Definition
Corporate bitcoin treasury management refers to the policies, controls, and operational practices required when a business entity (rather than an individual) holds bitcoin as a treasury reserve asset. Corporate holdings introduce distinct requirements: board fiduciary duties, financial reporting obligations, custody architecture that satisfies auditors, and strict segregation from personal holdings of executives or shareholders.
MicroStrategy put bitcoin on its balance sheet in 2020. Their stock is now a bitcoin proxy. That's one approach.
Most companies will hold 1-3% of treasury assets and never talk about it publicly. That's also an approach.
Both require the same thing: a board that understands what they're approving, and documentation that proves they understood it.
This guide addresses the distinct considerations corporate treasury teams face. Not whether to allocate, but how to approach the decision and implementation if the company chooses to proceed.
Key Takeaways
- Corporate bitcoin holdings require board-level governance and formal treasury policy authorization.
- Accounting treatment varies by jurisdiction and is evolving; fair value accounting is increasingly available but not universal.
- Custody architecture for corporate treasury must include segregation, access controls, and audit trails that satisfy external auditors.
- Strict separation between corporate and personal holdings is non-negotiable. Commingling creates legal, tax, and governance failures.
- Volatility impacts financial statements; boards must understand and accept earnings variability before allocation.
- Operational controls (transaction approval workflows, key management, and insurance) differ from individual custody requirements.
When the CFO Asks About Bitcoin
Fiduciary Framework
Corporate officers and directors owe fiduciary duties to shareholders. These duties (care, loyalty, and good faith) apply to treasury management decisions, including any allocation to bitcoin. The business judgment rule provides protection for good-faith decisions made on an informed basis, but this protection requires documentation of the decision-making process.
When treasury losses occur, boards face scrutiny. Document everything. When bitcoin drops 40% and a shareholder sues, your board minutes are your defense.
Liability exposure exists for both the company and individual directors. D&O insurance considerations may come into play. Treasury policies should be reviewed by legal counsel to ensure proper authorization frameworks exist before any allocation.
Financial Reporting Obligations
Public companies face disclosure requirements that private companies do not. In the United States, bitcoin holdings may require disclosure in Forms 10-K and 10-Q, depending on materiality. Risk factor disclosures may need updating. Management's Discussion and Analysis may need to address treasury strategy changes.
All companies with audited financial statements must consider auditor requirements. External auditors will need to verify existence and ownership of bitcoin holdings, test controls around custody and transactions, and assess the appropriateness of accounting treatment. Audit fees may increase, particularly in early years when procedures are being established.
If bitcoin is 0.5% of assets, the disclosure burden is light. At 5%, expect questions. At 10%, expect many questions.
Governance Structure
Treasury policy serves as the governing document for corporate cash and investment management. Most treasury policies do not currently authorize bitcoin as a permitted investment. Before any allocation, the policy must be reviewed and likely amended.
Board or finance committee approval is typically required for treasury policy changes. The specific approval requirements depend on corporate bylaws, existing board resolutions, and the company's delegation framework. Some companies may require full board approval; others may delegate to the CFO within defined limits.
Segregation of duties is a fundamental control principle. The person who can initiate a bitcoin transaction should not be the same person who approves it. This basic control requirement has implications for how custody solutions are configured and how access is managed.
Stakeholder Considerations
Shareholders may have views on bitcoin treasury allocation, some positive, some negative. Institutional shareholders may have specific policies or preferences. Proxy advisory firms may comment on treasury strategy in their voting recommendations.
Analyst and investor relations implications should be considered. Earnings calls may include questions about bitcoin holdings, particularly when price volatility creates material gains or losses. Companies should be prepared to explain their rationale and strategy.
For companies with debt, lender covenants should be reviewed. Some credit agreements may restrict certain types of investments or require lender consent. Compliance with existing agreements must be verified before allocation.
Rating agencies may take views on treasury strategy changes. For rated companies, preliminary discussions with rating agencies may be appropriate to understand potential impact.
Board-Level Considerations
The Decision Framework
Before detailed analysis, boards should address threshold questions. Is bitcoin a permitted investment under current treasury policy? If not, what policy amendments are required? What approval thresholds apply: finance committee, full board, or management discretion within limits?
The company's risk tolerance is foundational. Treasury operations traditionally prioritize capital preservation and liquidity. Bitcoin introduces volatility that is fundamentally different from traditional treasury investments. Boards must explicitly consider whether this risk profile is acceptable.
Risk Acceptance
A company holding $100 million in bitcoin could report a $30 million loss next quarter. Or a $50 million gain. That's not a bug. It's what you're buying. If that makes your CFO uncomfortable, stop here.
