28.03.2024

Gemini Completes Second Level of Cybersecurity Compliance Exam

Gemini announced Thursday it completed an independent SOC 2 Type 2 examination conducted by consulting firm Deloitte, a year after it completed an SOC 2 Type 1 examination. Where the previous examination evaluated Gemini’s design and system control implementation, the Type 2 exam looks at operations across a period of time.

The Gemini crypto exchange has completed a new examination to ensure its security system controls operate effectively.

“We believe this kind of assurance, in addition to other safeguards we have implemented, such as digital asset insurance, helps protect our customers data and cryptocurrency”, said Yusuf Hussain, head of risk at Gemini, in a statement.

The firm will be completing a SOC 2 Type 2 on an annual basis, Hussain said.

The American Institute of Certified Public Accountants (AICPA) introduced the cybersecurity risk management examinations, named SOC for Cybersecurity, in April 2017.

The examinations are designed to help organizations meet the growing challenge of communicating the design and effectiveness of cybersecurity risk management programs to interested parties, according to a white paper from the AICPA.

“Simply saying you are secure is not the same as demonstrating you are secure to an independent third party”, Hussain said. “We feel that everyone should require these standards for any cryptocurrency exchange and custodian they use.”

Gemini Clears New Deloitte Audit in Bid to Appeal to Wall Street

Gemini’s exchange and custody services have cleared yet another systems design check.Cameron and Tyler Winklevoss’s crypto business announced Tuesday that it had completed the SOC 1 Type 1 examination in March 2020. The report, conducted by Deloitte, is an attestation that Gemini’s financial reporting obligations work at a given moment.

Gemini Head of Risk Yusuf Hussain told CoinDesk that the “independent validation” of Gemini’s financial reporting operations gives credence to the system’s design and mitigates “the risk of significant error, omission, or data loss.”

Gemini, which Hussain claims is the first crypto exchange and custodian to run the gamut of security, privacy, financial reporting and systems control examinations designed by the American Institute of Certified Public Accountants (AICPA), is now one year away from completing the Type 2 report, which checks that the systems also work over time.

Checking these audit boxes have become a regular feature of Gemini’s compliance and regulatory strategy. It had previously completed AICPA’s security facing SOC 2 Types 1 and 2 reports, also administered by Deloitte, and plans to repeat the SOC 1 Type 2 report annually.

BitGo has also completed the SOC Type 2 audits for its custody business.

“Providing this level of transparency and building this level of trust is key to broader crypto market adoption”, Hussain said. It has also apparently paid dividends for Gemini, which uses these attestation reports to show potential partners that their systems are transparent, and in so being are also up to snuff.

Hussain said such transparency “is a significant factor in our establishing relationships with traditional financial institutions.”

He pointed to State Street Bank as one such institution. State Street launched a digital asset pilot examination with Gemini last December. The pair are examining reporting scenarios for custodied digital assets, according to a State Street press release.

Leave a Reply

Your email address will not be published. Required fields are marked *