Summary of the Custody and Administration and Funds Safeguarding Policy

1.Introduction

1.2 Purpose and Scope 

This Custody and Funds Safeguarding Policy summary describes the general measures implemented by BlockNodes SAS ("the Company") as part of the provision of its crypto-asset custody service on behalf of third parties under Article 75 of Regulation (EU) 2023/1114 (the “MiCA” Regulation) to ensure the protection of the crypto-asset and funds deposited in the name or on behalf of BlockNodes Users and that mechanisms are put in place that allow a clear distinction between the crypto-asset and funds belonging to BlockNodes and the crypto-assets and funds belonging to each of its Users. 

Under this Policy, user assets consist of both funds and crypto-assets under the definition of EU Regulation 2023/1114. 

With this summary, BlockNodes aims to ensure:

• The maintenance and integrity of records and accounts;
• The mitigation of the risk of a loss of users’ crypto-assets or the rights related to those crypto-assets or the means of access to the crypto-asset;
• The ownership of the holders over their crypto-asset and funds and their segregation from crypto-asset and funds held by third parties;
• That crypto-asset and funds belonging to users are respectively safely deposited with reputable custody technology and, for funds, credit institutions, and being at any given time segregated and separately identifiable from the crypto-asset financial and funds belonging to BlockNodes;
• That users’ crypto-asset and funds are not affected by a possible insolvency proceeding of BlockNodes; and
• That BlockNodes does not dispose, in its own interest or in the interest of third parties, of its users’ crypto-assets or funds.

Users of BlockNodes custody services are also referred to the general Terms of Use of the SwissBorg mobile application. This Summary provides an overview of the key aspects of the Custody and Funds Safeguarding Policy, ensuring that Users have a clear understanding of how their assets are stored and protected.

1.2. Applicable Laws, Regulations and Standards

This summary is issued in compliance with, but not limited to, the following: 

• Regulation (EU) 2023/1114 on Markets in crypto-assets (“MiCA”), in particular Chapters 2 and 3 of Title V;
• Commission Delegated Regulation (EU) 2025/305 of 31 October 2024 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the information to be included in an application for authorisation as a crypto-asset service provider.

2. User asset safeguarding principles adopted by BlockNodes

BlockNodes implements MiCA’s best practices for the safeguarding of users’ assets. These are as follows:

• Security and maintenance of rights: BlockNodes relies on multi-party computation (MPC) technology to ensure the highest security of users’ assets. It also ensures that users can exercise all rights attached to their crypto-assets, except in cases where they agreed not to.
• Segregation: BlockNodes holds, or arranges the holding of, user assets separate from its own assets and maintains legal and accounting segregation between its own assets and user assets.
• Use restrictions: BlockNodes does not use the user assets for its own account.
• Risk management: BlockNodes ensures robust policies, procedures and controls are in place to identify the risks in relation to the custody and administration of user assets and implements relevant mitigation measures to limit both the occurrence and impact of these risks.
• Identification: BlockNodes ensures that user assets are clearly identified as such in BlockNodes internal ledger and distinguished on an individual basis. User assets are identifiable and separate on an accounting level from BlockNodes own assets at all times.
• Reconciliation: BlockNodes carries regular reconciliation in order to keep an accurate ledger to enable at any time and without delay the provision of an accurate record of the assets held for each user and the total held in the client asset account. BlockNodes also conducts a regular reconciliation between its internal ledger and the actual balance of user assets held on-chain. BlockNodes additionally provides users with a proof-of-reserve disclosure so as to ensure that user balances on-chain correspond to user assets held by BlockNodes under custody.
• Loss minimisation: BlockNodes implements arrangements designed to minimise the risk of loss of user assets or access means.

3. How are user assets held by BlockNodes?

BlockNodes provision of crypto-asset custody and administration service involves three different systems:

• Wallets using the MPC technology:

BlockNodes entirely controls the cryptographic keys associated with these wallets through a quorum-based and transaction rules approval mechanism using MPC technology. Through the MPC technology, the private key is fragmented and only BlockNodes can validate a reconstitution of the private key. The risk involved with storing private keys in one single location, referred to as a “single point of compromise”, is suppressed with MPC. These controls ensure that no single individual or entity, including BlockNodes employees or affiliates, can unilaterally access or move users’ crypto-assets held by BlockNodes. The MPC technology therefore ensures the highest security level of crypto-asset custody by reducing the risk of private key loss, theft, hacking or destruction. 

