add-digital

Enterprise ready custody & security of digital currency

Built for regulated financial institutions, Circle is a leader in providing secure custody of digital assets specializing in digital dollar stablecoin infrastructure.

Custody feature

Cold storage

Our cold storage operations protect the majority of customer digital currency deposits as well as the privileged role keys for USDC by storing them offline in geographically distributed vaults. Strong segregation of duty controls ensure that no single person can independently complete a transaction with these keys.

Circle operates a robust set of liquidity management processes to ensure that assets in cold storage can be brought online with rapid turn-around, always providing seamless liquidity for hot wallet USDC infrastructure.

CUSTODY FEATURE

Hot wallet security

Circle operates a proprietary, hardened hot wallet and key management solution that protects online assets from the attacks commonly used to target digital asset wallets.

Custody feature

Digital asset theft insurance coverage

Circle’s digital currency custody and storage is insured with one of the most broad digital asset theft insurance programs, a market the company helped to pioneer in 2014 with Marsh and a leading syndicate of A-rated insurance underwriters. Circle maintains $150M in insurance covering theft and loss associated with breaches of Circle’s cold storage and hot wallets, including theft from employee fraud.

CUSTODY FEATURE

Risk & liquidity management controls

Circle undergoes regular comprehensive financial and security audits. Full custody is audited by a leading global accounting firm, Grant Thornton. Our platform manages USDC minting limits, tokenization to USDC and redemption back to USD.

Our risk, liquidity and compliance services and controls also include detailed analytical tools to assist our risk and compliance operations analysts in ongoing AML and risk monitoring.

Security

Circle’s information security program is based on industry standard security controls consistent with standards such as the NIST Cybersecurity Framework and ISO 27002. Circle’s security controls are documented in detailed security policies which inform procedures across the organization including procedures for technology management, customer information handling, software development, privacy, and many more. The security program’s key controls include periodic risk assessments, standard network and system security controls such as firewalls, intrusion detection, system hardening, and antivirus, the integration of security best practices into our dev/ops and ci/cd pipeline workflows, vulnerability management integrated into the ci/cd pipeline, mature identity and access management, strong cryptography, and incident response capabilities. The security program is further supported by management control testing including but not limited to peer code reviews, access control reviews, firewall reviews, network and application penetration testing, and vulnerability testing.

Overall control design and operating effectiveness is assured via numerous audits and assessments annually. Within the past year, Circle has conducted an IT Controls Audit, a SOC 1, type II audit, a PCI Assessment, multiple third party penetration tests, and had its IT general controls tested as part of its annual financial audit. Regulatory exams associated with our money transmitter licenses also frequently test these same controls. Circle is PCI Certified Finally, business continuity management, vendor risk management, and privacy controls round out Circle’s technology risk management posture. These risk management disciplines are fully integrated at Circle with secure information handling and privacy law requirements equally informing how our staff handle data and interact with customers, a vendor risk management program that extends security, compliance, privacy, and business continuity requirements to the third parties upon which our business relies, and incident response capabilities that equally address operational, security, privacy, compliance, business continuity, and pandemic events.

Finally, business continuity management, vendor risk management, and privacy controls round out Circle’s technology risk management posture. These risk management disciplines are fully integrated at Circle with secure information handling and privacy law requirements equally informing how our staff handle data and interact with customers, a vendor risk management program that extends security, compliance, privacy, and business continuity requirements to the third parties upon which our business relies, and incident response capabilities that equally address operational, security, privacy, compliance, business continuity, and pandemic events.

21972-312_SOC_NonCPA

 

Want to learn more?

Let us connect you with the right team at Circle. Just tell us a little about you and your business.

get started

Get in touch with Circle