Custody over the funds is handled via a 'Multisig' mechanism, which in turn is governed via a Decentralized-Autonomous-Organization (DAO).
A Multisig mechanism requires a certain threshold of different parties signing a transaction before it is considered valid, e.g. 2 out of 3 parties need to sign a transaction for it to be valid.
A DAO is a decentralized organization that is governed through programmatic and transparent rules. The right to participate in the DAOs governance is represented through tokens.
Capital custody risk refers to who has control over the delegators' principal (staked tokens). There are three subcategories through which the capital custody risk can be clustered: 'Validator-Custody'; 'Self-Custody'; or 'DAO Multisig'.