Exhibit 99.2
HERITAGE DISTILLING HOLDING COMPANY, INC.
Cryptocurrency Treasury Reserve Policy
____________________________________________________________________________________________________
This Cryptocurrency Treasury Reserve Policy (“Policy”) sets out certain roles, responsibilities, and practices for managing all Cryptocurrency Treasury Reserve Assets (as defined below). This Policy is applicable to all Heritage Distilling Holding Company, Inc. and its subsidiaries and affiliates (the “Company”) executive officers, members of the Board (as defined below), and Authorized Employees (as defined below).
Table of Contents
Exhibit A – Authorized Employees, Permitted Brokers, Permitted Custodians, and Permitted OTC Counterparties
I.Scope
_____________________________________________________________________________________
This Policy helps address legal requirements and business risks that may apply to the Company’s management of Cryptocurrency Treasury Reserve Assets (“Reserve Management”), with a focus on bitcoin (“BTC”) and Dogecoin (“DOGE”) (together the “Approved Cryptocurrencies”, which definition shall include additional approved cryptocurrencies, tokens or similar digital assets as may be approved by the Board from time to time) as the Company’s primary Cryptocurrency Treasury Reserve Assets. For purposes of this Policy:
•“Cryptocurrency Treasury Reserve Assets” means:
a.That portion of the Cash Assets (as defined below) held by The Company (“The Company”) (The Company, together with its subsidiaries, the “Company”) that exceeds the Working Capital Threshold (as defined below), if any, plus
b.any Approved Cryptocurrencies held by the Company, other than the Approved Cryptocurrencies held or used by the Company principally for research or development, the offering of a product or service, or other similar purpose.
•“Cash Assets” means cash (whether denominated in U.S. dollars or other sovereign currencies, including any borrowed cash (“Cash”)), cash equivalents, and short-term investments.
The Company’s Board of Directors (the “Board”) has authorized [Redacted] and [Redacted] (each a “Designated Officer” and collectively, the “Designated Officers”) to, among other things, manage the Company’s Cryptocurrency Treasury Reserve Assets, subject to the oversight by [Redacted], with input from [Redacted] as a whole from time to time, with the objective of holding a majority of the Cryptocurrency Treasury Reserve Assets in the Approved Cryptocurrencies, which has been designated to be the Company’s primary Cryptocurrency Treasury Reserve Assets, subject to market conditions and anticipated needs of the business for Cash Assets. All transactions (as defined below) in connection with the Company’s Reserve Management must be conducted pursuant to this Policy and subsequent instructional guidelines from the Board of Directors in line with this Policy to protect the assets and liquidity position of the Company.
All written approvals required by this Policy may be provided via email. All such approvals provided by [Redacted] or [Redacted] will be deemed formal actions by [Redacted] in accordance with this Policy.
II.Personnel and Responsibilities
_____________________________________________________________________________________
A.Designated Officers
The Company’s Designated Officers are responsible for:
•overseeing the Company’s execution of its Reserve Management activities and the implementation and enforcement of this Policy;
•overseeing instructional guidelines from the Board of Directors flowing from this Policy;
•evaluating and approving decisions pertaining to the Company’s Reserve Management (such as amounts, timing, and pricing of acquisitions and dispositions of the Approved Cryptocurrencies);
•regularly consulting with [Redacted] and [Redacted], and providing updates to the Board and other members of The Company’s management team, regarding Reserve Management activities and this Policy’s implementation; and
•delegating Reserve Management duties to authorized Company employees (“Authorized Employees”) as appropriate and overseeing the performance of such delegated duties.
The Designated Officers retain and may continue to exercise their authority notwithstanding any delegation of authority to an Authorized Employee and may perform any of the duties assigned to Authorized Employees under this Policy.
Except for matters requiring the approval of the [Redacted], or unless otherwise specified, the Designated Officers, acting jointly, may make all decisions and determinations under this Policy.
B.Audit Committee Interface
The Company’s Audit Committee of the Board of Directors (“Audit Committee”) will consult with the Designated Officers and the Technology and Cryptocurrency Committee regarding the implementation and enforcement of this Policy and the risk to Company assets and the implication of certain actions taken hereunder on the Company financial statements.
C.Authorized Employees
Authorized Employees are responsible for:
•reviewing and understanding this Policy and any Board guidance flowing from it;
•carrying out the Reserve Management duties delegated to them by Designated Officers under this Policy;
•helping detect and prevent any fraudulent or illegal conduct with respect to Reserve Management;
•attending any required training relating to the implementation of this Policy; and
•helping to maintain the Company’s ongoing compliance with this Policy.
