Blog

How to Build a Corporate Treasury Policy for Digital Assets

Written by Jason Mountford

April 10th, 2026

Most treasury teams exploring stablecoins are running ahead of their own governance frameworks. The business case for stablecoins is straightforward, offering the potential for faster cross-border payments, real-time settlement and more efficient liquidity management. But the policy infrastructure to support that, in most organizations, doesn't exist yet.

We’re not going to be talking too much here about the benefits of using stablecoins for finance and treasury. We’ve gone into that before, but if you're reading this, you've likely already made the decision of whether you want to do it, and are now moving on to the how. This is for the treasury practitioner who now needs to build the controls, approvals, and reporting structures to do it responsibly, and get CFO sign-off in the process.

The good news is that a digital asset treasury policy isn't a fundamentally different animal from any other asset class policy. It's all about ensuring you’ve got controls in place, visibility over what's happening and governance to keep all of this on track. The challenge is that the infrastructure to enforce those things hasn't historically existed for digital assets the way it does for traditional bank accounts. That gap is closing, but building the policy correctly from the start matters. 


The Six Pillars of a Digital Asset Treasury Policy

There are six key elements to getting this right. Identifying and putting a mechanism around these elements will provide clear guidelines and a transparent process for fitting stablecoins into your existing treasury workflow.


1. Approved Instruments

When it comes to treasury risk, not all stablecoins are created equal. There’s a big difference between, for example, USDC, which is 100% backed by US dollars in cash or cash equivalents and TerraUST which aimed to maintain a currency peg through a supply and demand algorithm. It’s a perfect example of this different risk profile, with TerraUST collapsing completely in 2022.

Obviously, treasury wants to stay far away from any stablecoins that don’t offer the right level of security and asset backing. Your policy needs to define exactly which instruments the company is permitted to hold and set clear criteria for how that list is determined and maintained. 

At minimum, your approved instruments framework should address:

  • Issuer and regulatory status. Is the issuer regulated? In which jurisdictions? What licensing requirements do they meet? USD Coin (USDC) and PayPal USD (PYUSD), for example, carry very different regulatory profiles than algorithmic or offshore stablecoins.

  • Reserve transparency. How are reserves held, and how frequently are they attested? Treasury practitioners should require third-party attestation from recognized accounting firms, published on a regular cadence, monthly at minimum.

  • Redemption mechanics. Can the instrument be redeemed 1:1 for fiat on demand, or are there restrictions, fees, or delays? This matters for how you classify the asset in your liquidity model.

  • Review cadence. The approved instruments list shouldn't be static. Build in a formal review where the list is assessed against updated issuer disclosures, regulatory developments, and any changes to reserve composition.

The long and short of it is that if you wouldn't be comfortable explaining the instrument's risk profile to your board's audit committee, it probably shouldn't be on the approved list.


2. Custody and Counterparty Risk

In traditional treasury, counterparty risk frameworks define how you evaluate and limit exposure to any single financial institution. Digital asset custody requires the same discipline, just applied to a different set of counterparties.

Your policy should define:

  • Permissible custody models. The three primary options are exchange/platform custody (simplest, highest counterparty risk), third-party qualified custodians (most analogous to traditional bank relationships), and self-custody via corporate wallets (most control, highest operational complexity). Most corporate treasury functions starting out will use qualified custodians, which is the right starting point for policy purposes.

  • Custodian requirements. What insurance coverage is required? What SOC 2 or equivalent attestation must custodians hold? Are they regulated as a trust company or equivalent in a recognized jurisdiction? What are the asset segregation requirements?

  • Mapping to existing bank counterparty frameworks. The cleanest approach is to treat digital asset custodians as an extension of your existing financial institution risk framework, applying similar due diligence criteria, documentation requirements, and periodic reviews.

One consideration worth addressing explicitly is what happens to assets held with a custodian that becomes insolvent? Your policy should specify custodial arrangements that provide clear legal separation of company assets from the custodian's balance sheet.


3. Concentration and Exposure Limits

This is where treasury instinct translates directly, as the same diversification principles that govern how much cash you hold at any single bank apply to digital assets.

Your policy should define exposure limits at multiple levels:

  • Total digital asset allocation. What is the maximum percentage of total liquidity the company is permitted to hold in digital assets at any time? Most companies starting out will set a conservative limit, say 5% to 10% of operating cash, with a governance process to expand it over time.

  • Single instrument limits. Even within the approved instruments list, no single stablecoin should represent an unlimited share of digital asset holdings.

  • Single custodian limits. Analogous to bank concentration limits in traditional treasury policy.

  • Jurisdictional limits. As regulatory environments vary significantly by country, your policy should consider whether to restrict holdings in jurisdictions with limited regulatory clarity.

Define both the limits themselves and the monitoring process, because limits without visibility mechanisms are just words on a page.


4. Accounting and Tax Treatment

This is the section most treasury teams get to last, and it should actually be addressed first. Getting the accounting treatment wrong creates downstream problems across financial reporting, audit, and tax compliance.

FASB ASC 350-60, effective for fiscal years beginning after December 15, 2024, now requires companies to measure certain crypto assets at fair value, with changes recognized in net income each period. This is a significant shift from the prior indefinite-lived intangible asset model, and it changes the P&L implications of holding digital assets materially.

