March 2026
The Financial Supervisory Commission of Taiwan Requires Virtual Asset Custodians to Store at Least 75% of Customer Assets in Cold Wallets
A “cold wallet” refers to a virtual asset custody solution that is not connected to the internet. Due to its offline nature, it is considered to provide a higher level of security. Accordingly, regulators in jurisdictions such as Japan and South Korea have imposed requirements mandating that a certain minimum percentage of customers’ virtual assets held by service providers be stored in cold wallets. Taiwan is no exception. In order to protect customers’ assets while also promoting the development of financial technology, the Financial Supervisory Commission (the “FSC”) has adopted a phased approach to implementing regulations concerning the proportion of assets to be held in cold versus hot wallets.
Specifically, in November 2024, the FSC initially required virtual asset custodians (the “Custodians”) to establish and publicly announce clear custody policies and procedures regarding the safekeeping of customer’s assets, including the proportion of customers’ virtual assets held in cold versus hot wallets, pursuant to Article 26 of the “Regulations Governing Anti-Money Laundering and Counter-Terrorism Financing for Enterprises or Individuals Engaging in Virtual Asset Services.”
Subsequently, in January 2025, the Taiwan Virtual Asset Service Provider Association issued its “Self-Regulatory Codes on Segregated Custody of Assets.” Article 3 of the said codes sets forth the principle of segregated custody, requiring association members to store a certain percentage of their customers’ virtual assets in cold wallets.
Thereafter, in March 2025, the FSC issued a public order under FSC Securities Letter No. 1130362692 [1] (the “March 2025 Order”), requiring Custodians that meet specific international information security management standards to store no less than 70% of customer assets in cold wallets. For Custodians that do not meet the aforementioned security standards, the minimum proportion of assets stored in cold wallets was set at 80%.
Recently, the FSC further strengthened the regulations for protecting customers’ virtual assets by issuing Order No. 1140385640 [2] in December 2025 to supersede the March 2025 Order. This new Order, effective from January 1, 2026, is outlined as follows:
1. All Custodians Must Comply with International Information Security Management Standards
To enhance the security of customer virtual assets held by Custodians, the FSC explicitly requires:
(1) Core System [3] Standards for Custodians: Custodians must obtain international information security certifications such as ISO 27001, ISO 27701, or SOC 2 Type 2.
(2) Cloud Service Outsourcing Regulations: If a Custodian’s core system involves cloud services, the outsourced vendor must obtain international information security management standards such as ISO 27017, ISO 27018, the Euro Cloud Star Audit (ECSA), or the Cloud Security Alliance (CSA) STAR certification.
2. The Minimum Proportion of Customer Virtual Assets Stored in Cold Wallets Varies by Calculation Basis
The required proportion of customer assets stored in cold versus hot wallets varies depending on the calculation basis adopted by the Custodian:
(1) Calculation Based on "Total Market Value": If the proportion is calculated based on the total market value of the customers' virtual assets, the proportion held in cold wallets must be no less than 85%.
(2) Calculation Based on "Quantity of Virtual Assets": If the proportion is calculated based on the quantity of individual virtual assets held for customers, the proportion held in cold wallets must be no less than 75%.
The above regulatory developments illustrate that Taiwan’s regulatory framework for virtual assets is still in the development phase. Accordingly, relevant service providers must stay abreast of regulatory updates and make timely adjustments to their internal controls and business operations.
[1] Order No. 1130362692 of the Financial Supervisory Commission, dated March 5, 2025,
https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=202503050001&dtable=NewsLaw&aplistdn=ou=newlaw,ou=chlaw,ou=ap_root,o=fsc,c=tw
[2] Order No. 1140385640 of the Financial Supervisory Commission, dated December 30, 2025,
https://www.fsc.gov.tw/ch/home.jsp?id=128&parentpath=0,3&mcustomize=lawnew_view.jsp&dataserno=202512300001&dtable=NewsLaw
[3] The “Core System” refers to systems that are essential to the direct provision of custody services to customers or the continuous operation of custody-related business functions, such as systems for asset custody, risk management, and accounting.
Specifically, in November 2024, the FSC initially required virtual asset custodians (the “Custodians”) to establish and publicly announce clear custody policies and procedures regarding the safekeeping of customer’s assets, including the proportion of customers’ virtual assets held in cold versus hot wallets, pursuant to Article 26 of the “Regulations Governing Anti-Money Laundering and Counter-Terrorism Financing for Enterprises or Individuals Engaging in Virtual Asset Services.”
Subsequently, in January 2025, the Taiwan Virtual Asset Service Provider Association issued its “Self-Regulatory Codes on Segregated Custody of Assets.” Article 3 of the said codes sets forth the principle of segregated custody, requiring association members to store a certain percentage of their customers’ virtual assets in cold wallets.
Thereafter, in March 2025, the FSC issued a public order under FSC Securities Letter No. 1130362692 [1] (the “March 2025 Order”), requiring Custodians that meet specific international information security management standards to store no less than 70% of customer assets in cold wallets. For Custodians that do not meet the aforementioned security standards, the minimum proportion of assets stored in cold wallets was set at 80%.
Recently, the FSC further strengthened the regulations for protecting customers’ virtual assets by issuing Order No. 1140385640 [2] in December 2025 to supersede the March 2025 Order. This new Order, effective from January 1, 2026, is outlined as follows:
1. All Custodians Must Comply with International Information Security Management Standards
To enhance the security of customer virtual assets held by Custodians, the FSC explicitly requires:
(1) Core System [3] Standards for Custodians: Custodians must obtain international information security certifications such as ISO 27001, ISO 27701, or SOC 2 Type 2.
(2) Cloud Service Outsourcing Regulations: If a Custodian’s core system involves cloud services, the outsourced vendor must obtain international information security management standards such as ISO 27017, ISO 27018, the Euro Cloud Star Audit (ECSA), or the Cloud Security Alliance (CSA) STAR certification.
2. The Minimum Proportion of Customer Virtual Assets Stored in Cold Wallets Varies by Calculation Basis
The required proportion of customer assets stored in cold versus hot wallets varies depending on the calculation basis adopted by the Custodian:
(1) Calculation Based on "Total Market Value": If the proportion is calculated based on the total market value of the customers' virtual assets, the proportion held in cold wallets must be no less than 85%.
(2) Calculation Based on "Quantity of Virtual Assets": If the proportion is calculated based on the quantity of individual virtual assets held for customers, the proportion held in cold wallets must be no less than 75%.
The above regulatory developments illustrate that Taiwan’s regulatory framework for virtual assets is still in the development phase. Accordingly, relevant service providers must stay abreast of regulatory updates and make timely adjustments to their internal controls and business operations.
[1] Order No. 1130362692 of the Financial Supervisory Commission, dated March 5, 2025,
https://www.fsc.gov.tw/ch/home.jsp?id=97&parentpath=0,2&mcustomize=multimessage_view.jsp&dataserno=202503050001&dtable=NewsLaw&aplistdn=ou=newlaw,ou=chlaw,ou=ap_root,o=fsc,c=tw
[2] Order No. 1140385640 of the Financial Supervisory Commission, dated December 30, 2025,
https://www.fsc.gov.tw/ch/home.jsp?id=128&parentpath=0,3&mcustomize=lawnew_view.jsp&dataserno=202512300001&dtable=NewsLaw
[3] The “Core System” refers to systems that are essential to the direct provision of custody services to customers or the continuous operation of custody-related business functions, such as systems for asset custody, risk management, and accounting.
