Standard 5: Investment Operations

the standard firms must maintain robust investment operations this includes a best execution framework with regular assessment and documentation of execution quality; complete audit trail for all trading and investment activities with appropriate retention periods; and daily reconciliation processes with timely identification and resolution of breaks firms must maintain diversified trading relationships and venue connectivity appropriate to strategy and asset classes and establish operational controls appropriate for 24/7 market structure and digital asset characteristics introduction investment operations in digital assets are a critical part of risk management, not just back office tasks transactions settle instantly and cannot be reversed, as there is no clearing house involved smart contracts, which automate transactions, can introduce coding errors that pose operational risks not found in traditional finance custody of digital assets requires understanding of private key cryptography, multi signature schemes, and hardware security modules due to this operational complexity, firms need strong internal capabilities rather than relying solely on external fund administrators for managing digital assets standard 5 highlights the need for a solid operational setup that meets the technical and operational needs of managing digital assets this involves using advanced trading systems that can execute trades on multiple platforms and analyze transaction costs firms should also keep track of their positions across exchanges and custody providers in real time additionally, they must create business continuity plans to handle specific failure scenarios related to digital assets operational failures can have serious consequences for example, losing private keys permanently means losing access to assets; smart contract exploits can drain assets without recovery; and exchange hacks can cause losses that cannot be recovered from the counterparty achieving this standard involves investing in scalable technology infrastructure and not underestimating operational requirements it requires rigorous due diligence and testing of smart contracts, implementing multi person authorization for significant transactions, maintaining comprehensive audit trails to demonstrate best execution and operational controls, and continuously investing in systems, personnel, and procedures managing institutional digital assets with inadequate operational infrastructure creates significant risks that investors will not accept, regardless of investment performance 5 1 trading infrastructure and technology trading infrastructure functions as the technological backbone enabling investment execution infrastructure quality determines execution speed, multi venue access, risk monitoring capability, and audit trail completeness inadequate infrastructure creates operational constraints limiting strategy execution, generates incomplete records complicating regulatory compliance, and introduces operational risks through manual processes and insufficient controls infrastructure requirements scale with strategy complexity—high frequency strategies demand low latency connectivity while venture strategies require robust position tracking and reporting systems 5 1 1 system architecture trading architecture combines proprietary systems, commercial platforms, and exchange connectivity into a cohesive operational infrastructure design priorities must emphasize reliability, security, scalability, and auditability over cost minimization the core components of an institutional grade system include order management system (oms) a centralized platform for managing orders, tracking positions, and monitoring risk in real time the oms should aggregate positions across all venues and custody providers while calculating real time p\&l with mark to market pricing it must enable order routing to multiple exchanges, maintain a complete audit trail of all trading activity, and integrate with compliance systems for trade surveillance execution management system (ems) sophisticated execution tools that enable algorithmic trading, smart order routing, and transaction cost analysis core functionality includes volume weighted average price (vwap) and time weighted average price (twap) algorithms to minimize market impact, limit order management across venues, and execution quality measurement through transaction cost analysis (tca) the ems is essential for managing large positions that require careful execution portfolio management system (pms) the system responsible for maintaining the official books and records, including positions, transactions, cash movements, and performance calculations the pms should integrate with the oms for trade capture, custody providers for reconciliation, pricing services for valuation, and fund administrators for nav calculation this component is critical for regulatory reporting, investor communications, and performance attribution risk management system a tool for real time risk analytics that calculates exposure metrics, monitors limits, and generates alerts the system should track position concentration, counterparty exposure, leverage utilization, var calculations, and stress test results direct integration with the oms enables pre trade risk checks to prevent limit breaches 5 1 2 technology governance formal technology governance processes are essential to ensure infrastructure reliability, security, and regulatory compliance this framework provides oversight for vendor management, change control, cybersecurity, and disaster recovery vendor due diligence a rigorous evaluation of third party technology providers that includes security assessments, financial stability reviews, reference checks, and the negotiation of service level agreements (slas) fiduciaries must also conduct annual vendor reviews to assess ongoing performance and continued suitability system integration documented integration plans for all new systems these plans must cover data flows, api connections, testing procedures, and rollback protocols testing must be performed in non production environments prior to any production deployment change management formal control procedures for all technology updates these requirements include written change requests with business justification, impact assessments for affected systems, and verification of testing before implementation rollback procedures and post implementation reviews are mandatory to mitigate deployment risks cybersecurity program a comprehensive suite of security controls this includes network segmentation, endpoint protection, intrusion detection, and vulnerability scanning the program must also incorporate regular penetration testing, security awareness training for staff, and formal incident response procedures access controls implementation of