Coinmerce’s Custody Policy is designed to provide our Clients with secure, transparent, and compliant custody services for crypto-assets, ensuring that their assets are protected, accessible, and managed in a secure and transparent manner. Below is a detailed summary of how we safeguard client assets and uphold our commitment to reliability and transparency.
Purpose of the Custody Policy
The purpose of Coinmerce’s Custody Policy is to create a secure framework for managing and storing client assets in a way that prevents potential risks, including fraud, cyber threats, and human error. We implement rigorous internal rules and controls that align with regulatory standards under the Markets in Crypto-assets (MiCA) Regulation, prioritising our clients' interests by minimising risks associated with our custody services.
Account Types
Coinmerce offers two Account Types, each providing Clients with different levels of Custody Services. For more information, please refer to Account Types.
Account Type Options:
Custody Account: Assets are held exclusively with the Foundation, predominantly in cold Foundation Wallets, providing the highest security and legal protection for long-term Crypto Asset storage.
Normal Account: Assets are safekept with the Foundation to the degree they are not dedicated to the Earn Program. A portion of eligible Crypto Assets is lent to Coinmerce Earn under the Earn Program for the purpose of yield generation, offering Clients transparent Rewards. Clients have a legal claim for redelivery of their Earn Program Crypto Assets.
Asset Segregation and Security
Coinmerce ensures full legal and operational segregation of Client assets. Assets held in custody are maintained separately from Coinmerce’s proprietary assets.
The Foundation employs a vault structure for enhanced operational security:
Client Vault: Receives Client Deposits and directs them to the Sweep Vault for daily reconciliation.
Deposits Vault: Receives deposited Crypto Assets for reconciliation purposes and distributes them to the designated wallets.
Main Vault: Maintains operational liquidity for Client Orders.
Cold Vault: Used for storing Crypto Assets offline, with a multi-signature approval process for withdrawals to ensure the highest level of security.
Storage and Management: Layered Security Protocols
To protect client Crypto Assets against unauthorised access, theft, or cyber-attacks, Coinmerce employs a multi-layered storage system that balances security with operational efficiency. This system includes:
Cold Wallets: Most Crypto Assets of Custody Account Clients are stored offline in cold storage under the Foundation's management, greatly reducing the risk of online threats.
Withdrawal Wallets: A portion of Client Crypto Assets is held in hot (internet-connected) wallets to facilitate direct liquidity needs.
Multi-Party Computation (MPC) Wallets: Transactions from these wallets require multiple authorised signatories, ensuring no single individual can transfer assets independently.
Transaction Authorization Policy (TAP): This policy describes which transactions are allowed, how many approvals should be provided before executing, as well as which transactions should be blocked automatically.
Role-Based Access Control (RBAC): Only authorised personnel with specific roles have access to specific wallets, limiting the risk of internal threats and protecting client funds.
Transparency and Real-Time Access
To maintain transparency, all Clients have continuous access to their balance information, Order history, and position statements. Clients can view their holdings in real-time, including details of any trades or transfers they have initiated, ensuring they are always informed of the status and security of their assets.
Comprehensive Risk Management and Incident Response
Coinmerce takes risk management seriously and has implemented policies to identify, mitigate, and respond to potential threats to Client assets. This includes:
Transaction Monitoring: Coinmerce continuously monitors all asset transactions to detect any suspicious activity or potential security breaches.
Regular Audits and Internal Controls: Coinmerce conducts frequent internal audits and enforces strict access controls to uphold security standards.
Incident Response Plan: In the unlikely event of a security incident, Coinmerce has a structured response plan to quickly address and contain any issues, ensuring client assets remain protected. This plan includes:
Immediate detection and containment measures.
Procedures for restoring normal operations.
Communication with affected clients and regulatory authorities as required.
Client Rights and Withdrawal Procedures
Coinmerce recognises that Clients must have control over their assets. Therefore, clients can Withdraw assets at any time through submitting an Order in the User Interface. Upon request, Coinmerce will process asset returns swiftly, typically within moments, unless additional security checks are required.
In certain cases, Coinmerce may initiate asset return without a client’s request. Such situations may include:
Termination of Services: If Coinmerce discontinues services or terminates the Client Agreement, all Client assets will be promptly returned.
Legal Compliance: Coinmerce will return assets to Clients in accordance with Applicable Laws and Regulations.
Liability and Client Responsibility
Coinmerce is committed to transparency regarding the extent of our liability. We assume full responsibility for any loss of client assets or access to them if such an incident occurs due to our negligence or breach of duty. If such an event occurs, Coinmerce will compensate the Client based on the market value of the asset at the time of loss. However, Coinmerce cannot be held liable for losses resulting from external factors, such as technical issues within blockchain networks or mismanagement of personal account access credentials by clients.
Clients are responsible for safeguarding their access credentials (e.g., passwords and two-factor authentication codes) and are strongly encouraged to follow Coinmerce’s security guidelines to ensure account safety. Coinmerce provides robust security measures, including:
Two-Factor Authentication (2FA): Required for all withdrawals to prevent unauthorised transfers.
Encryption: Sensitive data is encrypted both in transit and at rest to protect Client information.
Security Awareness Resources: Clients are provided with educational materials and security recommendations to stay informed on best practices for asset protection.
Support and Contact
For further information or questions about our Custody Policy, Clients can reach out to our support team, who are available to provide assistance with any inquiries or requests regarding the custody of their assets.