SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al Document 114: Motion to Compel, Attachment 11

District Of Columbia District Court
Case No. 1:23-cv-01599-ABJ-ZMF
Filed September 15, 2023

MOTION to Compel by SECURITIES AND EXCHANGE COMMISSION. (Attachments: # (1) Memorandum in Support, # (2) Declaration of Jennifer Farer in Support of SEC Motion to Compel, # (3) Exhibit 1, # (4) Exhibit 2, # (5) Exhibit 3, # (6) Exhibit 4, # (7) Exhibit 5, # (8) Exhibit 6, # (9) Exhibit 7, # (10) Exhibit 8, # (11) Exhibit 9, # (12) Exhibit 10, # (13) Exhibit 11, # (14) Exhibit 12, # (15) Exhibit 13, # (16) Exhibit 14, # (17) Exhibit 15, # (18) Exhibit 16, # (19) Exhibit 19, # (20) Exhibit 21, # (21) Exhibit 22, # (22) Exhibit 26, # (23) Exhibit 27, # (24) Exhibit 28, # (25) Text of Proposed Order)(zjm)

BackBack to SECURITIES AND EXCHANGE COMMISSION v. BINANCE HOLDINGS LIMITED et al

Tags No tags have been applied so far. Sign in to add some.

Jump to Document 114 or Attachment 12345678910111213141516171819202122232425

  Formatted Text Tab Overlap Raw Text Right End
Page 1 EXHIBIT 9
Page 2 Matthew Beville
+1 202 663 6255 (t)
+1 202 663 6363 (f)
matthew.beville@wilmerhale.com
August 14, Via Email and Secure File Transfer
Jennifer L. Farer
Matthew F. Scarlato
Senior Trial Counsel
Division of Enforcement
U.S. Securities and Exchange Commission
100 F. Street, NE
Washington, DC Re:
Binance Holdings Limited, et al. v. SEC, No. 23 Civ. 1599 (ABJ)
Dear Ms. Farer and Mr. Scarlato:
We write on behalf of BAM Trading Services Inc. (“BAM Trading”) and BAM
Management US Holdings Inc. (“BAM Management” and collectively, “BAM”) to provide certain
documents and information in response to the SEC’s First Set of Requests for Production of
Documents and Inspection (the “RFPs”) to BAM and in response to Ms. Farer’s email dated
August 5, 2023. Specifically, Ms. Farer’s August 5, 2023 email requested the following categories
of documents for Ceffu, Binance.com, and the third-party custodians and/or software providers
used by Binance.US for custody and control of customer assets and the assets of BAM entities:

SOC reports;

ISO certifications;

User entity, access, and security controls;

Change management controls;

a list of all infrastructure environments, systems and software involved in wallet
creation and management and custody of assets;

identification of the technology that supports Binance.US that is located on the
Binance.com AWS environment;