least privilege access principles through role based permissions multi factor authentication (mfa) is required for all systems regular access reviews should be conducted to remove unnecessary privileges, and audit logging must track all administrative activities takeaway message best execution in fragmented crypto markets requires systematic analysis, not just competitive pricing the same token may trade at materially different prices across venues at any given moment executing without documented consideration of available venues, their liquidity characteristics, and total execution cost may not satisfy best execution obligations best practice is maintaining an execution policy that specifies venue selection criteria, requires documentation of execution rationale for significant trades, and includes periodic transaction cost analysis for large orders, pre trade analysis of available liquidity across venues—considering depth, spread, and settlement characteristics—demonstrates the rigor institutional investors expect 5 2 trade execution and best execution best execution is the fiduciary duty to seek the most favorable terms for client transactions, considering factors such as price, speed, likelihood of execution, settlement certainty, and total transaction costs in digital asset markets, which are often fragmented and less transparent than traditional securities markets, achieving and documenting best execution can be challenging multiple trading venues may offer the same asset but differ in liquidity, pricing, and counterparty risk therefore, systematic analysis of venues and careful selection of execution strategies are essential best execution involves both obtaining the best possible outcome and maintaining thorough documentation to demonstrate that the execution process systematically aims for optimal results rather than convenience investment managers should prioritize transparency and diligence in execution practices to uphold fiduciary responsibilities in the digital asset space 5 2 1 best execution policy a formal best execution policy outlines the internal processes for achieving and recording optimal transaction terms across all trading activity the policy must comprehensively define the following best execution factors specific criteria used to evaluate execution quality, including quoted price, available liquidity, execution speed, and certainty the policy must also account for market impact, information leakage, settlement risk, and counterparty credit quality factor weighting must vary by order characteristics; for instance, large orders prioritize minimizing market impact, while small orders emphasize price and speed venue selection and monitoring a structured process for approving trading venues through due diligence this assessment covers liquidity trends, pricing competitiveness, custody arrangements, and counterparty creditworthiness it also includes a review of the venue's regulatory status, jurisdictional risks, and operational reliability ongoing monitoring must compare execution quality across venues to identify optimal options by asset and order size, supported by quarterly suitability reviews transaction cost analysis (tca) a methodology for measuring execution costs systematically the tca framework should calculate implementation shortfall (comparing execution price to decision price), arrival price analysis for slippage, and vwap comparisons for algorithmic trades additionally, it must include fee analysis across different venues and market impact assessments monthly tca reports are required to identify performance trends and venue efficiency documentation requirements all material transactions require a clear audit trail demonstrating the pursuit of best execution this includes the order rationale, urgency assessment, venue selection justification, and the reasoning behind the chosen execution strategy documentation must also incorporate post trade tca analysis and lessons learned these records prove regulatory compliance and demonstrate execution discipline to institutional allocators 5 2 2 execution strategies different execution strategies are available to optimize trading based on factors such as order size, urgency, and current market conditions when choosing a strategy, it is important to consider the characteristics of the trade and the specific objectives of the execution investment managers in the digital asset space should evaluate these elements carefully to ensure effective and compliant trading practices adopting a well informed approach to strategy selection supports fiduciary responsibilities and aligns with best practices outlined by the sec and other regulatory bodies consistent application of these principles helps maintain market integrity and promotes efficient asset management algorithmic trading algorithms break large orders into smaller pieces executing over time minimizing market impact vwap algorithms target volume weighted average price, twap algorithms spread execution evenly over time, implementation shortfall algorithms balance speed versus impact algorithmic execution requires ems connectivity and venue access supporting programmatic trading direct market access (dma) executing trades directly on exchange order books provides price transparency and control appropriate for standard size orders in liquid markets where posted liquidity sufficient requires order management systems with exchange connectivity and real time market data over the counter execution (otc) trading directly with market makers for large or illiquid positions prevents market impact and information leakage otc execution requires multiple market maker relationships for competitive quotes, reference pricing from exchange data verifying reasonableness, documentation of quote solicitation and selection, credit assessment of otc counterparties smart order routing (sor) automated routing to venues offering best prices and liquidity sor systems monitor multiple venues simultaneously, route orders dynamically based on real time conditions, and aggregate partial fills across venues essential for firms trading across numerous exchanges takeaway message reconciliation delays compound quickly a break unresolved for days can mask errors, fraud, or custody issues that grow harder to untangle over time daily reconciliation of all positions to independent sources (custodian statements, exchange records, blockchain data) is the operational baseline for institutional quality operations best practice is establishing break aging thresholds with escalation requirements—for example, any break unresolved after three business days requires escalation to senior operations and documentation of resolution efforts regular reporting on reconciliation status, including break aging and resolution trends, demonstrates operational discipline to allocators and auditors alike 5 3 