01
Segregation
Client funds never touch our balance sheet.
Dedicated IBANs under each licensed entity. Fiat sits in ring-fenced accounts with tier-1 correspondent banks — not pooled, not lent, not rehypothecated.
05 · Security
We don't hold your assets.
That's the feature.
GOAT Finance is non-custodial by design. Client assets are never on our balance sheet — they live with third-party qualified custodians, segregated by entity and by client. The model is simple: we route, the custodian holds, the regulator audits both sides.
05 / SECURITY
Three walls between
you and risk.
A regulated entity is the first wall. A qualified custodian is the second. An external audit is the third. All three are standard here.
02
Custody
Crypto held by qualified custodians.
On-chain assets are held with licensed institutional custodians across cold, warm, and MPC-based hot storage. Insurance coverage applies to every wallet tier we operate.
03
Oversight
Four regulators. External audits. Always.
Swiss federally recognized SRO in Switzerland. MiCA in progress in Latvia. FinCEN in the US. FINTRAC in Canada. Plus Big-4 financial audits and annual pen-tests on all systems.
Audit & attestation
ISO 27001
Via certified partners & vendors
SOC 2
Type II · via partners
Big-4
Financial audit
We don't hold custody of client assets — so no Proof-of-Reserves attestation applies. Our infrastructure, KYT and custody partners carry their own ISO 27001 and SOC 2 Type II certifications, which we rely on as part of our controls framework.
12 / COUNTERPARTIES
The rails under the rails.
Client fiat sits with tier-1 correspondent banks. Crypto sits with qualified institutional custodians. We do not take custody of client assets — we operate the regulated layer in front of them.
◉
Tier-1 Swiss
CH correspondent
◈
EU Clearing
SEPA Instant
◆
US Correspondent
Fedwire · ACH
◇
UK FPS Agent
Faster Payments
⬡
Qualified Custodian
Crypto · insured
⬢
MPC Infrastructure
Hot wallet layer
Specific counterparty names disclosed under NDA during onboarding
07 / KYC & AML
Enhanced due diligence.
Non-negotiable.
Every applicant — individual, corporate, or fund — goes through enhanced due diligence under the jurisdiction of the entity they're being onboarded to. Source of funds, beneficial ownership, and sanctions screening are reviewed against the regulator's framework, not ours.
01
Identity & documentation
Individual: passport, proof of address, source-of-funds. Corporate: articles of incorporation, UBO registry, board resolutions, certified directors. Review under the regulator applicable to your entity.
02
Source of funds
Documented origin of every initial deposit. Bank statements, tax records, audited financials, or wallet-history attestation for crypto. No exceptions — we don't onboard flows we can't trace.
03
Sanctions & PEP screening
Screened against OFAC, EU, UK, UN and national lists at onboarding and continuously thereafter. PEP cases escalated to compliance committee under the applicable entity's policy.
04
Ongoing monitoring
Transaction monitoring (KYT) on every crypto leg via certified partners. Fiat flows monitored against expected-activity profiles. Unusual patterns flagged automatically; reviewed manually within hours.
08 / AUDITS & ATTESTATIONS
What's certified.
And by whom.
GOAT Finance does not directly hold ISO 27001 or SOC 2 certifications. Our custody, infrastructure and transaction-monitoring partners do — their certifications flow through to our controls framework, documented and auditable.
ISO 27001
Information security management
Via custody & infra partners
SOC 2 Type II
Annual, independently attested
Via custody & KYT partners
Big-4 Financial
Annual financial audit per entity
Direct · GOAT entities
Regulator review
Periodic exam, per jurisdiction
PolyReg · FinCEN · FINTRAC · JFSA
We don't hold custody of client assets — so no Proof-of-Reserves attestation applies to GOAT Finance itself. Our custody partners publish their own reserve attestations on a schedule appropriate to their regulator. Specific counterparty names and certification copies shared under NDA during onboarding.