
     * Liquidity pools (investor deposits)
     * Treasury reserves (platform funds)
   * Uses **MPC (Multi-Party Computation)** or **HSM (Hardware Security Modules)** for secure key control.
2. **Asset Segregation**
   * Client assets are legally and technically separated from Silsilat operating accounts.
   * Tokens are traceable to specific clients and funds.
3. **Reconciliation & Reporting**
   * Daily reconciliation of wallet balances vs. Hedera on-chain records.
   * Weekly and quarterly reports for regulator and auditor nodes.
4. **Insurance Coverage**
   * Custodian maintains insurance against theft, fraud, or operational loss.
   * Policies typically cover both hot and cold wallets.
5. **Regulatory Oversight**
   * Licensed and monitored under jurisdictional digital asset frameworks:
     * **Labuan FSA Digital Asset Custody Licence**
     * **SC Malaysia Digital Asset Custodian (DAC) framework**
     * **MAS (Singapore) Trust or Custody licence**

***

#### Custody Workflow

<figure><img src="https://531803000-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvuL7BAAfO3loz2Bdfsj4%2Fuploads%2FPd5V089w5AmnMeVAQSp3%2Fimage.png?alt=media&#x26;token=d805d75d-eb67-4e5d-a7c9-3eb1d1761567" alt=""><figcaption></figcaption></figure>

**Steps Explained**

1. **Deposit** — Investor deposits fiat or stablecoin through the platform.
2. **Custody Transfer** — Funds move directly to the DACP-controlled wallet.
3. **Verification** — Custodian issues a signed proof-of-holdings certificate (hash anchored on HCS).
4. **Execution** — Liquidity Pool Smart Node executes matching and disbursement logic.
5. **Auditability** — Regulators or auditors can query proof hashes to confirm custody status.

***

#### Custody Record Example

Each custody event generates a **proof object**, logged on the Hedera Consensus Topic for transparency.

```json
{
  "event": "custody_verification",
  "wallet_address": "0x8a7f...2c9d",
  "asset_type": "LQT",
  "amount": 50000,
  "custodian": "Gambit Digital Custody Sdn Bhd",
  "insurance_policy_no": "POL-AXA-2025-7893",
  "timestamp": "2025-10-26T10:30:12Z",
  "ipfs_cid": "bafybeicustodyproofhash"
}
```

This proof links:

* **Wallet identity** (DAC-controlled)
* **Asset metadata** (type, amount, timestamp)
* **Insurance reference**
* **Audit record CID** stored on IPFS

***

#### Benefits of Custody Integration

| **Stakeholder**                | **Benefit**                                                                 |
| ------------------------------ | --------------------------------------------------------------------------- |
| **Investors**                  | Guaranteed asset safety, audited storage, and insurance protection.         |
| **Pawnshops**                  | Confidence that their pledged assets correspond to verified on-chain funds. |
| **Regulators**                 | Transparent audit access and proof of segregation of client assets.         |
| **Silsilat Platform**          | Reduced operational and reputational risk.                                  |
| **Institutional Participants** | Compliance with fiduciary and anti-money laundering laws.                   |

***

#### Hybrid Custody Architecture

<figure><img src="https://531803000-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvuL7BAAfO3loz2Bdfsj4%2Fuploads%2Fnr83flGkH4OnlFhJM6Cy%2Fimage.png?alt=media&#x26;token=3fd71c72-7dd3-4ef4-ba64-848c0ea6483e" alt=""><figcaption></figcaption></figure>

**Layers Explained:**

* **Custody Layer:** Licensed provider holds private keys and operates custody wallets.
* **Consensus Layer:** Hedera HCS records all custody proofs and yield events.
* **Smart Node Layer:** Executes loan settlements and yield payouts only upon verified custody confirmation.
* **Cold Vault Layer:** Long-term storage for reserve and treasury assets.
* **Regulatory Layer:** Oversight through HCS read nodes and audit queries.

***

#### Custody Integration Policy

Every liquidity pool and treasury account on Silsilat is governed by a **Custody Integration Policy (CIP)** defining:

| **Parameter**          | **Requirement**                                        |
| ---------------------- | ------------------------------------------------------ |
| **Custodian Status**   | Must hold valid DAC license in recognized jurisdiction |
| **Proof of Custody**   | Required for every deposit and withdrawal              |
| **Insurance Coverage** | Minimum USD 5M equivalent                              |
| **Cold Storage Ratio** | ≥ 80% of long-term assets                              |
| **Key Management**     | HSM or MPC-based multi-signature control               |
| **Data Retention**     | Minimum 7 years of custody logs                        |
| **Audit Frequency**    | Quarterly external + annual regulator audit            |

Each CIP is version-controlled and its hash is published on-chain via a **Custody Policy Topic (HCS\_CUSTODY\_TOPIC\_ID)**.

***

#### Custody in Loan Lifecycle

| **Lifecycle Stage** | **Custody Function**                                                        |
| ------------------- | --------------------------------------------------------------------------- |
| **Loan Issuance**   | Custodian verifies liquidity pool balances before fund release              |
| **Loan Tenure**     | Custodian holds reserve and yield accruals                                  |
| **Redemption**      | Custodian verifies repayment and initiates burn event for SAG               |
| **Settlement**      | Yield distributed to investor wallets through custodian-signed transactions |

This ensures that every unit of tokenized gold collateral and corresponding liquidity remains **fully backed, reconciled, and insured**.

***

#### Regulatory Alignment

Silsilat’s custody integration adheres to the key regulatory frameworks for digital assets:

| **Jurisdiction**              | **Framework / Reference**                   | **Relevance**                                              |
| ----------------------------- | ------------------------------------------- | ---------------------------------------------------------- |
| **Malaysia**                  | Securities Commission DAC Guidelines (2023) | Defines legal requirements for custody of tokenized assets |
| **Labuan FSA**                | Digital Asset Custodian Licensing (2022)    | Enables offshore custody for global investors              |
| **Singapore**                 | MAS PS Act (Custody Services)               | Ensures cross-border compliance                            |
| **FATF VASP Guidance (2021)** | Global AML/CFT standards                    | Meets Travel Rule and source-of-funds traceability         |

***

#### Summary

The **Licensed Digital Asset Custodian** model transforms Silsilat from a DeFi protocol into a **regulated, institution-ready financial infrastructure**.\
It combines the *speed and programmability of decentralized finance* with the *trust and protection of regulated custody*.

**Key Takeaways:**

* All tokens (SAG, LQT, SLC) are stored under licensed, insured custody.
* Proof-of-custody events are logged and verifiable on Hedera.
* Custodians provide regulatory and investor assurance under strict DACP frameworks.
* Hybrid custody enables participation from banks, funds, and government agencies.