Berlin, April 20th 2025
Following a special audit in Q2 2024 conducted by Bundesbank and initiated by the German Federal Financial Supervisory Authority (BaFin), BaFin has issued a statement today ordering Finoa to improve its internal control system, ICT risk management posture and appointing a Special Representative (“Sonderbeauftragter”).
While the BaFin announcement highlighted shortcomings, Finoa GmbH is focusing on the future and its unwavering commitment to protect customer assets – implementing comprehensive changes to ensure it meets and fully complies with existing and future regulatory requirements and expectations.
Commitment to strong regulatory compliance
Since August 2024, Finoa GmbH has bolstered its internal control system and ICT risk management and is confident to conclude the majority of the program aimed at mitigating identified shortcomings by the end of 2025. These enhancements include:
- Finoa launched a large-scale internal controls & ICT risk management program to improve its compliance posture towards KWG, MaRisk, BAIT (German Banking Regulation), whilst simultaneously preparing for the application of MiCAR and DORA (European Banking and Tech Regulation)
- Finoa expanded its compliance and information security teams with seasoned professionals, including our new Chief Legal & Compliance Officer & MD Sven Niederheide, our Chief Product Officer & MD Dr. Jörg Howein and our Chief Information Security Officer & ICT RM Vanja Miletic among +20 other roles filled in 2024 and Q1 2025 across the company to work on the improvement areas.
- Ongoing investments in upgrading our internal control processes, systems, and tooling.
Ongoing regulatory cooperation
The company values its relationship with BaFin and is committed to a constructive dialogue. “We take the guidance from our regulators very seriously and are fully dedicated to addressing all concerns in a timely manner,” said Christopher May, CEO of Finoa GmbH. “Our goal is to always meet the high standards set out by German and European authorities, as well as honouring the trust from our clients. We have already made significant progress, taken important steps and will continue to do so until we are certain we have the strongest internal control and ICT RM frameworks possible.”
Finoa GmbH will continue to execute the internal controls and ICT risk management program, which is already in an advanced stage, in the coming months. This includes further process and tooling upgrades, independent audits of its processes, and frequent internal reviews to ensure lasting effectiveness of the measures introduced.
Finoa GmbH reaffirms that compliance, security, and customer trust are paramount. The company views this as an opportunity to strengthen its foundations and is confident that the actions taken have and will reinforce its position as a trusted, regulated leader in the cryptocurrency industry. Finoa GmbH has been in close communication with BaFin and will continue to work transparently with the authorities. The company values its relationship with BaFin and is committed to a constructive dialogue.
For media inquiries or further information, please contact:
Sven Niederheide, Chief Compliance & Legal Officer (compliance@finoa.io)