Independent reconciliation : Why auditors and regulators are starting to ask harder questions

A practical guide for building audit-grade internal workflows and systems

The regulatory standard has shifted

For most of the industry's history, reconciliation was treated as a finance and operations problem: important, yes, but ultimately internal, resolved at month-end, and reviewed during audit season. That framing no longer holds.

The regulatory frameworks that have come into force over the past two years have changed both the frequency and the standard of evidence required.

• MiCA requires crypto-asset service providers to segregate and reconcile client assets on a daily basis. This is a licence condition. National regulators across Germany, France, and the Netherlands are conducting active supervisory reviews to verify it is operating in practice, not just documented on paper.
• The GENIUS Act mandates that stablecoin issuers maintain a continuously reconcilable reserve, with monthly independent attestations by an external accountant.
• The PSA in Singapore and equivalent MTL frameworks in North America carry similar operational obligations for payment service providers handling digital assets.

What unites all of these frameworks is not just the frequency of reconciliation they expect. It is the growing importance of having an independent and verifiable source of on-chain truth. When auditors and regulators review reconciliation evidence, they increasingly want to see that the data underpinning it is independently verifiable, and not simply a cross-check between two systems that may share the same upstream source. That is a meaningfully different standard from what most operations teams are running today, and the gap between the two is where audit risk quietly accumulates.

"Reconciliation" does not mean the same thing to everyone

One of the reasons reconciliation infrastructure in this industry is so inconsistently built is that the word itself means something different depending on who is asking for it.

Across a typical institution or large enterprise, reconciliation requirements exist at multiple levels simultaneously:

Each of these is a distinct requirement, owned by a different team, running on a different cadence, and drawing from different data sources. In practice, this creates a compounding set of problems: normalisation issues between systems, inconsistent identifiers across teams, data breaks that are difficult to trace to a single source, and significant time spent just getting data into a state where a comparison is even possible.

At low volumes, this is manageable. As transaction counts grow and the number of chains, custodians, and internal systems increases, the manual effort scales faster than the team does. What takes one analyst a day at 10,000 transactions a month becomes a week of work at 500,000, and at that point the reconciliation is no longer a control. It is a backlog. Breaks are found late, investigated slowly, and the period has often already closed by the time the root cause is understood.

Most firms have built point solutions for one or two of these requirements while leaving others dependent on manual processes, or assuming agreement between two systems that share the same upstream data. It is precisely the kind of blind spot that stays invisible until a regulator or auditor asks a question the current process cannot answer.

Cryptio's new wallet reconciliation product

Cryptio's new wallet reconciliation product is purpose-designed for the operational realities of regulated digital asset businesses. It connects internal systems, custodian data, and independently sourced on-chain activity into a single environment, and gives finance and operations teams the tooling to define, schedule, and run reconciliation workflows without engineering dependency or manual data preparation.

Data is the foundation: getting everything into one place

The quality of any reconciliation is entirely dependent on the quality of the data underpinning it. Before the reconciliation logic runs, two things need to be true: the on-chain data has to be independently sourced and verifiable, and all external data sources have to arrive in a normalised, reconcilable format.

On-chain data integrity. Cryptio runs its own proprietary blockchain indexers across 65+ chains, independent of any custodian or third-party aggregator. Before each reconciliation run, the platform calculates a balance for each wallet by summing all ingested transactions, then independently queries its own blockchain nodes to verify that balance against the live on-chain position at the same block height. This data integrity check happens automatically before the reconciliation workflow runs. PwC has audited this data layer.

DataBridge: external data ingestion without the manual overhead. DataBridge is Cryptio's external data ingestion layer. It is what enables reconciliation against sources that live entirely outside Cryptio: internal OMS data, custodian balance statements, purchase logs, payment processor records, bank data.

Building reconciliation workflows without writing a line of code

The workflow builder is where the product departs most significantly from anything that came before. Rather than a rigid matching script that requires engineering involvement to modify, Cryptio's visual workflow builder lets finance and operations teams configure reconciliation logic themselves, building workflows like a flowchart, with no code required.

For each workflow, teams define:

• Which sources to compare : any combination of on-chain data, DataBridge-ingested external sources, or Cryptio-native movement data
• What fields to match on :transaction hash, internal UID, wallet address, custom metadata, or any combination
• Materiality thresholds : an acceptable delta below which differences are treated as immaterial, handling dust amounts, rounding differences, or known timing tolerances without generating noise
• Run cadence : hourly, daily at a specific time, weekdays only, or any schedule that fits operational and regulatory requirements
• What level of check to run : balance-level (do aggregate positions agree?) if not, run transaction-level (does every individual movement match?), or both chained in sequence.

Workflows can be chained. A balance-level check across the full portfolio runs first, and a transaction-level check is triggered automatically only on the wallets or assets that produced a break. This gives breadth across everything and depth precisely where it is needed, without running expensive transaction-level checks across the entire dataset by default.

