About Finoa's compliance, risk, and security practices
In light of recent discussions around the importance of qualified crypto custody, we want to take a moment to explain how we treat client assets at Finoa and detail some of the measures that we are taking to ensure their utmost security.
A regulated, qualified custodian
Finoa has been regulated and operating under a preliminary crypto custody license since January 2020. As of February 2023, Finoa is a fully regulated financial institution, licensed by the German Federal Financial Supervisory Authority – BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) under the German Banking Act (Kreditwesengesetz – KWG). Finoa holds the following licenses:
- Crypto custody license (“Kryptoverwahrlizenz”) - sec. 1 para. 1a no. 6 KWG
- License for investment brokerage (“Anlagevermittlung”) - sec. 1 para. 1a no. 1 KWG
- Proprietary business license (“Eigengeschäft”) - sec. 1 para 1a sentence 3 KWG
Fully segregated wallets
Your custodial account always corresponds to a new set of private keys, meaning that your funds are never kept in “umbrella” accounts or otherwise mixed with other client or Finoa assets.
The primary reason for doing this is to minimize the counterparty risk that might otherwise arise from using an omnibus ledger. Additionally, this setup allows you to have a native blockchain experience.
This makes your assets directly verifiable on-chain, including balances and any transaction types. With segregated wallets, the blockchain itself acts as a “Proof-of-Reserve” that can be inspected at any time.
All assets under custody are off-balance sheet
Your crypto assets are held separately from Finoa’s assets and treated as Special Assets that are off-balance sheet. As explained earlier, since your crypto-assets are stored directly on the blockchain, you have verifiable proof of deposits at all times, for all funds that you custody with Finoa.
In the unlikely event that Finoa becomes insolvent, clients can claim their assets. In keeping with customary securities custody practice and case law, legal scholars agree that, due to the segregation of clients' assets in a setup like the one used by Finoa, client assets will not be considered part of the insolvency estate.
Our commitment to regulatory compliance
Finoa will never transfer, lend against, or otherwise move or take ownership of client assets. This has always been part of our terms of service, in line with our commitment to regulatory compliance.
Adhering to a clear regulatory framework is an essential component that serves our transparency towards customers and state authorities, enables sustainable growth, and ensures secure strategic and financial decisions.
Our regulatory compliance is proven through yearly external audits that exceed standard financial requirements and are conducted by an independent global auditing firm. The scope of the investigation covers areas such as:
- legal conditions
- IT systems
- financial accounting
- the system of internal controls and the separation of functions
- independent internal auditing
- risk controlling
- outsourcing risk management
- anti-money laundering activities.
To clear any doubt, we’d like to reassure you that Finoa does not, and has never, had any exposure to either FTX or Alameda Research and has never offered the FTT token to customers.
As a regulated entity licensed by the German Financial Supervisory Authority BaFin, Finoa is uniquely qualified to provide high-quality, secure custody for crypto assets while fulfilling strong regulatory requirements. Security is not only a central tenet of our customer promise but is deeply woven into our organization’s structure and operations.
Should you have any questions, please do not hesitate to reach out to our team.
Note: this article was originally published on November 10th, 2022, and was updated on March 3rd, 2023 to include information about Finoa's licenses.