How MoonPay completes vendor security reviews 2x faster with Vanta

THE COMPANY

Demonstrating security leadership in the cryptocurrency industry

‍MoonPay has been a leader in the cryptocurrency space since its founding in 2019. As Doug Innocenti, CISO at MoonPay, says, “Our mission is to onboard the world into the crypto economy. We want to help users worldwide buy and sell crypto using their favorite payment methods.” With over 30 million users globally, making crypto accessible and simplifying the customer experience is no small feat. 

Crypto is a fast-moving industry subject to strict financial regulations and requirements, especially as MoonPay’s services and operations expand. “Regulations can be very nuanced. We want to make sure we’re adhering to each regulator’s respective requirements and moving MoonPay into the next phase of the crypto industry in the most compliant manner,” says Stasi Cook, MoonPay’s Global Risk and Regulatory Compliance Director. 

MoonPay needed an agile, centralized security and compliance solution to continue scaling alongside the crypto industry. Most importantly, the team wanted a platform that would make IT and security enablers of growth, not roadblocks, while streamlining their processes for vendor reviews.  

‍

THE OPPORTUNITY

Scaling while managing a growing list of vendors 

MoonPay’s global operations keep their team busy. As regulations and requirements shift, the team must navigate risk to remain ahead of the curve on compliance. Stasi notes, “We were one of the first crypto companies to obtain our Markets in Crypto Assets Regulation (MiCA) license in December 2024. There are more requirements and more emphasis on vendor reviews to ensure we provide the best product and business to our crypto customers.” 

Because of this, a significant amount of time is spent thoroughly reviewing and managing risk for vendors and third parties. “Our vendor environment at MoonPay is extensive. We currently have over 500 vendors,” says Stasi. “We conduct vendor reviews daily. I haven’t gone a day without reviewing a vendor profile.” 

MoonPay knew they needed a centralized solution to help reduce and streamline vendor review processes while ensuring they had all the documentation and information required to remain compliant. 

‍

THE SOLUTION

Reducing vendor reviews timelines by 50% with Vanta VRM

After reviewing several partners and solutions, it became clear to Doug that MoonPay needed something more flexible. “A lot of the tools we looked at wanted to drive us into a certain model when it came to risk and tracking the individual components of a security program,” he notes. “We needed a tool that we could adapt to us.” 

And for Doug, that adaptability was the main reason for implementing Vanta: “It became an enabler, not something that slowed us down.” Vanta’s adaptability and speed became increasingly clear as Stasi’s team implemented Vanta Vendor Risk Management (VRM). 

With VRM, MoonPay has a centralized platform to review vendor risks in detail. VRM gives MoonPay’s team an overview of vendor risks and the ability to communicate with vendors directly. It also helps to evidence all vendor documentation. This is instrumental in MoonPay’s rigorous review process as a global financial technology company. The team estimates it takes 50 percent less time to review each vendor since implementing Vanta.

“We now have a tool that truly supports our review cadence. It reminds us of the criticality of the vendor and anything we might've found during that vendor review, pointing out areas we need to revisit,” Doug says. 

In addition to VRM, MoonPay uses Vanta Trust Center to let partners and customers see MoonPay’s security controls and data, providing transparency to build trust and confidence. Internally, the Trust Center allows MoonPay to share data securely with partners and other necessary stakeholders, so the team can work more efficiently while maintaining security. 

‍

THE IMPACT

A centralized and unified trust management platform 

Vanta is an integral partner to MoonPay’s success, becoming its unified trust management platform. Stasi notes that as MoonPay expands and maintains its global licenses, like MiCA, it’s critical that the company partners with, and onboards, secure vendors.

By centralizing processes on Vanta’s platform, including tracking, reviewing, and monitoring vendors, as well as automating processes, the MoonPay team can operate at scale and maintain security without increasing headcount. And by reducing vendor security review times by about half, the team can focus more on other high-value tasks. 

Currently, MoonPay is working towards ISO 27701 for information security and privacy, which wouldn’t be possible without Vanta. “Vanta works with us holistically. It adapts to us and shows our overall strength and our commitment to maintaining security and compliance at MoonPay,” Doug says.

And for Stasi, the future is exciting with Vanta. “One of the main goals that I absolutely look forward to this year is enhancing our vendor due diligence reviews, and how we can integrate all departments, questions, documentation, and functionalities across Vanta and other internal platforms to make a one-stop shop dashboard for all internal stakeholders.” She adds, “Everybody we've encountered at Vanta has been absolutely wonderful to work with.” 

‍

“The time savings with Vanta allowed us to achieve our certifications. We were able to secure our PCI DSS certification, which we achieved a year and a half ago, our SOC 2 Type 2, and the multiple ISO certifications—ISO 27001 and ISO 27018.”

Doug Innocenti

Chief Information Security Officer, MoonPay

‍