Institutional Custody

Institutional-GradeDigital Asset Custody.

MPC-CMP technology, $250M Lloyd's of London insurance coverage, SOC 2 Type II and ISO 27001 certified. Securing over $2.5 billion in institutional digital assets with zero incidents since inception.

Institutional crypto custody vault
Omar Al Mahmoud

Your dedicated lead

Omar Al Mahmoud

Chief Technology Officer

Omar leads our custody and staking infrastructure, including the MPC architecture and validator operations, and works directly with institutional clients on security and integration.

Direct contact

Security Without Compromise

Al-Fardan Q9's custody infrastructure is built on MPC-CMP (Multi-Party Computation with Configurable Multi-Protocol) technology, the same institutional-grade cryptographic framework trusted by the world's largest banks, exchanges, and sovereign funds. Private keys are never assembled in a single location; instead, cryptographic key shares are distributed across geographically separated secure enclaves, eliminating every single point of failure in the signing process while supporting over 40 blockchain protocols natively.

Ninety-five percent of assets under custody are held in air-gapped cold storage distributed across multiple Tier IV data centers in separate jurisdictions, with the remaining 5% in warm wallets for operational liquidity. All custodied assets are held in fully segregated accounts with no rehypothecation. Your assets are never lent, pledged, or commingled with Al-Fardan Q9 operational capital or other client holdings.

Comprehensive insurance coverage of $250 million through Lloyd's of London protects against theft, private key compromise, and internal collusion. Combined with SOC 2 Type II, ISO 27001, ISO 27017, and ISO 9001 certifications, Al-Fardan Q9 delivers the most rigorously audited digital asset custody in the Middle East.

$2.5B+
Assets Secured
$250M
Lloyd's Insurance
0
Security Incidents
95%
Air-Gapped Cold Storage
Key Features

What Sets Us Apart

MPC-CMP Technology

Multi-party computation with configurable multi-protocol support eliminates single points of failure in private key management. Key shares are distributed across geographically separated hardware security modules (HSMs), enabling secure transaction signing without ever reconstructing the full key. Even Al-Fardan Q9 cannot unilaterally access client assets.

Governance & Approval Workflows

Design bespoke approval matrices with multi-signature policies, role-based access control, time-locked transactions, and whitelisted destination addresses. Configure tiered thresholds, from routine operational transfers requiring two approvers to large redemptions requiring board-level quorum with biometric verification.

Distributed Cold Storage

95% of assets are held in air-gapped cold storage across multiple Tier IV data centers in separate jurisdictions, each protected by 24/7 armed security, biometric access, and Faraday cage isolation. Geographic distribution ensures business continuity and disaster recovery with sub-4-hour RTO for any single facility loss.

Comprehensive Compliance Certification

Independently audited SOC 2 Type II (security, availability, confidentiality), ISO 27001 (information security management), ISO 27017 (cloud security controls), and ISO 9001 (quality management). Annual penetration testing by certified third parties with full remediation transparency provided to institutional clients upon request.

$250M Lloyd's Insurance

Comprehensive $250 million insurance policy underwritten by Lloyd's of London syndicates, covering theft, private key compromise, internal collusion, and cyber intrusion. Coverage extends to both cold and warm storage environments with no sub-limits on individual asset classes. This is among the most extensive digital asset insurance programs available to institutional custody clients.

Segregated Accounts, Zero Rehypothecation

Every client's digital assets are held in fully segregated on-chain addresses with independent audit trails. Al-Fardan Q9 maintains a strict no-rehypothecation policy. Your assets are never lent, staked without consent, or used as collateral. Proof-of-reserves attestation is available monthly via independent third-party audit.

White-Glove Onboarding

Dedicated onboarding team guides your organization through wallet architecture design, governance policy configuration, and compliance integration. Average institutional onboarding is completed within 5 business days, including KYB verification, multi-sig policy setup, and integration with your existing treasury systems.

Multi-Jurisdiction Regulatory Coverage

Fully licensed and regulated under both VARA (Dubai Virtual Assets Regulatory Authority) and the DIFC (Dubai International Financial Centre) framework. This dual-jurisdiction licensing provides institutional allocators with regulatory certainty across both onshore UAE and international financial center mandates.

Modern vault interior
Why Al-Fardan Q9

Custody You Can Trust

1

Zero security incidents since inception with over $2.5 billion in digital assets under custody, maintaining a flawless operational track record built on MPC-CMP technology and 24/7 SOC monitoring.

2

$250 million insurance coverage through Lloyd's of London with no sub-limits, making it among the most comprehensive digital asset insurance programs available to institutional custody clients in the Middle East.

3

Fully segregated client accounts with a strict no-rehypothecation policy and monthly reserve attestation via independent third-party audit. Your assets remain exclusively yours.

4

Four-tier compliance certification including SOC 2 Type II, ISO 27001, ISO 27017, and ISO 9001, with annual penetration testing and full remediation transparency for institutional clients.

5

Dual-jurisdiction regulatory licensing under both VARA and DIFC, providing the compliance certainty that sovereign wealth funds, family offices, and regulated financial institutions require.

6

Customizable governance with multi-signature approval workflows, tiered transaction thresholds, whitelisted addresses, and role-based access, designed for organizations where multiple stakeholders govern digital asset operations.

Ready to Get Started?

Speak with our institutional team to explore bespoke solutions tailored to your organization.

Contact UsView FAQ
Custody Architecture

From Signed Intent to Cold Storage

Every transaction passes through a four-stage governance and cryptographic pipeline. No single operator — or region — can unilaterally move client assets.

MPC-CMP custody flowClient intent passes through a policy engine, then a 3-of-5 MPC signing layer, before landing in segregated cold storage.ClientTreasury requestsigned intentPolicy EngineApprovals · whitelist · time-lockapprovedMPC-CMP · 3 of 5DXBLDNSNGZURNYCgeo-distributed HSM shards · no full key is ever reassembledbroadcastCold StorageSegregated · Lloyd's-insured
  1. 1

    Client Intent

    Signed request from treasury team

  2. 2

    Policy Engine

    Multi-sig · whitelists · time-locks

  3. 3

    MPC-CMP Signing

    3-of-5 geo-distributed HSM shards

  4. 4

    Segregated Cold Storage

    95% air-gapped · Tier IV · Lloyd's-insured