Your policy should specify:

  • How digital assets are classified on the balance sheet, and under which accounting standard (ASC 350-60 for crypto assets meeting the definition, or other treatment for instruments that don't).

  • Fair value measurement methodology. What pricing sources will you use? How will you handle assets that trade on multiple platforms with potentially divergent prices? Who is responsible for the monthly close process for digital asset positions?

  • Gains and losses treatment. Under fair value accounting, unrealized gains and losses flow through income, which affects earnings volatility. Your policy should define how this is communicated to FP&A and what hedging, if any, is permitted to manage that volatility.

  • Tax reporting obligations. Digital asset transactions can generate taxable events. Your policy should establish clear documentation requirements for every transaction and define the tax reporting process in coordination with your tax team.

If your organization hasn't already engaged your external auditors and tax advisors on digital asset accounting treatment, that conversation should happen before the policy is finalized.


5. Operational Controls

Operational controls are where policy meets day-to-day execution. This section should mirror the rigor of your existing wire transfer controls, because from a fraud and error risk perspective, digital asset transactions carry similar (and in some cases higher) stakes.

At minimum, your operational controls framework should cover:

  • Transaction authorization. Who is permitted to initiate digital asset transactions? Define this by role, not by individual, so the policy survives personnel changes. A tiered authorization model (where transactions above certain thresholds require additional approvals) mirrors best practice in traditional treasury.

  • Multi-signature requirements. Most institutional-grade custody solutions support multi-signature authorization, requiring multiple approvals before a transaction executes. This should be a policy requirement, not an optional feature. Define the minimum signature threshold (2-of-3 is common) and which roles hold signing authority.

  • Segregation of duties. The person who initiates a transaction should not be the same person who approves it. This is foundational internal control and it applies here.

  • Address whitelisting. Approved destination addresses for digital asset transfers should be pre-approved and maintained in a controlled list, analogous to the beneficiary management process for wire transfers. Payments to non-whitelisted addresses should require additional authorization.

  • Transaction documentation. Every transaction should be documented with purpose, authorization, and counterparty detail, consistent with existing treasury transaction documentation requirements.

One practical note when documenting operational controls is to reference your existing treasury policy framework wherever possible. Auditors and regulators respond better to a digital asset addendum that extends existing controls than to an entirely separate policy that appears to have been built in isolation.


6. Visibility and Reporting

This is the pillar most digital asset policies underinvest in, and it's the one that determines whether the rest of the policy is enforceable in practice.

A policy that defines concentration limits but has no mechanism for monitoring those limits in real time isn't a policy at all. The same applies to exposure limits, custodian concentration, and fair value reporting.

Your policy should define:

  • Reporting frequency. At what cadence are digital asset positions reported to the CFO and treasury leadership? Daily is appropriate for active users, whereas weekly may be sufficient for companies holding modest balances. The frequency should match the pace of decision-making.

  • Integration with existing cash reporting. This is the critical question. Are digital asset balances visible in the same reporting context as traditional bank balances? Or are they tracked in a separate spreadsheet that someone remembers to update? Policy should require consolidated visibility, not parallel processes.

  • Board and audit committee disclosure. What digital asset metrics are reported to the board, and how often? Fair value changes flowing through income mean this is now an earnings story, not just a treasury operations question.

  • Exception reporting. What triggers an escalation? Define the threshold at which a limit breach of exposure concentration, custodian concentration or instrument concentration requires immediate notification to treasury leadership and CFO.

The underlying requirement here is data infrastructure. Stablecoin balances and transaction histories need to be surfaced in the same normalized, connected visibility layer as traditional bank and treasury data. Without that foundation, even a well-written policy can't be operational.


Looking Forward

Digital assets are moving from edge case to normalized treasury instrument faster than most policy frameworks are evolving to accommodate them. The regulatory environment in the US is clarifying, with accounting standards updated and institutional custody infrastructure maturing significantly. Demand for stablecoins is clearly increasing, with trading volumes rising 90% from 2023 to 2024, according to the IMF.

The companies building rigorous governance frameworks now are building a durable operational advantage. When stablecoin transaction volumes scale, when the CFO wants a consolidated liquidity view that includes digital asset balances, when the auditors ask for documented controls, you want to already have the infrastructure in place.

The policy framework isn't the hard part, it’s getting the visibility infrastructure in place to be able to plainly see whether that framework is being followed. Get both right, and digital assets become a powerful treasury capability. Get it wrong, and they can end up being a major liability.


Trovata helps treasury teams bring digital asset positions into the same connected visibility layer as traditional bank and treasury data, making policies enforceable, not just documented. Book a demo today.

Jason Mountford

Jason Mountford

A finance professional with over 15 years in wealth management, Jason started Hedge, a content agency, to bridge the gap between great writers and great finance businesses. He is a fully qualified Financial Advisor in both the UK and Australia, and also works with many clients in the United States and the Gulf Cooperation Council. He’s worked with companies of all sizes, from the Fortune 500 to small boutique firms. As a financial commentator, Jason has appeared in FT Adviser, Bloomberg, Investors Chronicle, the Daily Mail, the Daily Express, Money Marketing and more. Outside of work, Jason enjoys spending time with his wife and 2 kids, and keeping active. He’s a keen (though slow) endurance athlete, enjoying running, cycling and triathlon.

Subscribe to Newsletter