Issuers and investors need to have a way to safekeep their tokens. This can either be done through self-custody or by working with a third-party custodian (a bank or regulated financial institution that holds a custody license).
At the heart of token custody is the management of cryptographic keys. Someone who owns digital assets typically sees their so called public key or address. If you want to receive tokens, you need to give your public key to the token sender. You will normally find this key in your digital assets or crypto wallet.
If you want to send your tokens to another wallet (e.g. because you sold tokens to someone else), you will need their public key. When you initiate sending, your wallet will sign the transaction with your private key.
In order to make sure that nobody can spend your funds or tokens, the private key needs to be managed in a highly secure way. At the same time convenience is important, so that tokens can be sent when necessary without an overly complicated approval process.
Custodians take the responsibility of managing private keys for investors and issuers in a secure and compliant way. They are therefore an important component in the whole setup of token offerings.
Custody works differently for issuers and investors, therefore this documentation differentiates between these two and describes several options for each.