Exhibit A contains a list of Authorized Employees, which the Designated Officers may amend or supplement at any time and from time to time.
III.Threshold for Working Capital
_____________________________________________________________________________________
Because the Company’s ability to meet its day-to-day working capital requirements is of paramount importance, the Company will seek to maintain adequate Cash Assets to meet those requirements.
The Board of Directors, in consultation with Company Management, will review and set appropriate Cash Assets thresholds for the Company from time to time to meet the day-to-day working capital requirements of the business (the “Working Capital Threshold”). Accordingly, only Cash Assets held by the Company above and beyond the Working Capital Threshold are eligible to be treated as Cryptocurrency Treasury Reserve Assets.
The Working Capital Threshold is a precautionary threshold for calculating Cryptocurrency Treasury Reserve Assets available for investment in the Approved Cryptocurrencies, and as such, it does not affect
other Company policies or procedures unless specifically stated, including policies and procedures relating to the Company’s Cash Assets.
IV.Transactions Requiring [Redacted] Approval
_____________________________________________________________________________________
Unless otherwise indicated, “transaction” means any acquisition, disposition or other transaction, including any pledge or encumbrance, of the Approved Cryptocurrencies as part of the Company’s Reserve Management.
[Redacted] will not, without the prior written approval of [Redacted], cause the Company to engage or participate in any of the following transactions (such transactions, “Designated Transactions”):
•the acquisition of the Approved Cryptocurrencies by the Company other than through mining or the receipt of such Approved Cryptocurrencies due to the sale of goods or services to consumers who use the Approved Cryptocurrencies to pay for such items in the Normal Course of Business;
•the disposition of the Approved Cryptocurrencies that is held or otherwise beneficially owned by the Company;
•the transfer of the Approved Cryptocurrencies from one Permitted Custodian to another Permitted Custodian;
•the lending, pledging, staking or otherwise encumbering of the Approved Cryptocurrencies that is held or otherwise beneficially owned by the Company; or
•the purchase or sale of any option, warrant, convertible security, the Approved Cryptocurrencies appreciation right, or similar right with an exercise or conversion privilege at a price related to the Approved Cryptocurrencies, or similar securities with a value derived from the value of the Approved Cryptocurrencies.
Notwithstanding the above, [Redacted] are authorized to:
(i)cause the Company to acquire amounts of the Approved Cryptocurrencies (as measured at the then-current market price of the Approved Cryptocurrencies at the time of acquisition) as approved by the Board of Directors from time to time, (“Pre-Authorized the Approved Cryptocurrencies Acquisitions”), and
(ii)(ii) transfer, sell or dispose of any amount of the Approved Cryptocurrencies necessary to stay within the Working Capital Guidelines (as measured at the then-current market price of the at the time of transfer) from one or more Permitted Custodians to one or more different Permitted Custodians or to a third party (“Pre-Authorized the Approved Cryptocurrencies Transfers”), in each case, whether in a single transaction or series of related transactions, without the prior written approval of [Redacted], or
(iii)(iii) otherwise transfer, sell or dispose of any amount of the Approved Cryptocurrencies as deemed prudent given then current market conditions or upcoming needs of the Company (“Discretionary Approved Cryptocurrencies Transfers”), with the prior written approval of [Redacted].
Additionally, if any Designated Transaction has been authorized by the Board, or any other committee of the Board to which such authority has been delegated, in connection with any matter with respect to which the Board or such committee thereof is acting, no additional approval by the without the prior written approval of the [Redacted] of such transaction is required and any such transaction will not count
toward the aggregate limitations referenced in the prior paragraph (such transactions, “Board-Approved Designated Transactions”).
V. Transaction Approval
_____________________________________________________________________________________
[Redacted] will evaluate and pre-approve all proposed transactions and series of related transactions, including Pre-Authorized the Approved Cryptocurrencies Acquisitions, Pre-Authorized the Approved Cryptocurrencies Transfers and Discretionary Approved Cryptocurrencies Transfers, according to the steps described below.