digital asset operations digital asset operations involve specific processes and controls that are different from traditional asset management these include managing digital wallets, interacting with smart contracts, authorizing on chain transactions, and participating in decentralized finance protocols such operations require a clear understanding of blockchain technology, cryptographic security, and how smart contracts work errors in handling digital assets are often irreversible transactions cannot be recalled, smart contract interactions cannot be undone, and assets sent to incorrect addresses are permanently lost investment managers should be aware of these risks and ensure proper procedures are followed to minimize errors and protect assets effectively 5 3 1 wallet management formal wallet management policies establish essential controls to prevent operational errors and security breaches wallet operations must utilize multi layered security and rigorous authorization procedures multi signature architecture all material wallets should require multiple signatures to authorize transactions typical configurations include 2 of 3 for operational wallets, 3 of 5 for treasury wallets, and 4 of 7 for cold storage signers must be distributed across different individuals and geographic locations to eliminate single points of failure hardware security modules (hsms) private keys should be stored in hsms or hardware wallets that are never exposed to network connected systems key generation must occur within this secure hardware, and backup procedures must ensure key recovery can occur without compromising security address whitelisting all external addresses must be whitelisted before they can receive transactions the whitelisting process requires address ownership verification (via signed message or test transaction), a documented business justification, dual approval from separate individuals, and a mandatory waiting period before activation this prevents assets from being sent to incorrect or malicious addresses transaction authorization multi person approval is required for all outbound transactions the process includes initiation with business justification, independent verification of the amount and destination, dry run testing on a testnet when possible, final approval from authorized personnel, and post transaction confirmation of settlement wallet inventory a complete registry must be maintained of all wallets, including addresses, custody arrangements, authorized signers, asset types, and purpose regular reconciliation is required between the inventory and actual holdings, and abandoned wallets must be identified so assets can be recovered or disposed of properly 5 3 2 smart contract interaction interacting with defi protocols and smart contracts introduces operational risks that require formal approval and testing every interaction should be treated as a material operational decision subject to rigorous due diligence smart contract due diligence a thorough assessment must be conducted before approving protocol usage this includes reviewing audit reports from reputable firms, internal or external code reviews, historical incident analysis, and assessments of total value locked (tvl) and usage patterns it also requires evaluating governance and upgrade mechanisms, as well as insurance availability and coverage terms transaction simulation all contract interactions must be simulated in test environments before execution on the mainnet simulation verifies that expected state changes occur correctly, gas costs remain acceptable, no unexpected permissions are granted, and slippage/price impact stay within tolerances tools such as tenderly or phalcon should be utilized for this purpose authorization procedures smart contract interactions require an approval hierarchy based on materiality while small routine transactions may proceed with a single approval, novel protocol interactions require investment committee authorization documentation must include the protocol description, the function called, business rationale, risk assessments for worst case scenarios, and simulation verification emergency procedures response plans must be established for exploits or emergencies, including monitoring systems to detect unusual activity and emergency contact protocols for protocol teams designated personnel must have the authority to exit positions immediately without standard approvals, supported by communication protocols for stakeholders and post incident lessons learned documentation takeaway message digital asset corporate actions—airdrops, forks, staking rewards, governance distributions—require procedures that don’t exist in traditional markets missing a fork deadline or failing to claim an airdrop directly reduces client value, and unlike traditional securities, there’s no central depository ensuring proper receipt and allocation best practice is maintaining a protocol event monitoring process that tracks upcoming events across held assets, documents decisions made (participate or not, and rationale), and ensures proper allocation of any proceeds across client accounts firms should be able to demonstrate how a recent protocol event was identified, evaluated, decided, and allocated 5 4 multi chain and defi operations operating across multiple blockchains and defi protocols requires sophisticated understanding of each network's unique characteristics while maintaining standardized processes ensuring consistency and control multi chain operations introduce complexities around gas mechanics, finality assumptions, and protocol specific risks that demand systematic operational frameworks 5 4 1 multi chain operational requirements each blockchain presents distinct operational requirements demanding tailored procedures ethereum operations complex gas mechanics require sophisticated optimization strategies the eip 1559 base fee plus priority fee structure demands dynamic fee management, as high gas prices during network congestion can make transactions uneconomical mev protection is essential to prevent sandwich attacks and front running transaction nonce management is critical for sequential processing, and monitoring the mempool is necessary for transaction status and identifying potential stuck transactions bitcoin operations the utxo model requires different accounting approaches than account based chains fee estimation is challenging during high network activity confirmation requirements typically mandate a 6 block minimum for material amounts rbf (replace by fee) procedures are necessary for stuck transactions address type considerations (legacy, segwit, taproot) affect both fees and compatibility alternative layer 1 blockchains each chain has unique consensus mechanisms affecting finality assumptions solana requires managing priority fees and understanding network congestion