Skip to content

SFC - Treasury Operations

The SEAL Framework Checklist (SFC) for Treasury Operations provides structured guidelines for securely managing and operating an organization's treasury covering governance, access control, transaction security, monitoring, and vendor management.

For more details on certifications or self-assessments, refer to the Certification Guidelines.

Print

Section 1: Governance & Treasury Architecture

0/4
Treasury Operations Owner
Is there a clearly designated person or team accountable for treasury operations?
Baseline Requirements
  • Accountability scope covers policy upkeep, security reviews, operational hygiene, access control oversight, and incident escalation
Treasury Registry and Documentation
Do you maintain a complete, current record of all treasury wallets, accounts, and their configurations?
Baseline Requirements
  • Registry includes wallet/account address, network/chain, custody provider, custody model, purpose/classification, authorized signers/approvers, controlled contracts or protocols, and last review date
  • Updated within 24 hours for security-critical changes (signer changes, new wallets), 3 days for routine changes
  • Accessible to authorized treasury personnel
Custody Architecture Rationale
Do you have documented rationale for your treasury custody architecture?
Baseline Requirements
  • Custody model documented for each wallet/account (custodial, self-custody, co-managed, MPC, multisig, HSM)
  • Technology trade-offs understood by the team (not necessarily a formal document — could be a brief internal memo)
  • Custody architecture reviewed when treasury size, operational needs, or risk profile changes significantly
Treasury Infrastructure Change Management
Do you have change management procedures for treasury infrastructure modifications?
Baseline Requirements
  • Covers wallet setups, custody configurations, signer/approver permission changes, and protocol integrations
  • Changes require documented approval before implementation
  • All changes logged with justification and approver
  • Changes reflected in the treasury registry within defined SLAs
  • Rollback procedures documented for critical changes

Section 2: Risk Classification & Fund Allocation

0/2
Treasury Wallet Risk Classification
Do you classify your treasury wallets and accounts by risk level and assign security controls accordingly?
Baseline Requirements
  • Classification considers financial exposure, operational dependency, and regulatory impact
  • Impact levels defined (e.g., Low <1%, Medium 1-10%, High 10-25%, Critical >25% of total assets)
  • Operational types defined based on transaction frequency and urgency requirements
  • Each classification maps to specific controls including approval thresholds, MFA requirements, whitelist delays, and monitoring levels
  • Classification reviewed when asset values, operational patterns, or risk profile change significantly
Fund Allocation Limits and Rebalancing
Do you enforce fund allocation limits and rebalancing triggers across your treasury?
Baseline Requirements
  • Maximum allocation defined per wallet, per custody provider, and per chain
  • Rebalancing triggers documented (e.g., when a wallet exceeds its allocation ceiling or falls below operational minimums)
  • Allocation limits reviewed periodically and after significant treasury changes
  • No single wallet or custody account holds more than the organization's defined maximum concentration

Section 3: Access Control & Platform Security

0/4
Custody Platform Security Configuration
Do you configure and maintain security controls on your custody platforms?
Baseline Requirements
  • Transaction policy rules configured: multi-approval workflows, approval thresholds scaled to transaction value, address whitelisting with cooling-off periods, velocity/spending limits
  • Hardware security key MFA required for all approvers on High and Critical accounts
  • Session timeouts and re-authentication for sensitive operations
  • Network restrictions: IP whitelisting, VPN requirements where supported, geographic access restrictions
  • Separation of duties enforced: initiators cannot approve their own transactions, admins cannot unilaterally execute withdrawals
  • Platform configurations documented and reviewed at least quarterly
Credential and Secret Management
Do you securely manage all credentials and secrets used in treasury operations?
Baseline Requirements
  • Covers API keys, service accounts, owner/admin credentials, and signing keys
  • Credentials stored in dedicated secret management systems, not in code, documents, or shared drives
  • Owner and admin credentials isolated from day-to-day operational access
  • Credential rotation schedule defined and enforced
  • Access to credentials logged and monitored
Access Reviews for Treasury Systems
Do you periodically review who has access to treasury systems?
Baseline Requirements
  • Access reviews conducted at least quarterly for High/Critical accounts, annually for others
  • Reviews verify each user still requires their current access level
  • Access promptly revoked when personnel change roles or leave
Personnel Operational Security
Do you enforce operational security requirements for treasury personnel?
Baseline Requirements
  • Device security requirements documented: dedicated devices for custody access, full disk encryption, automatic screen lock
  • Signing devices (hardware wallets) securely stored when not in use
  • Backup materials (seed phrases, recovery keys) stored securely with geographic distribution
  • VPN mandatory for all remote treasury platform access
  • Travel security procedures for personnel with signing or custody access capabilities
  • Mobile devices used as second factors have endpoint security monitoring

