πΌ CORPORATE CODE OF CONDUCT
πΌ CORPORATE CODE OF CONDUCT
β SEC CATEGORY 1 COMPLIANT | Issuer-Sponsored Tokenized Securities pursuant to SEC Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets Joint Statement dated January 28, 2026
π INTRODUCTION
OTCM Protocol, Inc. ("OTCM Protocol" or the "Company") is a Wyoming Digital Asset Corporation operating a blockchain-based platform that enables the tokenization of securities as ST22 Tokenized Securities on the Solana blockchain under the SEC Category 1 (Issuer-Sponsored Tokenized Securities) framework.
π Our Commitment
We publish regular updates and reports, available on our website, containing information regarding:
Area | Description |
|---|---|
π§ Operations | Our platform operations and performance |
π Policies | Internal policies and procedures |
π― Practices | Business practices and compliance activities |
βοΈ Regulatory | Category 1 compliance status and updates |
π Scope of Application
This Corporate Code of Conduct applies to:
Scope | Description |
|---|---|
π’ Company | The Company and any subsidiaries |
π₯ US Personnel | All personnel working in the United States |
π Global Personnel | All personnel in foreign countries |
π€ Contractors | Contractors and consultants acting on behalf of the Company |
This Code supplements, emphasizes, and clarifies certain aspects of the Company's internal policies.
1. βοΈ OBEYING THE LAW
Obeying the law, both in letter and spirit, is the foundation on which OTCM Protocol's ethical standards are built.
π― Our Expectations
The Company expects its personnel to maintain the highest ethical standards of business conduct and comply with:
Requirement | Description |
|---|---|
πΊπΈ Federal Laws | All applicable federal laws and regulations |
ποΈ State Laws | All applicable state laws and regulations |
π International Laws | Laws of countries where we operate |
π Company Policies | All internal policies and procedures |
βοΈ Securities Laws | Federal and state securities laws |
π¦ Category 1 Framework | SEC Category 1 compliance requirements |
π‘ Getting Help
Although personnel are not expected to know the details of each law, we encourage seeking advice from:
Resource | When to Contact |
|---|---|
π¨βπΌ Supervisors/Managers | Initial questions and guidance |
βοΈ Legal Department | Legal and regulatory questions |
π‘οΈ Compliance Team | Category 1 and securities compliance questions |
π€ HR Department | Employment and workplace questions |
2. π REGULATORY COMPLIANCE
2.1 π Securities Compliance β Category 1 Framework
OTCM Protocol operates SEC Category 1 compliant infrastructure for issuer-sponsored tokenized securities.
We maintain strict compliance with:
Regulation | Description |
|---|---|
π Securities Act of 1933 | Registration requirements and exemptions |
π Securities Exchange Act of 1934 | Trading and reporting requirements |
ποΈ State Securities Laws | "Blue Sky" laws in applicable jurisdictions |
π Regulation D Rule 506(c) | Accredited investor offering exemption |
π¦ Transfer Agent Regulations | Empire Stock Transfer partnership compliance |
βοΈ SEC Category 1 Framework | January 28, 2026 Joint Statement requirements |
Category 1 Compliance Requirements
Personnel must understand and support compliance with all seven Category 1 requirements:
Requirement | Personnel Obligation |
|---|---|
ποΈ Direct Issuer Authorization | Verify board resolutions are obtained |
π Official Shareholder Register | Ensure proper Certificate of Designation filing |
π¦ Regulated Custody | Coordinate with Empire Stock Transfer |
π True Equity Backing | Verify 1:1 backing on all transactions |
π Clear Ownership Chain | Maintain CUSIP and documentation |
π‘οΈ Investor Protection | Ensure 42 Transfer Hook controls function |
π Token Standard Compliance | Maintain SPL Token-2022 compliance |
2.2 βοΈ Blockchain and Cryptocurrency Compliance
As a platform operating on the Solana blockchain, we adhere to:
Regulation | Description |
|---|---|
π΅ FinCEN Requirements | Bank Secrecy Act, AML program requirements |
π« OFAC Sanctions | Office of Foreign Assets Control sanctions compliance |
ποΈ Wyoming WDAC | Wyoming Digital Asset Corporation regulations |
πͺͺ KYC/AML | Know Your Customer and Anti-Money Laundering requirements |
