Asset security at Fipto: How we secure client funds

Asset security at Fipto: How we secure client funds

Bertrand Godin
October 12, 2023
3 min

As a registered Digital Asset Service Provider (DASP) by the French Financial Markets Authority (AMF), Fipto places paramount importance on safeguarding clients' assets by adhering to the highest security standards within the industry.

Fipto holds its clients’ investable assets such as fiat currencies, cryptocurrencies, NFTs and  asset-backed tokens backed by a distributed ledger. In order to bring the most protection to those assets, our objective is to replicate the best security standards in traditional finance while incorporating the best security standards for digital assets.

As a result, Fipto has established a robust framework based on four fundamental pillars, each carefully designed to fortify asset protection:

Segregation of Funds

A key principle at Fipto is to distinctly identify digital assets held in Fipto wallets within our accounts, ensuring complete separation from Fipto's corporate funds. This segregation ensures a clear distinction between operational capital and clients' digital assets.

Zero investments

By extension, Fipto refrains from investing clients' digital assets, differentiating from conventional banking practices. With this approach, clients' wallets maintain an identical balance to the amount reflected on the Fipto side at any given moment. Clients' digital assets are not invested, not even in “low-risk, liquid and safe-asset” as most banks or fintech would typically do.

Immutable internal ledger

Fipto build its own internal ledger, systematically recording records of financial transactions and balances, which also tracks and verifies financial activities to ensure accuracy.

To maintain our ledger as an immutable transactional log, preventing any alteration of transaction history—a possibility in most traditional financial firms—we utilize the Amazon Quantum Ledger Database.

Information Security Best Practices

In developing our technical infrastructure, Fipto adheres to the Principle of Least Privilege, granting individuals only the minimum authorizations to perform their function. Moreover, critical actions require validation through the "4-eyes principle," involving at least two individuals to authorize specfic actions.

Additionally, Fipto adopts two-factor authentication (2FA) for certain actions within the system, aligning with standard security practices in the financial industry. For payments in traditional currencies, current regulations mandate authentication based on two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses), and inherence (something the user is).

For each action, a user has to complete both a knowledge and a possession factor. They need to first provide their password to access the tool and then enter a code generated by an app on their phone.

Compliance Beyond Regulations

Fipto adheres to compliance rules akin to those applicable to traditional financial institutions, emphasizing a conservative approach in segregating client funds and following meticulous Know Your Client (KYC) and Transaction Monitoring processes.

Transaction monitoring consist of a continuous oversight and analysis of customer transaction activity to identify patterns, behaviors, and anomalies that might indicate fraudulent, illegal, or non-compliant activities. It is an essential tool in risk management, ensuring regulatory compliance, and safeguarding the integrity of payment systems.

This proactive stance showcases Fipto's dedication to the highest compliance standards, aiding in combating money laundering and terrorism financing.

Collaboration with Reliable Partners

Fipto strategically partners with trusted industry leaders committed to compliance and security in the financial sector. These partnerships encompass:

  • An ID Verification Provider Certified by the French National Agency for the Security of Information Systems: Ensuring robust measures against identity fraud.
  • Industry Leaders for On-chain and Name Screening on Transactions: Enhancing transaction scrutiny standards to mitigate risks. We work with Chainalysis, a risk management tool, used by financial institutions, Web3 businesses, and government agencies to gain the critical information necessary to make data-driven decisions through robust crypto data collection and analysis.
  • World Leader in Institutional Digital Asset Custody Technology: A trusted partner for safeguarding crypto asset private keys, reinforcing Fipto's commitment to secure custody. Our partner, Fireblocks is the world leader in institutional crypto custody. Their defense-in-depth architecture combines MPC-CMP and hardware security to eliminate single point of compromise and create a secure environment for storing, issuing, and transferring digital assets.

By meticulously upholding these pillars and collaborating with reputable industry partners, clients can have confidence that their assets are safeguarded with diligence and expertise, underlining Fipto's commitment to security and client trust.

Try Fipto for free

We can set up a trial account for your company. Get started

Share this post
October 12, 2023

Get Started Today

Book your free demo

Set up your account and begin making and receiving payments in seconds. Or, contact us to design a custom package for your business.