add-digital

Enterprise ready custody & security of digital currency

Built for regulated financial institutions, Circle is a leader in providing secure custody of digital assets specializing in digital dollar stablecoin infrastructure.

Custody feature

Cold storage

Our cold storage operations help protect customer digital currency deposits as well as the privileged role keys for USDC by storing them offline in geographically distributed vaults. Strong segregation of duty controls ensure that no single person can independently complete a transaction with these keys.

Circle operates a robust set of liquidity management processes to ensure that assets in cold storage can be brought online with rapid turn-around, always providing seamless liquidity for hot wallet USDC infrastructure.

CUSTODY FEATURE

Hot wallet security

Circle operates a proprietary, hardened hot wallet and key management solution that protects online assets from the attacks commonly used to target digital asset wallets.

Custody feature

Digital asset theft insurance coverage

Circle’s digital currency custody and storage is insured with one of the most broad digital asset theft insurance programs, a market the company helped to pioneer in 2014 with Marsh and a leading syndicate of A-rated insurance underwriters. Circle maintains $150M in insurance covering theft and loss associated with breaches of Circle’s cold storage and hot wallets, including theft from employee fraud.

CUSTODY FEATURE

Risk & liquidity management controls

Circle undergoes regular comprehensive financial and security audits. Full custody is audited by a leading global accounting firm, Grant Thornton. Our platform manages USDC minting limits, tokenization to USDC and redemption back to USD.

Our risk, liquidity and compliance services and controls also include detailed analytical tools to assist our risk and compliance operations analysts in ongoing AML and risk monitoring.

 

 

Security

Circle’s information security program is based on industry standard security controls consistent with standards such as the NIST Cybersecurity Framework and ISO 27002. Circle’s security controls are documented in detailed security policies which inform procedures across the organization including procedures for technology management, customer information handling, software development, privacy, and many more. The security program’s key controls include periodic risk assessments, standard network and system security controls such as firewalls, intrusion detection, system hardening, and antivirus, the integration of security best practices into our dev/ops and ci/cd pipeline workflows, vulnerability management integrated into the ci/cd pipeline, mature identity and access management, strong cryptography, and incident response capabilities. The security program is further supported by management control testing including but not limited to peer code reviews, access control reviews, firewall reviews, network and application penetration testing, and vulnerability testing.

Overall control design and operating effectiveness is assured via numerous audits and assessments annually. Within the past year, Circle has conducted an IT Controls Audit, a SOC 1, type II audit, a PCI Assessment, multiple third party penetration tests, and had its IT general controls tested as part of its annual financial audit. Regulatory exams associated with our money transmitter licenses also frequently test these same controls. Circle is PCI Certified.

Finally, business continuity management, vendor risk management, and privacy controls round out Circle’s technology risk management posture. These risk management disciplines are fully integrated at Circle with secure information handling and privacy law requirements equally informing how our staff handle data and interact with customers, a vendor risk management program that extends security, compliance, privacy, and business continuity requirements to the third parties upon which our business relies, and incident response capabilities that equally address operational, security, privacy, compliance, business continuity, and pandemic events.

21972-312_SOC_NonCPA

 

We maintain a money transmission license (or the statutory equivalent) in various U.S. states and territories, as well as a virtual currency license in the State of New York, and are therefore subject to the requirements of such statutes. We are not a trust company nor do we maintain a trust company charter in any U.S. state or territory.  Accordingly, any regulated services we provide to users located in the United States are characterized as money transmission and/or virtual currency business activity, and not as trust services. Additionally, for the avoidance of doubt, Circle is not a fiduciary, and Circle does not provide any trust or fiduciary services to any user in the course of such user visiting, accessing, or using the Circle website or services.  Any reference to custody services in any User Agreement refers only to our custody of digital assets on a user’s behalf pursuant to the authority granted under our money transmission and/or virtual currency licenses.  Circle is not (i) a Qualified Custodian pursuant to 17 C.F.R. § 275.206(4)-2 or (ii) a “digital custodian” as such term is defined by the Nevada Financial Institutions Division.

Want to learn more?

Let us connect you with the right team at Circle. Just tell us a little about you and your business.

get in touch

Get in touch with Circle