A.Pre-transaction Legal, Tax, and Accounting Considerations
Prior to approval of any transaction or series of related transactions, the [Redacted] will:
•Obtain the material information and recommendations reasonably necessary for their decision;
•Determine a reasonable price and amount for the proposed transaction or series of related transactions, using market quotations or other appropriate valuation methodologies and considering anticipated needs of the business for Cash Assets;
•Evaluate any material tax and accounting aspects of the transaction or series of related transactions, including the tax and accounting aspects of any the Approved Cryptocurrencies disposal transaction, in consultation with the Audit Committee and tax and accounting advisers as appropriate;
•Consider any material legal and regulatory aspects of the transaction or series of related transactions, including any public disclosure requirements, in consultation with The Company’s outside counsel;
•Confirm that the transaction or series of related transactions will not cause the Company to fail to maintain the Working Capital Threshold;
•Confirm that the transaction or series of related transactions has been approved by [Redacted] in addition to the [Redacted], or demonstrate the transaction does not require [Redacted] approval; and
•Determine whether discretionary limits or restrictions on the manner and form of executing transactions may be warranted in light of legal, regulatory, tax, accounting, reputational or pre-established Normal Course of Business considerations.
B.Required Elements of Transaction Approval
For Designated Transactions not in the Normal Course of Business, Authorized Employees will use the transaction approval form set forth in Exhibit B (the “Transaction Approval Form”) in a written communication to [Redacted] to request approval for each transaction or any series of related transactions. [Redacted] will review and approve each transaction or any series of related transactions, including with respect to, among other things, the following, as applicable (collectively, with the Transaction Approval Form, the “Transaction Approval Requirements”):
•The amount, the timing, and the pricing of the transaction or series of related transactions; and
•The Permitted Service Provider or, if applicable, the Permitted OTC Counterparty of the transaction or series of related transactions.
[Redacted] may allow for appropriate discretion in transaction execution and may impose conditions on their transaction approval.
For Designated Transactions in the Normal Course of Business, which are primarily those transactions that involve the collection or receipt of Approved Cryptocurrencies through a Company point of sale or third-party merchant service provider from the sale of Company goods or services, specific protocols pre-established by the Company, with approval from [Redacted], will be established to automate or semi-automate the collection, receipt, transfer, disposal, conversion, exchange, swap or storage of such Approved Cryptocurrencies, with a regular report to the [Redacted] on the same.
C.Withdrawal of Transaction Approval
For Designated Transactions not in the Normal Course of Business, [Redacted] may approve of the withdrawal of the Approved Cryptocurrencies for any approved transactions that have not been executed, or any approved series of related transactions that have not been fully executed, in a written communication that:
•is authorized by [Redacted];
•expressly withdraws the approval of the transaction or series of related transactions with reference to the applicable Transaction Approval Form; and
•states briefly the reason for the withdrawal.
[Redacted] will immediately notify any Authorized Employees with responsibility for executing the withdrawn transaction or series of related transactions of the withdrawal.
For Designated Transactions in the Normal Course of Business, [Redacted] will inform [Redacted] through regular reports on the nature and amount of such Designated Transactions in the Normal Course of Business (see Exhibit E).
VI.Transaction Execution
_____________________________________________________________________________________
A.General Requirements
[Redacted], or [Redacted] working with the approval of [Redacted], may execute a transaction not in the Normal Course of Business or series of related transactions on behalf of the Company if:
•[Redacted] have (i) obtained (a) [Redacted] approval or (b) the [Redacted] approval, if required by this Policy, or confirmed that such approval is not required, and (ii) approved the transaction or series of related transactions in accordance with the Transaction Approval Requirements;
•The transaction will be executed using a Permitted Service Provider or with a Permitted OTC Counterparty;
•The transaction will be executed for the Company’s own account and for its own Reserve Management purposes, and not as part of a customer’s business or otherwise on behalf of any third party; and
•In an acquisition or transfer transaction, the Approved Cryptocurrencies will be custodied with a Permitted Custodian;
provided that only Authorized Signatories for exchange and custody accounts, as set forth in Exhibit C, may execute transactions with respect to the Company’s exchange and custodial accounts.
[Redacted] may establish and implement additional procedures and protocols for executing a transaction or administering custody of the Approved Cryptocurrencies on behalf of the Company in accordance with this Policy, which will be set forth in Exhibit C to the extent applicable.
B.Executing Acquisition Transactions
Unless otherwise specified by [Redacted], the following requirements apply to execution of the Approved Cryptocurrencies acquisition transactions other than acquisition through the receipt of Approved Cryptocurrencies from the sale of Company goods or services:
•Timing and Delivery:
a.The Company will complete each Approved Cryptocurrency acquisition by taking delivery of the counterparty’s Approved Cryptocurrency in accordance with the applicable Contractual Agreement (as defined below) and submitting payment to such counterparty;
b.The Company will accept delivery of the Approved Cryptocurrencies via the Company’s account at a Permitted Service Provider;
c.The Company will seek to complete all Approved Cryptocurrency acquisitions in accordance with the applicable Transaction Approval Requirements; and
d.The Company will take delivery of acquired Approved Cryptocurrencies as soon as reasonably practicable.
