Finery Markets is first crypto ECN to earn SOC 2 Type 1 compliance

Finery Markets, a provider of over-the-counter (OTC) trading solutions, has achieved a major milestone by becoming the first cryptocurrency-focused Electronic Communication Network (ECN) to pass the SOC 2 Type 1 examination.

The SOC 2 audit is a security compliance standard that evaluates an organization’s ability to protect customer data through a thorough assessment of its infrastructure, software, personnel, data handling, and policy adherence. This exam is a big deal because it checks whether a company can protect its customers’ data by looking at everything it does, from how it uses technology to how its team works.

Finery Markets doesn’t hold onto its customers’ cryptocurrencies but helps big financial companies trade them. This non-custodial crypto ECN, known for its advanced trading infrastructure and software, caters to institutional market participants across over 30 countries.

Finery Markets serves a broad network of over 100 digital asset entities, including payment providers, brokers, and OTC desks, by integrating them into a robust ecosystem that offers trading solutions and access to a network of institutional partners.

Finery Markets’ flagship product, FM Liquidity Match, enables market players to launch a fully electronic OTC trading business and manage client relations throughout the entire trade cycle. The platform comes with a proprietary matching engine and operates through a sub-account model, allowing for easy customization and management of risk limits, positions, and trading history.

“Our goal at Finery Markets has always been to provide institutional-grade services to our clients. Completing our SOC 2 Type 1 examination demonstrates our dedication to implementing robust security controls for safeguarding client data. This milestone further strengthens our position as a trusted leader in the institutional crypto trading space,” said Konstantin Shulga, CEO and co-founder at Finery Markets.

Finery Markets was able to pass the exam successfully by collaborating with 360 Advanced, a company that specializes in making sure data is safe.

When examining your SOC 2 report, additional aspects to consider include the service organization’s oversight, vendor management programs, regulatory compliance, risk management practices, and internal regulatory controls.

Like SOC 1, there are two varieties of SOC 2 reports: Type I, which assesses if the service provider’s controls are appropriately designed. It doesn’t involve actual testing but provides a snapshot of the controls at a specific time, verifying that the organization is meeting its objectives. As for Type II, the report offers a more thorough analysis as it evaluates the efficacy of the controls. The auditor conducts tests to see how the controls operate in practice, including examining samples to assess their functionality.