Skip to main content

Abstract

The Risk Management Framework provides a structured and scalable approach to identifying, assessing, mitigating, and monitoring risks across all facets of Endaoment’s operations. As Endaoment grows and evolves, this framework ensures that our risk management practices remain robust and effective. Each specific risk type within our organization is paired with a dedicated policy document that outlines the procedures, controls, and strategies implemented to limit and manage that particular risk. By adhering to this framework, Endaoment ensures the integrity, compliance, and resilience of its financial products and operational processes, thereby safeguarding the trust of our stakeholders and donors.

Disclaimer

These documents outline Endaoment’s public commitments regarding risk management and compliance across various risk categories. It does not encompass the entirety of our compliance framework, nor the specific policies, procedures, training, or internal controls and assessments therein. For more information on our compliance program, please contact us directly.

Scope and Applicability

All policies in this framework, at minimum, apply to:
  • All Endaoment employees, including full-time, part-time, and temporary staff.
  • Contractors and consultants acting on behalf of Endaoment.
  • Board members and other governing body members.
  • Third parties, including vendors, partners, and service providers engaged with Endaoment.
Violations of any related policy may lead to disciplinary actions, including termination of employment or contracts, and potential legal consequences where applicable. In the event of a conflict of law, the more stringent of either this policy or the applicable law will be applied. This ensures that Endaoment maintains the highest standard of compliance and risk management across all operations.

Governance Structure

Risk Management Committee

Endaoment has established a Risk Management Committee responsible for overseeing the implementation and maintenance of the Risk Management Framework. This committee is composed of senior executives, including the Chief Executive Officer (CEO), Chief Operating Officer (COO), and other key stakeholders. Responsibilities:
  • Review and approve the Risk Management Framework and associated policies.
  • Ensure alignment of risk management practices with organizational objectives.
  • Monitor the effectiveness of risk mitigation strategies.
  • Facilitate regular training and awareness programs.
  • Oversee the continuous improvement of risk management processes.

Roles and Responsibilities

  • Executive Team: Provides strategic direction and ensures resources are allocated for effective risk management. Coordinates risk assessments, maintains risk registers, and ensures compliance with policies.
  • Department Heads: Identify and manage risks within their respective areas, ensuring adherence to the framework.
  • All Employees: Participate in risk management activities, report potential risks, and comply with established policies and procedures.

Risk Types

Endaoment categorizes risks into the following primary types, each supported by a dedicated policy document:

Bribery and Corruption Risk

Bribery and Corruption risk encompasses the likelihood of Endaoment or individuals associated with Endaoment engaging in unethical or illegal practices, including bribery and corruption in both onchain and offchain interactions. This risk involves the offering, giving, receiving, or soliciting anything of value to influence the actions of an official or other person in a position of trust. It also includes acts of embezzlement, fraud, and other corrupt practices that might occur either within Endaoment’s internal operations or through its external interactions.

Continuity Risk

Continuity risk refers to the potential for disruption of business operations for any reason, including system failures, staff changes, and organizational dissolution. This risk also encompasses the inherent expectation for blockchain products to be perpetually accessible, requiring robust and resilient systems capable of delivering consistent service.

Counterparty + Anti-Corruption Risk

Counterparty + Anti-Corruption risk refers to the potential for a counterparty Endaoment interacts with (whether on or offchain) to not fulfill their end of an agreement or transaction. It also refers to the potential for a third party to act illegally on Endaoment’s behalf without our knowledge or engage in corrupt practices.

Custodial Risk

Custodial risk refers to the potential for assets, both digital and physical, to be mishandled, lost, or stolen. This is especially important when overseeing Endaoment’s use of private keys and digital wallets that control the Endaoment ecosystem of smart contracts. Stringent custodial requirements are necessary to ensure these keys or any assets are not lost, misplaced, or fall into the hands of malicious actors.

Data Privacy Risk

Data Privacy Risk refers to the potential for a user’s personally identifiable information (PII) to be shared non-compliantly with external parties, as well as the process for allowing users to request that their data be deleted. Given that Endaoment handles sensitive information about both individual taxpayers and corporations, it is crucial to ensure that PII or other private data remains safe and is not published onchain in any form.

Finance & Accounting Risk

Finance & Accounting risk refers to the potential for errors or discrepancies in financial management, bookkeeping, and reporting. Operating in the web3 space, Endaoment utilizes blockchain technology as the single source of truth, comparing all financial measurements with onchain data to ensure accuracy and integrity.

Fraud Risk

Fraud risk refers to the potential for malicious actors to scam, steal, or issue unauthorized transactions. Given the irreversible nature of onchain transactions, an extreme emphasis on re-verification (KYC) for withdrawals is necessary to ensure the authenticity of transactions and mitigate potential risks.

Investment Risk

Investment risk refers to the potential for negative performance of invested assets, either onchain or traditional. Given the volatile nature of alternative assets, including cryptocurrencies and other onchain assets, price changes (AUM changes) are anticipated and must be planned for accordingly. Legal Compliance + Regulatory risk refers to the potential for non-compliance in terms of adhering to relevant laws and regulations in charitable giving, wealth management, or retirement account spaces. This includes financial regulations, data protection regulations, consumer protection regulations, etc.

Market Liquidity Risk

Market Liquidity risk refers to the potential impediments introduced into the buy/sell flow for assets. Given that many onchain assets have low and fluctuating liquidity, price impacts at the moment of trade execution are possible and must be mitigated wherever possible. This risk includes, but is not limited to, slippage, price impact, and Miner Extractable Value (MEV) attacks.

Sanctions/KYC/AML Risk

Sanctions/KYC/AML risk refers to the potential for non-compliance with KYC/AML regulations and exposure to sanctioned entities or countries, including those on OFAC’s SDN list. Given the open nature of the blockchain space, a clear process for adhering to KYC/AML policies and addressing erroneous or maliciously broadcast blockchain transactions is essential.

Smart Contract + Technology Risk

Smart Contract + Technology risk refers to potential vulnerabilities or failures that could occur due to the smart contracts we use to underpin the blockchain ecosystem within which we operate. These risks include, but are not limited to, bugs in the code, faulty logic, or unknown exploitable attack vectors that can be used to steal funds. This risk also includes the challenges associated with operating in a rapidly evolving technological landscape, where changes to the tech stack can impact operations.

Stablecoin De-Peg Risk

Stablecoin De-Peg risk refers to the potential for stablecoins to fail to maintain their peg, resulting in significant fluctuations in value beyond a minimal percentage on the open market. As Endaoment holds all idle cash as USD Coin (USDC), this risk is associated with potential financial losses.
I