•Payment Methods: The Company will submit payment for Approved Cryptocurrency acquisitions via wire transfer or approved platform payment portal in accordance with the Company’s applicable policies and procedures governing outgoing payments. Additional payment methods may be approved by [Redacted] on a case-by-case basis.
C.Executing Disposition Transactions
Unless otherwise specified by [Redacted], dispositions of Approved Cryptocurrencies will, to the extent applicable, be subject to the same procedures and requirements as acquisitions of the Approved Cryptocurrencies, except for transactions through the Normal Course of Business resulting from the sale of Company goods or services through a Company Point of Service (the “Normal Course of Business”) wherein such transaction may require automated or semi-automated disposition of Approved Cryptocurrencies. Payment for dispositions may be received by the Company in legal tender or other forms of payment approved by [Redacted] and, if the consideration is to be in a form other than cash, [Redacted].
With respect to each the Approved Cryptocurrencies disposition transaction, Authorized Employees should, where practicable, confirm and obtain from the applicable Permitted Service Provider or Permitted OTC Counterparty the documentation needed to secure foreign-derived intangible income (“FDII”) treatment for the transaction.
VII.Permitted Services Providers and Permitted OTC Counterparties
_____________________________________________________________________________________
The following procedures apply to the Company’s engagement, use, and monitoring of Permitted Service Providers and Permitted OTC Counterparties:
A.Permitted Service Providers and Permitted OTC Counterparties
[Redacted] is required to designate third parties as permitted brokers (“Permitted Brokers”), permitted custodians (“Permitted Custodians” and together with Permitted Brokers, “Permitted Service Providers”), or permitted OTC counterparties (“Permitted OTC Counterparties”). Exhibit A contains a list of all Permitted Service Providers and Permitted OTC Counterparties. [Redacted] may amend or supplement Exhibit A from time to time to reflect any changes in designations approved by [Redacted] or to reflect the expiration of Contractual Agreements (defined below) by their terms. [Redacted] or [Redacted] will consult with the Audit Committee, the Company’s Finance and/or Legal department(s), and applicable outside legal counsel and tax and accounting advisors when evaluating possible brokers, custodians, and OTC counterparties and will consider evaluation criteria set forth in Exhibit D as applicable, prior to seeking [Redacted] approval.
B.Contractual Agreements with Permitted Service Providers and Permitted OTC Counterparties
[Redacted] may only cause the Company to enter into brokerage, custodial or OTC counterparty contractual agreements with respect to the Approved Cryptocurrencies (“Contractual Agreements”) with Permitted Service Providers and Permitted OTC Counterparties. All Contractual Agreements with Permitted Service Providers, or, if applicable, Permitted OTC Counterparties, must be approved in writing by [Redacted] and [Redacted]. So long as a Permitted Service Provider or Permitted OTC Counterparty is a party to a Contractual Agreement in effect with the Company that was approved in accordance with this Policy, such Permitted Service Provider or Permitted OTC Counterparty shall continue to be listed on Exhibit A.
All material amendments and supplements to Contractual Agreements must be approved by [Redacted] and [Redacted]. All other amendments and supplements to such Contractual Agreements only require [Redacted] approval. Terminations of Contractual Agreements by the Company other than due to expiration by the terms of the Contractual Agreements must be approved by [Redacted] and [Redacted].
C.Ongoing Monitoring of Permitted Service Providers and Permitted OTC Counterparties
[Redacted] or [Redacted] will monitor and evaluate Permitted Service Providers and, if applicable, Permitted OTC Counterparties on a periodic basis, considering the evaluation criteria set forth in Exhibit D, as applicable. [Redacted] will notify [Redacted] if a Permitted Service Provider or Permitted OTC Counterparty is performing in a manner that [Redacted] consider deficient and will consult with [Redacted] to determine the appropriate measures to be taken.
D.Specific Procedures Regarding Permitted Custodians
The Company will engage Permitted Custodians to hold the Approved Cryptocurrencies on its behalf. Unless otherwise specified by [Redacted], the Company will custody all the Approved Cryptocurrencies held as Cryptocurrency Treasury Reserve Assets with Permitted Custodians.
At any time and from time to time, [Redacted] may consider and approve transfers between Company accounts within a Permitted Custodian.
