We've Achieved SOC 1 Type 2 Compliance for Institutional Client Data and Asset Protection

We're happy to announce that we have successfully achieved System and Organization Controls (SOC) 1 Type 2 compliance, confirming that we meet the highest global standards for protecting institutional clients' data and assets.

The SOC 1 Type 2 examination was conducted following strict guidelines set by the American Institute of Certified Public Accountants (AICPA). Our successful completion of this examination assures institutional clients that our policies and processes to protect their data are effective and align with best practices.

Our key policies and processes for safeguarding clients' data and assets include:

• Advanced encryption technologies and rigorous access control procedures

• Monthly reporting of Proof of Reserves, confirming that customer funds are backed 1:1

• A comprehensive incident response plan, enabling us to respond quickly and effectively to any potential security breaches

• Regular employee training on security practices

• Stringent backup and recovery processes that ensure data integrity in case of a system failure

An independent auditor conducted OKX's SOC 1 Type 2 examination for our Bahamas entity (OKX Bahamas FinTech Company Limited) for the period from January 1, 2024, to March 31, 2024.

We also announced on September 20, 2023 that we achieved SOC 2 Type 2 certification. This demonstrates our ongoing commitment to governing our services, managing sensitive data and protecting data privacy.