Security & Compliance
Institutional Security Framework
Nexus Arb maintains military-grade security protocols exceeding offshore financial industry standards.
Core Security Measures
- 256-bit AES encryption for all data in transit and at rest
- Zero-trust architecture with mandatory multi-factor authentication (MFA)
- Biometric access controls for all physical and digital systems
- Distributed denial-of-service (DDoS) protection with 3Tbps mitigation capacity
Cybersecurity Protocols
- Real-time threat monitoring by SentinelOne and Darktrace AI
- Annual penetration testing: Regular penetration testing is conducted to ensure compliance with industry security standards and maintain operational resilience.
- Hardware security modules (HSMs) for cryptographic key management
- Strict air-gapped backups in Swiss and Singaporean vaults
Regulatory Compliance
Primary Oversight
- Cayman Islands Monetary Authority (CIMA)
- Mutual Funds Law & Securities Investment Business Law
- Anti-Money Laundering Regulations (AML)
- SPV Governance: Offshore fund structures under CIMA supervision
- Monetary Authority of Macao (AMCM)
- Financial System Act and AML/CFT regulations
- Advisory Operations: Oversight of asset management activity conducted under Macao licensing
- Monitoring of cross-border financial activities from Macao HQ
Special Purpose Vehicle (SPV) Compliance
- Direct Payment Routing: All SPV-funded trades settle directly to designated vehicle accounts
- Segregation Protocol: Maintains separation from client segregated accounts
- Audit Trail: Verification of SPV payment flows is conducted in accordance with CIMA and AMCM regulatory standards
- Transaction Limits: SPV payments capped at $50M per transaction with dual approval
International Standards
ISO 27001:2022
Information Security Management
SOC 2 Type II
Operational Controls Audit
PCI DSS 4.0
Payment Security
NIST CSF 1.1
Cybersecurity Framework
Client Asset Protection
Custody Arrangements
- Dual Custody System:
- Segregated client accounts are maintained with established global financial institutions.
- Dedicated SPV accounts are structured with internationally recognized banking partners.
- Flexibility to engage alternative custody solutions when transaction-specific efficiencies or jurisdictional considerations require adjustments.
- Payment Routing: SPV transactions bypass segregated accounts entirely.
- Multiple segregated account structures ensure institutional client separation.
- Third-party verification through independent audits ensures compliance and operational security.
Insurance Coverage
| Coverage Type | Limit | Underwriter |
|---|---|---|
| Cyber Liability | $50M | Details available upon request to authorized parties |
| Professional Indemnity | $100M | Details available upon request to authorized parties |
| Crime & Fraud | $75M | Details available upon request to authorized parties |
Compliance Verification
Third-party attestations available to qualified institutional clients:
- Annual regulator examination reports (redacted)
- ISO 27001 certification summary
- Most recent penetration test executive summary
- SPV transaction audit reports (upon special request)
Verification requests require signed NDA and minimum $25M AUM relationship.
compliance@nexus-arb.com