Crypto firms build confidence through SOC 2 reporting

Following the increase of adoption of digital assets, cryptocurrencies have become a popular alternative asset class in the global economy. In the latest report from, it was estimated that the total number of global crypto users has shot up to 295 million users as of year end 2021. At the time of writing in February 2022, the total market cap of cryptocurrencies is estimated at around USD2 trillion.

However, since the regulation governing cryptocurrencies are still either not clear or even non-existent in many countries, there are still number of crypto exchanges are indeed not licensed anywhere or/and incorporated in offshore islands in order to be subject to less regulatory supervision. When you are deciding to use a crypto exchanges platform to trade your cryptocurrencies or custody your cryptocurrencies with a custodian, the most common question is, “Is our information secured?” This is often followed by a more difficult question, “How do you know? ” The SOC 2 certification then comes into play and it becomes the industry benchmark these days.

 What is SOC2 certification?

The SOC 2 is a System and Organisation Controls report with an audit opinion issued by a certified public accountant over internal controls related to information technology. The report is prepared under the Trust Principles of Security, Availability, Integrity ofprocessing, Confidentiality and Privacy.

A SOC 2 report can demonstrate to the recipient of the report the controls of the crypto firm in addressing security, availability, integrity of processing, confidentiality and privacy through this third-party assurance report.

As AICPA has provided the general criteria of effective design of controls under the Trust Principles, it would be the independent assessor's responsibility to identify what has been done by the crypto firm which meets those applicable criteria. Accordingly, the third-party assurance report helps crypto firms to build
confidence in their service delivery processes and controls.

How Deloitte can help

Our experienced assurance teams stand ready to support your needs with a set of service offerings including:

  • Perform readiness assessment and advise the management the gap
    prior to the SOC 2 examination 
  • Make recommendations on the improvement and enhancement of the
    control environment, system controls and IT security risk
  • Customize a SOC 2 report to meet client's need and be aligned to SOC


Contact us:

Adrian Yeung
Hong Kong
Tel: +852 2852 1938


Chan Yat Man
Hong Kong
Tel: +852 2238 7268


Wilson Cheung
Hong Kong
Tel: +852 2852 6609

(English version)

Insert Custom HTML fragment. Do not delete! This box/component contains code that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?