[Redacted] may allow a Permitted Service Provider to hold reserved funds of the Company for the limited purpose of enabling the Approved Cryptocurrencies purchases, transfers, sale, exchange or other disposition by the Company; provided that, the Permitted Service Provider holds such funds in an account at an FDIC-insured depository institution for the benefit of the Company.
If any service is offered by a Permitted Service Provider that is not acquiring, disposing of, or holding the Approved Cryptocurrencies, use of such service by the Company will require the prior written approval of [Redacted] and will be otherwise subject to the procedures and requirements applicable to other transactions under this Policy.
VIII.Prohibited Activities
_____________________________________________________________________________________
Neither the Company, nor [Redacted] or [Redacted] acting on behalf of the Company, will engage in any of the following transactions or other activities (each, a “Prohibited Activity”):
•transmitting the Approved Cryptocurrencies on behalf of others other than for transactions in the Normal Course of Business, and then only as part of an automated or semi-automated process following procedures and protocols approved by [Redacted];
•storing, holding, or maintaining custody or control of the Approved Cryptocurrencies on behalf of others other than for transactions in the Normal Course of Business, and then only as part of an automated or semi-automated process following procedures and protocols approved by [Redacted];
•buying and selling the Approved Cryptocurrencies as a customer business;
•performing the Approved Cryptocurrencies exchange services as a customer business;
•lending, hypothecating, or issuing the Approved Cryptocurrencies;
•front running or other activities that are intended to deceive or mislead other market participants;
•manipulating the price, value, or trading volume of the Approved Cryptocurrencies or any instruments that provide economic exposure to the Approved Cryptocurrencies; or
•aiding, abetting, enabling, financing, supporting, or endorsing any of the foregoing.
Authorized Employees have an obligation to immediately report the occurrence or suspected occurrence of any Prohibited Activity to [Redacted]. Additionally, [Redacted] must also immediately report the occurrence or suspected occurrence of any Prohibited Activity to [Redacted].
The following arrangements are prohibited with Permitted Service Providers who also provide broker services (i.e., Permitted Brokers and Permitted Custodians who act as both brokers and custodians):
•Directing transactions to a Permitted Service Provider to satisfy unrelated business obligations, including those associated with administration, operations, errors, or new business solicitation of the Company or its affiliates (i.e., promotion or sale of The Company stock or in reciprocation for any gifts or entertainment provided by the Permitted Service Provider);
•Entering into arrangements for goods or services to be received in exchange for order flow other than for transactions in the Normal Course of Business;
•Offering or promising a Permitted Service Provider payments or gifts, requesting or receiving from a Permitted Service Provider any payments, gifts, or unrelated discounted services (e.g.,
discounts on personal services), or requesting or arranging for the direction to a Permitted Service Provider of a specific amount or percentage of personal or third-party payments, as a condition to a particular transaction; or
•Any action, promise or act that would violate the Company’s Code of Conduct and Business Ethics policy or any law.
IX.Conflicts of Interest Generally
_____________________________________________________________________________________
The Company’s Code of Conduct and Business Ethics policy (as amended and restated from time-to-time, the “Code of Conduct”) requires that any transaction, relationship, or other circumstance that constitutes a conflict of interest be disclosed by the person having such a conflict to the Chief Executive Officer or Chief Financial Officer, or in the case of the an executive officer or director of The Company, to the Audit Committee of the Board. Any such transaction, relationship, or circumstance fully disclosed to, and expressly approved by, [Redacted] or [Redacted] or [Redacted], as applicable, is deemed not to violate the Code of Conduct. Ownership of the Approved Cryptocurrencies or plans to trade the Approved Cryptocurrencies may create conflicts of interest under the Code of Conduct. Some examples of such conflicts of interest (which may also constitute Prohibited Activities) are:
•Requesting or receiving a preferential rate for personal transactions from a Permitted Service Provider;
•Favoring a Permitted OTC Counterparty that has given preferential terms in a personal transaction; or
•Utilizing confidential information regarding Company transactions in the Approved Cryptocurrencies for personal gain.
These are only a few examples and not intended to be a comprehensive list of potential conflicts of interest. It is the responsibility of the individual who may have a conflict of interest to comply with the requirements of the Code of Conduct.
X.Security Procedures
_____________________________________________________________________________________
[Redacted]
XI.Accounting and Recordkeeping
_____________________________________________________________________________________
The Company will account for the Approved Cryptocurrencies on its books and records in accordance with the Company’s accounting policies and procedures. Outside counsel and accountants will advise [Redacted] of any material changes, developments, or updates to tax and accounting procedures and practices with respect to the Approved Cryptocurrencies, including those of the Company, the Financial Accounting Standards Board, the Public Company Accounting Oversight Board, the Internal Revenue Service, or other relevant organizations.
