Securing the Future: The Elements of Trusted Digital Asset Custody
Since its inception in 2019, Tetra Trust has led the way in regulated digital asset custody in Canada. As the first and only licensed custodian in the country, we’ve consistently set higher standards of security, governance, and compliance to ensure the protection of digital assets. Our mission has always been clear: to provide our clients with peace of mind, knowing their assets are safeguarded by the most stringent and proactive custodial practices in the industry.
When we were granted our trust company license in 2021, Tetra helped establish a new benchmark for qualified custody in North America. At that time, Proof of Reserves and Penetration testing were not standard practices for custodians. By focusing on robust audit processes, rigorous security protocols, and a commitment to exceed both regulatory and client expectations, we’ve made it our priority to set the standard for digital asset security.
In this post, we highlight the core elements that define Tetra’s approach to custody and our relentless pursuit of excellence in securing and managing digital assets.
The Role of Audit in Digital Asset Custody
Auditing is not just a regulatory formality—it’s fundamental to how we manage digital assets. Custody of digital assets comes with unique security challenges, and as custodians, we take the responsibility of mitigating these risks seriously.
Our audit processes encompass a wide range of operational and security controls designed to meet and exceed industry standards. Whether it’s safeguarding against external threats, maintaining robust internal governance, or proving our asset control, Tetra continuously seeks ways to improve and enhance our audit standards to offer the highest level of assurance to our clients.
In addition, Tetra plays a key role in auditing its partners and their processes through our rigorous compliance and monitoring program. All partners we work with have been thoroughly audited and additional due diligence is performed annually.
SOC 2 Type 2 Compliance: A Pillar of Trust
A key pillar of Tetra’s audit framework is our achievement of 3 SOC 2 Type 2 without qualifications. This certification, recognized as the gold standard for data security and operational integrity, validates our ability to protect client data and assets at the highest level.
SOC 2 Type 2 involves an assessment of our internal controls over an extended period, examining factors such as security, availability, processing integrity, confidentiality, and privacy. Our continued success in these audits demonstrates our unwavering commitment to providing best-in-class custodial services.
Proof of Reserves: Setting a New Standard
Proof of Reserves (PoR) is an essential compliance measure that verifies Tetra has full control of the assets in our custody, aligning with regulatory standards for transparency and accountability. Independent auditors conduct these audits biannually, ensuring all client assets are accurately accounted for.
Tetra was the first digital asset custodian in North America to adopt PoR in 2022, raising the bar for compliance and helping shape the digital asset custody framework. While there is currently no standard around PoR, we remain committed to improving this process to meet evolving regulatory expectations and provide unmatched asset security.
Penetration Testing: A Proactive Defense
Cyber threats have always been an ongoing concern in the digital asset space. In addition to working with some of the world’s best companies to safeguard assets, Tetra takes a proactive approach to protecting client assets through yearly penetration testing. By hiring white hat hackers to simulate real-world attacks, we can identify and address potential vulnerabilities before they can be exploited. We even go as far as sharing our results with clients and regulators to ensure full transparency is given.
Our proactive approach to threat detection and mitigation ensures that we stay ahead of emerging threats and protect our clients’ assets from even the most sophisticated cyberattacks.
Fintrac Assessments: Ensuring Compliance with AML Standards
As part of our comprehensive audit framework, Tetra undergoes Fintrac assessments every two years to ensure compliance with Canada’s anti-money laundering (AML) regulations. These independent audits confirm that we maintain effective controls to prevent illicit activities and meet all Fintrac requirements. Tetra also shared its results publicly, which highlighted the robustness of our AML program.
Looking Ahead
At Tetra Trust, we believe that continuous improvement is essential to maintaining our leadership in the industry. Over the past few years, we’ve consistently enhanced our audit and security standards, always going beyond what’s required. We continue to collaborate with regulators, auditors, and industry experts to improve our custodial framework and address the changing needs of the digital asset market.
Since our inception, we’ve defined what it means to be a custodian in Canada and we continue to set new benchmarks for security, transparency, and compliance. Through rigorous audits, proactive security measures, and an ongoing commitment to improvement, Tetra Trust provides the confidence and peace of mind our clients need to navigate this rapidly evolving industry.