patterns avalanche subnets introduce additional complexity around cross subnet operations network specific risks include validator centralization and governance structures layer 2 solutions bridging operations introduce additional complexity and risk withdrawal delays vary significantly across l2 solutions—for example, 7 days for optimistic rollups versus faster zk rollups bridge security becomes a critical operational consideration gas optimization differs between l1 and l2, and monitoring l2 sequencer health and potential downtime is required 5 4 2 defi protocol operations defi protocol interactions require a systematic framework from initial due diligence through ongoing position management phase 1 protocol due diligence comprehensive assessment before any protocol interaction this includes smart contract audit reviews from multiple reputable firms (minimum two independent audits), code reviews by internal developers or external specialists, team assessments, and sustainability analysis of the economic model it also requires analyzing tvl trends, user adoption patterns, governance structures, upgrade procedures, historical incident analysis, and insurance availability phase 2 position entry a graduated approach to new protocol exposure this includes a test transaction with a minimal amount to verify functionality, gradual scaling over multiple transactions to monitor for issues, and position size limits during the initial period (e g , maximum 5% of protocol allocation in the first 30 days) interactions must be documented with rationale and approvals phase 3 ongoing management continuous monitoring and active management of defi positions this involves yield collection procedures, rebalancing triggers responding to rate changes, governance participation decisions, and impact assessments for protocol upgrades it also requires tracking collateralization ratios for lending, monitoring impermanent loss for liquidity provision, and monitoring position size against protocol risk limits phase 4 exit planning a systematic approach to position unwinding this includes liquidity assessment for exit sizing, market impact analysis for large positions, gas cost optimization for exit transactions, and slippage tolerance parameters emergency exit procedures must be ready if protocol compromise is suspected, with documentation of exit rationale and execution defi risk management requirements position size maximum position size per protocol, typically 10–15% of protocol allocation audit standards minimum of two independent audits from recognized firms tvl thresholds minimum tvl (e g , $100m+) before material exposure governance active monitoring for parameter changes emergency controls established emergency exit authority and procedures 5 4 3 staking operations staking operations require balancing yield optimization with liquidity management and operational risk validator selection framework comprehensive criteria for validator selection including performance history, uptime statistics, commission rates, fee structures, infrastructure quality, and geographic distribution assessment also includes slashing history, risk management, governance behavior, minimum self stake ("skin in the game"), and responsiveness liquidity management critical consideration of unbonding period constraints these vary by chain (e g , ethereum 1 day; cosmos 21 days; polkadot 28 days) fiduciaries must maintain unstaked reserves for liquidity, evaluate liquid staking derivatives (steth, reth) and their associated risks, and model worst case liquidity scenarios accounting for unbonding delays reward management a structured approach to staking rewards, including claiming frequency optimization (gas costs vs compounding benefits), auto compounding vs manual reinvestment, tax implications of timing, and separate accounting for rewards staking risk monitoring ongoing oversight of staking related risks, including validator performance/downtime, slashing events and risk triggers, network wide slashing incidents, and governance proposals affecting parameters it also includes monitoring protocol upgrades and changes in validator commissions takeaway message how errors are handled reveals operational culture every error—regardless of size—should be documented, investigated for root cause, and reviewed for process improvements the goal is not zero errors (unrealistic in any operation) but systematic learning that reduces error frequency and impact over time best practice is maintaining an error log that captures what happened, how it was discovered, root cause analysis, client impact and resolution, and process changes implemented periodic review of error patterns can identify systemic issues requiring broader remediation a mature operations function acknowledges errors occur and demonstrates systematic improvement 5 5 operational security framework operational security involves implementing comprehensive controls to address both traditional cybersecurity threats and vulnerabilities specific to cryptocurrencies the irreversible nature of blockchain transactions and the continuous operation of markets present unique security challenges a single compromised credential can lead to immediate and unrecoverable financial losses investment managers in the digital asset space should prioritize robust security measures to safeguard assets and maintain trust it is essential to understand the risks associated with blockchain technology and to establish protocols that mitigate potential threats effectively regular security assessments, strong authentication practices, and continuous monitoring are key components of a sound operational security strategy in this domain 5 5 1 authentication and access controls multi factor authentication serves as foundational security control for all systems handling digital assets however, not all mfa implementations provide equivalent security—sms based two factor authentication remains vulnerable to sim swapping attacks that have cost crypto firms millions in losses, while hardware based authentication provides substantially stronger protection against credential compromise the authentication framework must distinguish between system types based on risk profile, applying strongest controls to systems with direct financial access while maintaining operational efficiency for lower risk systems table 1 authentication requirements by system type true 162,165 99798387096774,165 99798387096774,167 0040322580645 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type hardware security keys (yubikey, google titan, or similar fido2 compliant devices) provide the strongest authentication protection and should be mandatory for all systems with direct financial access these physical devices prove resistant to phishing, man in the middle attacks, and credential theft that compromise software based authentication