ποΈ Accredited Investor | SEC Rule 501 verification requirements |
2.3 π‘οΈ Cybersecurity
Given our blockchain-based platform and the sensitive nature of Category 1 compliant securities trading, we maintain strict cybersecurity policies:
Control | Description |
|---|---|
π Smart Contract Audits | Regular security audits of all smart contracts |
π Multi-Signature Controls | Multi-signature wallet controls for treasury |
π¨ Incident Response | Documented incident response procedures |
π‘οΈ Penetration Testing | Regular penetration testing of all systems |
πͺ Transfer Hook Security | Monitoring of 42 Transfer Hook controls |
π¦ Custody Security | Secure integration with Empire Stock Transfer |
3. π€« CONFIDENTIAL INFORMATION AND INSIDER TRADING
We treat all non-public information about the Company, partner companies, tokenized securities, and business operations as confidential information.
β PROHIBITED ACTIVITIES
Personnel with access to confidential information are NOT permitted to:
Prohibition | Description |
|---|---|
π Trading on MNPI | Buy or sell securities based on material non-public information |
π’ Tipping | Share confidential information with others who may trade |
π¬ Unauthorized Disclosure | Disclose confidential information without authorization |
π° Personal Benefit | Use confidential information for personal financial gain |
π’ Competitor Sharing | Share information with competitors |
π Protected Information Includes:
Information Type | Examples |
|---|---|
πͺ Tokenization Plans | Upcoming ST22 tokenizations |
π Platform Metrics | Trading volumes and platform performance |
π€ Business Development | Partnership negotiations and plans |
π§ Technical Information | Technical developments, vulnerabilities, Transfer Hook configurations |
π₯ Customer Information | Customer data, trading patterns, accreditation status |
βοΈ Regulatory Matters | Compliance issues, regulatory communications |
π’ Issuer Information | Non-public information about tokenized companies |
βοΈ Legal and Ethical Duty
Personnel owe a duty to the Company to advance the Company's interests whenever possible. Using non-public information for personal financial benefit is:
Status | Description |
|---|---|
β Unethical | Violates our ethical standards |
βοΈ Illegal | Violates federal securities laws |
π Policy Violation | Violates OTCM Protocol's policies |
π¨ Terminable Offense | Subject to immediate termination |
β οΈ Category 1 Note: ST22 Tokenized Securities are securities under federal securities laws. Insider trading prohibitions apply fully to ST22 tokens.
4. βοΈ FAIR COMPETITION AND MARKET INTEGRITY
π― OTCM Protocol is committed to:
Commitment | Description |
|---|---|
π Fair Dealing | Open competition and fair dealing with clients, partners, and competitors |
π Transparency | Transparent market operations without manipulation |
β Accuracy | Accurate representation of our services and capabilities |
π’ Ethical Marketing | Ethical marketing practices compliant with securities laws |
βοΈ Category 1 Integrity | Maintaining integrity of Category 1 compliance framework |
π₯ Personnel are expected to:
Expectation | Description |
|---|---|
βοΈ Competition Laws | Conduct business in full compliance with all applicable competition laws |
π« Anti-Competitive | Not engage in any anti-competitive behavior |
π No Manipulation | Avoid market manipulation or wash trading of ST22 tokens |
π¨ Report Suspicious Activity | Report any suspicious trading activities |
π§ System Integrity | Maintain integrity of bonding curve, liquidity pool, and Transfer Hook mechanisms |
π Securities Compliance | Ensure all marketing complies with Regulation D Rule 506(c) |
π‘οΈ Transfer Hook Integrity
Personnel must never:
Prohibition | Description |
|---|---|
π Bypass Controls | Attempt to bypass or disable Transfer Hook controls |
π§ Unauthorized Changes | Make unauthorized changes to security parameters |
π Manipulation | Manipulate custody verification or compliance checks |
π« Circumvention | Help others circumvent investor protection controls |
5. π DATA PRIVACY AND PROTECTION
OTCM Protocol is committed to complying with all applicable data privacy laws while maintaining Category 1 compliance data requirements.
