Non-Custodial Security: Why We Don't Want Your Keys

The first question we get from every CTO is: “Do I have to give you my private keys?”

The answer is a hard NO.

Here’s why Non-Custodial Security is the only viable architecture for Agentic Finance, and how PolicyLayer implements it.

The Risk of Centralised Custody

If a security provider holds your keys (even in an MPC enclave), they become a Single Point of Failure:

1. Security risk: If they get hacked, you lose everything
2. Legal risk: If they get subpoenaed, your funds can be frozen
3. Operational risk: If they go offline, your business stops
4. Counterparty risk: If they go bankrupt, your assets are in limbo

The crypto industry has learned these lessons the hard way. Every major custodial failure—Mt. Gox, FTX, Celsius—followed the same pattern: users trusted a third party with their keys, and that trust was betrayed.

Custodial vs Non-Custodial: The Comparison

Aspect	Custodial Model	Non-Custodial (PolicyLayer)
Key location	Third party servers	Your infrastructure
Single point of failure	Yes (the custodian)	No
Regulatory classification	Money transmitter	Software service
Insurance required	Yes (expensive)	No
Funds at risk if provider hacked	All of them	None
Can provider freeze your funds?	Yes	No
Business continuity if provider offline	Blocked	Continue with bypass

The regulatory distinction is particularly important. Custodians are classified as Money Transmitters (in the US) or Virtual Asset Service Providers (globally), requiring licenses, capital reserves, and compliance overhead. Non-custodial services avoid this entirely.

The PolicyLayer Model: “Check, Don’t Hold”

We designed PolicyLayer to be an Enforcement Sidecar, not a Vault. Think of us as a security guard at a door, not a bank vault.

What We See

When you call PolicyLayer, we receive only the transaction intent:

{
  chain: 'base',
  asset: 'usdc',
  to: '0x1234...abcd',
  amount: '10000000',  // 10 USDC
  orgId: 'your-org',
  walletId: 'agent-1'
}

We evaluate this against your policy rules:

• Is 10 USDC under the per-transaction limit? ✓
• Is the recipient whitelisted? ✓
• Is the daily limit still available? ✓

Then we return a signed approval (or rejection).

What We NEVER See

• Seed phrases — Never transmitted, never stored
• Private keys — Remain on your servers
• Wallet passwords — Not our concern
• API secrets — For your wallet SDK, not ours

The Complete Flow

┌─────────────────┐       ┌──────────────────┐       ┌─────────────────┐
│   Your Agent    │──────▶│   PolicyLayer    │──────▶│   Your Agent    │
│   (Your Server) │ Intent│   (Our Service)  │Approve│   (Your Server) │
│                 │       │                  │ Token │                 │
│   Has Keys      │       │   No Keys        │       │   Signs Tx      │
└─────────────────┘       └──────────────────┘       └─────────────────┘

1. Your agent constructs a transaction intent on your server
2. Intent (metadata only) sent to PolicyLayer
3. We evaluate against policies and return Yes/No with cryptographic signature
4. Your server signs the transaction using your key
5. Your server broadcasts to the blockchain

At no point do private keys leave your infrastructure.

The Security Guarantee

Even in a worst-case scenario where PolicyLayer is completely compromised:

What an attacker could do:

• See transaction intents (amounts, recipients)
• Approve transactions that should be denied
• Deny transactions that should be approved

What an attacker could NOT do:

• Steal your funds (no keys to sign with)
• Redirect funds to their address (can’t modify signed transactions)
• Access funds from other customers (no keys stored)

The maximum damage is operational disruption—not financial loss. Your keys, your funds.

Compliance Without Compromise

This architecture enables regulated entities to use PolicyLayer without violating custody rules:

For Registered Investment Advisers (RIAs)

• Maintain qualified custodian relationships
• PolicyLayer doesn’t trigger custody requirements
• Full audit trail for SEC examinations

For Banks and Fintechs

• No additional money transmitter licensing needed
• PolicyLayer is a software service, not a financial service
• Compatible with existing custody arrangements

For DAOs and Treasuries

• Multisig remains with signers
• PolicyLayer adds policy layer, not custody layer
• No single point of compromise

Emergency Bypass: Business Continuity

What happens if PolicyLayer goes offline?

Because we don’t hold your keys, you have options:

Option 1: Direct signing Your wallet SDK can sign transactions directly, bypassing PolicyLayer. You lose policy enforcement temporarily but maintain operational capability.

// Normal operation
await policyWallet.send({ ... }); // Calls PolicyLayer

// Emergency bypass
await directWallet.send({ ... }); // Signs directly, no policy check

Option 2: Local policy cache The SDK can cache recent policy decisions for offline enforcement (reduced security, but operational continuity).

Option 3: Failover to backup Enterprise deployments can configure backup PolicyLayer endpoints.

With custodial solutions, provider downtime means complete stoppage. With non-custodial, you maintain options.

Trust Architecture

Traditional security models require you to trust the provider. Our model requires you to trust only cryptography:

Trust Requirement	Custodial	PolicyLayer
Provider won’t steal funds	Required	Not applicable
Provider won’t get hacked	Required	Minimal impact
Provider will stay online	Required	Optional (bypass available)
Cryptographic signatures	—	Only trust requirement

The signed approval tokens from PolicyLayer are cryptographically verifiable. You can independently confirm that a specific transaction was approved at a specific time. This creates an audit trail without trust.

When Non-Custodial Matters Most

High-value treasuries: When managing millions, custody risk compounds. One breach can be catastrophic.

Regulated industries: Banking, investment management, and fintech have strict custody rules. Non-custodial solutions avoid regulatory complexity.

Decentralised organisations: DAOs and protocols can’t hand keys to a centralised custodian—it defeats the purpose.

Enterprise compliance: SOC 2, ISO 27001, and similar frameworks treat third-party custody as high risk. Non-custodial reduces compliance burden.

The Philosophy

We believe security providers should be checkpoints, not chokepoints.

Your keys should remain yours. Your funds should remain accessible. Your operations should continue even if we don’t.

PolicyLayer exists to make your agents safer, not to become another dependency that can fail catastrophically. That’s why we don’t want your keys—and never will.

---

Related reading:

• How Two-Gate Enforcement Works
• Complete Guide to Securing Agent Wallets

Ready to secure your AI agents?

• Quick Start Guide - Get running in 5 minutes
• GitHub - Open source SDK