SECURITY
Currency Cloud is an Electronic Money Institution (EMI), where they receive,
collect and store funds for our clients, as well as facilitating FX conversions
and processing outbound payments.
Any funds held on a client's behalf, for the provision of a conversion
or payment service, are subject to safeguarding - ensuring that your funds are
always protected and can be issued back, should Currencycloud go into
administration or liquidation. Unlike holding money in a standard bank
account, all of our clients’ funds are protected, regardless of the value.
​
" End-clients’/customers’ funds are fully protected and held in safeguarded accounts. In this process their funds are either held separately from both Currencycloud and the client’s funds, or covered by a safeguarding insurance policy. "
How we safeguard
your funds
Currency Cloud separate clients’ funds from our company funds and place them in safeguarding accounts held with reputable UK and EU banks. If Currencycloud was to become insolvent, the funds held in our safeguarding accounts would
form an asset pool from which claims of the e-money holders (our clients) would be paid above those of other creditors. The bank(s) or authorised credit institutions have no rights over funds in Currencycloud’s safeguarding
accounts. Currencycloud has no rights over the clients’ accounts.
(other than where specified in our Terms and Conditions).
Safeguarding your customers' funds
It's important to be clear that, as Currency Cloud is not a bank, they can only safeguard funds for their clients, and not their clients' customers.
We encourage you to follow safeguarding protocols and regulations when it comes to managing your
own customers' funds. As we're not a credit institution and currency cloud cannot, based on current regulations, offer you safeguarding accounts for your customers.
Technical
security
At Currencycloud they take the security of your data and money very seriously.
We are ISO/IEC 27001:2013 compliant and consistently review and enhance our processes and systems to ensure that we remain secure.
​
We encourage you to follow safeguarding protocols and regulations when it comes to managing your own customers' funds.
As we're not a credit institution we cannot, based on current regulations, offer you safeguarding accounts for your customers.
Physical
security
At Currencycloud we take the security of your data and money very seriously. We are ISO/IEC 27001:2013 compliant and consistently reviewOur service operates on Amazon Web Services (AWS) which is certified under several global compliance programmes which underlines best
practices in terms of data centre security.
• ISO 27001 Information Security Management Controls
• PCI-DSS Level 1 Payment Card Standards
• ISO 27018 Personal Data Protection
• SSAE16/SOC 1, SOC2 and SOC 3
• FIPS United States Government Security Standards
We encourage you to follow safeguarding protocols and regulations when it comes to managing your
own customers' funds.
As we're not a credit institution we cannot, based on current regulations, offer you safeguarding accounts for your customers.
​
For the full list of AWS compliance programs see:
https://aws.amazon.com/compliance/pci-data-privacy-protection- hipaa-soc-fedramp-faqs/
​
More information about AWS data centre controls may be found
here:
​
Network
security
We have dedicated systems in place to protect against Distributed Denial of Service (DDoS) attacks as well as man-in-the-middle attacks.
We use reputable registrars to protect against domain hijacking and “phishing”
attacks.
Our platform undergoes regular penetration testing and has protection in place against common vulnerabilities like code injection attacks and cross- site scripting attacks.
Information
security
Our platform and operational security is certified under ISO/IEC 27001:2013, the international best practice standard for Information Security Management Controls which is independently audited.
​
We also comply with best practices and regulations pertaining to the management of personal data under the UK Data Protection Act (DPA), as well as the European Union General Data Protection Regulation (GDPR).
Encryption
All network traffic is encrypted at a transport level and confidential
information is encrypted at rest. We use best practices in terms of
encryption key storage and security.
1
Use Currencycloud
with confidence
Your money and your data is as important to us as it is to you.
Here are some of the things we do to make sure that you can use our services with peace of mind.
2
Authorised
by the FCA
Currencycloud is authorized by the Financial Conduct Authority for the issuing of electronic money and the provision of payment services with FCA
registration number 900199.
​
Currencycloud is registered with FinCEN in the USA and authorised to provide both domestic and international money transmitting services in all 50 states. We hold Money Transmitter Licenses (MTLs) in 39 states and leverage regulatory sponsorship via our network of banking partners while we actively pursue the remaining licenses.
3
Used by more than a million people
At Currencycloud we process over $1bn a month on behalf of hundreds of thousands of people and companies.
PRIVACY
We comply with best practices and regulations pertaining to the
management of personal data under the UK Data Protection Act (DPA), as
well as the European Union General Data Protection Regulation (GDPR).
Secure Platform
We are ISO/IEC 27001:2013 compliant and have robust processes to
protect our systems.FUNDED BY HIGH QUALITY INVESTORS
Currencycloud is backed by some of the leading names in the investment
community, including GV (Google Ventures), Sapphire Ventures, Anthemis,
Notion Capital.
SAFEGUARDED BANK ACCOUNTS
Your money is held in separate accounts with tier one banks. In the
unlikely event of Currencycloud ceasing to exist, your money remains
protected.
Security and compliance are of paramount importance to GC Partners. We adhere to strict, stringent regulations and have robust internal controls in place to safeguard your funds and minimise any risks to the business or your money.
All transactions are initiated using a secure payment system which ensures each payment is approved internally by multiple users and processed by our Tier 1 banking partners. We do not speculate on the currency markets or invest your money overnight. When you enter a transaction with us, we enter a matching, binding trade with our bank.
​
To comply with regulations, client money is held in segregated client ‘safeguarding’ accounts using our global Tier 1 banking partners. Therefore, all client funds are held separately from any company money or assets.
​
SECURITY REGULATION
​
Global Currency Exchange Network Ltd trading as GC Partners is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017 for the provision of payment services (Firm Reference Number 504346).
Global Currency Exchange Network Ltd trading as GC Partners is an Authorised Payment Institution (API) that puts the security and protection of your money at the core of our business. As a money services business, we’re also regulated by HM Revenue & Customs (HMRC) under the Anti Money Laundering Regulations 2017. Registration number 12137189.
Global Custodial Services Ltd trading as GC Partners is regulated by the Financial Conduct Authority and holds Part IV Permissions under the FSMA 2000 (FRN 595875).
​
AUDITS
​
Global Currency Exchange Network Ltd T/A GC Partners is independently audited each year by a 3rd party compliance specialist & Global Custodial Services Ltd T/A GC Partners is independently audited each year by a 3rd party Client Money (CASS) specialist to ensure that all processes, procedures and controls are in line with the FCA guidelines. The UK CASS rules are amongst the most stringent in the world with regards to how client money is reconciled and reported both internally and externally.
Insurance
​
GC Partners has Professional Indemnity (PI), Directors and Officers, and Cyber insurance.