Legal and regulation
Finoa has been regulated and operating under a preliminary crypto custody license since January 2020. As of February 2023, Finoa is a fully regulated financial institution, licensed by the German Federal Financial Supervisory Authority – BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) under the German Banking Act (Kreditwesengesetz – KWG). Finoa holds the following licenses:
- Crypto custody license (“Kryptoverwahrlizenz”) - sec. 1 para. 1a no. 6 KWG
- License for investment brokerage (“Anlagevermittlung”) - sec. 1 para. 1a no. 1 KWG
- Proprietary business license (“Eigengeschäft”) - sec. 1 para 1a sentence 3 KWG
The licenses mean that Finoa is legally qualified to:
- hold crypto assets on behalf of individuals or institutions,
- trade its own capital, and
- intermediate access to capital.
In the United States, where the term is most commonly used, a qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant, or certain foreign financial institutions (“FFI”). According to the SEC, FFIs are “incorporated or organized under the laws of a country or jurisdiction other than the United States” and meet the following requirements under the new proposal:
- The adviser and the SEC are able to enforce judgments, including civil monetary penalties, against the FFI;
- The FFI is regulated by a foreign country’s government, an agency of a foreign country’s government, or a foreign financial regulatory authority as a banking institution, trust company, or other financial institution that customarily holds financial assets for its customers;
- The FFI is required by law to comply with Anti-Money Laundering (AML) and related provisions similar to those of the Bank Secrecy Act (31 U.S.C. 5311, et seq.) and regulations thereunder;
- The FFI holds financial assets for its customers in an account designed to protect such assets from creditors of the foreign financial institution in the event of the insolvency or failure of the foreign financial institution;
- The FFI has the requisite financial strength to provide due care for client assets;
- The FFI is required by law to implement practices, procedures, and internal controls designed to ensure the exercise of due care with respect to the safekeeping of client assets; and
- The FFI is not operated for the purpose of evading the provisions of the proposed rule.
Finoa has extensive safeguards in place and complies fully with the requirements of German law, many of which are in line with the SEC’s requirements for qualified custodians. Read more about Finoa's qualifications as a custodian.
Finoa Consensus Services is Finoa’s subsidiary focused on developing blockchain infrastructure and distributed validator technology that secures decentralized networks and maximizes institutional investors’ capital efficiency.
Finoa's platform is designed for institutional investors, corporations, high-net-worth individuals, and other service providers.
To open an account, please fill in the contact form on our contact page. A member of our Sales Team will be in touch with you to initiate the process.
The account creation is dependent on the onboarding verification process and customer requirements.
A custodian is a financial institution that safely secures assets on behalf of third parties (institutions or individuals).
Storing your assets with a custodian allows you to protect your assets with best-in-class security and reduces the risk of you losing your keys or getting hacked.
Finoa's custody solution offers bank-level security combined with immediate access to your digital assets. We ensure that your private keys are stored securely while giving you the freedom to deposit, stake, and withdraw your assets and grow your portfolio.
Private keys for your assets are generated and stored in Hardware Security Modules (HSMs) that provide military-grade cold storage. Through the application of core banking technology to blockchain infrastructure, digital assets can be deposited, withdrawn, or staked within seconds. Our multi-signature functionality serves as an additional layer of security for your assets.
Multi-signature is the process of validating a specific operation (such as a withdrawal) based on the confirmation from a predefined number of signatures. It acts as a security mechanism to ensure that the funds’ governance is respected. A multi-signature process splits the responsibility among multiple people, eliminating a single point of failure and making it substantially more difficult for funds to be compromised.
Proof of Stake is a type of consensus mechanism where the size of a validator's stakes determines the chances of them being chosen to mine the next block.
Staking means delegating your tokens into the blockchain network to act as a validator of transactions. By staking tokens, one helps in securing the network and in return, receives rewards for doing so.
Finoa's in-custody staking services support Polkadot (DOT), Oasis (ROSE), SKALE (SKL), Near (NEAR), Mina (MINA), Flow (FLOW), Audius (AUDIO), Axelar (AXL), Agoric (BLD), Kyve (KYVE), and more to come. Read an overview of our Proof-of-Stake assets.
Finoa offers a range of staking options, including:
- In-custody staking through the Finoa platform
- Delegated staking, via public validators
- White-label staking nodes.
Finoa supports custody for over 180 crypto-assets such as bitcoin, Ether, Polkadot, Near, Flow, Mina, SKALE Network, Mina Protocol, Oasis Network, and many more. An overview of supported assets can be found on our assets page.
If you would like to deposit an asset for which we do not currently offer custody support, please get in touch with our team via the contact form. We are constantly adding more assets to meet our customers' needs.
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is a method of confirming a user's identity by requesting two different types of information to confirm a login. It acts as an extra layer of account security.
Two-Factor Authentication is enabled in your Finoa account through the Finoa 2FA App. The latter works by cryptographically pairing your biometric data (Fingerprint or Face ID) on your smartphone with your Finoa account. 2FA serves as the means to enable a multi-signature functionality to your Finoa account.
For iPhone users, the Finoa App works on iPhones 6 and above. We highly recommend that you keep your iPhone up to date and install the recommended iOS updates regularly, to ensure the security of your iPhone.
Android users can access the Finoa App on devices running Android 9 or higher. These devices have the required security features, such as an integrated hardware security module (Secure Enclave, Trusted Execution Environment), as well as supporting biometric authentication methods (fingerprint or Face ID). However, as supported devices vary greatly in the Android ecosystem, Finoa cannot grant compatibility with our 2FA App for these.
Compatibility can only be fully assessed by trial, which is why Finoa encourages adopting an iPhone as the preferred device choice. As always, we highly recommend the following for the security of your device:
- Keep the software on your device up to date and install updates regularly.
- Only install apps and use services from trusted sources.
- Secure your phone adequately for the event of theft. Set up a screen lock with a strong PIN or a biometric factor (e.g. fingerprint).
- Report anything suspicious.
Disclaimer: note that there are exceptions to the device models supported by the Finoa App.
Yes, Finoa has developed a simple and robust RESTful API to integrate our secure custody solution into your existing applications and services. If you are interested in finding out more about our API, please reach out to our team by filling in the form on our contact page.