IBG LLC’s brokerage operations/system is audited annually against the Systems and Organization Controls (SOC) reporting framework by independent third-party auditors. The audit for IBG LLC’s brokerage system covers controls for security, availability, processing integrity, and confidentiality as applicable to the in-scope trust principles in the SOC 2 and 3 reports.
IBG LLC makes available the SOC 1 Type 2 and SOC 3 reports to provide information to clients and counterparties regarding its service delivery processes and controls through a report by an independent Certified Public Accountant.
In general, the SOC 1 report is available through the following channels:
The SOC 3 report is publicly available. www.interactivebrokers.com/download/IB_SOC_report_3.pdf
The American Institute of Certified Public Accountants (AICPA) has developed the System and Organization Controls (SOC) framework, a standard for providing assurance that controls are designed and operating effectively. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.
Service audits based on the SOC framework fall into two categories, SOC 1 and SOC 2 & 3, that apply to in-scope IBG LLC brokerage services.
A SOC 1 audit, intended for CPA firms that audit financial statements, evaluates the suitability of the design and operating effectiveness of IBG’s internal controls.
A SOC 2 audit gauges the IBG and its brokerage subsidiaries’ brokerage system based on the design and operating effectiveness of the controls that address the applicable AICPA Trust Service Principles and Criteria.
At the conclusion of a SOC 1 or SOC 2 audit, the service auditor renders an opinion in a SOC 1 Type 2 or SOC 2 Type 2 report, which describes IBG’s brokerage operations/system and assesses the fairness of the IBG’s description of its controls. It also evaluates whether IBG’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.
A SOC 3 report is created—an abbreviated version of the SOC 2 Type 2 report—allowing IBG to provide assurance about its controls without disclosing details about the controls.
The Statement on Standards for Attestation Engagements and the International Standards for Assurance Engagements (ISAE) are the standards under which the audits are performed, and serves as the overall basis of the SOC 1, 2 & 3 reports.