We are committed to being the most trusted digital asset exchange.
Operating with a mature approach, we prioritize crypto compliance and safeguarding customer assets through robust security measures and regulatory oversight.
Independently audited by Deloitte.
Our annual financial statements are prepared in accordance with International Financial Reporting Standards (IFRS) and audited by Deloitte & Touche LLP.
Audited financial statements
January 1, 2022 to December 31, 2022
January 1, 2021 to December 31, 2021
October 23, 2020 (date of incorporation) to December 31, 2020
SEC financials
Secure by design.
Bullish’s hardware, software, and operational safeguards ensure platform security and the safety of customer funds. We operate as a full reserve exchange, ensuring that customer assets are consistently maintained in a 1:1 ratio and segregated from Bullish assets.
- Multi-layer protection with hardware, software, and operational safeguards.
- Secure inbound, storage, and settlement wallet structures with protocols that govern wallet interaction.
- Rigorous key management including offline private key isolation, policies that determine what keys are required to sign a transaction, and disaster recovery.
- Cryptographic security ensures tamper proof authorization and auditability for all transactions.
- We operate as a full-reserve exchange, maintaining a one-to-one ratio of customer assets.
- We run daily reconciliations to confirm that the amount of customer assets in custody matches the customer account balances.
- Customer assets are stored in omnibus custodial wallets strictly segregated from Bullish assets.
- We don’t lend out customer assets or use them for our own trading or investing purposes.
- Bullish uses layered, multi-factor authentication including the WebAuthn protocol, which uses hardware-backed cryptographic validation and alleviates the need for passwords.
- All high-privilege actions on the exchange such as deposits and withdrawals must be authenticated.
Learn more about the WebAuthn protocol
- We work with skilled security researchers around the world to help identify any potential weaknesses in our technology and continuously test exchange controls.
- Privacy considerations are built into all aspects of Bullish including compliance to applicable data protection and privacy regulations.
- Personal information is encrypted and stored on secure servers.
- We adhere to a data minimization policy and only collect the necessary information required to provide our services and improve your user experience.
Licensed and regulated.
GIBRALTAR – Bullish exchange has been regulated by the Gibraltar Financial Services Commission (GFSC) as a Distributed Ledger Technology (DLT) provider since launch. The GFSC’s DLT regulatory regime is governed by 10 regulatory principles focused on honesty and integrity, customer care, risk management, protection of client assets, security, financial crime prevention, market integrity as well as adequate resources and sound governance.
Onboarding jurisdictions
Bullish is available to customers in over 50+ jurisdictions around the world.
Licenses applied for
HONG KONG – We have applied for Types 1, 7 and Virtual Asset Trading Platform license with the SFC. As of June 1, 2024, Bullish (GI) Ltd has been deemed to be licensed under the Anti-Money Laundering and Counter Terrorist Financing Ordinance. This does not mean that Bullish has been licensed by the SFC and its license application may not eventually be successful. Please refer to the SFC’s website and our footer disclaimer for more information.
UNITED STATES – We have registered as a money services business with FinCen and we are in the process of applying for money transmitter licenses and other state licenses to increase the portion of the U.S. States we can serve. See our Exchange Terms of Service for the current list of eligible States.
Bullish group divisions.
The Bullish group consists of primary divisions: Bullish, a regulated digital asset exchange, and a division dedicated to asset management.
The Bullish group is overseen by our experienced leadership team. Within the two divisions of the Bullish group, the regulated digital asset exchange and the asset management division have separate boards of directors, core management teams and front-office personnel.
No personnel involved in investment decisions or trading activities within the Bullish group’s asset management division are employees of the exchange.
The Bullish group has policies in place to identify and manage conflicts of interest, including any that may arise in connection with the asset management division’s activity on the Bullish exchange.
Our approach to ensuring appropriate segregation between the asset management division and Bullish exchange to avoid and manage potential conflicts of interest involves:
- Defining, controlling and monitoring on-exchange activity performed by the asset management division.
- Separating responsibilities for relevant aspects of the day-to-day businesses of the asset management division and the exchange.
