Posted 2 years ago | by Ben Armstrong
Coinbase Custody Passes Two Major Security Evaluations
Coinbase Custody, the custody arm of major United States-based cryptocurrency exchange Coinbase, has become the first cryptocurrency custodian to pass two new security qualifications.
According to a press release published last week, Coinbase Custody announced that the accounting firm Grant Thornton has awarded it both Service Organization Control (SOC) 1 Type 2 and SOC 2 Type 2 reports.
The reports demonstrate the system requirements, service commitments, and data protection safeguards of the custodian meet the rigorous standards necessary to provide safe custody solutions in the crypto ecosystem to Coinbase Custody clients.
While many retail investors aren't familiar with how important counterparty and custodian issues are, they are vital for institutional investors. This new accreditation may open the door for large investments in cryptos.
What are SOC (System Organization Control reports)?
The Grant Thornton accounting firm, which conducted the evaluation, has detailed on its website that SOC reports are provide an evaluation of the strength of: “financial, operational and information security controls in an organization.”
A SOC 1 report provides information on the internal controls relevant to a user organization’s financial reporting or: “SOC 1 reports are intended to be an auditor to auditor communications”.
A SOC 2 report provides information on: “security, availability, processing integrity, confidentiality, and privacy.”
Both SOC 1 and SOC 2 reports are divided into Type 1 and Type 2. A Type 1 report describes the design of the controls, while a Type 2 report covers their effectiveness after a minimum testing period of six months.
Also, the press release confirmed that Coinbase Custody will renew the reports in the future:
“(Coinbase Custody) will continue to perform regular SOC 1 and SOC 2 examinations to maintain the same level of rigorous security and oversight standards that has established us as the largest and most trusted leader in the space.”
More Crypto Custody Options on the Horizon
An announcement from late January disclosed that Coinbase is expanding its crypto custody services to European institutions by establishing an entity in Ireland.
Other cryptocurrency services are also seeking SOC certificates. As Cointelegraph reported in January 2020, Gemini, a US-based cryptocurrency exchange and custodian, has completed a SOC 2 Type 2 evaluation through Big Four firm Deloitte.
On the heels of new Anti-Money Laundering laws, BaFin updated the Anti-Money Laundering Act at the beginning of this year that requires financial institutions to have an operational license if they want to offer custody services.
There are many German banks which filed for a license to offer crypto custody services, Germany’s Federal Financial Supervisory Authority, BaFin, has received over 40 applications from German banks interested in offering crypto custody services.