methods organizations should deploy keys from multiple manufacturers avoiding single vendor dependency and maintain backup keys in secure storage for emergency access api key management & least privilege specialized protection for exchange api keys given potential for immediate financial loss never store keys in plain text, implement hsms or dedicated key management services for production keys, encrypt all keys at rest using aes 256, store encryption keys separately from encrypted data, mandatory quarterly key rotation, immediate rotation following personnel changes or security incidents to mitigate the risk of immediate financial loss, exchange api keys must be governed by the principle of least privilege many exchange compromises stem from overly permissive keys that allow unauthorized withdrawals despite being intended solely for trading fiduciaries must implement the following granular permission standards withdrawal separation trading keys must never possess withdrawal capabilities permissions should be restricted so that even if a trading key is leaked, assets cannot be moved off the platform functional segregation maintain distinct keys for specific tasks, such as read only monitoring (for portfolio tracking), trading operations, and withdrawal functions ip whitelisting restrict api access exclusively to known, trusted infrastructure this ensures that even if a key is stolen, it remains useless when accessed from an unauthorized location time based restrictions for non critical functions, limit api functionality to standard operational hours to reduce the window of vulnerability continuous oversight & auditing static api keys represent "ticking time bombs" if left unmanaged effective oversight requires quarterly reviews conduct formal audits to verify that every active key's permissions still match current operational requirements any keys identified as excessive or unused must be revoked immediately automated monitoring deploy systems to track api usage patterns in real time monitoring should automatically flag anomalies, such as unexpected spikes in traffic or access attempts from unrecognized ip addresses, for immediate forensic investigation key rotation implement a mandatory rotation schedule (typically every 30–90 days) to limit the lifetime of any single credential role based access control (rbac) align permissions with job responsibilities and ensure segregation of duties this approach helps maintain proper control and accountability within the organization investment managers in the digital asset space are advised to assign access rights based on specific roles and responsibilities clear separation of duties reduces the risk of conflicts of interest and enhances operational integrity it is important to regularly review permissions to confirm they remain appropriate and aligned with current responsibilities table 2 rbac matrix true 157,167 66129032258064,167 66129032258064,168 67741935483872 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type regular access reviews help ensure permissions stay aligned with current job roles as responsibilities change conducting quarterly audits verifies that each user's access matches their current position, and unnecessary permissions are revoked promptly when employees leave the organization, their access should be terminated immediately to prevent unauthorized entry audit logs are important for tracking all access to financial systems, with automated alerts for unusual activities such as access from unexpected locations or outside normal working hours 5 5 2 withdrawal controls withdrawal controls represent the critical last line of defense preventing unauthorized asset transfers the irreversibility of blockchain transactions means that once assets leave firm control, recovery is effectively impossible tiered approval requirements based on withdrawal amount ensure oversight proportional to financial materiality—small operational withdrawals proceed efficiently while large transfers receive executive and board scrutiny time delays between approval and execution provide an additional window for detecting fraudulent requests before finality table 3 tiered approval requirements by amount true 165,165,127,204 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type the approval hierarchy should escalate automatically based on the withdrawal amount, with clear documentation requirements at each tier email confirmations provide out of band verification that approvers consciously authorized transactions investment committee notification for large withdrawals enables collective oversight to detect unusual patterns board level approval for the largest withdrawals ensures the highest level of organizational awareness for material asset movements address whitelisting requirements protection against address substitution attacks is essential to maintain control over funds seasoning period new addresses should undergo a "seasoning" period of 48 to 72 hours before being used in production test transactions small test transactions are recommended to verify control over new addresses prior to executing large transfers multi party verification quorum based verification processes should confirm address accuracy through independent communication channels regular reviews quarterly reviews are advised to remove unused addresses and ensure only verified destinations remain active compliance documentation documenting each address's purpose and authorization is necessary to maintain security and regulatory alignment withdrawal process controls procedures for withdrawals must be systematic and follow a strictly defined workflow initiation authorized personnel initiate withdrawals with a documented, valid business reason independent verification the destination address is independently verified to prevent errors or fraudulent substitution amount verification the specific transaction amount is checked by a different person to ensure accuracy simulation for new destinations, a test transaction or simulation is required before the material withdrawal occurs final approval final sign off is given only after the designated time delay for that tier has passed settlement confirmation after the transaction, confirmation of successful on chain settlement must be obtained and documented in the audit trail 5 5 3 key management hierarchy managing private keys is the most vital component of securing digital assets unlike traditional finance, where credentials can be revoked and fraudulent transactions reversed, compromised private keys lead to the instant and permanent loss of assets with no possibility of recovery a rigorous hierarchy for key management is essential to balance security requirements against the operational efficiency needed for daily activities fiduciaries should adopt a tiered storage framework that allocates the vast majority of assets