Bitcoin’s Unfinished Business: The Governance Problem It Still Hasn’t Solved
When Bitcoin (BTC) appeared, it seemed to close a long-running debate in economics and computer science. At last, there was a monetary system that could function without trusting a central authority. Anyone could verify the ledger. The monetary rules were transparent and hard to change. Issuance and settlement were automated, borderless, and indifferent to human judgment.
But behind this apparent finality lurked a missing piece that became obvious only as Bitcoin moved from hobbyists and cypherpunks into treasuries, funds, and regulated entities. Bitcoin nailed the problem of *consensus*; it left the problem of *governance* almost entirely to chance.
Individuals vs. institutions: two incompatible worlds
For individuals, this omission can feel like freedom. Owning Bitcoin means controlling an asset with absolute, non-negotiable authority. The private key is the only passport. The network does not care about your job title, legal identity, or internal policies. It only recognises cryptographic proof that you can spend a specific output.
This arrangement is coherent when the holder is a single person who is both the ultimate decision-maker and the party bearing all the risk. Lose your seed phrase, misplace your hardware wallet, fall for a phishing scam—and you answer only to yourself. The trade-off is harsh, but clear.
Institutions live in a different reality. A company, fund, or public body cannot be run on the principle of “whoever has the key decides.” Their existence is grounded in shared responsibility, documented processes, and accountability. They operate through:
– Delegated authority rather than absolute ownership
– Segregation of duties and checks and balances
– Audit trails for every significant action
– Recoverability plans for when people leave, die, or make mistakes
In this world, control is not just exercised; it must be *demonstrable*. It is not enough that assets are safe. It must be possible to show who approved which movement, under what policy, and according to which authority.
Bitcoin’s blind spot: possession without process
Here lies the central tension of Bitcoin’s institutional era. Bitcoin minimizes the need for intermediaries, but institutions cannot minimize the need for governance. Their entire structure is governance.
Bitcoin, in its purest form, recognises only two things: validity and possession. The protocol can confirm that:
– A transaction follows the rules
– The spender has the cryptographic authorization
But it cannot say who internally approved the transaction, why it took place, whether it complied with corporate policy, or whether it was authorised by the people the board believes are in charge.
To the network, a transaction signed by a single rogue employee and a transaction approved by a unanimous risk committee look exactly the same.
Why custodians became the default workaround
Faced with this vacuum, institutions reached for the most familiar tool they had: custodians. If Bitcoin itself did not provide a governance framework, perhaps a specialist intermediary could.
Custodians promised to translate Bitcoin’s bare-bones model into something that resembled traditional finance. They offered:
– Policy frameworks and access controls
– Insurance and service-level agreements
– Regular attestations and audits
– Language that reassured regulators and risk committees
In effect, they rebuilt the very trust architecture that Bitcoin was designed to sidestep. Instead of trusting a central bank, the institution now trusted a digital asset custodian. The dependency shifted, but it did not disappear.
The opacity problem: outsourcing risk and visibility
The trouble is that most custodial governance is opaque by design. External stakeholders rarely see how authority is actually distributed inside the custody provider. They cannot easily inspect:
– Who can approve withdrawals
– How many people are required to sign
– What happens if insiders collude
– Which operational failures have occurred in the past
Institutions are asked to accept assurance instead of evidence. They rely on promises, documents, and branding.
When things go wrong—and history shows that they do—the opacity that once felt like a comfort becomes a liability. An institution that thought it had reduced risk by outsourcing custody instead discovers it has outsourced visibility. It owns a line item on a balance sheet, but not a clear understanding of how that line item is controlled.
Custody vs. Bitcoin’s core principles
The deeper issue is not merely that some custodians have failed. It is that traditional custody is structurally misaligned with what makes Bitcoin unique.
– Custody concentrates control.
– Concentrated control creates single points of failure.
– Single points of failure are fundamentally fragile.
Even the most carefully designed custody setup struggles to eliminate this fragility. And fragility is hard to measure, harder to communicate, and nearly impossible to audit with the level of confidence expected by the most conservative stakeholders.
Institutions end up facing a paradox: they explore Bitcoin to lessen dependence on intermediaries, yet they often must rely on an intermediary to satisfy the governance expectations built into their own operating framework.
The governance gap: questions Bitcoin can’t answer (yet)
This is the governance gap—a structural mismatch between Bitcoin’s technical design and the operational requirements of organisations that wish to hold it.
It surfaces in basic, unavoidable questions:
– Who, in concrete terms, controls the funds?
– How is that control assigned, rotated, or revoked?
– What if a key holder resigns, becomes incapacitated, or turns malicious?
– How is a backup plan implemented without undermining security?