- Identifying and limiting access to confidential information belonging to each business, including logical and physical information barriers and access controls in IT environments.
- Ensuring the asset management division has separate directors, management and front-office personnel from the exchange.
The Board and related governance
The exchange’s Board of Directors (“the Board”) meet on at least a quarterly basis. The Board manages the Risk and Compliance Committee (“the Committee) composed of Risk, Compliance, and Internal Audit teams with an Independent Non-Executive Director (INED). The members are:
Regulatory oversight and responsible individuals
As part of being regulated, the GFSC mandates certain ‘Responsible Individuals (RIs)’ perform certain key roles. Each RI is required to be approved by the GFSC. The roles are:
- Robert Quinlivan CEO, Head of Markets
- David Harrington Head of Compliance, MLRO
- Marc Diedert Head of Security
- George Gaffney Head of Technology, COO
- Ryan Ingram Head of Risk Management
- Russell Eldridge Head of Finance, Head of Business Continuity, Head of Customer Care, Head of Trading, Head of Operations, Head of Client Assets Oversight
- Andrew Wynn Chair of Risk Committee
Enterprise Risk Management
Bullish’s Enterprise Risk Management Framework (ERMF) provides oversight and guidance to managing risks including roles and responsibilities across its three lines of defense model (Compliance, Risk, Internal Audit teams). The ERMF establishes the process for identification, assessment, reporting and prioritizing risk across the firm and ensuring risks are managed within the defined risk appetite. There is also a monthly risk management meeting where different functional stakeholders contribute metrics to inform each other on key risk areas within the function with key takeaways reported to senior management. The Committee and the Board are informed of status updates on risk management tool implementation, action items and material risks.
Compliance
As a key part of the Bullish Group, the exchange business is committed to maintaining the highest standards of compliance and integrity in all aspects of its operations. As a virtual asset exchange, we recognize the importance of complying with all applicable laws and regulations.
Status updates for Compliance, including breaches and action items are informed to the Committee and the Board on at least quarterly basis or more frequently as circumstances may determine.
Internal audit
The Internal Audit Function is the company’s third line of defense, reporting directly to the Bullish Global Board and the Boards of its regulated subsidiaries. It evaluates the effectiveness of Bullish Group’s internal control, risk management and governance processes using a risk-based approach and reports the results regularly to the Boards and senior management. To maintain its effectiveness, safeguards are in place to ensure its independence and objectivity.
Within the asset management division, BTH is responsible for managing the Bullish group’s treasury and assets deployed on the Bullish exchange. BTH is a registered customer of Bullish exchange and is a primary liquidity provider to the exchange.
BTH manages the Bullish group’s overall positions in fiat and digital currencies and deploys assets to the exchange from its own balance sheet.
BTH provides liquidity to the Bullish exchange to facilitate customer activity. It also places buy and sell orders in order to modify the composition of the Bullish group’s holdings of digital currencies.
BTH’s on-exchange activity is monitored by the Bullish compliance function according to the applicable regulatory requirements of the GFSC.
Please refer to the GFSC’s DLT Provider Guidance Notes: 1. Customer Care, which set out additional expectations that Bullish (GI) Limited is measured against. The Guidance Notes cover managing conflicts of interest on page 4. 2. Market Integrity, which covers market integrity and prevention of market abuse.
See GFSC’s DLT Provider Guidance Notes
Please also refer to the SFC’s Guidelines for Virtual Asset Trading Platform Operators (VATP Guidelines), which sets out the regulatory standards for Bullish (GI) Limited, HK Branch. Chapter VIII covers the prevention of market manipulative and abusive activities and Chapter XIII covers conflict of interest.
BTH front-office personnel receive trading information in the same way as other Bullish customers. Information barriers are in place to prevent any staff members involved in BTH activity from having access to confidential customer order flow and deposit/withdrawal data on the exchange.
BTH does not undertake trading activities on the Bullish exchange that would be interpreted as proprietary trading. All trading activity performed by BTH is done so with the end purpose of modifying the composition of its portfolio (holding the appropriate mix of assets) to support all the Bullish group needs.
All BTH trading activity and AMM Instructions are viewable to Bullish customers on the exchange.