System Organization Control reports
In obtaining the reports, Coinbase Custody is able to prove to clients that they are compliant with a variety of security and reporting standards.
According to Grant Thornton’s website, SOC reports are meant to provide information on “the existence and strength of financial, operational and information security controls in an organization.” An SOC 1 report provides information on the internal controls relevant to a user organization’s financial reporting. In other words, “SOC 1 reports are intended to be auditor to auditor communications.”
SOC 2 reports, on the other hand, provide information on “security, availability, processing integrity, confidentiality and privacy.” Both SOC 1 and SOC 2 reports are divided into Type 1 and Type 2. A Type 1 report describes the design of the controls, while a Type 2 report also covers their effectiveness after a minimum testing period of six months.
Coinbase Custody also states that it will renew the reports in the future. The announcement follows late January reports that Coinbase has established an entity in Ireland to expand its crypto custody services to European institutions.
Other cryptocurrency services have also sought out SOC certificates. As Cointelegraph reported in late January, U.S.-based crypto exchange and custodian Gemini has completed a SOC 2 Type 2 evaluation through global professional services firm Deloitte.
The purpose of cryptocurrency custody
While one of the biggest advantages of crypto assets is the ability to independently custody them, financial markets and institutional investors need a heightened security standard that can hardly be achieved with self-custody. Blockchain Zoo researcher Rohan Barde Hai explained in late September 2019 why custody solutions are important to institutional investors in a Cointelegraph opinion piece.
The maturing cryptocurrency market is also apparently bringing traditional institutions onboard. On the heels of new Anti-Money Laundering laws, 40 German banks requested the regulators’ go-ahead to offer digital asset custody services.