to highly secure offline environments while maintaining smaller portions in more accessible tiers for active trading t able 4 storage tier framework true 150,169 9899193548387,169 9899193548387,171 02016129032262 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type storage rebalancing & governance asset allocation across storage tiers requires a formal review at least monthly rebalancing becomes mandatory when actual allocations significantly deviate from policy targets inbound transfers market volatility can cause exchange account balances to exceed set thresholds, requiring immediate transfers to cold storage to mitigate counterparty risk outbound transfers active trading strategies may demand transferring assets from cold storage to warm storage to maintain necessary operational liquidity documentation every transfer between storage tiers must be documented with a clear business justification and approved through the appropriate tiered hierarchy routine rebalancing follows standard operating procedures, whereas urgent transfers require high level approval from senior management or executives key management lifecycle fiduciaries must maintain comprehensive procedures covering the entire journey of a cryptographic key generation keys must be generated within secure, tamper resistant hardware (hsms or hardware wallets) using true random number generators storage & backup secure backup procedures must utilize geographic distribution to prevent local disasters from causing total loss rotation & revocation mandatory rotation schedules minimize the risk of long term compromise procedures must also ensure immediate revocation of access upon personnel changes succession clear planning ensures continuity if a primary key holder becomes unavailable key recovery testing recovery procedures must be validated regularly through proactive testing rather than waiting for a crisis drills conduct quarterly recovery drills with rotating responsibilities to ensure staff competency scenarios testing should include diverse failure modes, such as key holder unavailability, physical hardware failure, and geographic disruption refinement documentation of lessons learned from drills should directly inform updates to the primary recovery procedures verification drills must verify that asset recovery is possible within the timeframes defined by the firm’s business continuity plan (bcp) 5 5 4 incident response requirements security incidents require quick action because digital assets can be lost or damaged very fast traditional response times, which take hours or days, are too slow since attackers can drain wallets in minutes the incident response plan should clearly define who has the authority to make decisions so actions can be taken immediately without delays it is also important to have procedures in place for common types of incidents, allowing for fast response even when stress levels are high these procedures should include steps for escalating issues to senior management and the board of directors when necessary having a well prepared plan helps ensure that responses are effective and timely, protecting digital assets and maintaining trust in the management process table 5 incident response by type true 152,146 74798387096774,218 4739608712601,143 77805525777217 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type response time requirements are set based on the urgency of each incident type and its potential financial impact immediate response involves taking action within minutes, with systems ready to execute predefined procedures without waiting for management approval when seconds are critical a fifteen minute response window allows for a brief assessment before taking action, suitable when the threat is less immediate all incidents, regardless of response time, require thorough documentation to support post incident analysis and ongoing improvement incident documentation requirements a comprehensive record of all security incidents is essential this includes a timeline of incidents with timestamps, details of affected systems and accounts, actions taken along with the rationale, and an assessment of the financial impact it also involves conducting a root cause analysis, implementing remediation steps, and documenting lessons learned procedure updates should be made accordingly communication with stakeholders and regulatory notifications, such as those required by the securities and exchange commission (sec), should be included when applicable maintaining such records supports transparency, accountability, and continuous improvement in security management within the digital asset space takeaway message inadequate recordkeeping transforms routine examinations into significant issues the inability to produce requested documents within reasonable timeframes signals potential control weaknesses regardless of underlying compliance every material decision, trade, and approval should be retrievable with sufficient context to understand the rationale and authorization best practice is establishing clear retention requirements by document type, maintaining centralized or well indexed repositories, and periodically testing retrieval capability a useful exercise select a random trade from six months ago and time how long complete documentation takes to assemble if retrieval exceeds a few hours, recordkeeping processes may warrant enhancement 5 6 operational coverage & staffing building an operational team for digital asset management requires addressing the unique demands of 24/7 global markets, heightened technical complexity, and evolving regulatory requirements the staffing model must balance cost efficiency with the need for continuous oversight to prevent single points of failure 5 6 1 core operational roles the operational structure must provide comprehensive coverage of critical functions unlike traditional finance, digital asset markets offer no downtime for weekends or holidays, necessitating models that support 24/7/365 activity table 6 required operational functions true 165,165,165,166 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type cross training & resilience cross training across functions provides flexibility and mitigates key person risk while operations staff should understand trading systems for emergency support, and trading staff must comprehend operational workflows, segregation of duties must remain intact fiduciaries must document formal backup procedures and deputy assignments to ensure continuity during planned or unplanned absences 5 6 2 24/7 coverage models follow the sun model teams are distributed across time zones (e g , asia, europe, americas) to provide natural 24 hour coverage advantages reduces staff burnout and enables global recruitment challenges requires rigorous handoff protocols and high coordination overhead shift based coverage rotating