What does a safe exchange look like?

What does a safe exchange look like?
A safe exchange is a regulated exchange

Choosing the right crypto exchange is one of the most important decisions an investor needs to make. To avoid problems with your crypto assets and ensure you can trade smoothly without interruption caused either by compliance issues or lack of liquidity, there are several factors you must consider. An exchange must be compliant with regulatory obligations, have a strong security infrastructure and be led by people who know both the traditional finance industry and crypto.

As with all things in crypto, it’s crucial that you do your own research on finding a trustworthy, mature and compliant exchange to trust your assets with. What we can do is provide you with certain facts that might help you with your decision-making process, namely about what exactly makes a crypto exchange safe, how we do things at Bitstamp, and what it takes to maintain a consistent and industry-leading 99.9%+ uptime.

Compliance, regulation and risk

Compliance is often misunderstood – it’s not about getting a stamp of approval and then forgetting about it. It’s essentially a set of best practices that protect you as our customer, our partners and our business.

Compliance with the regulatory obligations in the crypto space requires the right technical implementation and product specifications just as much as the right legal expertise. To give you a sense of how important regulatory compliance is to us, let’s start off with the fact that we have 180 people working in compliance, regulatory, legal, risk management and internal audit alone. That constitutes nearly 29% of our entire workforce. As our business continues to expand, so do our staffing needs and compliance is one of our key focuses in this. As we have always put an emphasis on compliance and effective regulation, this proportion has remained roughly the same ever since the early beginnings of Bitstamp in 2011. That means that we still recognize alignment with the regulatory obligations as the foundation of all our operations to assure you safe access to the crypto markets.

To obtain all the necessary licenses with relevant authorities, an exchange needs to demonstrate that they have strong fiduciary and security controls in place to protect their customers and ensure that they follow all local and international regulations surrounding KYC/AML (Know Your Customer and Anti Money Laundering). Remaining compliant is a matter of upkeeping this state as well as completing audits and fulfilling reporting obligations on a regular basis. In practice, that includes screening deposits to monitor transactions for any suspicious activities, as well as running a compliant customer verification process.

All of this and much more has enabled us to be successfully regulated by the Luxembourg Financial Regulator (CSSF) since early 2016 and set the groundwork to become the first crypto exchange to receive a Payment Institution license in the EU. We have also had the BitLicense, issued by the New York Department of Financial Services, since 2019. More recently, we are expanding our VASP licenses in the EU, and in the US, we have Money Transmitter Licenses in 42 states. Altogether, Bitstamp proudly holds 50 licenses globally.

When it comes to financial statements, all our customer cryptocurrency assets are held off-balance sheet (i.e., they are recorded separate from Bitstamp entity assets). Since 2016, all Bitstamp Annual Accounts have received an unqualified audit opinion, including the most recent for the financial year 2021.

It should be noted that compliance is a two-way street. First, we actively communicate with regulators and work together to find solutions that provide the most protection for all involved. At the same time, they allow us to innovate and adapt to new challenges and find new opportunities as the industry evolves. Compliance is not set in stone, it is an evolving field and also a crucial tool that helps our industry mature.

Bitstamp applies a robust risk management model with the first, second and third lines of defense. First, operational management is responsible for executing risk and control procedures on a day-to-day basis. Second-line functions monitor this activity to ensure risks and controls are effectively managed, and a permanent independent internal audit function delivers the third line of defense. Bitstamp has a Board Risk Committee, composed of a selection of our independent non-exec directors across all entities. The internal audit function reports directly to Bitstamp Board Risk Committee and the Boards of our regulated entities on a continuous basis.

How we look after your crypto

And now for the technical part... Our infrastructure, with industry-leading uptime, has held firm even during the most extreme demand spikes. We are an infrastructure-first company and that makes us among the most reliable and trusted exchanges in crypto. How have we achieved that?

The safety of your assets is our top priority

All our customers’ crypto and fiat are stored in separate accounts and completely detached from our corporate assets. They are held 1:1 in custody, meaning for each coin our customers hold with us, we have that coin in our custody. No customer assets are lent or staked out without our customers’ express permission.

We store approximately 95% of all funds and assets offline, in cold storage facilities. The other 5% is held in our hot wallets to ensure you can withdraw your crypto instantly if you wish to do so. Custody is very important - at Bitstamp we work with industry-leading third-party custody providers (including BitGo and Copper) who keep all offline crypto assets in military-grade vaults and protected by their insurance policy. We supplement this with a market leading crime insurance policy brokered by a global insurance & consulting broker and underwritten by leading insurance companies and syndicates at Lloyd’s of London.

Extensive security measures

Along with cold storage for the majority of assets, we have made two-factor authentication obligatory for users to activate their accounts, perform basic KYC checks on all customers, and use withdrawal confirmations, whitelists, and multisig wallets. We don’t run any third-party scripts on our servers, and we perform extensive security audits of both our platform and all the tools and software we use. Moreover, our servers are geographically dispersed and kept under 24/7 surveillance.

Also, it is important to have both preventative measures and a contingency plan in place at all times.

We have implemented banking-grade controls and lines of defence in information security. An example of this is a security program with written policies and procedures audited every year by one of the Big Four and we perform annual global penetration tests. As well as contracting multiple third parties, we contract independent penetration testers to try to find any weaknesses in our systems. We also run bug-bounty programs with rewards for anyone in the community that finds a potential vulnerability in our systems.

As well as monitoring and reviewing all code changes, we also run separate security testing for larger launches. Along with that, we have a full fail-over setup including off-site backups in case of a needed disaster recovery. Measures such as these and the SOC2 Type 2 attestation and ISO/IEC 27001 certificate, both annually renewed, are a testament that we're taking security seriously and fulfilling the highest safety standards, making us arguably the most secure crypto exchange in the business.

We operate a zero permissions policy, meaning that no member of the management team has access to wallets, code, or has any special security privileges to any system. All the work we do requires multiple written signoffs. Anyone in the company can stop and escalate, or anonymously contact our whistle-blower’s hotline.

As you can see, we take no shortcuts.

Every company’s most essential element – the people

Bitstamp’s leadership team is one of the most knowledgeable in the crypto industry with decades of experience and a commitment to the highest levels of integrity. Many have come from banking or compliance roles in regulated entities and have a risk background. Every operational Bitstamp entity has a functioning Board of Directors with independent non-executive directors. This is a unique advantage which allows Bitstamp to grow globally by drawing from the diverse range of experiences each member brings.

Bitstamp Executive Team 

JB Graftieaux - CEO

  • Ex Ebay & PayPal

Stephen Bearpark– CFO

  • Ex Amazon & Barclays Bank

John Ehlers – COO 

  • Ex PayPal & Alipay

James Greenwood – CTO

  • Ex Tandem Bank & Barclays Bank

Bobby Zagotta– US CEO and Global CCO

  • Ex Kraken & CME Group

Miha Vidmar – CPO

  • Ex ICONOMI & Halcom

Bernice Smith – CPO

  • Ex Barclays & Nomura

We serve customers from all over the world from our offices in the UK, Luxembourg, USA, Singapore, and Slovenia. At Bitstamp, we take pride in genuine and live contact. We are always in human touch with our partners, regulators and our customers either through our staff, in our offices around the globe or via our responsive customer service departments.

The Bitstamp way

Compliance, security & people. These are what set Bitstamp apart in the world of crypto exchanges and form the basis for why we are the top-rated exchange in the industry. We encourage everyone, whether you are just getting started or a seasoned pro, to make educated choices when deciding who to trade with.

Welcome to the Bitstamp way.