Tokenized assets are entering institutional portfolios at a meaningful scale. The market for tokenized real-world assets reached $17.88 billion as of March 2025, up from $10 billion in 2024, with tokenized treasuries and tokenized private credit emerging as the primary growth drivers. That growth reflects rising institutional conviction, but it also means that risk evaluation frameworks must keep pace with deployment. Tokenized assets carry the financial characteristics of their underlying instruments. They also introduce a distinct layer of operational, legal, and infrastructure risk that conventional portfolio risk models do not fully account for. For organizations building or expanding exposure to tokenized assets, understanding that risk profile in precise terms is the basis for sound allocation decisions and long-term program sustainability.
Key takeaways:
- Tokenized assets carry the underlying financial risk of the instruments they represent, plus additional layers of operational, cybersecurity, custody, and regulatory risk.
- Permissioned, private digital ledger infrastructure directly reduces several categories of institutional risk by restricting network participation, embedding compliance controls, and maintaining auditable records.
- Regulatory clarity is advancing, but institutions must evaluate each asset class and jurisdiction independently, as frameworks vary materially across markets.
- Custody of tokenized assets introduces specific considerations around qualified custodian requirements, key management, and bankruptcy remoteness that differ from traditional custody arrangements.
The Baseline: Underlying Asset Risk Does Not Change
The starting point for any risk analysis of tokenized assets is the recognition that tokenization does not alter the fundamental risk characteristics of the underlying instrument. A tokenized government bond carries sovereign credit risk, while a tokenized private credit position carries the counterparty and liquidity risk of that credit. A tokenized real estate fund carries the valuation and concentration risks associated with the underlying property holdings.
The SEC has reinforced its view that tokenized securities constitute an existing asset class in a new form, emphasizing disclosure, investor protection, and the need to align smart contract features with legal documentation. This regulatory position has practical implications: the risk classification, reporting treatment, and compliance obligations that apply to the traditional form of an instrument continue to apply when it is tokenized. Institutions that treat tokenized assets as a separate and distinct risk category from their conventional counterparts will find that their risk frameworks diverge from regulatory expectations.
What tokenization does change is the infrastructure through which those underlying risks are held, transferred, and settled. That infrastructure layer introduces its own risk categories, and they require deliberate evaluation.
Cybersecurity and Smart Contract Risk
Tokenized assets rely on ledger-based business automation, called smart contracts, to handle transfer restrictions, compliance logic, settlement conditions, and lifecycle management. Those contracts must correctly reflect the legal and operational terms of the underlying instrument, and they must continue to do so as conditions change. Bugs, compromised accounts, or cyberattacks could lead to the loss or theft of digital assets, and such incidents could trigger lawsuits alleging failures in cyber risk governance or negligent supervision of vendors or custodians.
For institutions, the response to this risk category involves several overlapping controls: independent code audits prior to deployment, formal verification of critical logic, role-based access controls, and ongoing monitoring for anomalous behavior.
The choice of blockchain infrastructure also affects cybersecurity and smart contract risk directly. Production-proven platforms with extensive audit histories and real-world transaction volumes provide substantially better evidence of reliability than untested alternatives. The Cosmos stack has supported 150+ live chains and $70 billion in assets secured, with more than a decade of continuous production use. That operational track record reduces the unknown tail risk that accompanies newer or less-tested infrastructure.
Custody Risk and Key Management
Custody of tokenized assets differs from traditional securities custody in ways that create specific risk considerations for institutional holders. Blockchain-based securities carry unique cybersecurity risks, and questions around which types of custodians count as qualified custodians, as well as whether funds may engage in self-custody of digital assets, remain open regulatory issues.
At the core of digital asset custody is private key management. Unlike traditional securities accounts, where ownership is recorded and administered through custodian-ledgers and institutional access controls, tokenized assets are controlled through cryptographic authorization tied to private keys (or equivalent custody mechanisms such as Multi-Party Computation. If those keys are compromised or lost, the assets they control can become permanently inaccessible or be irreversibly transferred to a malicious party. Institutions holding tokenized assets need to evaluate how keys are generated, stored, backed up, and recovered in the event of custodian failure or succession scenarios.
In many OECD jurisdictions, regulatory frameworks require that reserve or client assets be held with regulated financial institutions that meet defined capital, operational, and supervisory standards, often described as regulated or qualified custodians. In tokenized markets, custodians play a central role in connecting off-chain legal ownership and asset servicing to on-chain representations, supporting controls that help prevent duplicate issuance or inconsistent representations of the same underlying asset across systems. For institutions, operating within this custodian framework is both a compliance requirement and a practical risk control, since it supports asset segregation, investor protection standards, and legal structures designed to reduce insolvency and operational risk in traditional securities custody.
Regulatory and Legal Risk
Regulatory uncertainty, infrastructure development, and legal gaps remain primary obstacles to tokenization adoption at scale, alongside interoperability challenges between digital ledgers that result in liquidity fragmentation of tokenized products. These risks vary significantly by asset class, jurisdiction, and the specific tokenization structure in use.