π Regulatory Compliance:
Regulation | Description |
|---|---|
πΊπΈ CCPA/CPRA | California Consumer Privacy Act compliance |
π GDPR | General Data Protection Regulation (where applicable) |
ποΈ State Laws | State-specific privacy requirements |
βοΈ Category 1 Retention | Regulatory data retention requirements for securities compliance |
π₯ Personnel Must:
Requirement | Description |
|---|---|
π Data Care | Handle customer data with utmost care and confidentiality |
π Retention Policies | Follow data retention and deletion policies |
π¨ Breach Reporting | Report data breaches immediately |
π Training | Complete required privacy training |
βοΈ Compliance Data | Understand Category 1 requires retention of KYC/AML/accreditation data |
π For more information: Company Privacy Policy
βοΈ Category 1 Data Requirements
Personnel must understand that certain data must be retained for regulatory compliance:
Data Type | Retention Period | Basis |
|---|---|---|
πͺͺ KYC Records | 5 years | Bank Secrecy Act |
π° Transaction Records | 7 years | Securities laws |
ποΈ Accreditation Records | 5 years | SEC Rule 506(c) |
π« OFAC Screening | 5 years | Treasury requirements |
6. π° FINANCIAL INTEGRITY AND RESPONSIBILITY
Financial integrity and fiscal responsibility are core values of OTCM Protocol.
π₯ All Company Team Members Are Responsible For:
Responsibility | Description |
|---|---|
πΈ Appropriate Spending | Ensuring Company funds are appropriately spent |
π Accurate Records | Maintaining complete and accurate financial records |
β Internal Controls | Following internal controls and approval processes |
π Asset Protection | Protecting Company assets, including cryptocurrency holdings |
π¨ Fraud Reporting | Reporting any suspected fraud or financial irregularities |
π¦ Treasury Security | Protecting SOL treasury and protocol funds |
π‘οΈ Internal Controls System:
Control | Description |
|---|---|
β Segregation of Duties | No single person controls entire transaction |
π Approval Workflows | Multi-level approval for significant transactions |
π Regular Audits | Internal and external audit processes |
π Reconciliation | Regular reconciliation of blockchain and traditional accounts |
π¦ Custody Verification | Regular verification of Empire Stock Transfer holdings |
7. β οΈ CONFLICTS OF INTEREST
All Company personnel have an obligation to always do what is best for the Company and its users.
π¨ Potential Conflicts Include:
Conflict Type | Description |
|---|---|
π° Personal Investments | Personal investments in companies seeking ST22 tokenization |
π’ Competing Interests | Financial interests in competing platforms |
πΌ Outside Activities | Outside business activities interfering with job duties |
π Gifts/Entertainment | Accepting gifts/entertainment from vendors beyond nominal value |
π¨βπ©βπ§βπ¦ Family Relationships | Family members working for competitors or partners |
π Personal Trading | Personal trading in ST22 tokens or OTCM Utility Tokens listed on our platform |
π¦ Issuer Relationships | Personal relationships with issuer management |
β Personnel Must:
Requirement | Description |
|---|---|
π Disclose Conflicts | Disclose all actual and potential conflicts |
β Obtain Approval | Obtain approval before engaging in potentially conflicting activities |
π« Avoid Conflicts | Avoid situations that could create conflicts |
π Pre-Clear Trading | Pre-clear personal trading in ST22 and OTCM tokens |
π Annual Certification | Complete annual conflict of interest certification |
π Personal Trading Policy
Personnel with access to material non-public information must:
Requirement | Description |
|---|---|
π Blackout Periods | Observe trading blackout periods around material events |
β Pre-Clearance | Obtain pre-clearance before trading ST22 or OTCM tokens |
π Reporting | Report all personal holdings and transactions |
β° Holding Periods | Observe minimum holding periods |
8. π« ANTI-CORRUPTION AND SANCTIONS
8.1 π° Anti-Bribery
OTCM Protocol prohibits ALL forms of bribery and corruption.
