Trust Centre

Trust Centre

Trust Is Built Through Structure, Not Statements.
At BIT, trust is not established through a single promise or one-off audit. It is built through governance, risk discipline, security architecture, and independent verification — designed to operate continuously across market cycles.
This Trust Centre provides a structured overview of the institutional frameworks currently in place across security, compliance, risk governance, and audit assurance.

Our Trust Framework

BIT's trust model is built on four reinforcing pillars:

Security

Security is embedded into governance, engineering, infrastructure, and custody design - not added as an afterthought.

Compliance

Business boundaries are defined by applicable regulation. AML/CFT, sanctions controls, and licensing frameworks are foundational - not supplementary.

Transparency

Key governance, control, and custody arrangements are disclosed clearly within applicable legal boundaries.

Verifiability

Independent third-party audits and certifications support objective review of our systems and controls.

Regulatory & Licensing Overview

BIT operates through multiple group entities across different jurisdictions. Licences, registrations, and regulatory statuses are held by the relevant entity and apply to the specific activities for which they have been granted

BIT group entities maintain regulated or registered presences in jurisdictions including:

Singapore
Singapore
Hong Kong
Hong Kong
Switzerland
Switzerland
United Kingdom
United Kingdom
United States
United States
Bhutan
Bhutan

Detailed regulatory and licensing information is available at the entity-level.

View entity-level regulatory disclosures

Governance, Security & Assurance

BIT's operating framework incorporates governance, risk management, security architecture, and independent assurance mechanisms designed to support disciplined participation in digital asset markets.
The following sections provide an overview of key control frameworks currently in place across risk governance, compliance, custody security, operational monitoring, and audit assurance.

Risk Management & Governance

Risk management at BIT is an institutional capability embedded across operations, products, and decision-making processes.

Controls are applied across the full lifecycle, including:

  • Pre-transaction assessment
  • In-transaction monitoring
  • Ongoing risk surveillance
  • Incident escalation and remediation
  • Periodic review and reporting

Key risk categories monitored include market, credit, liquidity, operational, legal, compliance, and technology risks.
Oversight is provided through defined governance structures, including committee-level review and established risk appetite parameters.

AML/CFT & Sanctions Framework

BIT maintains a risk-based AML / CFT framework aligned with applicable local regulations and international standards.

Key components include:

  • Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
  • Ongoing customer and transaction monitoring
  • Sanctions and watchlist screening
  • Suspicious activity reporting
  • Independent programme testing
  • Mandatory compliance training

Product offerings in certain jurisdictions are assessed and subjected to BIT's compliance framework restrictions and prohibitions.

Digital Asset Custody Security

Digital asset custody security is supported through Cactus Custody, BIT's custody arm.

Security architecture incorporates multiple layers of control, including:

  • Segregated custody structures
  • Multi-party computation (MPC) and cryptographic controls
  • Hardware security modules (HSMs)
  • Strict access management and segregation of duties
  • Physical and environmental safeguards

Security governance includes defined approval workflows and escalation protocols for material risk events.

Continuous Monitoring & Incident Response

BIT maintains continuous monitoring across systems, transactions, and access activity.

Measures include:

  • Real-time alerting and anomaly detection
  • Risk-based access controls
  • Multi-factor authentication
  • Incident response and escalation procedures
  • Ongoing system resilience testing

Monitoring and response processes are reviewed regularly to reflect evolving risk environments.

Independent Audit & Assurance

BIT's assurance framework includes multiple layers of independent review.

This includes:

  • ISO certifications covering information security, privacy, and quality management (via Cactus Custody)
  • SOC 1 Type II and SOC 2 Type II reports (via Cactus Custody)
  • Statutory financial audits conducted in accordance with applicable requirements
  • Internal audit and continuous control testing

Audit findings are tracked through defined remediation and governance processes.

Real-World Asset (RWA) Transparency

For tokenized real-world assets offered via Matrixdock, trust extends beyond on-chain mechanisms.

Transparency measures include:

  • Independent physical custodians for underlying assets
  • Structured disclosure and reporting frameworks
  • On-chain issuance and supply visibility
  • Participation of independent auditors where applicable

This layered approach supports verifiability across both on-chain and off-chain components.

For a consolidated, point-in-time summary of the framework in operation as of 2026, download our Trust Framework Whitepaper (2026)

Download Whitepaper

A Living Framework

Trust frameworks are not static.
BIT's governance structures, security controls, compliance programmes, and assurance mechanisms are reviewed and refined as regulatory, technological, and market conditions evolve.
This Trust Centre reflects frameworks and controls currently in operation within publicly disclosable scope.

Disclosures

This Trust Centre is provided for informational purposes only and does not constitute a guarantee of outcomes or eliminate inherent risks associated with digital asset activities.
Descriptions reflect current frameworks and are subject to change.