The Company will retain records of:
•any the Approved Cryptocurrencies that it holds or disposes of, including the date a particular transaction was made, the transaction details and price, and any other records or information required by the Audit Committee or the Company’s Finance department; and
•its transactions, including all acquisitions, transfers, dispositions, or events associated with the Approved Cryptocurrencies, from the date of any such transaction or event for a period of time required by the Audit Committee or such other period as may be required by applicable law, including the date and time of the transaction or event and the amount of the Approved Cryptocurrencies that was the subject of the transaction or event.
XII.Training and Enforcement
_____________________________________________________________________________________
[Redacted] are responsible for determining the appropriate method and level of training for Authorized Employees who have a role or responsibility relating to the Company’s Reserve Management.
For violations of this Policy, [Redacted] will consult with the Company’s Human Resources and Legal departments and take action in accordance with the Company’s Employee Handbook or other applicable internal Company policies.
XIII.Interpretations and Determinations
_____________________________________________________________________________________
[Redacted] have the authority and discretion to interpret this Policy (including any defined terms) and apply this Policy to Reserve Management and all other matters addressed in this Policy. If necessary, final determination of questions arising under this Policy will be made by [Redacted].
XIV.Amendments
_____________________________________________________________________________________
The Board has the authority and discretion to amend this Policy, unless such authority is explicitly delegated to [Redacted] or [Redacted] herein. [Redacted] are responsible for ensuring that all relevant Company personnel are made aware of material changes to this Policy.
Approved by the Board of Directors of the Company on May 15, 2025.
Exhibit A – Authorized Employees, Permitted Brokers, Permitted Custodians, and Permitted OTC Counterparties
_____________________________________________________________________________________
The Company’s Authorized Employees, Permitted Brokers, Permitted Custodians, and Permitted OTC Counterparties are as follows:
Authorized Employees:
[Redacted]
Permitted Brokers:
[Redacted]
Permitted Custodians:
[Redacted]
Permitted OTC Counterparties:
[Redacted]
Exhibit B –Transaction Approval Form
_____________________________________________________________________________________
Date:_______________, 2025
[Redacted] Approval Date
Approval By:
For Transaction Other than In the Normal Course of Business:
•Permitted Service Provider or, if applicable, Permitted OTC Counterparty:
•Transaction Amount:
•Transaction Timing:
•Transaction Pricing:
•Single Transaction or Series of Related Transactions:
•Other Conditions or Restrictions:
Rationale for Approving Transaction:
•[Brief narrative to be completed]
Exhibit C – Additional Procedures and Protocols for Transaction Execution
_____________________________________________________________________________________
The Company will establish standard security protocols with respect to account access and transacting on any Approved Cryptocurrency exchange or custody platform. The standard security protocols are as follows:
Overview
This section outlines the mandatory security protocols for the secure execution of cryptocurrency transactions conducted by the Company. These protocols are designed to mitigate risks related to cyber threats, unauthorized access, fraud, and asset loss while ensuring compliance with industry best practices and regulatory requirements.
1. Governance and Oversight
•VP of Data and Technology: Oversees the implementation and auditing of all transaction security procedures.
•Digital Asset Custodian: Maintains custody of wallet access credentials and ensures secure storage of private keys.
•Designate Officers and Authorized Employees: Execute transactions within their designated authority and participate in multi-signature approvals.
•Audit Committee: Reviews transactions for regulatory compliance and maintains appropriate audit records.
2. Wallet Management and Custody
2.1 Wallet Types and Usage
•Cold Wallets: Used for storing large reserves of digital assets offline; air-gapped for maximal security.
•Hot Wallets: Limited to operational liquidity with strict access controls; continuously monitored.
2.2 Wallet Security Measures
•Multi-Signature Wallets (Multi-sig): Require a minimum of 2 authorized signatures for every transaction.
•Hardware Wallets: Cold wallets must use FIPS 140-2 certified hardware wallets.
•Wallet Segregation: Separate wallets for operational funds, treasury holdings, and third-party custodial functions.
3. Access Control
•Key Generation: Private keys must be generated using secure, auditable, and offline processes.
•Storage: Keys must be encrypted using AES-256 and stored in tamper-proof HSMs or secure offline vaults.
•Access Controls: Role-based access with biometric and two-factor authentication (2FA). No use of SMS-based two factor authentication.