Break Resolution: Finding the Root Cause Quickly

Finding that a break exists is only the beginning of the problem. The time-consuming part is working out where exactly it comes from, and that is where many reconciliation processes break down into slow, manual investigation.

When a Cryptio reconciliation run surfaces unreconciled items, the break management dashboard flags them with the information needed to start the investigation immediately:

• Which asset, wallet address, and custodian the discrepancy sits in
• The exact delta and which side of the ledger it sits on
• The timestamp at which the divergence began
• Filter controls to narrow by asset, custodian, time window, or materiality threshold
• Side-by-side comparison of the specific records from each source to identify whether the break is a timing mismatch, a missing record, a volume discrepancy, or a data ingestion issue

The ops team can add resolution notes to any break, document the root cause and action taken, and flag items that need data team involvement versus those that can be closed operationally. Every action taken during investigation and resolution is logged immutably, giving auditors a complete record of not just that a reconciliation ran, but how every exception it found was handled.

Building Audit-Grade Systems on Top of Cryptio's Reconciliation APIs

For firms that need reconciliation to go beyond a standalone product and become part of a broader operational or reporting infrastructure, Cryptio exposes its reconciliation engine through a set of APIs that allow engineering teams to build on top of it directly.

Firms can integrate Cryptio's reconciliation outputs programmatically bypulling break data into internal risk dashboards, triggering automated alerts when a discrepancy exceeds a defined threshold, feeding reconciled position data into treasury management systems, or generating audit-ready reports that are automatically formatted to the requirements of a specific regulator or auditor.

The practical implication is significant. An exchange that reconciles 300,000 daily transactions does not just want to see the results in a dashboard. It wants those results to automatically update the risk team's morning report, feed into the compliance monitoring system, and generate the evidence pack its auditors need at quarter end. That is only possible when reconciliation is an API layer, not just an application.

What this looks like in practice:

• Reconciliation results as a data feed: query the status of any reconciliation run, pull break lists filtered by asset, wallet, or custodian, and ingest the output into any downstream system
• Automated alerting: set threshold-based triggers so that when a discrepancy exceeds a defined materiality level, it fires an alert into your internal incident management or risk workflow
• Scheduled report generation: produce formatted reconciliation reports for any period on demand, without manual assembly, in the structure that your auditors or regulators expect to receive
• Audit trail as an API endpoint: every run, every resolution note, every override is accessible programmatically so that the complete audit trail is available to any system that needs it, not just Cryptio's own interface
• Integration with treasury and accounting systems: feed reconciled, verified position data directly into downstream systems rather than relying on manual CSV exports between tools

The outcome this enables is an audit-grade operational infrastructure, one where the reconciliation is not a periodic task the finance team performs but a continuous data layer that every relevant system in the organisation draws from. For regulated businesses under daily reconciliation obligations, this is the difference between meeting the standard and building it into the fabric of how the firm operates.

What this looks like for you

For exchanges, brokers, and banks

• Reconcile internal books deterministically against on-chain and custodian data on a daily automated schedule
• Align omnibus wallet activity with internal client or house logic at the position level
• Normalise trade records and allocations against exchange activity across multiple custodians
• Ensure balances and P&L tie out across systems, with break resolution surfacing the specific wallet and timestamp of any discrepancy
• Produce daily reconciliation evidence as an operational by-product, not a separate manual exercise

For asset managers and funds

• Map internal PMS or OMS data to standardised portfolio and transaction models via DataBridge
• Normalise off-chain NAV, fees, and adjustments across custodians and wallets
• Maintain consistent identifiers across strategies and entities
• Produce audit-ready records as an automated output of the reconciliation workflow, without manual intervention at period end

For payment providers and fintechs

• Align internal payment references with blockchain transaction hashes at the transaction level
• Normalise transaction-level payment data with on-chain settlement flows
• Track treasury movements across fiat and crypto rails using consistent identifiers through the full settlement cycle
• Maintain clean separation between operational and client funds with reconciliation evidence available on demand

What audit-ready actually means in practice

Audit-ready does not mean being able to produce records when someone asks. It means those records exist continuously, with an unbroken chain of evidence, before anyone asks.

In the context of reconciliation this means:

• Every reconciliation run is timestamped and stored with full metadata
• Every break is logged with the root cause identified and the resolution documented
• Every manual override or adjustment is attributed to the person who made it
• Any period's reconciliation report can be generated on demand without a data team reconstructing it from raw sources
• The on-chain data underpinning every run has been independently verified at the block level before the reconciliation ran

The standard for reconciliation in regulated digital asset businesses has moved, and the direction is clear: independent, continuous, and auditable. For operations and finance teams carrying that responsibility, having infrastructure that runs automatically, surfaces breaks early, and produces a complete audit trail as a by-product of daily operations is what closes the gap between where most firms are today and where regulators and auditors expect them to be.

If your current reconciliation process relies on custodian-provided data as its primary source of truth, runs on a monthly cadence, or surfaces breaks days after they occur, it is worth a conversation.

Speak to one of our experts