– How can an auditor verify that the organisation—not an individual or a third party—truly controls the reported assets?
– How can a board or regulator gain confidence that controls are enforced consistently, not just described in a policy document?
For years, these issues were treated as operational details to be handled later. But as Bitcoin moved into treasuries, financial institutions, and public markets, it became clear that governance is not a side concern. It sits at the centre of institutional adoption.
Toward verifiable governance: a missing layer
What is lacking is not more regulation or more marketing, but a verifiable layer of governance that lives alongside Bitcoin’s consensus rules.
Consensus answers:
Is this transaction valid according to the protocol?
Governance must answer:
Is this transaction valid according to the organisation’s own rules—and can that be proven to others?
A serious attempt to close this gap involves three properties:
1. Programmable control structures
Where multiple approvals, thresholds, and conditions are encoded directly into transaction logic (for example, through multi-signature setups, time locks, or policy scripts).
2. Transparent yet privacy-preserving proofs
Where an organisation can demonstrate that certain governance constraints were followed—such as requiring two-of-three signatures from distinct departments—without exposing sensitive internal details.
3. Auditability over time
Where it is possible to reconstruct a history of how control was exercised, who had authority, and how that authority changed, in a way that can be independently checked.
This is the idea of *verifiable governance*: not replacing human decision-making, but making its enforcement and history provable at the technical level rather than purely in paperwork.
Multi-signature and beyond: partial answers, not a full solution
Bitcoin already offers some building blocks for better governance, most notably multi-signature (multisig) arrangements. Multisig allows funds to be controlled by multiple keys, with spending permitted only when a threshold is met (for example, 2-of-3 or 3-of-5).
Multisig can:
– Prevent a single rogue actor from unilaterally spending funds
– Distribute control across teams or entities
– Provide better resilience to key loss
But multisig alone does not automatically create good governance. It still leaves open questions:
– Who holds each key, and under what mandate?
– How are keys rotated when staff change?
– How is physical and logical access to each key managed?
– How does an external reviewer gain confidence that keys are truly segregated and not effectively controlled by the same person?
Moreover, while some aspects of multisig are visible on-chain, the organisational structure behind each key is not. Without additional frameworks and proofs, multisig risks being a technical comfort blanket over essentially traditional, opaque processes.
The institutional balancing act: authority, safety, and agility
Institutions trying to hold Bitcoin have to walk a tightrope between three competing demands:
– Security: Protecting assets from theft, error, and internal abuse.
– Governance: Ensuring decisions are authorised, documented, and auditable.
– Agility: Keeping operations fast enough to be commercially viable and responsive to markets.
Overemphasise security, and you end up with systems that are so rigid that moving funds becomes operationally painful. Overemphasise agility, and you drift toward informal practices that are hard to audit and prime targets for abuse. Overemphasise governance on paper, and you risk creating a facade of control that is not backed by robust technical enforcement.
Bitcoin, by itself, does not resolve these tensions. It simply shifts where they show up.
The cultural challenge: from ideology to infrastructure
There is also a cultural dimension. Much of Bitcoin’s identity has been shaped by the ideal of self-sovereignty: “not your keys, not your coins.” For individuals, this principle is a powerful antidote to custodial dependency.
For institutions, however, absolute self-custody in the individual sense is not always practical or even appropriate. A global corporation cannot function if its treasury hinges on one person’s hardware wallet. Nor can a regulated entity ignore obligations to provide auditability and control.
The question is not whether institutions should “trust no one” or revert to blind trust in custodians. The challenge is to embed *measurable trust* into Bitcoin operations: where the degree of reliance on people, vendors, and processes is visible, constrained, and verifiable.
Reconciliation, not reinvention
The future of Bitcoin in institutional settings depends less on reinventing the asset and more on reconciling its design with the realities of organisational life.
That means:
– Designing governance structures that make explicit use of Bitcoin’s strengths—immutability, transparency, and programmability—rather than fighting them.
– Developing tools that let boards, auditors, and regulators verify controls based on cryptographic truth, not just documentation.
– Accepting that decentralisation does not eliminate governance; it changes who must be accountable, and how that accountability is proven.
Bitcoin’s original breakthrough was to show that consensus on a monetary ledger can be achieved without a central arbiter. Its next test is whether governance over that ledger—especially in complex organisations—can be made as transparent, robust, and resistant to failure as the network itself.
The problem Bitcoin never fully solved is not purely technical, and it cannot be resolved by code alone. It lies at the intersection of cryptography, institutional design, and human behaviour. Closing this governance gap will not require replacing Bitcoin. It will require building the missing layer that allows people and organisations to align the network’s unforgiving logic with the messy realities of how decisions are actually made.