schedules within a single location (e g , 8am–8pm and 8pm–8am) advantages simpler communication and unified process standards challenges risk of shift work burnout and higher compensation requirements hybrid model core hours are handled in a primary location, while follow the sun or on call rotations manage overnight monitoring and alerts this often leverages automation for routine overnight tasks and is common for mid sized firms 5 6 3 segregation of duties separating roles within operational processes is an essential fiduciary control to prevent fraud and minimize manual errors essential segregations trade initiation separated from trade approval (portfolio manager initiates, risk manager or coo approves material trades) withdrawal initiation separated from approval (operations initiates, executive approves) reconciliation performed by person independent of trading nav calculation performed independently of portfolio management system administration separated from financial transaction authority monitoring segregation effectiveness fiduciaries must conduct regular reviews to ensure these separations hold this includes quarterly access audits, documentation of override justifications, and rotating duties to prevent entrenchment in sensitive roles any temporary reassignments for backup coverage must be strictly documented takeaway message perfect 24/7 coverage is expensive and often unnecessary for most strategies analyze actual operational needs when do most trades occur, what are critical monitoring windows, which protocols require active management design coverage around actual requirements, not theoretical ideals use automation and alerts to extend human coverage maintain on call procedures for true emergencies rather than staffing for every possibility allocators understand coverage constraints but expect "we maintain extended hours coverage 6am midnight et with on call rotation overnight critical alerts route to on call personnel emergency procedures documented for rapid response " 5 7 settlement and reconciliation settlement and reconciliation are critical workflows that ensure internal ledgers align with custodian records, counterparty statements, and the immutable state of the blockchain these processes serve as primary controls to prevent operational losses resulting from manual errors, unauthorized transactions, or counterparty failures unlike traditional markets where central clearing allows for reversed settlements, digital asset transactions are instantaneous and irreversible consequently, fiduciaries must implement rigorous pre settlement controls and continuous reconciliation to manage these unique risks effectively 5 7 1 settlement process digital asset settlement typically follows a pre funded model where assets transfer before trade confirmation, introducing unique risks that require systematic oversight pre settlement controls a formal approval process for all settlements that evaluates counterparty creditworthiness and historical execution performance fiduciaries must assess settlement amounts relative to established counterparty limits and explore alternative execution options to minimize risk material transfers should require acceptable collateral or institutional guarantees settlement monitoring real time tracking of transaction status to confirm asset delivery to the counterparty or receipt of purchased assets monitoring must verify that settlement timeframes remain within expected ranges and trigger immediate investigations into any delayed or failed transfers settlement netting wherever feasible, utilize netting to reduce the volume of on chain transactions and counterparty exposure effective netting requires formal legal agreements, rigorous reconciliation of netted amounts, and a clear audit trail for both gross and net settlements 5 7 2 reconciliation procedures systematic reconciliation identifies discrepancies between internal records and external data sources to enable rapid correction daily position reconciliation comparison of internal position records against custodian statements, exchange balances (via api), and the direct blockchain state (via node queries) discrepancies must be investigated and resolved within the same business day, with full documentation of the resolution transaction reconciliation granular matching of every trade across internal systems, exchange confirmations, and on chain transaction hashes any unmatched items must be flagged immediately for investigation monthly reports should summarize all breaks and their eventual resolutions to identify systemic issues cash reconciliation continuous alignment of cash positions across traditional banks, stablecoin holdings, and exchange balances fiduciaries must verify that every cash movement has corresponding business documentation monthly bank statement reviews should include a detailed variance analysis nav reconciliation independent verification that the fund administrator's net asset value (nav) calculations match internal records this includes a thorough comparison of position quantities, pricing sources, and underlying calculation methodologies all nav "breaks" must be resolved before any reporting is distributed to investors 5 8 business continuity and disaster recovery business continuity planning (bcp) is a foundational requirement for managing operational disruptions, including personnel shortages, technology failures, and natural disasters in the digital asset space, fiduciaries must address unique failure modes, such as the recovery of custody keys, response protocols for exchange outages, and emergency exit procedures for smart contracts maintaining clear communication channels during periods of extreme market stress is equally vital because untested plans are effectively useless during a genuine crisis, ongoing review and rigorous improvement are essential for safeguarding client assets and ensuring operational resilience critical function identification firms must identify operations essential to the business, including trading capabilities, position monitoring, and cash management this also encompasses maintaining custody access, investor communications, and regulatory reporting for each identified function, fiduciaries must determine the maximum acceptable downtime to prioritize recovery efforts recovery procedures step by step restoration protocols must be documented, covering system recovery sequences, data restoration from backups, and the activation of alternative execution venues these procedures should also detail manual processing workarounds and escalation protocols documentation must be sufficiently clear that non experts can execute the instructions during an emergency testing requirements firms must conduct an annual full scale bcp test that simulates various disruption scenarios detailed documentation of these tests is mandatory and must