Standard Agreement for Custody and Transfer Services
Last updated: 31. August 2025
Last updated: 31. August 2025
This Agreement governs the provision by Floin AG of:
1. Custody and administration of crypto-assets on behalf of clients; and
2. Transfer services for crypto-assets on behalf of clients.
It expressly excludes any exchange, trading, order execution, placing, reception/transmission of orders, advice or portfolio management services.
Provider: Floin AG, Äulestrasse 45, 9490 Vaduz, Liechtenstein; Commercial Register No. FL-0002.652.200-0; FMA Register No. 329177; supervised by the Liechtenstein Financial Market Authority (FMA). Contact: [email protected]; +423 238 2500.
Client: The natural or legal person accepting this Agreement, whose identity and contact details are captured during onboarding.
Governing Law & Jurisdiction: This Agreement is governed by the laws of Liechtenstein, without prejudice to mandatory consumer protection rules. Exclusive jurisdiction lies with the courts of Vaduz, Liechtenstein, unless mandatory law provides otherwise.
“Crypto-asset” has the meaning given in Regulation (EU) 2023/1114 (MiCAR);
“Custody Services” means the safekeeping or controlling, on behalf of clients, of crypto-assets or the means of access to such crypto-assets (e.g., private cryptographic keys);
“Transfer Services” means the transfer of crypto-assets on behalf of clients to or from addresses on a distributed ledger or to/from an account/wallet maintained by a third party;
“Register of Positions” means Floin’s internal ledger opened in the name of each client and corresponding to each client’s rights to crypto-assets;
“Means of Access” means credentials or tools enabling control or transfer of crypto-assets (e.g., private cryptographic keys, seed phrases, multi-party computation (MPC) key shares, hardware security module (HSM) credentials);
“Statement of Position” means a periodic electronic statement identifying the crypto-assets concerned, their balance, value and transfers during the reporting period;
“DLT” means distributed ledger technology.
1. Floin provides only Custody Services and Transfer Services under this Agreement. No execution of orders, exchange for funds or other crypto-assets, placing, reception or transmission of orders, advice or portfolio management is offered under this Agreement.
2. Where clients engage in buying or selling crypto-assets, such activities are outside the scope of this Agreement and, if made available by Floin or third parties, are governed by separate terms.
3. Supported crypto-assets and networks are listed within the app/portal and may change over time for security, regulatory or operational reasons.
4. The provisions of Floin’s general terms and conditions, available under https://floin.com/terms-conditions are part of this Agreement, as long as there is no conflict of terms. In such a case, this Agreement overrules the general terms.
1. Clients shall complete onboarding, identity verification and ongoing due diligence in accordance with applicable AML/CFT and sanctions requirements.
2. Floin may refuse, suspend or terminate services where onboarding cannot be completed, required information is not provided, or continuing to provide services would contravene law or risk controls.
3. Clients warrant they are acting on their own behalf (or, for entities, through duly authorized persons) and that all information provided is accurate and up to date.
In line with Article 75(1) MiCAR, this Agreement specifies:
The identity of the parties;
The nature and description of the Custody Services;
Floin’s custody policy;
Means of communication and client authentication;
A description of security systems;
Fees, costs and charges;
Applicable law.
Floin keeps a Register of Positions open in the name of each client corresponding to each client’s rights to crypto‑assets. Movements are recorded as soon as possible following client instructions and are evidenced by corresponding transactions recorded in the client’s Register of Positions.
Floin maintains a written custody policy with internal rules and procedures to ensure the safekeeping or control of client crypto‑assets and/or Means of Access, minimising loss risks from fraud, cyber threats or negligence. A summary of the custody policy is available to clients electronically upon request.
Where applicable, Floin facilitates the exercise of rights attached to crypto‑assets and records any event likely to create or modify client rights in the Register of Positions. In the event of changes to the underlying DLT (e.g., forks, airdrops, redenominations), clients are entitled to newly created assets/rights on the basis and to the extent of their positions at the time of the event, unless a prior valid agreement provides otherwise.
At least once every three months—and upon request, Floin provides an electronic Statement of Position identifying the assets, balance, value and transfers during the period.