In the United States, the regulatory framework for tokenized securities is evolving. Congress is actively advancing foundational legislation on asset tokenization. The bipartisan GENIUS Act, signed into law in July 2025, is setting rigorous guardrails for payment stablecoins, including one-to-one reserve backing, transparency, and oversight. Alongside this, the Digital Asset Market Clarity Act aims to define jurisdiction between the SEC and the CFTC. These legislative developments mark a meaningful shift toward defined operating parameters, but institutions must continue to monitor evolving guidance rather than assume current frameworks are settled.
In Europe, MiCA has been fully applicable since December 30, 2024, governing crypto asset service providers, stablecoins, and token issuance, while securities-like tokenized instruments generally continue to fall under MiFID II. That dual-track structure means compliance teams must evaluate each tokenized instrument against multiple regulatory regimes simultaneously.
In some third-party tokenization structures, the token represents a security entitlement rather than the underlying security itself. The token holder’s rights may depend on the third party’s custodial and contractual structure, and the holder may be exposed to risks related to that third party, such as operational failures or bankruptcy, that a direct holder of the underlying security would not necessarily face. Structural analysis of exactly what a token represents, and what rights it confers under which jurisdiction’s law, will be required due diligence for institutional portfolio managers.
Liquidity Risk in Tokenized Markets
Tokenization is frequently cited as a mechanism for improving liquidity in asset classes that have historically been difficult to trade. Their trading potential is not uniformly realized across asset classes and market conditions today. Liquidity fragmentation remains a significant challenge, and even high-quality tokenized assets may be difficult to unwind in stressed markets, making execution quality an inherent part of any asset allocation decision.
Secondary market depth for tokenized assets varies considerably. Tokenized U.S. Treasuries, which have attracted the most institutional capital, have demonstrated meaningful secondary liquidity. By mid-2025, tokenized U.S. Treasury products surpassed $7.4 billion, up approximately 80% year-to-date, reflecting demand from funds, corporates, and crypto-native treasuries seeking on-chain yield and instant settlement collateral. However, tokenized private credit, real estate, and alternative fund positions remain substantially less liquid in secondary markets, and institutions holding these instruments need to account for that illiquidity in their overall funding and liquidity risk frameworks.
Permissioned network architecture affects liquidity risk in a specific way: it restricts who can participate in the network, thereby limiting the counterparty pool for secondary trading. That restriction is often the right trade-off for institutional compliance requirements, but portfolio managers should factor the resulting liquidity constraints into position-sizing and holding-period assumptions.
Infrastructure Risk and the Role of the Underlying Platform
Across all of the risk categories above, the choice of underlying blockchain infrastructure is a material risk variable. Institutions that deploy tokenized assets on production-proven, permissioned platforms with established security audit histories and demonstrated throughput at scale operate with a materially different risk profile from those using newer or less-tested technology.
One of the most significant shifts in institutional tokenization has been the move toward permissioned network models that restrict participation to vetted entities, including issuers, banks, custodians, transfer agents, and other regulated intermediaries. These designs preserve on-chain programmability while allowing visibility and audit access to authorized participants. In these environments, issuers can encode compliance requirements directly into token transfer logic, including identity-based restrictions, whitelisting, jurisdictional controls, and holding period enforcement.
Through the Cosmos stack, institutions can deploy permissioned digital ledgers in which they define who can participate, what rules govern transactions, and how data is shared within and across institutional boundaries. Immutable, auditable records support both internal governance and regulatory examination responses. Interoperability standards allow tokenized assets to move across institutional boundaries when settlement or collateral workflows require it, without requiring all participants to operate on a single shared network.
These infrastructure characteristics map directly to the risk mitigation priorities that institutional risk teams apply to any new asset class: auditability, access control, regulatory alignment, and operational resilience. For institutions evaluating tokenization programs, the infrastructure decision is inseparable from the risk management question.
From Risk Identification to Structured Evaluation
Understanding the risk profile of tokenized assets entails evaluating both the familiar financial risks of the underlying instruments and the specific infrastructure, legal, and operational risks introduced by tokenization. Smart contract reliability, custody structure, regulatory treatment, and secondary liquidity all require deliberate analysis, and those analyses depend heavily on the specific platform and legal structure through which tokenized assets are held.
Each of these risk categories is manageable through infrastructure and structural choices made at program design. Permissioned blockchain architecture restricts network access and embeds compliance controls, while production-proven platforms with established audit histories reduce smart contract and operational risk. Qualified custodian frameworks provide the regulatory protections that apply to traditional securities, and permissioned interoperability standards allow institutions to move assets when needed without losing preserving the access controls that compliance teams require.
For organizations building their risk evaluation frameworks for tokenized assets, the next step is a structured review of the infrastructure, custody, and legal structure underlying each proposed position.
Article received via email