Bitcoin has experienced drawdowns exceeding 70%. Under fair value accounting, these fluctuations flow directly to earnings. Boards must understand this before they approve anything.
Custody and operational risk requires assessment. Unlike bank deposits or securities held at regulated custodians, bitcoin custody involves cryptographic key management. The consequences of custody failure (whether from security breach, operational error, or vendor failure) can be total and irreversible loss.
Regulatory and accounting uncertainty persists. While clarity has increased substantially, the regulatory environment continues to evolve. Boards should understand that rules may change in ways that affect reporting, taxation, or permissibility of holdings.
Reputational considerations vary by industry and stakeholder base. Some companies have seen positive reception to bitcoin treasury allocations; others have faced criticism. Boards should assess their specific stakeholder environment.
Fiduciary Documentation
Board resolutions should document authorization clearly. Minutes should reflect the discussion, including risks considered. The rationale for the decision should be documented in sufficient detail to demonstrate informed decision-making.
This documentation is not optional. It provides the evidentiary foundation for business judgment rule protection. Companies should work with legal counsel to ensure appropriate documentation practices.
Questions Boards Should Ask
- What is the maximum allocation as a percentage of treasury assets?
- What is the maximum dollar loss the company can absorb without material impact to operations?
- How does this allocation affect our liquidity position and working capital requirements?
- What custody controls are in place, and who has verified their adequacy?
- How will this be reported in financial statements, and have we discussed with our auditors?
- What is our strategy if we need to liquidate the position?
- Who is authorized to make transactions, and what approval workflows exist?
Accounting and Financial Reporting
We're not your accountant. Talk to yours. But here's what they'll ask about.
US GAAP Treatment
FASB ASU 2023-08 permits fair value accounting for crypto assets that meet certain criteria. Under this standard, bitcoin is measured at fair value with changes recognized in net income. This represents a significant change from prior treatment, which required impairment-only accounting.
Companies must make an election to apply fair value accounting. Transition requirements and effective dates should be reviewed with auditors. Once elected, fair value accounting results in earnings volatility. Both gains and losses flow through the income statement.
Disclosure requirements include information about significant holdings, fair value measurement inputs, and changes in fair value recognized during the period.
IFRS Treatment
Under IFRS, bitcoin is typically classified as an intangible asset under IAS 38. The cost model results in impairment-only accounting. Losses are recognized when carrying value exceeds recoverable amount, but gains are not recognized until sale.
The revaluation model under IAS 38 may be available in some circumstances, but requires an active market for the specific type of intangible asset. Application to bitcoin should be discussed with auditors.
IASB continues to monitor developments in digital asset accounting. Future changes to IFRS treatment are possible.
Practical Considerations
Early engagement with auditors is essential. Auditors will need to develop procedures for testing existence and ownership, evaluating custody controls, and assessing valuation. Providing advance notice allows time for auditors to build necessary expertise and plan their procedures.
Valuation documentation should identify the pricing sources used, the methodology for determining fair value, and any adjustments made. Auditors will test these sources and methodologies.
Disclosure drafting requires care. Legal counsel and auditors should review proposed disclosures, particularly for public companies with SEC reporting obligations.
Earnings Volatility
Fair value changes flow through earnings. Companies and their investors must understand and accept this reality. Quarter-to-quarter earnings will include bitcoin gains and losses, potentially creating significant variability that is unrelated to operating performance.
Some companies present non-GAAP measures that exclude bitcoin fair value changes to help investors understand operating performance. Any such measures must comply with SEC rules regarding non-GAAP financial measures, including reconciliation requirements and balanced presentation.
Investor communication strategies should be considered. How will the company explain bitcoin-related earnings volatility? Prepared responses for analyst questions are advisable.
Treasury Policy Framework
Policy Components
Treasury policy amendments should address several elements. Authorization should specify that bitcoin is a permitted treasury investment. Allocation limits should define maximum percentage of treasury assets and potentially absolute dollar limits. Approved custody arrangements should be specified or criteria for approval defined.
Transaction approval authorities should be clear. Who can initiate transactions? What approval is required for different transaction sizes? What segregation of duties requirements apply?
Reporting requirements should mandate regular reporting to the board or finance committee, including holdings levels, gains and losses, and any policy compliance exceptions.
Risk Limits
Maximum allocation limits serve as the primary risk control. A smaller allocation limits potential earnings impact while maintaining exposure. Boards should consider what percentage of treasury assets can be allocated to bitcoin while maintaining acceptable risk levels.
