At Venga, safeguarding your crypto assets is our top priority. We employ industry-leading security standards, including multi-signature wallets, advanced encryption, rigorous asset segregation, periodic reconciliations, and comprehensive audits. Our in-house custody solution ensures direct control and protection of your assets, supported by strict internal controls and proactive risk management. Transparent communication, timely client reporting, and continuous regulatory compliance reinforce our commitment to providing you with secure, professional, and reliable custody services.
This document provides a detailed explanation of Venga’s custody and administration practices, clearly outlining our procedures, safeguards, and client communication protocols to maintain the utmost transparency and regulatory compliance in all aspects of our operations.
1. Introduction and Scope
Our Commitment:
At Venga, we recognize that entrusting your crypto assets requires a robust and secure framework. Our procedures are designed in accordance with the European Market in Crypto-Assets Regulation framework and other relevant regulatory standards, ensuring that your assets are managed with the highest degree of care and professionalism.
Scope of This Document:
This overview summarizes our custody and administration services, detailing how your assets are stored, monitored, and maintained. It encompasses key elements such as custodial arrangements, storage and security measures, reconciliation processes, segregation of assets, administrative practices, facilitation of client rights, departmental responsibilities, and our breach and risk management protocols.
At Venga, we maintain a firm commitment to security by employing advanced security measures, including multi-signature wallets, state-of-the-art encryption, and regular independent audits to safeguard your crypto-assets. These security measures are reinforced by robust internal controls, periodic reconciliation of client funds, and continuous supervision and oversight of all custody activities to ensure maximum protection and regulatory compliance.
2. Custodial Arrangements
In-House Custody:
Venga employs an in-house custody arrangement, meaning that we take full responsibility for the custody and safeguarding of our clients' crypto assets through our custody solution. Under this arrangement, Venga maintains complete control over the crypto-assets, including direct management of all associated private cryptographic keys.
Specifically, our custody solution ensures:
- Direct Control and Secure Storage:
Venga directly controls the storage and safeguarding of clients' crypto-assets and their respective private keys. Crypto assets are securely stored using advanced security measures such as multi-layer encryption, multi-signature protocols, offline (cold) storage, and robust backup and recovery procedures. - Strict Access Controls:
Access to crypto-assets and private keys is strictly limited and highly regulated. No single individual within our organization has complete access or control over private keys. Any significant operational action involving master keys (such as key generation or critical transfers) requires the joint approval of multiple senior-level individuals from distinct departments (Compliance, Finance and IT), significantly reducing risks related to human error or internal misconduct. - Advanced Security Practices:
We adhere strictly to international security standards for generating private keys, ensuring these keys are created offline, stored in secure, geographically dispersed locations, and are completely inaccessible to unauthorized personnel. Additionally, our security protocols require routine independent testing of backup systems and key recovery procedures. - Robust Risk Management and Backup Procedures:
Our solution includes comprehensive backup strategies to prevent single points of failure. Backups of private keys and cryptographic seeds are securely distributed across multiple locations, safeguarded by stringent access controls identical to those of the primary keys. Regular tests are conducted to confirm the integrity and accessibility of backup data. - Mitigation of Key Personnel Risks:
To manage and reduce "key-person risk" (the risk associated with relying on a limited number of individuals for critical operations), Venga uses multi-signature wallets that require authorization by multiple key custodians. A clear succession plan is also maintained to promptly replace key custodians if necessary, ensuring uninterrupted access and operational continuity in unforeseen circumstances.
3. Storage & Security
At Venga, safeguarding your crypto-assets is our top priority. Our custody practices are designed to meet the highest industry standards, providing you with exceptional security, reliability, and peace of mind. By employing best-in-class technologies, rigorous procedures, and continuous oversight, we ensure that your crypto-assets are securely stored and diligently protected against any potential threats.
Cold Storage versus Hot Storage:
- Cold Storage:
A significant portion of your assets—ranging from 55% up to 70–90%—is maintained in offline “cold wallets.” These wallets are secured in geographically diverse, undisclosed vaults, thereby minimizing exposure to cyber threats. - Hot Storage:
A smaller allocation is held in “hot wallets” to facilitate prompt transactions and withdrawals. These wallets are subject to continuous monitoring and are regularly replenished from our cold storage reserves to mitigate risk.
Security Measures:
- Encryption and Multi-Signature Protocols:
We implement industry-leading encryption techniques combined with multi-signature requirements. This protocol demands multiple authorized keys from separate individuals to approve and execute any transaction, substantially increasing security and eliminating single points of failure. - Robust Key Management:
Our key management protocols ensure sensitive encryption keys remain securely protected. Keys are generated, managed, and stored using audited, secure processes that prevent any human access or exposure, thereby significantly reducing potential vulnerabilities. - Ongoing System Updates:
Our IT department conducts regular software and firmware updates, complemented by comprehensive cybersecurity measures including firewalls, antivirus, and anti-malware systems. - Secure Destruction of Keys:
When encryption keys are no longer required, Venga employs a rigorous process for their secure deletion and physical destruction. This meticulous procedure ensures that key materials cannot be recovered, further enhancing asset security. - Third-party Involvement: In the case of selecting technology partners to support our custody, we adhere to rigorous European standards to select our partners, which are subject to continuous audits and reviews to ensure they maintain the stringent security standards required by Venga. Regardless of any technical external support, Venga retains overall responsibility for the custody and safety of your crypto-assets.