include the scenario description, the procedures executed, and any issues identified it must also record the time required to restore operations and the lessons learned to inform plan updates the board of directors must receive these results and monitor the status of any required remediation allocator due diligence considerations institutional allocators assess investment operations based on execution quality, reconciliation processes, and operational controls demonstrating effective execution analysis, providing daily reconciliation reports, and clearly explaining procedures for interacting with defi platforms are essential these practices indicate a robust operational infrastructure necessary for sound fiduciary management in digital assets trading infrastructure and execution describe your trading infrastructure and technology stack provide architecture diagram showing systems, connectivity, and redundancy walk through your best execution policy show most recent tca report demonstrating execution quality analysis how do you manage exchange and venue relationships? what is your execution approach in fragmented multi venue markets? how do you handle defi protocol interactions and what controls govern smart contract interactions? how do you ensure 24/7 operational coverage? reconciliation and controls what is your process for reconciling positions and how often is it performed? provide sample daily reconciliation report how quickly are reconciliation breaks investigated and resolved? what controls prevent unauthorized withdrawals? how do you protect against mev and sandwich attacks? how do you handle exchange outages or blockchain network failures? business continuity can i see your business continuity plan and results of your most recent test? what backup procedures exist for each critical function? walk through a recent operational incident and your response documentary evidence requirements trading infrastructure documentation and architecture diagrams best execution policy and venue evaluation matrix recent tca reports and execution quality analyses wallet management and smart contract interaction policies daily reconciliation reports with break resolution documentation business continuity plan and recent test results with after action reports incident logs with root cause analysis security audit and penetration test reports key management procedures and recovery test results 24/7 coverage schedules and on call records common pitfalls and remediation manual processes and single venue dependency trading relies on spreadsheets and one exchange, creating operational fragility and concentration risk when that venue has issues, operations halt remediation invest in execution infrastructure supporting multiple venues with automated order routing, position tracking, and reconciliation build redundancy before it's needed urgently best execution undocumented trades execute without recorded rationale for venue selection, timing, or execution method—making it impossible to demonstrate fiduciary compliance remediation implement systematic documentation capturing venue analysis, execution rationale, and periodic transaction cost analysis if you can't explain why a trade was executed the way it was, the process needs improvement defi protocols used without due diligence new protocols deployed to production based on yield or opportunity without security review, audit assessment, or governance analysis remediation establish formal protocol approval requiring minimum two independent audits, tvl and track record thresholds, governance concentration review, and ongoing monitoring for incidents affecting similar protocols reconciliation is periodic, not daily positions reconciled monthly or quarterly—breaks compound undetected, errors persist, fraud risk increases remediation reconcile all positions and cash daily against independent sources establish break aging thresholds with escalation requirements—any item unresolved beyond three days requires senior attention incident response is ad hoc security or operational incidents handled reactively without defined roles, escalation paths, or communication protocols each incident reinvents the response remediation document incident response procedures covering classification criteria, escalation matrix, communication protocols, and post incident review requirements test annually through tabletop exercises weak custody and access controls single signature wallets, shared credentials, or inconsistent authorization procedures expose assets to unauthorized transactions—whether from external compromise or internal misconduct remediation require multi signature or mpc for all material holdings enforce unique credentials with no sharing implement tiered approval matrix by transaction size with time delays and address whitelisting for large transfers counterparty exposure unmonitored exchange and protocol balances accumulate without tracking, limits, or creditworthiness assessment—concentration discovered only after counterparty failure remediation implement real time counterparty exposure monitoring with concentration limits by venue conduct periodic creditworthiness reviews reduce exposure before limits are breached, not after multi chain operations lack chain specific procedures same processes applied across blockchains with different confirmation times, gas dynamics, and risk characteristics—leading to failed transactions, stuck funds, or unexpected costs remediation document operational procedures for each chain covering confirmation requirements, gas/fee optimization, bridge risks, and chain specific failure modes staking ignores liquidity constraints portfolio staked without modeling unbonding periods against redemption obligations—assets locked when liquidity is needed remediation model liquidity requirements accounting for unbonding periods across all staked positions maintain unstaked reserves sufficient to meet redemption terms document staking allocation decisions with liquidity analysis key recovery untested recovery procedures documented but never executed—assumptions about access, timing, and coordination unvalidated until actual emergency remediation conduct recovery drills at least annually, testing various failure scenarios (key holder unavailable, hardware failure, geographic inaccessibility) update procedures based on drill findings 24/7 market coverage inadequate trading and risk monitoring designed for traditional market hours while crypto markets operate continuously—incidents occur during coverage gaps remediation design coverage model matching strategy requirements implement automated monitoring with alerting for off hours establish on call procedures for incidents requiring human intervention key controls and documentation true 165,220,137 583081570997,138 416918429003 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type