Rebalancing triggers may be appropriate. If bitcoin appreciation causes allocation to exceed policy limits, should the company sell? If depreciation creates opportunity, is additional purchase authorized?
Loss thresholds requiring board notification should be defined. At what level of loss does management need to inform the board, even between scheduled meetings?
Operational Standards
Approved custodians should be identified or criteria defined. What due diligence is required before a custodian is approved? What ongoing monitoring is required?
Access control requirements should be specified. Who can view holdings? Who can initiate transactions? Who can approve? What authentication requirements apply?
Audit trail requirements should ensure all transactions and access events are logged and available for auditor review.
Review and Amendment
Review your bitcoin policy yearly. When the SEC changes something (and they will), don't wait for the annual review.
Custody Architecture for Corporate Treasury
Governance-Compatible Custody
Corporate custody requirements differ from individual needs. Role-based access control is essential: view-only access for monitoring, initiation rights for authorized personnel, approval rights for designated approvers. These roles should align with corporate authority matrices.
Multi-level approval workflows enable appropriate controls. Transaction thresholds can be configured to require additional approvals for larger amounts. Time delays can provide opportunity to detect unauthorized transactions.
Configurable limits allow policies to be encoded in custody systems. Daily, weekly, or per-transaction limits can enforce policy compliance technically.
Audit trails must record every action: logins, access events, transaction initiations, approvals, and completions. These logs support both internal control monitoring and external auditor procedures.
Asset segregation from other custody clients is important for legal clarity and operational risk management.
Audit Requirements
Third-party attestation provides assurance about custodian controls. SOC 1 and SOC 2 reports address different aspects of control environments. Companies should obtain and review these reports and provide them to external auditors.
Proof of reserves or balance verification allows auditors to confirm existence and ownership of bitcoin holdings. Custody providers should offer mechanisms for independent verification.
Controls testing by external auditors may include review of access configurations, testing of approval workflows, and verification of audit trail completeness. Custody solutions should support these audit procedures.
Insurance and Risk Transfer
Custody insurance provides protection against certain loss events. Coverage amounts, covered events, and exclusions vary significantly among providers. Companies should review policy terms carefully.
Not all loss scenarios are covered. Social engineering attacks, certain types of insider fraud, and some technical failures may be excluded. Companies should understand gaps and assess whether they can be accepted or require additional mitigation.
Claims processes and financial strength of insurers matter. Insurance that cannot be collected provides false assurance.
Operational Resilience
Business continuity for custody access should be planned. If primary personnel are unavailable, how does the company access its bitcoin? Key person risk must be addressed.
Disaster recovery procedures should address scenarios including facility loss, technology failure, and vendor failure. Geographic redundancy in custody infrastructure reduces certain risks.
Due Diligence Framework
Vet your custodian like you'd vet a money manager. They're holding the keys. If they go under, your bitcoin might go with them.
Verify regulatory status and licensing. Review security practices, audit reports, and penetration testing results. Financial stability matters. Custodian failure creates significant operational disruption even if assets are theoretically recoverable.
Insurance coverage should be verified directly with insurers, not just accepted based on custodian representations. References should be checked with other institutional clients.
Segregation from Personal Holdings
Why Segregation Is Non-Negotiable
We've seen the failure mode. CEO buys bitcoin personally in 2019. Company decides to allocate in 2021. CEO "transfers" his personal holdings to the company. Now there's a commingling problem, a tax problem, and a fiduciary problem. All because someone tried to save paperwork.
Start clean. Stay clean.
The legal distinction between corporate and personal assets is fundamental. Corporations are separate legal entities. Corporate assets belong to the corporation, not to its officers or shareholders. Commingling undermines this distinction and creates liability exposure.
Tax treatment differs between corporate and personal holdings. Gains, losses, and holding periods are calculated separately. Commingling creates tax compliance nightmares and potential exposure.
Fiduciary duty compliance requires that corporate assets be managed for the benefit of shareholders. Personal holdings managed alongside corporate holdings create conflicts of interest and potential breach of duty claims.
Audit requirements cannot be satisfied when corporate and personal holdings are commingled. Auditors cannot verify corporate holdings that are mixed with personal assets.
Liability protection for individuals depends on maintaining corporate formalities, including separation of assets.
What Segregation Requires
Completely separate custody arrangements are required. Corporate bitcoin must be held with a different custodian or in completely segregated accounts within the same custodian. There can be no shared wallets, no shared addresses, no possibility of confusion about ownership.
Separate keys and credentials are essential. No seed phrases, private keys, or access credentials should be shared between corporate and personal arrangements.