• Smart contract developed and controlled by BlockNodes:

BlockNodes uses an internally developed proxy to execute transactions on decentralised exchanges (DEXs). The proxy is a smart contract that defines the rules to execute transactions from a BlockNodes MPC wallet to external wallet addresses. The proxy defines the white-listed addresses to which funds can be transferred. 

• Wallets opened on third-party crypto-asset exchanges (delegation of custody):

In order to execute users transactions, BlockNodes uses a small percentage of users’ crypto-assets for pre-funding orders on centralised exchanges. These assets are no longer under the custody of BlokNodes but of the third party custodian (the centralised exchange). Centralised exchanges used to store users’ crypto-assets are service providers authorised in accordance with Article 59 of MiCA to provide custody and administration of crypto-assets on behalf of clients. All third-party custodians are listed in Annex 3 to the SwissBorg App Terms of Use. 

In limited circumstances where a transaction is not compatible with any of the above three systems, BlockNodes will use a hardware wallet fully owned and controlled by BlockNodes in order to custody users’ assets. Assets can only be held on this hardware wallet for a brief period of time, up to a maximum amount and under extraordinary circumstances (for example, token migration).

What about fiat funds?

EU Regulation 2023/1114 governs the provision of custody and administration services for crypto-assets only. However, it also imposes certain obligations on fiat funds, which BlockNodes implements as follows.

BlockNodes does not hold or receive users’ fiat funds on behalf of its users, nor does it move users’ funds without their prior approval. The segregation between users’ funds and BlockNodes funds is ensured by both the internal ledger, recording all deposits, transfers and withdrawals and the separation of accounts. Users’ funds are stored immediately after a deposit on the SwissBorg application with regulated credit institutions in an account in the user’s name. BlockNodes might however delay the placement of funds to the account due to necessary compliance verifications. BlockNodes exercises all due skill, care and diligence in the selection, appointment and periodic review of the credit institution where the funds are placed and the arrangements for the holding of those funds. 

4. How are assets segregated? 

BlockNodes ensures that the crypto-assets belonging to its users are separated from its own crypto-assets:

• First, as per the SwissBorg App Terms of Use, BlockNodes may not use the crypto-assets of its users and the rights attached thereto without their explicit agreement. Users’ crypto-assets remain, at all times, the property of the users and BlockNodes cannot dispose of these assets other than by executing users’ orders. Users’ assets are off-balance sheet.
• Second, BlockNodes ensures physical segregation between users’ assets and its own assets by using different wallet addresses. From a technical point of view, at the blockchain level, users’ crypto-assets are separated from BlockNodes own crypto-assets as they are stored in different wallets. However, for operational purposes, where crypto-assets are due and payable to BlockNodes for the services provided (for example, where transaction fees are deducted from a users’ balance), some assets belonging to BlockNodes are stored in the users’ wallets for a limited period of time.
• Additionally, BlockNodes has built an internal register (the ledger) that records every transaction carried out on assets and knows, at all times, the positions of every user. The ledger is updated in real-time and reconciled regularly against actual on-chain balances. 

BlockNodes may pool client crypto-assets using an omnibus wallet. An omnibus wallet is used to custody crypto-assets relating to more than one user, meaning individual entitlements are not identifiable by separate wallet addresses but only through the ledger. 

5. Users rights and access

Users retain full beneficial ownership of their crypto-assets at all times. BlockNodes acts solely as custodian and does not acquire any proprietary interest in the assets it safeguards on the users’ behalf. BlockNodes does not sell, transfer, loan, pledge, or otherwise dispose of users’ crypto-assets without their instruction, unless required by a valid court order or as expressly permitted under the SwissBorg App Terms of Use. Withdrawals can be requested at any time, in accordance with the SwissBorg App Terms of Use.

However, in accordance with the SwissBorg App Terms of Use, BlockNodes has no obligation to support any particular fork, network upgrade, crypto-asset migration, airdrop or similar distribution nor any crypto-asset resulting from such events and retains sole discretion in doing so, such support remaining, in all instances, subject to the Terms of Use. BlockNodes may, in its sole discretion, decide to stop supporting the initial crypto-asset subject to such fork, airdrop or similar distribution.