Section 4: Transaction Security

0/3
Transaction Verification and Execution
Do you have a defined process for verifying and executing treasury transactions?
Baseline Requirements
  • Pre-execution verification includes: recipient address validation, amount verification, network confirmation, and transaction simulation
  • Test transactions required before sending to new addresses
  • Address verified through multiple independent sources; never copied from email, chat, or transaction history
  • Multi-party confirmation required: minimum 2 internal personnel for large transfers
  • Specific procedures for receiving large incoming transfers (address generation, bidirectional test, sender coordination)
  • Specific procedures for OTC transactions where applicable
  • High-value transfers (organization-defined threshold) require video call verification with liveness checks
  • All transaction parameters read aloud and confirmed before execution
Signer and Approver Knowledge
Are treasury signers and approvers knowledgeable in the security practices relevant to their role?
Baseline Requirements
  • Knowledge covers: transaction verification procedures, address validation techniques, social engineering awareness, emergency procedures
  • Competence demonstrated before authorization (e.g., verifying a test transaction end-to-end)
  • Knowledge refreshed annually; updated within 30 days of significant procedure changes
  • Covers custody-platform-specific workflows and policy engine rules
Secure Communication Procedures
Do you have secure communication procedures for treasury operations, including standard identity verification?
Baseline Requirements
  • Dedicated primary and backup channels on different platforms
  • End-to-end encryption, MFA required, invitation-based membership
  • Identity verified as standard procedure during signing/approval operations (e.g., code phrases, video call, secondary authenticated channel)
  • Anti-social-engineering protocols: established verification procedures for address changes or unusual requests
  • Documented procedures for channel compromise including switching to backup channels and out-of-band verification
  • All treasury personnel trained on these procedures; compromise response tested annually

Section 5: Protocol Deployments

0/2
Protocol Evaluation and Exposure Limits
Do you evaluate external protocols and enforce exposure limits before deploying treasury funds?
Baseline Requirements
  • Due diligence process for all protocols before deployment: smart contract audit status, team reputation, TVL history, insurance coverage
  • Exposure limits defined per protocol, per chain, and per deployment category (DeFi, staking, liquid staking, etc.)
  • Limits reviewed periodically and after significant market or protocol changes
  • Risk re-evaluation triggered by: security incidents, major governance proposals, significant TVL changes, new vulnerabilities disclosed
Position Lifecycle Management
Do you have procedures for managing the lifecycle of your positions in external protocols?
Baseline Requirements
  • Entry procedures: smart contract address verification against multiple independent sources, token approval management (minimal approvals, revocation after use)
  • Emergency withdrawal/exit procedures documented for all active positions
  • Alternative access methods documented in case primary UIs are unavailable (direct contract interaction, CLI tools, alternative frontends)
  • Unbonding/unstaking timelines understood and factored into liquidity planning

Section 6: Monitoring & Incident Response

0/2
Monitoring and Threat Awareness
Do you monitor your treasury for anomalous activity, external threats, and operational risks?
Baseline Requirements
  • Transaction monitoring: unusual amounts, unexpected destinations, failed transactions, policy violations
  • Account state monitoring: balance changes, configuration modifications, new device enrollments, authentication anomalies
  • External threat intelligence: protocol vulnerabilities, DeFi/staking risks, relevant security incidents in the ecosystem
  • Vendor/platform monitoring: custody platform status, infrastructure alerts, service availability
  • Compliance monitoring: transactions and wallet addresses screened for sanctions and compliance risk
  • Protocol and position monitoring: deployed protocol health, governance changes, TVL shifts, collateral ratios, reward accrual, liquidation risks
  • Alerting with defined severity levels and escalation paths
  • Critical alerts (large unexpected transactions, unauthorized access attempts) trigger immediate investigation
  • Monitoring system integrity protected — alerts triggered when monitoring configurations are changed, disabled, or degraded
Incident Response Plan
Do you have an incident response plan for treasury security events, and do you test it?
Baseline Requirements
  • Severity levels defined with escalation procedures specific to treasury operations
  • Containment procedures: fund protection actions (emergency freeze, transfer to secure cold storage, policy lockdown)
  • Covers key scenarios: custody platform compromise, unauthorized transaction, signer key compromise, vendor breach
  • Emergency contacts pre-documented: custody provider security team, SEAL 911, legal counsel
  • Communication plan for stakeholders
  • Drills conducted at least annually; after major procedure changes
  • Drill documentation includes: date, participants, response times, issues identified, improvements made

Section 7: Vendor & Infrastructure

0/2
Vendor Security Management
Do you evaluate and monitor the security of third-party services used in treasury operations?
Baseline Requirements
  • Initial due diligence before adoption: security certifications (SOC 2, ISO 27001), audit history, insurance coverage, incident history
  • Ongoing monitoring: SOC report currency, security incident notifications, service availability tracking
  • Contractual security requirements verified periodically (at least annually)
  • Critical vendor changes (ownership, infrastructure, security posture) trigger re-evaluation
Backup Infrastructure and Alternate Access
Do you have backup infrastructure and alternate access methods for treasury operations?
Baseline Requirements
  • Alternate access methods for custody platforms documented and tested (e.g., API access, mobile app, secondary UI)
  • Backup RPC providers configured
  • Procedures for operating treasury if primary custody platform is unavailable
  • Backup infrastructure tested at least annually

Section 8: Accounting & Reporting

0/2
Financial Recordkeeping and Reconciliation
Do you maintain accurate treasury records and conduct periodic reconciliation?
Baseline Requirements
  • All treasury transactions recorded with categorization, documentation, and authorization chain
  • Periodic reconciliation between custody platform records, on-chain balances, and accounting records
  • Reconciliation frequency scaled to account classification: daily for Active Operations, weekly for Warm Storage, monthly for Cold Vault
  • Discrepancies investigated and resolved promptly
  • Treasury reporting procedures documented with defined cadence and audience
Insurance Coverage
Do you maintain insurance coverage appropriate for your treasury operations?
Baseline Requirements
  • Coverage scope documented: what's covered (custody theft, hack, insider fraud) and what's excluded
  • Coverage amounts appropriate relative to assets held
  • Custody provider's insurance evaluated as part of vendor due diligence
  • Insurance coverage reviewed at least annually or when treasury size changes significantly