Good Exchange Practices - methodology inspired by pharma industry to increase quality of services provided by cryptocurrency exchanges
Good Exchange Practices is a set of recommendations provided by PERLUR Group as a way to increase security and overall quality of services provided by cryptocurrency exchanges. Inspired by the GxP (at least in it's name) framework widely used (but not exclusively) in a pharmaceuticals industry. This framework will provide recommendations on:
- management of financial audit and compliance controls
- management of information security audit and compliance controls
- management of physical security audit and compliance controls
We will work with already existing frameworks; we will get inspired by IFRS (International Financial Reporting Standards) for the parts relevant to financial reporting, as well as ISO, COBIT and PCI-DSS for the parts relevant to information and physical security guidelines.
We are a Business Services / Professional Services company focused on providing (IT related) governance, risk management and compliance focused professional services in a pharmaceuticals and financial services verticals. Our clients include companies such as Novartis, GSK, Roche, JPMorgan Chase, Barclays, HSBC as well as countless number of smaller companies you probably never heard of.
We are planning to expand into the cryptocurrency exchange market (hopefully in 2019) if we will manage to secure all the required capital and ensure high level of (reputational, informational, operational, financial, legal,...) security to provide best in class services.
No, we will not be launching an ICO! There would be no technical benefit obtained by issuing own token (how often there is 😠 ), however if you wish to contribute to this effort financially, we will accept donations in cryptocurrency:
-
Bitcoin
-
Ethereum
-
Cardano
-
Bitcoin Cash
NOTE: Please do not send ERC20 or any other tokens to these addresses, due to regulatory requirements on business accounting and tax liabilities, these are exchange addresses and funds will be converted to government issued currency which will be used to pay the tax due. While we are personally big supporters of crypto-currency we all hold and trade only on our own behalf, not our company behalf.
We may provide advisory on implementation and audit services for cryptocurrency exchanges which choose to implement this governance framework; however probably only for European Union based customers unless we can generate sufficient revenue to justify establishing a business operation outside of EU.
Sarbanes–Oxley Act applies only to United States and while some of our current customers do comply and put emphasis on SOX compliance, we provide guidance only on IT relevant controls. We do not have access to an financial controls advisor who would have sufficient knowledge of SOX to provide relevant guidance on SOX compliance in this area. Simply put; we will try our best, but you better employ some of those Big 4 fellows your work with when it comes to Sarbanes–Oxley.
Sure, if you'd like to participate in this effort, please get in touch with me using LinkedIn, Reddit or Earn.com or just open an GitHub issue in this repository.
We will be most probably required to provide documentation of most of the controls to the national regulation authorities in a country where we establish our cryptocurrency exchnage business three months before expected lunch date; considering we would like to launch from January 2019, we should have everything we want to publish done by end of September 2018.
Nobody is perfect and we also make mistakes; if you think you found an error, something is unclear or whatever, please open an issue.
I see your background is mainly IT based, why do you include IFRS financial controls as part of this framework?
We are working with established financial auditing firm from Czech republic on definition of our own financial audit controls; we choose to publish what we come up with.