and identification of all users with access to the relevant infrastructure, systems,
and software.
Page 3 Jennifer L. Farer and Matthew Scarlato
August 14, Page Enclosed please find documents bearing Bates numbers BAM_SEC_LIT_through BAM_SEC_LIT_00004661, which are responsive to the categories of documents
identified in Ms. Farer’s August 5, 2023 email as further described below. We are working to
determine if any additional responsive materials exist in BAM Trading’s files or that are available
through the relevant third-party custodians and/or software providers.
1.
SOC Reports
Enclosed at Bates nos. BAM_SEC_LIT_00004482 through BAM_SEC_LIT_are SOC reports for BitGo and Binance.US. BAM typically collects any security reports,
credentials, certifications, and/or attestations during its security diligence process and when
onboarding third party partners and vendors. Aegis, one of BAM’s third party custody services
providers, does not have a SOC 2 report. As discussed in further detail below, BAM required
Aegis to complete an additional security questionnaire as a result.
Enclosed at Bates nos. BAM_SEC_LIT_00004482 through BAM_SEC_LIT_00004570 is
a System and Organization Controls Report Relevant to Security (SOC 2 Type 2) prepared for
BitGo and dated October 1, 2020 through September 30, 2021.
Enclosed at Bates nos. BAM_SEC_LIT_00004571 through BAM_SEC_LIT_00004610 is
a System and Organization Controls (SOC) 2 Type 1 Report on Controls Relevant to the Security
Trust Services Category prepared by Armanino LLP for Binance.US.
Enclosed at Bates nos. BAM_SEC_LIT_00004611 through BAM_SEC_LIT_00004650 is
an ISO/IEC 27001:2013 and ISO/IEC27701:2019 Stage 2 Report prepared by A-LIGN for BAM
Trading Services Inc. d/b/a/ Binance.US dated December 15, 2022.
2.
ISO Certifications
Enclosed at Bates nos. BAM_SEC_LIT_00004651 through BAM_SEC_LIT_00004652 is
a Certificate of Registration provided by BSI to Block Technologies PTE. LTD. and dated March
22, 2022 certifying that Block Technologies operates an Information Security Management
System which complies with the requirements of ISO/IEC 27001:2013. We understand that there
was a period of time when Ceffu was referred to as Block Technologies.
Enclosed at Bates nos. BAM_SEC_LIT_00004653 through BAM_SEC_LIT_00004654 is
a Certification of Registration provided by A-LIGN to BAM Trading Services, Inc. (d/b/a)
Binance.US dated December 23, 2022, certifying that Binance.US operates a Privacy Information
Management System that conforms to the requirements of ISO/IEC 27701:2019.
Page 4 Jennifer L. Farer and Matthew Scarlato
August 14, Page Enclosed at Bates nos. BAM_SEC_LIT_00004655 through BAM_SEC_LIT_00004656 is
a Certification of Registration provided by A-LIGN to BAM Trading Services, Inc. (d/b/a)
Binance.US dated December 23, 2022, certifying that Binance.US operates an Information
Security Management System that conforms to the requirements of ISO/IEC 27001:2013.
3.
Custody Solution Provider Security Questionnaires
In addition to the materials BAM collects during its security diligence process described
above, BAM also requires its custody solution providers to complete a Custody Solution Provider
Security Questionnaire. The Custody Solution Provider Security Questionnaire covers policies
and procedures related to the security of keys, among other things.
Enclosed at Bates no. BAM_SEC_LIT_00004657 is a spreadsheet showing Aegis’s
answers to a Custody Solution Provider Security Questionnaire provided to Aegis by BAM.
Enclosed as Bates no. BAM_SEC_LIT_00004658 is a spreadsheet showing BitGo’s
answers to the Custody Solution Provider Security Questionnaire provided to BitGo by BAM.
As previously explained during our August 4, 2023 meet and confer, the wallet custody
software developed by BHL is marketed to third parties as “Ceffu.” BAM licenses the BHL wallet
custody software from BHL pursuant to a licensing agreement that predates the commercial
offering of “Ceffu” as a third-party custodial solution.
Enclosed as Bates no. BAM_SEC_LIT_00004659 is a spreadsheet showing Ceffu’s
answers to the Custody Solution Provider Security Questionnaire provided to Ceffu by BAM.
4.
Standard Security DDQ
As noted above, BAM required that Aegis complete an additional security questionnaire
because Aegis does not have a SOC report. Enclosed as Bates no. BAM_SEC_LIT_00004660 is
a spreadsheet showing Aegis’s answers to a US Standard DDQ provided to Aegis by BAM. The
US Standard DDQ includes covers topics including the physical location of client data, the types
of anti-malware systems used, and what training program is used to help staff follow best practices.
5.
Identities of Users with Access to PNK
Enclosed at Bates no. BAM_SEC_LIT_00004661 is a spreadsheet identifying the users
who have access to PNK, BAM’s internal ledger management system. Specifically, Column A of
the spreadsheet identifies each PNK user by name or email address, and Column B of the
spreadsheet identifies each user’s department within BAM.
Page 5 Jennifer L. Farer and Matthew Scarlato
August 14, Page We are making every effort to ensure that our responses are complete and accurate
notwithstanding the extremely short deadlines allotted to provide this information. We will
supplement our responses to the extent that we identify any additional responsive information.
Moreover, until a Protective Order is entered in this matter, BAM is providing these documents
and information on the understanding that the SEC (i) may disclose it only to the Court, counsel
representing the SEC in this matter (including both the investigations and litigated action), their
support personnel, and other appropriate agencies, entities, and persons consistent with the SEC’s
routine uses of information; (ii) will use it only for purposes of this litigation and the SEC’s routine
uses of information, and (iii) will seek to file any of these documents and/or information under
seal in any public filing.
Sincerely,
/s/ Matthew Beville
Matthew Beville
Enclosure
Page 6 Exhibit A
Bates Range
Request No.
BAM_SEC_LIT_00004482 through
BAM_SEC_LIT_
1, 2, 3, 6, 20, 21, 26,
BAM_SEC_LIT_00004482 through
BAM_SEC_LIT_
1, 2, 3, 6, 21, 26,
BAM_SEC_LIT_00004611 through
BAM_SEC_LIT_
1, 2, 3, 6, 26,
BAM_SEC_LIT_00004651 through
BAM_SEC_LIT_
1, 2, 3, 6, 26,
BAM_SEC_LIT_00004653 through
BAM_SEC_LIT_
1, 2, 3, 6, 26,
BAM_SEC_LIT_00004655 through
BAM_SEC_LIT_
1, 2, 3, 6, 26,
BAM_SEC_LIT_
1, 2, 3, 6, 11,
BAM_SEC_LIT_
1, 2, 3, 6, 11,
BAM_SEC_LIT_
1, 2, 3, 6, 11,
BAM_SEC_LIT_
1, 2, 3, 6, 11,
BAM_SEC_LIT_
13
Space
Issues Laws Cases Pro Articles Firms Entities
Issues Laws Cases Pro Articles Firms Entities
 
PlainSite
Sign Up
Need Password Help?