6. Security and liability

• Private keys

All cryptographic keys are safeguarded using robust cryptographic techniques and are managed within secure environments with restricted access. These standards enable the structured generation of wallet addresses and logical separation across asset types and networks. Each private key is securely divided and distributed across multiple independent systems, using industry-standard multi-party computation (MPC), a cryptographic technique designed to ensure that no single party can reconstruct or use the private key unilaterally, thereby enforcing multi-party control over all key-related actions. All private key generation processes are performed exclusively within code-reviewed software environments. Keys are cryptographically validated prior to use in wallet derivation and are never exported, stored, or accessed outside of approved secure systems.

• Proxy

The proxy is a smart contract that incorporates a robust access control framework, ensuring that only a predefined set of whitelisted addresses can perform privileged operations. This mechanism enforces a strict separation of roles and responsibilities, thereby reducing operational and security risks.

In addition, the proxy implements a token whitelisting system. This system prevents the trading of any token that has not been explicitly approved, ensuring that all listed tokens have undergone the required due diligence and compliance checks prior to activation.

• Liability

According to Article 75(8) of Regulation EU 2023/1114, BlockNodes shall be liable to its users for the loss of any crypto-asset or of the means of access to the crypto-asset as a result of an incident that is attributable to BlockNodes. 

Incidents not attributable to BlockNodes include any event that occurred independently of the provision of custody and administration of cryptoassets by BlockNodes, or independently of the operations of BlockNodes, such as a problem inherent in the operation of the blockchain that BlockNodes does not control. BlockNodes is exempted from liability if an event occurs on a permissionless blockchain that BlockNodes does not control or manage (i.e., no contractual arrangement exists). Users are invited to read the SwissBorg App Terms of Use for further information about BlockNodes liability.

In the event of any loss of assets for a user resulting from incidents attributable to BlockNodes operations, excluding factors outside of its control, the Business Continuity and Disaster Recovery Plan principles will be followed in order to take immediate steps to rectify the situation and mitigate any impact on users.

7. How does BlockNodes manage risk?

BlockNodes recognises various sources of operational and IT risks that could impact the safekeeping and control of users’ crypto-assets. In order to manage these risks, BlockNodes implements adequate organisational arrangements and appropriate mitigation measures.

• MPC wallets

The MPC set-up used by BlockNodes relies on access controls: access to BlockNodes wallets is strictly controlled, including through whitelisting and multi-person approvals for sensitive transactions. 

• Proxy

The proxy follows the same principle of access controls as the MPC wallets: the configuration of the proxy requires a multi-person approval and funds can only be transferred to priorly white-listed external addresses. In addition, the smart contract of the proxy has been successfully audited. 

• Delegation of custody

Delegation of custody is strictly controlled and monitored through liquidity and risk management measures to ensure that the lowest possible amount is held with the third-party custodian, due diligences to evaluate the ongoing quality and compliance of the custodian and various supervision measures, including legal safeguards, continuous monitoring and a business continuity plan.

• Insolvency of major partners

BlockNodes uses the technology developed by third-parties and relies on third-party custodians. 

BlockNodes has put in place a detailed internal "disaster recovery" procedure in order to be able to ensure that the private keys can be recovered in case, for example, access to the keys is prevented or one key owner is disabled. This ensures that the insolvency or disappearance of a technology provider does not impact BlockNodes ability to return users’ funds to them at any time.

In the event of bankruptcy or loss of assets of a third-party custodian, BlockNodes would take legal action to recover the lost assets and/or funds, in accordance with Article 75(8) of Regulation (EU) 2023/1114.

8. Business continuity plan 

BlockNodes implemented disaster recovery procedures in order to make sure that the private key can always be reconstructed, so as to ensure that assets can never be lost. 

• MPC wallets: A “disaster key recovery ceremony” enables BlockNodes to perform a full private key reconstruction. 
• Smart contract: Similar to the MPC, the multisig can recover from a loss of material or a key leakage. At any point in time, it is possible to replace, add or remove an owner from a multisig. 

In the event of BlockNodes ceasing operations, users’ crypto-assets will remain protected. Depending on the situation, BlockNodes activities might be transferred to another service provider to ensure uninterruption of service, therefore transferring users’ assets to the new service provider. In case such a transfer is not possible, users’ assets will be returned promptly to their personal wallet address, based on ledger records and users’ wallet declarations.