OnRe has successfully achieved SOC 2 Type II certification across Security, Availability, and Confidentiality within the OnRe Finance System. The examination was conducted by independent auditor BARR Advisory, confirming that our controls meet American Institute of Certified Public Accountants (AICPA) standards and operate effectively over time.
Trust is foundational to reinsurance – an industry built on long-term strength and operational consistency. SOC 2 Type II certification validates the operational discipline required to support long-term capital, complex risk transfer, and regulated insurance activity onchain. This milestone reinforces confidence for institutional capital providers, DeFi participants, insurance partners, and regulators who rely on our platform.
Operating Within a Dual Regulatory Environment
OnRe operates as a collateralized reinsurer and onchain asset manager under both Bermuda's Innovative Insurer General Business (IIGB) license and a Class F Digital Asset Business Act (DABA) license. This dual framework requires controls that span traditional insurance operations and digital asset infrastructure.
Scope of Examination
BARR Advisory evaluated OnRe’s operational framework across five core areas:
- Access controls and identity management: Multi-factor authentication, role-based access controls, and semiannual access reviews
- Change management and software development: Branch protection, mandatory peer review, and automated vulnerability scanning
- Data protection and cryptography: AES-256 encryption at rest, TLS 1.2+ encryption in transit
- Infrastructure resilience and business continuity: Multi-availability zone architecture with daily automated backups
- Risk management and vendor oversight: Monthly internal risk assessments and annual third-party vendor reviews
What This Means
SOC 2 Type II certification provides independent assurance that OnRe’s operational controls meet institutional standards.
Capital providers gain confidence that digital assets flow through audited security controls from contribution through collateralization and redemption. Insurance partners can rely on controls protecting underwriting data, pricing models, and claims information over time. Regulators receive additional assurance that OnRe’s technology infrastructure supports supervisory expectations across both insurance and digital asset operations.
“OnRe has completed our SOC 2 Type II audit with zero findings, validating the strength of our controls and day-to-day execution. We’ll keep raising the bar – continuing to invest in resilience, transparency, and security as we scale,” said Milos Radic, CISO at OnRe.
As onchain reinsurance infrastructure matures, independent validation of security and operational controls is essential. SOC 2 Type II establishes a baseline for the institutional participation this market demands.
Accessing Our Report
To request a copy of our SOC 2 Type II report, or to discuss onchain reinsurance capacity or investment opportunities, reach out at info@onre.finance.