4. Transactions, Asset Management and Segregation
Reconciliation Explained:
Reconciliation is the systematic process of verifying and matching the records of your crypto-assets held at Venga against independent statements provided by third-party custodians. This practice ensures consistency and accuracy between our internal records and external confirmations.
Monthly Reconciliation Process:
Every month, our Finance Department carefully compares Venga’s internal records of asset balances and transactions with the official statements received from third-party custodians. This verification process is designed to identify any differences or errors promptly.
Prompt Resolution of Discrepancies:
If any discrepancies or differences are detected during reconciliation, we immediately investigate the cause, resolve any issues, and apply corrective measures to ensure the continued accuracy and integrity of your asset records.
Why Reconciliation Matters:
Regular reconciliation is essential for maintaining transparency, accuracy, and trust. It ensures that your crypto assets are consistently accounted for, providing confidence that your balances and transaction records are correct and reliable.
Segregation:
Segregation refers to the essential practice of clearly separating and distinguishing client crypto assets from Venga’s own company assets. At Venga, even when we use pooled or omnibus accounts—which involve combining the crypto-assets of multiple clients into a single storage account for operational efficiency—we maintain meticulous internal records to clearly and accurately attribute asset ownership to each individual client.
By employing this rigorous segregation approach, we ensure your assets remain explicitly identifiable and secure at all times, protected against any risks or liabilities associated with the company’s own operations or financial position. This practice not only safeguards your holdings but also ensures strict compliance with applicable regulatory standards and best practices.
5. Administration
Comprehensive Administrative Services:
Our administration services are designed to manage your crypto-assets with precision and transparency. Key aspects include:
- Timely Reporting:
You will receive regular reports that detail your asset balances, transaction history, and any associated fees or charges. - Compliance and Operational Integrity:
All administrative processes are regularly reviewed to ensure adherence to relevant legal and regulatory standards.
6. Facilitating Client Rights
Empowering Client Control:
We ensure that you can exercise your rights over your crypto assets with ease. This includes:
- Timely Notifications:
We monitor industry events and promptly notify you of any changes—such as staking rewards, token splits, or modifications to asset rights—that may affect your holdings. - Assistance with Transactions:
Our team is available to facilitate instructions for asset transfers, reward claims, or other actions, following a thorough verification process. - Transparent Documentation:
All actions taken on your behalf are documented clearly to maintain transparency and accountability.
7. Roles and Responsibilities
Collaborative Oversight:
A number of specialized departments work in concert to manage your crypto-assets securely:
- Finance Department:
Oversees daily operations, transaction execution, and reconciliation processes. - IT Department:
Maintains the secure and reliable technological infrastructure that underpins our custody systems. - Compliance and Risk Management:
Ensures that all procedures comply with applicable laws and industry standards, while actively managing potential risks. - Internal Audit:
Conducts periodic audits to assess the effectiveness of our controls and to recommend any necessary improvements.
This integrated approach minimizes risk and ensures that no single department is solely responsible for any aspect of asset custody.
8. Client Disclosure and Communications
Commitment to Transparency:
At Venga, we believe that clear communication is essential. To that end:
- Service Agreement:
Your contractual agreement with Venga sets forth your rights, our responsibilities, applicable fees, and detailed descriptions of our service processes. - Regular Reporting:
You will receive quarterly reports (or more frequently upon request) that provide a comprehensive overview of your holdings, transactions, and any fees incurred. - Timely Alerts:
In the event of significant developments—such as security incidents, regulatory updates, or changes in our policies—you will be informed immediately through our established communication channels.
9. Breach, Risk Management, and Remediation
Venga maintains a comprehensive and proactive risk management framework aimed at promptly detecting, mitigating, and resolving incidents or breaches affecting the custody and administration of client crypto-assets. Our risk management approach is designed not only to swiftly and effectively address any identified anomalies or security breaches but also to reinforce compliance with applicable legal and regulatory obligations, thereby ensuring the continued protection and integrity of client assets.
In the event of any incident or suspected breach, our dedicated internal systems and teams—including Finance, IT, and Compliance—engage immediately to detect, assess, and contain the situation. Upon identifying any irregularity, the relevant departments collaborate without delay to implement measures designed to limit potential damage or exposure.
Following initial detection and containment, senior management and, where necessary, relevant external authorities are promptly notified to ensure transparency, compliance, and appropriate escalation. Venga adheres strictly to all applicable regulatory notification requirements, ensuring clear, timely, and accurate communication with relevant stakeholders and authorities.
Subsequently, a comprehensive and thorough investigation is carried out to determine the precise cause, extent, and potential consequences of the breach or incident. This investigative process involves the systematic collection and careful analysis of all pertinent data, documentation, and evidence to facilitate a complete understanding of the event.
Upon concluding this investigation, Venga swiftly implements appropriate corrective actions and remediation measures designed to restore operational integrity, secure affected systems, and strengthen controls to prevent recurrence. These measures are subject to verification and validation, further ensuring the resilience of our custody infrastructure and operational processes.
Finally, a detailed post-incident review is conducted, documenting the chronology of events, underlying causes, impact, and corrective actions taken. This review process serves as a crucial instrument for continuous improvement, allowing Venga to identify lessons learned, refine our risk management procedures, and reinforce our ongoing commitment to the highest standards of security, compliance, and asset protection.
Venga is dedicated to providing a secure, transparent, and professionally managed custody service for your crypto assets. Should you require further details or have any inquiries, please refer to the complete policy documentation or contact our Customer Support team directly.