| Ctrl ID | Control Objective | Risk | Test Procedure | Evidence | Result |
|---|---|---|---|---|---|
| RES-01 | Reserves held in segregated, bankruptcy-remote accounts | HIGH | Inspected custody agreements; verified non-commingling with operating funds; confirmed custodian segregation | Custody agreements, bank confirmation letters 2026-03-01 | PASS |
| RES-02 | Reserve assets restricted to OCC proposed permitted assets only (per proposed § 15.11(b)) | HIGH | Obtained portfolio file; verified no corporate debt or crypto holdings; confirmed all instruments within 93-day maturity | registered public accounting firm portfolio schedule and attestation | PASS |
| RES-03 | Daily reserve ratio: FMV(assets) ≥ outstanding token supply (100% floor) | HIGH | Independently recalculated using independent price feed service; compared to issuer 30-day reserve ledger | 30-day reserve ledger, independent price feed log | PASS |
| RES-04 | Monthly third-party attestation by registered public accounting firm covering existence, completeness, valuation | MEDIUM | Confirmed registered public accounting firm engagement letter; verified scope aligns with GENIUS Act §4(b)(1) | Registered public accounting firm attestation report, engagement letter | PASS |
| RES-05 | No rehypothecation, pledging, or commingling of reserve assets | HIGH | Inspected custodian confirmations for restriction clauses; verified no securities lending agreements | Custodian statements, negative confirmation letter | PASS |
| Ctrl ID | Control Objective | Risk | Test Procedure | Evidence | Result |
|---|---|---|---|---|---|
| ISS-01 | Minting triggered only upon verified fiat deposit (T+0 wire confirmation) | HIGH | Selected 25 mint events; traced each to corresponding verified wire; confirmed zero exceptions | Mint log, wire confirmation receipts, 25-sample analysis | PASS |
| ISS-02 | Multi-party authorization (3-of-5 multi-sig: Treasury + Compliance + Technology) | HIGH | Reviewed smart contract governance parameters; verified multi-sig threshold is 3-of-5 keyholders | Smart contract audit, multi-sig approval logs | PASS |
| ISS-03 | Burn events linked to authenticated redemptions; reserve released within proposed OCC T+2 window (per proposed § 15.12) | HIGH | Sampled 20 burn events; confirmed each has corresponding validated redemption; verified reserve release timing | Burn log, redemption queue, reserve ledger updates | PASS |
| ISS-04 | Smart contract upgrade: 48-hour timelock, 4-of-7 approval, independent pre-deployment audit | MEDIUM | Verified 48-hour timelock configuration; confirmed last upgrade required 4-of-7 key approval | Governance log, upgrade proposal records, independent smart contract audit report | PASS |
| ISS-05 | Emergency pause function tested quarterly; runbook maintained and accessible | MEDIUM | Confirmed pause function present in contract ABI; identified last test executed Q4 2025 — Q1 2026 test not yet completed | Test execution log Q4 2025, contract ABI, DR runbook | REVIEW |
| Ctrl ID | Control Objective | Risk | Test Procedure | Evidence | Result |
|---|---|---|---|---|---|
| CST-01 | Minter/Burner private keys held in FIPS 140-2 Level 3 HSMs with geographic key sharding | HIGH | Inspected HSM vendor certificates; verified Shamir Secret Sharing across 3+ geographic sites | HSM certification, key custody procedure, shard inventory | PASS |
| CST-02 | Customer token wallets segregated from platform treasury wallets at smart contract level | HIGH | Mapped all treasury wallet addresses; confirmed no customer wallets share address space | Wallet address register, on-chain verification (Etherscan) | PASS |
| CST-03 | RBAC for key management; quarterly access recertification; terminated user offboarding within 24 hours | MEDIUM | Obtained IAM export; verified least privilege; confirmed Q4 2025 recertification; reviewed offboarding log | IAM report, access recertification sign-offs, offboarding log | PASS |
| CST-04 | Cold storage for more than 90% of key material; hot wallet cap enforced with automated alerting | HIGH | Confirmed hot wallet threshold policy (less than 10%); verified cold/hot split in custodian statement; tested alert configuration | Custodian statement, cold storage inventory, alert configuration | PASS |
| CST-05 | Annual penetration test by independent firm; all Critical/High findings closed within SLA | MEDIUM | Obtained January 2026 independent penetration test report; confirmed zero open Critical or High findings | independent penetration test report [Q4 2025], remediation tracker | PASS |
| Ctrl ID | Control Objective | Risk | Test Procedure | Evidence | Result |
|---|---|---|---|---|---|
| RCN-01 | Automated daily three-ledger reconciliation: Blockchain / Issuer Ledger / Reserve Ledger at 00:00 UTC | HIGH | Reviewed reconciliation engine architecture; confirmed automated job schedule; inspected 30-day exception log | Reconciliation job logs, exception report log (30 days) | PASS |
| RCN-02 | Cross-chain supply reconciles to Circle issuer API within $0 tolerance at snapshot | HIGH | Independently queried totalSupply() on all 6 chains at snapshot datetime; compared to Circle API | Independent blockchain query output, Circle API response log | PASS |
| RCN-03 | Pending settlement in suspense account; all items cleared within proposed OCC settlement window (per proposed § 15.12) | MEDIUM | Inspected suspense account aging report; confirmed no items aged more than 2 business days | Suspense aging report, settlement confirmation log | PASS |
| RCN-04 | Exception alerts auto-generated and routed to Risk Officer within 15 minutes of breach | MEDIUM | Reviewed alert configuration thresholds; tested alert via synthetic variance injection in UAT | Alert configuration doc, UAT test evidence, notification log | PASS |
| RCN-05 | Monthly reconciliation report signed off by CFO and CRO before attestation submission | LOW | Obtained monthly reconciliation reports for Jan–Mar 2026; confirmed both CFO and CRO electronic sign-off | Signed reconciliation reports Jan–Mar 2026 | PASS |
| Ctrl ID | Control Objective | Risk | Test Procedure | Evidence | Result |
|---|---|---|---|---|---|
| RED-01 | Redemption at par ($1.00 per token) per proposed OCC § 15.12 — no gates or fees during normal operations | HIGH | Reviewed terms of service and redemption policy; confirmed no gates exist under normal conditions; 10-sample redemption trace | Redemption policy v4.2, 10-sample redemption confirmations | PASS |
| RED-02 | Redemption settlement within proposed OCC T+2 window (per proposed § 15.12) — 100% of sample | HIGH | Sampled 30 redemptions; computed settlement time from token burn to wire receipt for each | Redemption settlement log, wire receipts, 30-sample analysis | PASS |
| RED-03 | Liquidity stress buffer: cash plus overnight repo at or above 15% of outstanding supply for T+0 redemptions (illustrative threshold) | HIGH | Confirmed cash plus overnight repo = 15.0% of outstanding supply (above 15.0% illustrative minimum for T+0 buffer) | Liquidity model output, reserve composition 2026-03-17 | PASS |
| RED-04 | Quarterly stress testing: 20% and 50% simultaneous redemption scenarios documented | MEDIUM | Obtained Q4 2025 stress test report. Q1 2026 report not yet completed as of audit snapshot date | Q4 2025 stress test report; Q1 2026 pending | REVIEW |
| RED-05 | Consumer disclosure: FDIC non-insurance disclaimer; redemption rights documented in user agreement | LOW | Reviewed user-facing disclosures on website and in account agreement; confirmed FDIC disclaimer present | User agreement v4.2, website disclosure screenshot 2026-03-17 | PASS |