Floin implements procedures to return, as soon as possible, the crypto‑assets (or Means of Access) held on behalf of clients upon request, subject to applicable law, security checks, network conditions and any legal holds.
Client assets are segregated from Floin’s own holdings, and Means of Access are clearly identified as client assets. Where supported, on‑chain arrangements ensure that client assets are held separately from Floin assets. Assets held in custody are legally segregated from Floin’s estate so that Floin’s creditors have no recourse to such assets, particularly in insolvency, in accordance with applicable law.
Floin is liable to clients for the loss of any crypto‑assets or Means of Access as a result of an incident attributable to Floin. Liability is capped at the market value of the asset at the time the loss occurred. Incidents not attributable to Floin include events occurring independently of the relevant service or Floin’s operations (e.g., problems inherent in the operation of the underlying DLT beyond Floin’s control).
Where Floin uses another crypto‑asset service provider to provide custody, Floin will only use entities duly authorized in accordance with MiCAR (or equivalent where relevant) and will inform clients of such use.
Floin shall not use client assets for its own account and shall act honestly, fairly and professionally in clients’ best interests.
In line with Article 82 (1) MiCAR, this Agreement specifies:
The identity of the parties;
The modalities of the Transfer Services;
A description of the security systems used;
Fees; and
Applicable law.
7.2.1.Directions
Clients may instruct Floin to transfer crypto‑assets to external addresses/wallets under the client’s control or to accounts with other duly authorized providers. Incoming transfers must originate from supported networks and meet wallet‑whitelisting and compliance requirements.
7.2.2.Processing
Transfers are effected as soon as reasonably practicable, considering security checks, required information (including, where applicable, ‘travel rule’ data), network conditions and maintenance windows. Cut‑off times and support channels are published in the app/portal.
7.2.3.Irreversibility
Blockchain transfers are, as a rule, irreversible. Erroneous addresses, unsupported networks, or incompatible destination wallets may cause permanent loss. Floin will use reasonable efforts to assist with recovery where feasible, but recovery is not guaranteed and may incur fees.
7.2.4.Rejection/Suspension
Floin may reject, delay or suspend transfers that are non‑compliant, suspicious, potentially sanctioned, technically unsafe, or otherwise contravening law, supervisory guidance or risk controls.
7.2.5.Fees and Network Costs
Client is responsible for network (miner/validation) fees and Floin’s service fees as set out in Annex C. Estimates shown in the app/portal may differ from final fees due to network conditions.
7.2.6.Cancellations
A transfer instruction may be withdrawn only before Floin has initiated the on‑chain broadcast or irrevocably committed funds within internal systems. After that point, cancellation is generally not possible.
7.2.7.Status Updates
Floin provides electronic status updates and confirmations. Upon settlement, the Register of Positions is updated accordingly.
7.3.1.Key Management
Floin employs institutional‑grade key management (e.g., HSMs and/or MPC) with role‑based access controls, dual approvals and segregation of duties.
7.3.2.Operational Controls
Independent monitoring, 4‑eyes principle for transfers, velocity limits and address whitelisting are applied proportionately to risk.
7.3.3.Business Continuity
Floin maintains continuity, incident response and disaster recovery procedures appropriate to the scale and nature of services.
7.3.4.Client Authentication
Strong authentication (e.g., multi‑factor authentication and biometric/2FA) is required for sensitive actions.
1. Provide accurate destination information and ensure the destination is compatible with the asset and network selected.
2. Maintain the security of client accounts, devices and authentication factors, and promptly inform Floin of suspected compromise.
3. Comply with applicable laws and provide requested information for AML/CFT, sanctions and travel‑rule compliance.
Floin communicates with clients via the app/portal and registered email/phone. For security reasons, certain instructions (including high‑value withdrawals) may require additional verification. Clients must keep contact details up to date and promptly review notifications, confirmations and Statements of Position.
Fees for Custody and Transfer Services are disclosed on the website: https://support.floin.com/en/support/solutions/articles/103000311474-fees
Floin may update fees with prior notice in accordance with Section 17. Taxes, third‑party charges and network fees are borne by the client.
Floin maintains procedures to identify and manage conflicts of interest. Floin does not provide investment, legal, tax or accounting advice. Clients are responsible for their decisions.
