We have developed and maintain a cybersecurity risk management program, consisting of cybersecurity policies, procedures, compliance and awareness programs to mitigate risk and to ensure compliance with security, availability and confidentiality trust principles. The cybersecurity process has been integrated into our overall risk management system and process and is managed both internally and through an external cybersecurity vendor. Management is responsible for identifying risks that threaten achievement of the control activities stated in the management’s description of the services organizations systems. Management has implemented a process for identifying relevant risks that could affect the organization’s ability to provide secure and reliable service to its users. The risk assessment occurs annually, or as business needs change, and covers identification of risks that could act against the company’s objectives as well as specific risks related to a compromise to the security of data. See “Item 3.D — Risk Factors—Risks Related to Blockchain Assets— — The open-source structure of blockchain software means that blockchain networks may be susceptible to malicious cyber-attacks or may contain exploitable flaws, which may result in security breaches and the loss or theft of blockchain assets.”

The level of each identified risk is determined by considering the impact of the risk itself and the likelihood of the risk materializing and high scoring risks are actioned upon. Risks are analyzed to determine whether the risk meets company risk acceptance criteria to be accepted or whether a mitigation plan will be applied. Mitigation plans include both the individual or department responsible for the plan and may include budget considerations.

The oversight of cybersecurity threats is undertaken by our Chief Technology Officer, who holds over two decades of experience in information technology and the design and architecture of information systems and is supported by management. Our audit committee is responsible for cybersecurity oversight and monitoring risk. Management informs the audit and investment committee of such risk by committee meetings.

We have not, to our knowledge, experienced any material IT system failures or any material cybersecurity attacks to date. See “Item 3.D — Risk Factors—Risks Related to Blockchain Assets—The open-source structure of blockchain software means that blockchain networks may be susceptible to malicious cyber-attacks or may contain exploitable flaws, which may result in security breaches and the loss or theft of blockchain assets.”

As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.

The oversight of cybersecurity threats is undertaken by our Chief Technology Officer, who holds over two decades of experience in information technology and the design and architecture of information systems and is supported by management. Our audit committee is responsible for cybersecurity oversight and monitoring risk. Management informs the audit and investment committee of such risk by committee meetings.

As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.