•Backup: Encrypted backups stored in geographically redundant, access-controlled environments.
4. Transaction Procedures
4.1 Transactions Not in the Normal Course of Business - Pre-Execution Checklist
•Initiation: Transactions must be initiated only by authorized personnel listed in the Digital Asset Custody Matrix.
•Risk Review: All transactions over threshold limits must be reviewed by the Compliance Officer for regulatory implications.
•Destination Whitelisting: Funds can only be sent to pre-approved, verified wallet addresses.
4.2 Approval Workflow
•Threshold Tiers:
o< $10,000: Dual approval (Initiator + 1 signatory).
o$10,000 – $100,000: Requires 2 multi-sig approvals.
o$100,000: Requires 2 multi-sig approvals and [Redacted] approval.
•Out-of-Band Confirmation: All approvals must be verified via secure external channels (e.g., encrypted messaging, phone call confirmation).
4.3 Execution
•Execution Environment: Transactions must be conducted within a secure, isolated execution environment (e.g., air-gapped terminal or hardened cloud-based enclave).
•Real-Time Monitoring: All transaction activity must be logged and monitored through a Security Information and Event Management (SIEM) platform.
4.4 Transactions In the Normal Course of Business
[TBD based on solution set established with third party providers]
4.5 Settlement Records: Maintain on-chain and off-chain transaction logs and conduct daily reconciliation of crypto balances and fiat-equivalents.
5. Monitoring and Auditing
•Immediate Logging: All transaction details must be logged in the internal ledger and reconciled within 1 business day.
•Audit Trail: Maintain a tamper-proof audit log including timestamps, approvers, amounts, and destination addresses.
•Incident Reporting: Any anomalies or failures must be escalated within 1 hour to the Security and Compliance teams.
6. Security Testing and Audits
•Penetration Testing: Annual third-party testing on wallet systems and transaction infrastructure.
•Access Review: Quarterly review of access permissions and roles.
•Audit Frequency: Monthly internal audits and bi-annual external audits of all transaction records.
•Accounting Standards: Use GAAP/IFRS-based valuation methodology for cryptocurrencies with fair value disclosure and impairment testing as required.
•Reporting Obligations: Periodic reporting to shareholders (10-Q, 10-K) on crypto holdings. Audit committee notification for significant changes or incidents. Public display of crypto wallet holdings with regular updates.
7. Incident Response Plan
7.1. Breach Containment
•Immediate key rotation in the event of compromise.
•Transaction freeze protocol if unauthorized movement is detected.
7.2. Post-Mortem & Notification
•Conduct forensic investigation within 48 hours of incident.
•Notify SEC and relevant regulators within mandated timelines.
7.3. Insurance Coverage
•Maintain cybersecurity insurance specifically covering crypto theft and fraud.
8. Business Continuity & Disaster Recovery
8.1. Disaster Preparedness
•Offline backup of all wallets and keys.
•DR site with full capability to resume wallet operations within 72 hours.
8.2. Contingency Planning
•Regular drills and testing of BCP/DRP protocols.
•Succession plan for key personnel handling crypto functions.
9. Training & Awareness
•Annual crypto treasury training for finance, security, and audit teams.
•Cybersecurity awareness programs including phishing simulations and access hygiene.
Policy Enforcement
Non-compliance with this protocol may result in disciplinary action, up to and including termination, and will be reported to the appropriate regulatory bodies if required. Exceptions to any part of this protocol require written approval from [Redacted] and [Redacted].
In the event a Permitted Service Provider or Permitted OTC Counterparty is not able to adhere to these security protocols, the transaction execution process will default to the transaction execution requirements of this Policy and of the applicable Permitted Service Provider or Permitted OTC Counterparty.
Authorized Signatories for Exchange Accounts
[Redacted]
Authorized Signatories for Custody Accounts
[Redacted]
Approved by the Designated Officers on ____________, 2025.