Documentation should clearly establish ownership. Custody agreements should specify the corporate entity as the client and owner.
Common Failures to Avoid
Executives using personal wallets for early corporate purchases, intending to "sort it out later," creates serious problems. Even if intended as temporary, this commingling can have legal and tax consequences.
Shared custody accounts where personal and corporate holdings are tracked informally but held together fails the segregation requirement. Accounting separation is not sufficient. Actual custody separation is required.
Reimbursement arrangements where executives purchase bitcoin personally and are reimbursed by the company blur ownership in problematic ways.
Personal Holdings Considerations
Executives who hold personal bitcoin while the company also holds bitcoin should consider insider trading policy implications. If executives have material non-public information about company bitcoin transactions, personal trading may be restricted.
Disclosure requirements may apply to personal holdings of executives and directors, depending on position and company policies.
Pre-clearance procedures may be appropriate, requiring executives to obtain approval before personal bitcoin transactions during certain periods.
Operational Controls
Transaction Workflows
Clear procedures should govern all transactions. Initiation should follow defined procedures, with appropriate documentation of purpose and authorization. Approval should follow policy-defined workflows, with approvers independent from initiators. Execution should be verified and confirmed. Reconciliation should confirm transactions completed as intended.
Access Management
User provisioning should follow formal procedures, with appropriate authorization for new access. Deprovisioning when personnel change roles or depart is equally important. Access should be removed promptly.
Access reviews should occur periodically, confirming that access levels remain appropriate and that no unauthorized access exists.
Multi-factor authentication should be required for all access. Session management should include appropriate timeouts and logging.
Reconciliation
Regular reconciliation between custody records and independent verification is essential. Blockchain verification confirms holdings exist and match custodian records. Frequency should be risk-based, at minimum monthly, potentially more frequent for larger holdings.
Discrepancies must be investigated promptly. Investigation procedures should be documented, with escalation paths for unresolved items.
Incident Response
Procedures should exist for responding to potential security incidents, unauthorized access, or suspicious activity. Escalation paths should be clear. Communication procedures (internal and potentially external) should be defined.
Post-incident review should assess root causes and identify control improvements.
Tax Considerations
We're not your tax advisor. Talk to yours. But here's what they'll ask about.
General Framework
Corporate taxation of bitcoin gains and losses follows general principles of corporate income taxation, but specific rules may apply to digital assets. Timing of recognition (when gains or losses are recognized for tax purposes) may differ from book accounting treatment.
Bitcoin received as payment for goods or services has tax implications at receipt. Jurisdictional variations are significant, and multinational companies face additional complexity.
Common Issues
Cost basis tracking is essential for tax compliance. Specific identification or other permitted methods must be applied consistently. Custody solutions that support tax lot tracking can simplify compliance.
Holding periods affect tax treatment in some jurisdictions. Documentation must support holding period claims.
Related-party transactions require careful attention. Transfer pricing rules may apply to multinational companies moving bitcoin between entities.
Documentation Requirements
Keep records like the IRS is already auditing you. Date, cost, lot. Your future self will thank you.
Gain and loss calculations need supporting records. When the audit comes (and for bitcoin holdings, it often does), you want paperwork, not memory.
Implementation Roadmap
Phase 1: Assessment
Begin with preliminary board or finance committee discussion to assess interest and risk tolerance. Conduct policy gap analysis to identify what authorization changes are needed. Research accounting treatment with auditors. Survey the custodian landscape to understand options.
Phase 2: Policy Development
Draft treasury policy amendments with appropriate authorization, limits, and controls. Conduct custodian selection and due diligence. Design control framework, including workflows, access management, and reconciliation procedures. Engage tax and accounting advisors for company-specific guidance.
Phase 3: Approval
Prepare board presentation addressing rationale, risks, and controls. Obtain formal board approval with appropriate documentation. Develop stakeholder communication planning. Prepare required disclosures if applicable.
Phase 4: Implementation
Establish custody accounts with selected provider. Implement and test controls before funding. Execute initial allocation according to approved plan. Establish reconciliation and reporting procedures.
Phase 5: Ongoing Management
Provide regular reporting to board or committee as required by policy. Monitor policy compliance and address any exceptions. Conduct periodic custodian reviews. Complete annual policy review and update as needed.
Conclusion
Corporate bitcoin requires more documentation than individual holdings. Board approval, auditor sign-off, segregation from personal holdings. These aren't optional.
If your treasury's job is capital preservation above all else, bitcoin might not belong there. That's a legitimate conclusion. Most companies will reach it. Saying no after doing the work is better than saying yes without understanding what you're holding.
