Custodial Risk
Abstract
Custodial risk encompasses the broad spectrum of potential security breaches or losses pertaining to the ownership and safeguarding of assets. This includes the dangers associated with the loss, misplacement, or unauthorized acquisition of private keys, which control the smart contract-backed ecosystem. This risk is magnified due to the irreversible nature of blockchain transactions. Custodial risk also refers to traditional assets like physical securities, documents, or other valuable items that require safeguarding. Ensuring the security and integrity of these assets involves protecting against unauthorized access, theft, and accidental loss, making robust security measures critical. Endaoment is committed to mitigating these risks through stringent custodial procedures, including multi-factor authentication, regular compliance checks, and other advanced security mechanisms applicable to assets under our purview.
Policy
Endaoment believes in providing secure and hardened accounts only accessible to the user and administrators. We manage these risks through use of multi-factor authentication both on and off the blockchain as well as regular KYC checks and other security enhancement mechanisms.
Scope and Applicability
This policy applied to all Endaoment employees, contractors, board members, and those acting on behalf of Endaoment in any capacity. Non-compliance with this policy may lead to disciplinary action up to and including termination/removal. Should there be a conflict of law, the more stringent of either this policy or the applicable law will be applied.
Operational Controls + Testing
Internal controls will be monitored and/or tested on a periodic basis determined by risk. Monitoring and testing outcomes will be used to inform the continuous improvement of internal controls in order to appropriately mitigate risk.
Training
All Endaoment employees will receive training on Legal Compliance + Regulatory Risk to ensure policy continuity and application. New hires will be trained within their first 60 days, and mandatory incumbent trainings will be conducted bi-annually with all current employees.
Governance
This policy will be reviewed by the executive team and updated semi-annually to ensure it remains up-to-date. Escalation of any questions, concerns, or requests for exceptions regarding this policy must be made to the Endaoment executive team and approved unanimously.