Exhibit D – Criteria for Evaluating Brokers, Custodians, and OTC Counterparties
_____________________________________________________________________________________
Criteria for Evaluating Brokers
The following selection criteria are provided for illustrative purposes and may be utilized when selecting brokers and/or dealers (hereinafter “brokers”). Such criteria include:
•A broker’s financial condition;
•The broker’s responsiveness and speed of execution;
•The broker’s willingness and ability to enter into and take financial risks in large and difficult transactions;
•The facilities that the broker makes available (including trading networks, access to other brokers and markets, and resources for positioning as principals);
•The potential methods of execution (i.e., on an agency or principal basis) that a broker can make available, including the effect on price, transaction confidentiality, and counterparty risk;
•The broker’s information and cybersecurity practices;
•The transparency and reasonableness of the broker’s rates, fees, and other compensation;
•The broker’s capability of providing appropriate documentation and control functions to satisfy any requirements the Company’s Finance department may request with respect to FDII reporting or other service features with tax reporting utility (e.g., cost basis tracking);
•The broker’s compliance with applicable laws, including federal money services business laws, state money transmitter laws, and other laws applicable to the broker’s business;
•Any governmental or regulatory investigations involving the broker;
•The broker’s general reputation, including any history of complaints or lawsuits against the broker and whether the broker has been the subject of negative press; and
•Any listings, certifications or registrations issued by any federal government department or agency indicating the Broker’s qualifications and competence to handle Designated Transactions.
Criteria for Evaluating Custodians
The following selection criteria are provided for illustrative purposes and may be utilized when selecting custodians, in addition to the broker selection criteria (listed above) where relevant. Some custodians serve as both a custodian and a broker, and the fundamental counterparty risks remain common to both brokers and custodians. Additional custodian-specific criteria include:
•The custodian’s history and experience in the Approved Cryptocurrencies custody;
•Whether the custodian is subject to supervision and examination by a prudential regulator (e.g., the Office of the Comptroller of the Currency, another bank regulator, or the New York State Department of Financial Services);
•The custodian’s contractual commitments to high standards of care and performance;
•The custodian’s cybersecurity procedures and audit and resiliency planning, including whether the custodian conducts regular SOC audits and security and penetration testing;
•Whether, and to what extent, a custodian has insurance coverage to cover potential losses of customer assets;
•The custodian’s status as a “qualified custodian” as defined under the federal securities laws;
•The custodian’s willingness to treat the Approved Cryptocurrencies under custody as a “financial asset” under Article 8 of the Uniform Commercial Code;
•Whether the custodian’s contract provides for the Company’s the Approved Cryptocurrencies to remain the Company’s property at all times and not subject to the custodian’s bankruptcy or receivership estate;
•The custodian’s compliance with applicable capitalization requirements, laws, and regulations, including federal money services business laws, state money transmitter laws, and other laws applicable to the custodian’s business;
•Any governmental or regulatory investigations involving the custodian;
•The custodian’s general reputation, including any history of complaints or lawsuits against the custodian and whether the custodian has been the subject of negative press; and
•Any listings, certifications or registrations issued by any federal government department or agency indicating the custodian’s qualifications and competence to handle Designated Transactions.
Criteria for Evaluating OTC Counterparties
Among the factors that may be utilized during the OTC counterparty due diligence process are:
•The OTC counterparty’s compliance with applicable laws, including federal money services business laws, state money transmitter laws, and other laws applicable to the counterparty’s business;
•The OTC counterparty’s financial stability, including ability to fulfill contractual obligations;
•The OTC counterparty’s information and cybersecurity practices with respect to the Approved Cryptocurrencies acquired by the Company;
•Any restrictions on engaging in transactions with OTC counterparties under applicable laws and regulations, including whether such transactions would be in accordance with the Company’s sanctions compliance policy; and
•Any listings, certifications or registrations issued by any federal government department or agency indicating the Broker’s qualifications and competence to handle Designated Transactions.
Exhibit E – Report for Transactions In the Normal Course of Business
_____________________________________________________________________________________
Date: ______________
Period Covered by Report: _____________
Designated Officer: ______________
Number of Transactions During Period, by Type:
# Total $ Value Received
Bitcoin: ______ _______
Dogecoin: ______ _______
Total amount of Approved Cryptocurrencies Received, by Type:
# $ Equiv. Weighted Avg Value
Bitcoin: ______ _______ _______
Dogecoin: ______ _______ _______
Total amount of Approved Cryptocurrencies Transferred, Sold, Exchanged or Otherwise Disposed of, by Type
# $ Equiv. Weighted Avg Value
Bitcoin: ______ _______ _______
Dogecoin: ______ _______ _______
Remaining number of Approved Cryptocurrencies Held at End of Reporting Period, by Type:
# $ Equiv. Weighted Avg Value
Bitcoin: ______ _______ _______
Dogecoin: ______ _______ _______
Total Fees Incurred for Transactions, by Type:
# $ Equiv. Weighted Avg Value
Bitcoin: ______ _______ _______
Dogecoin: ______ _______ _______
[Brief narrative of the events for transactions in the Normal Course of Business during the reporting period, by Cryptocurrency type]