Regulated audits vs proof of reserves: What Canadians should compare

• Proof of reserves can be useful, but it is not the same as a full audit.
• An audit or assurance report is only as useful as the scope of the work completed.
• Canadians should compare proof of reserves, audits, custody disclosures, asset segregation, regulation, fees, withdrawals, and risk disclosures together.
• No transparency signal should be treated as a guarantee that users cannot lose money.

Key takeaways: Proof of reserves and audits answer different questions. Proof of reserves may help show that certain assets are held, while audits and assurance reports may review broader financial information, controls, systems, or processes. The most important takeaway is that neither proof of reserves nor an audit removes crypto market risk, custody risk, platform risk, or user responsibility.
 

• Proof of reserves: A process intended to confirm whether a platform or custodian holds certain assets.
• Proof of liabilities: A process intended to confirm what the platform owes to users or other entities.
• Audit: A formal review that may examine financial statements, controls, or other information depending on scope.
• Assurance report: A report that provides an independent view on specific information, systems, or controls.
• SOC 2: A report related to a service organization’s controls, depending on the scope of the review.
• Custody: How crypto assets are held and controlled.
• Asset segregation: The practice of keeping clients assets separate from company assets.
• Liabilities: Amounts a company owes to users, creditors, and other parties.
• Transparency signal: A piece of information that may help users evaluate a platform, but does not guarantee safety.
   

Proof of reserves mostly answers the following question: does the platform or custodian appear to hold certain assets at a specific point in time?

An audit (or assurance report) may answer a different and broader set of questions. Depending on the scope, an audit may review financial statements, internal controls, custody processes, governance, accounting practices, segregation of assets, or the way information is reported.

This distinction matters because a proof of reserves report can be useful without being complete. This means it may confirm the existence of assets, but does not show whether the platform has any liabilities, whether assets are legally segregated, whether controls are operating effectively, or whether the business has other financial risks.

In other words, proof of reserves can help answer “what assets are visible?” It may not answer “is the platform financially sound?” or “are client assets protected under a clear custody and control framework?”

The biggest limitation of proof of reserves is scope. A report may show certain wallets, assets, or balances, but users still need to understand what is excluded. It may not show all liabilities. It may not show whether assets are borrowed, pledged, encumbered, or subject to other restrictions. It may not explain how customer balances were calculated. It may not test internal controls. It may not provide a full view of custody arrangements.

A proof of reserves process can also be point-in-time. That means it may show what existed at the time of the snapshot, but not what happened before or after.

This does not make proof of reserves useless. It means users should treat it as one part of a broader review, not the final answer.

Audits and assurance reports can provide additional review, but users should still read them carefully. A financial statement audit may focus on whether financial statements are fairly presented under the relevant accounting framework.

A controls report may examine whether specific systems and controls are designed or operating effectively. A SOC 2 report may focus on controls related to security, availability, processing integrity, confidentiality, or privacy, depending on scope.

The important question is not whether a platform uses the word “audit.” The important question is what the audit or assurance report actually covers.

Users should ask:

• Who prepared the report?
• Was the review independent?
• Does it include client assets and liabilities?
• Does it review custody controls?
• Does it cover asset segregation?
• Does it test internal processes?
• Does it explain exclusions or limitations?
• Is it repeated regularly?
   

For Canadian users, regulation can change the quality of the comparison because regulated platforms may be subject to ongoing obligations, reporting expectations, custody requirements, compliance oversight, and independent review.

That is important because a public proof of reserves dashboard is not always the same as regulated reporting. A dashboard could be designed for public transparency, while regulatory reporting and independent audits may be designed to meet specific oversight, compliance, accounting, or customer requirements.

This does not mean regulation removes crypto risk, because it does not. Crypto assets can gain or lose value very quickly, transfers can be difficult or impossible to reverse, and users remain responsible for their own account security decisions.

Ndax’s transparency approach is based on regulatory disclosures, required reporting, custody-related controls, and Canadian regulatory requirements rather than relying only on a public proof of reserves dashboard.

For users, the key distinction is that proof of reserves is one transparency tool, not the only one. A regulated platform structure may also involve reporting, controls, governance, custody oversight, asset segregation, audited financial information, and compliance obligations, depending on the platform and applicable requirements.

Users should still review platform disclosures, fees, custody information, withdrawal terms, risk statements, and account terms before trading crypto assets.

Is proof of reserves the same as an audit?
No. Proof of reserves usually focuses on whether certain assets are held at a point in time. An audit or assurance report may examine financial statements, controls, systems, custody processes, or other information depending on scope.

Does proof of reserves prove solvency?
Not by itself. Proof of reserves may show assets, but solvency also depends on liabilities, obligations, business risks, and whether assets are available to meet customer claims.

Why do liabilities matter?
Liabilities matter because a platform may hold assets but still owe money or crypto to users, creditors, or other parties. A reserves-only view may not show the full financial picture.

Is a SOC 2 report the same as proof of reserves?
No. A SOC 2 report relates to controls at a service organization, depending on the scope of the report. Proof of reserves usually focuses on asset backing.

Can a platform be transparent without a public proof of reserves page?
Technically, yes. Other transparency signals can include regulated reporting, independent audits, custody disclosures, asset segregation, risk disclosures, and clear withdrawal policies.

Are crypto balances insured in Canada like bank deposits?
No. Crypto assets are not covered by CDIC deposit insurance or CIPF protection. CIPF protection may apply to eligible cash balances held at a CIPF member firm, subject to CIPF’s rules, limits, and coverage policy.