Crypto Asset Storage & Custody Policy

This policy defines how Citizen Mutual securely stores, manages, and protects clients’ digital assets using the Fireblocks infrastructure. It ensures that all crypto assets are safeguarded against loss, theft, and unauthorized access in compliance with FATF Recommendations, UK FCA, EU AMLD6, and UAE VARA standards.

Applies to all cryptocurrency custody operations, including wallet creation, private key management, deposit/withdrawal processing, and inter-wallet transfers conducted by Citizen Mutual.

Custody Model

Citizen Mutual utilizes Fireblocks’ MPC (Multi-Party Computation) technology and institutional-grade security for digital asset storage.

Key custody principles:

• No single point of failure: Private keys are never fully exposed or stored in one place.
• Policy-based authorization: Transactions require multi-level approvals.
• Zero-trust architecture: Access permissions are limited and verified for every request.

Wallet Structure

Citizen Mutual maintains three wallet tiers:

• Cold Wallets (Offline Storage)
  • Long-term storage for the majority of client assets.
  • Disconnected from the internet.
  • Access controlled by multi-signature approval.
  • Stored in geographically separated secure facilities.
• Warm Wallets (Limited Connectivity)
  • Used for internal transfers and liquidity management.
  • Protected through Fireblocks’ secure transfer environment.
  • Access restricted to authorized personnel only.
• Hot Wallets (Operational Use)
  • Used for daily transaction settlements.
  • Balance limits defined by the risk management framework.
  • Continuous monitoring and automatic withdrawal limits enforced.

Private Key Security

• All keys generated and stored via Fireblocks MPC with institutional-grade HSMs.
• Key shares distributed across secure devices and data centers.
• Regular key rotation and revocation processes in place.
• Backup key shares stored in encrypted, offline media within separate jurisdictions.

Access Control

• Only authorized personnel (approved by the Board and CISO) can initiate transactions.
• All transfers require multi-signature approval and Fireblocks policy-based authorization.
• Access logs are monitored in real time and retained for at least 5 years.
• User accounts protected by multi-factor authentication (MFA) and strict role-based permissions.

Transaction Authorization & Monitoring

• Every outbound transaction requires approval from at least two authorized signatories.
• Fireblocks’ policy engine enforces limits by amount, asset type, and destination address.
• Automated blockchain analytics (Chainalysis/TRM Labs) integrated for risk scoring and AML screening.
• Suspicious or unusual activity automatically flagged to the Compliance Officer.

Backup & Disaster Recovery

• Full redundancy maintained across multiple secure data centers.
• Encrypted backups stored offline and tested quarterly.
• Disaster recovery plan ensures resumption of services within 4 hours (RTO).
• Backup integrity verified after each major system update.

Compliance & Auditing

Fireblocks infrastructure is SOC 2 Type II and ISO/IEC 27001 certified. Independent security audits and penetration testing conducted annually. Internal audit reports submitted to the Board Audit Committee and compliance department.

Incident Response

In the event of any breach or anomaly:

• Immediate suspension of affected wallet operations.
• Notification to the Chief Information Security Officer (CISO) and MLRO.
• For significant incidents, regulators and affected clients notified within 72 hours.
• Post-incident root cause analysis and remediation required within 7 days.

Policy Review

This policy will be reviewed annually, or earlier in case of infrastructure, regulatory, or security updates from Fireblocks.