Access to reports and audit history in BE Custody depends on your organisation’s configuration and the roles and permissions assigned to each user.
Reports and audit history may contain sensitive operational, transaction, wallet, user, and governance information. Access should therefore be limited to authorised users who need it for an approved business purpose.
Why access control matters
Reports and audit history can provide visibility into custody activity, including transactions, approvals, balances, users, and operational events.
Controlling access helps organisations:
- Protect sensitive operational information
- Support segregation of duties
- Reduce unnecessary access
- Meet internal control and audit requirements
- Support compliance and governance processes
- Limit exposure of wallet, transaction, or user information
- Maintain appropriate oversight of custody activity
Who may need access?
Depending on the organisation’s operating model, access may be appropriate for authorised users in functions such as:
- Operations
- Treasury
- Compliance
- Finance
- Audit
- Security
- Legal
- Risk
- Management or governance teams
Access should be based on the user’s responsibilities and should follow the principle of least privilege.
What can access include?
Depending on role, permissions, and configuration, access may include the ability to:
- View portfolio or balance information
- Export portfolio reports
- View transaction records
- Export audit history
- Review user or approval activity
- Support reconciliation
- Support compliance or audit processes
- Investigate operational issues
The exact access available may vary by organisation and user role.
Should all users have reporting access?
No. Reporting and audit history access should not be granted by default to all users.
Organisations should grant access only where there is a clear operational, audit, compliance, finance, governance, or support requirement.
Users who create or approve transactions do not automatically need access to all reporting or audit history information unless this is required by their role.
How often should access be reviewed?
Organisations should review access to reports and audit history regularly.
Access should also be reviewed when:
- A user changes role or team
- A user no longer requires access
- A user leaves the organisation
- Internal reporting responsibilities change
- Audit or compliance requirements change
- A security or operational incident occurs
- New wallets, assets, or workflows are introduced
Any access that is no longer required should be removed or updated.
How should exported reports be handled?
Users with access to reports or audit history are responsible for handling exported files securely.
Exported reports should only be stored in approved locations and shared with authorised recipients. Reports should not be downloaded to unmanaged devices or shared through informal channels.
What should I do if access looks incorrect?
If you believe a user has excessive, outdated, or incorrect access to reports or audit history, follow your organisation’s internal escalation process.
If support is required to review or update BE Custody access, contact Bitpanda Enterprise Custody Support through the approved support channel.
Do not include passwords, PINs, private keys, seed phrases, API keys, API secrets, access tokens, or other sensitive authentication information in a support request.