Custodial
Abstract
Custodial risk encompasses potential security breaches or losses related to the ownership and safeguarding of assets. This includes risks associated with the loss, misplacement, or unauthorized acquisition of private keys, which control our smart contract-backed ecosystem. The irreversible nature of blockchain transactions amplifies these risks. Additionally, custodial risk pertains to traditional assets such as physical securities, documents, and other valuable items requiring protection. Ensuring the security and integrity of these assets involves safeguarding against unauthorized access, theft, and accidental loss, making robust security measures essential. Endaoment is committed to mitigating these risks through stringent custodial procedures, including multi-factor authentication, regular compliance checks, and advanced security mechanisms applicable to assets under our purview.
Policy Statement
Endaoment is dedicated to maintaining secure and hardened accounts accessible only to authorized users and administrators. We manage custodial risks through the implementation of multi-factor authentication both on and off the blockchain, regular Know Your Customer (KYC) checks, and other security enhancement mechanisms. Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.
Risk Management Strategy
Risk Assessment
- Asset Inventory and Classification
- Maintain a comprehensive inventory of all assets under custody, categorizing them based on their sensitivity and value.
- Threat Analysis
- Identify and evaluate potential threats to asset security, including cyber threats, insider threats, and physical security risks.
Risk Mitigation
- Access Control Measures
- Implement strict access controls to ensure that only authorized personnel can access sensitive assets. This includes the use of multi-factor authentication and role-based access controls.
- Encryption and Secure Storage
- Utilize advanced encryption techniques for both digital and physical assets. Ensure that private keys and other critical information are stored securely, minimizing the risk of unauthorized access.
Monitoring and Reporting
- Continuous Monitoring
- Employ continuous monitoring systems to detect and respond to unauthorized access attempts or suspicious activities related to asset custody.
- Incident Reporting Mechanism
- Provide a secure and anonymous system for reporting suspected breaches or losses of custodial assets.
Operational Controls
Policies and Procedures
- Documentation
- All custodial risk management policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.
- Annual Review
- Conduct an annual review of policies, updating them as necessary to reflect current best practices and regulatory changes.
Custodial Procedures
- Private Key Management
- Ensure that private keys are generated, stored, and managed using industry-standard security practices. Access to private keys is restricted to authorized personnel only.
- Secure Asset Transfer
- Establish secure protocols for the transfer of assets, both onchain and offchain, to prevent unauthorized transactions and ensure the integrity of transfers.
Vendor Management
- Compliance Standards
- Implement stringent controls and regular reviews of vendor relationships to ensure compliance with Endaoment’s custodial and security standards.
Segregation of Duties
- Role Segregation
- Ensure that critical procedures and systems have segregated duties to prevent any single individual from having full control over any process without oversight.
- Approval Processes
- Maintain segregated claim diligence and approval processes to uphold checks and balances.
Disaster Recovery and Business Continuity Planning
- Plan Development
- Develop and maintain comprehensive disaster recovery and business continuity plans tailored to custodial risks.
- Regular Updates
- Update these plans as business needs evolve to address new threats and vulnerabilities.
- Effectiveness Assurance
- Ensure that these plans are effective in maintaining asset security and operational continuity during disruptions.
System Redundancy and Robustness
- High Availability Design
- Design systems with high availability and redundancy to handle surges in demand and minimize the impact of potential failures.
- Failure Minimization
- Implement measures to reduce downtime and ensure continuous service delivery, protecting custodial assets from loss or theft.
Personnel Management
- Succession Planning
- Develop succession plans to minimize the impact of personnel changes on custodial operations.