Proof of Reserves and transparency, the Bitstamp way
Bitstamp was built on the principles of trust, security, and compliance. They’re embedded in our processes and procedures, and our culture of risk management, with the goal of ensuring our customers’ assets are always protected. This approach has helped our customers confidently invest in crypto using our exchange for the last 11 years and to continue to do so.
Recent events have increased the demands for exchanges to demonstrate their transparency through proof of reserves (PoR). Bitstamp Group and our legal entities have been audited by a big four global accounting firm on an annual basis since 2016. Our aim is to release a proof of reserves audit. This will provide our customers with an independently conducted verification of their Bitstamp balances, and the assurance that Bitstamp has the assets to cover them fully.
Transparency at Bitstamp goes well beyond the snapshot in time evidence provided by a PoR. We wanted to open up our inner workings to demonstrate how, day in and day out, our operational controls and regulatory compliance ensure we deliver on our mantra that ‘your crypto is always yours’.
Being regulated is not just a certificate - it’s a daily process
180 people, 29% of our team, are dedicated to compliance, regulation, legal, risk management, security, and internal audit. The size of this team ensures we can operate across all our jurisdictions, in absolute compliance with the 50 different licenses we have across the globe.
Further, our commitment is underscored by the fact that our global CEO is a compliance expert.
Our key principles in risk exposure and internal controls
Managing risk and meeting regulatory expectations is crucial in our ability to meet our business goals, and our internal structure reflects that. We have set up a framework for performing detailed risk assessments to identify and assess risks in all our products, activities, processes, and systems.
This risk and control framework is implemented by the Risk and Control Management Function, one of Bitstamp's group-level internal control teams. Risk management performs its role separately from the operating functions. This allows the risk managers to interact freely with all areas of the company for the purpose of identifying, quantifying, reporting and escalating risk issues or control gaps.
The leadership of the team includes: Head of Risk Management, Operational Risk Manager, Outsourcing Risk Oversight Manager, Fraud Risk Manager and Financial Risk Manager.
Financial Control Environment & External Audits - key for consistency in fund security
Bitstamp’s platform processes over 100 million transactions a year, which we need to be able to monitor and account for. To do this, we use specialized enterprise software from a leading global provider and our processes ensure that we are validating the accuracy at a customer and transaction level. This includes daily, weekly and monthly oversight and reconciliation of our customer funds. The reconciliation is performed against the records of the independent third-party custodians that hold our customers' funds, and is carried out by our financial control team. These processes are part of our financial control environment, which is designed to ensure that we can validate the assets and liabilities of the company and its clients, and that our financial records provide a 'true and fair’ representation of the company.
Bitstamp’s financial controls are reviewed annually by external parties, and are also subject to Internal Audit reviews, which ensure that our control environment is assessed, validated, and continuously improved. Each year since 2016 Bitstamp has been audited by a big four global accounting firm.
ISO and SOC 2 certification for information security
With the comprehensive design and effective implementation of our internal security controls, we have obtained the ISO/IEC 27001 and SOC2 Type 2 certifications, both requiring annual reapplication and renewal. Compliance with these certifications is also independently validated by our auditors.
The certifications demonstrate with the highest degree of confidence to our customers that their data is safe and that we comply with the trust principles based on our systems, processes and security measures in place.
The right attitude towards risk exposure in crypto
Our senior management team and board of directors are highly experienced subject matter experts in risk management and help safeguard Bitstamp’s core ethical values. They, along with the Risk and Control Management Function personnel, have been responsible for establishing a strong risk-based culture at Bitstamp, which all Bitstamp employees are committed to.
Being risk-based means taking a proactive approach in assessing all compliance-related risks we might face. Employees are encouraged to continuously promote ethical business practices and principles. If risk exposure is detected, employees are required to stop all processes, escalate the issue, or anonymously contact our whistleblower’s hotline.
We operate according to a strict zero-permissions policy on all levels. That means that no member of the management team has access to any database, wallets, code, or has any other special security privileges to any system.
We welcome the increased scrutiny and regulation of crypto exchanges as it helps our industry mature. Our objective remains the same – continue to be an easy-to-use and reliable one-stop shop for cryptocurrency trading in a fully compliant and regulated environment, while making sure your crypto is and always will be yours.
Welcome to the Bitstamp way.