Crypto‑assets involve risks, including technology risk, cyber‑risk, operational and custody risk, market volatility, protocol changes, regulatory changes, forks and airdrops, permanent loss due to erroneous transfers, and insolvency of third‑party providers.
Floin processes personal data in accordance with applicable data protection law (including, where applicable, the GDPR). The Privacy Notice describes processing purposes, legal bases, recipients, international transfers, retention and rights.
Floin may outsource certain functions to third parties and may appoint authorized sub‑custodians. Written agreements define rights and obligations. Oversight, audit and data‑protection standards are applied in line with applicable law. Clients are informed where custody is provided via sub‑custodians.
Floin provides Statements of Position at least quarterly and upon request. Records are retained in accordance with legal requirements. Clients shall review statements and promptly notify discrepancies.
Subject to Section 5.8, Floin’s liability for attributable loss of client assets or Means of Access is capped at the market value at the time the loss occurred.
Floin is not liable for:
Inherent DLT malfunctions beyond Floin’s control (e.g., consensus failures, severe network congestion, protocol exploits not caused by Floin);
Client error, fraud or device compromise;
Force majeure;
Third‑party platform outages;
Legal or regulatory holds;
Losses arising from unsupported assets or networks used contrary to notices.
Clients shall indemnify Floin against third‑party claims arising from client breach of law or this Agreement.
Floin may suspend or terminate services immediately where: legal or regulatory requirements so demand; risk thresholds are exceeded; security incidents require containment; or the client breaches this Agreement. Clients may terminate at any time by notice. Upon termination, Floin will return client assets as soon as possible, subject to law, fees and any compliance holds.
Clients may file complaints via the app/portal or [email protected]. Floin will acknowledge and respond within applicable timelines. In Liechtenstein, clients may also contact the FMA. Consumer mediation mechanisms may be available under applicable law.
Floin may amend this Agreement to reflect legal, technical or security changes. Clients will be notified with reasonable prior notice, unless immediate changes are required for security or legal reasons. Continued use after the effective date constitutes acceptance. If the client does not accept, the client may terminate and request return of assets.
1. Assignment: Clients may not assign without Floin’s consent. Floin may assign to an affiliate or successor with notice.
2. Severability: If any provision is invalid, the remainder remains in force.
3. No Waiver: Failure to enforce is not a waiver.
4. Language: This Agreement is in English; translations may be provided for convenience.
Refer to Website Disclosure: https://floin.com/custody-policy-summary.
DLT Risks: Protocol bugs, consensus failures, chain reorganizations, network congestion, fee spikes;
Operational Risks: Cyber incidents, insider threats, third‑party outages, key‑management failures;
Market Risks: Volatility, liquidity constraints, slippage when converting outside this Agreement;
Legal/Regulatory/Tax Risks: Changes to law or supervisory guidance may impact services, supported assets, or timelines;
Asset‑Specific Risks: Smart‑contract vulnerabilities, admin‑key risks, oracles, wrapped assets, bridges;
Transfer Risks: Irreversibility, mismatched networks, dust limits, and destination incompatibility;
Counterparty Risks: Failures of sub‑custodians or other providers not attributable to Floin;
Valuation Risks: Valuation sources may differ; displayed values are indicative.
Floin publishes current fees within the app/portal and the website: https://support.floin.com/en/support/solutions/articles/103000311474-fees
1. Custody fees (percentage of assets and/or fixed);
2. Transfer service fees (per transaction);
3. Network fees passed through at cost;
4. Recovery or investigation fees; and
5. External third‑party charges where applicable.
Identity of Parties: Floin AG (provider) and the Client (recipient of services).
Modalities: Outbound transfers require whitelisted addresses and pass compliance checks; inbound transfers must originate from supported networks and be identifiable as client’s transfers; unsupported assets/networks may be returned or lost.
Security Systems: See Section 6.3; withdrawals use multi‑party approvals, velocity limits and real‑time screening.
Fees: See Annex C; network fees are dynamic.
Applicable Law: Liechtenstein law and exclusive jurisdiction with the courts of Vaduz, Liechtenstein (without prejudice to mandatory consumer protection rules).