β Personnel May NOT:
Prohibition | Description |
|---|---|
π΅ Offer Bribes | Offer, promise, or give bribes to any person |
π€ Accept Bribes | Request or accept bribes from any person |
πΈ Facilitation Payments | Make facilitation payments |
π₯ Third-Party Bribery | Use third parties to engage in prohibited conduct |
ποΈ Government Officials | Make improper payments to government officials |
8.2 π International Trade and Sanctions
We maintain strict policies regarding compliance with economic sanctions imposed by:
Authority | Description |
|---|---|
πΊπΈ United States | OFAC sanctions, export controls |
π Foreign Governments | Applicable foreign sanctions |
ποΈ United Nations | UN Security Council sanctions |
πͺπΊ European Union | EU sanctions (where applicable) |
β Personnel Must:
Requirement | Description |
|---|---|
π Screening | Screen all transactions and counterparties |
π« Prohibited Parties | Not engage with sanctioned parties |
π¨ Reporting | Report any potential sanctions issues |
π Training | Complete required sanctions training |
πͺ Transfer Hook Compliance | Understand Transfer Hooks enforce OFAC screening |
β οΈ Category 1 Note: All ST22 transactions are automatically screened against OFAC sanctions lists via Transfer Hook controls. Personnel must not attempt to circumvent these controls.
9. π’ WORKPLACE POLICIES
9.1 π₯ Health and Safety
OTCM Protocol strives to provide personnel with a workplace that is safe and healthy.
π All Company Locations Must Comply With:
Requirement | Description |
|---|---|
π OSHA | Occupational Safety and Health Administration requirements |
ποΈ Local Regulations | Local health and safety regulations |
π Company Policies | Company safety policies and procedures |
π₯ Personnel Are Responsible For:
Responsibility | Description |
|---|---|
π Follow Procedures | Following all safety procedures |
π¨ Report Hazards | Reporting safety hazards and incidents |
π‘οΈ Use Equipment | Using required safety equipment |
π€ Support Safety | Supporting a culture of safety |
9.2 π€ Equal Opportunity Employment
OTCM Protocol is an equal opportunity employer. Employment decisions are based solely on merit, qualifications, and abilities.
π« OTCM Protocol Does NOT Discriminate Based On:
Protected Characteristic | |
|---|---|
π¨ Race, Color, National Origin | |
βͺ Religion or Creed | |
π« Gender, Gender Identity, Gender Expression | |
π³οΈβπ Sexual Orientation | |
π Age | |
βΏ Disability (Physical or Mental) | |
ποΈ Military or Veteran Status | |
𧬠Genetic Information | |
π€± Pregnancy, Childbirth, Related Conditions | |
βοΈ Any Other Characteristic Protected by Law |
9.3 π« Anti-Harassment
We are committed to maintaining a workplace free from all forms of harassment, including sexual harassment.
β OTCM Protocol Will NOT Tolerate:
Prohibited Conduct | Description |
|---|---|
π« Sexual Harassment | Unwelcome sexual advances, requests for sexual favors |
π¬ Verbal Harassment | Offensive comments, slurs, jokes |
π Visual Harassment | Offensive images, gestures |
π» Digital Harassment | Harassment via email, chat, social media |
π‘ Bullying | Intimidation, threats, hostile behavior |
β All Personnel Are Required To:
Requirement | Description |
|---|---|
π€ Respect | Treat colleagues with respect and professionalism |
π¨ Report | Report harassment immediately |
π Cooperate | Cooperate with investigations |
π Training | Complete required training |
10. βοΈ MODERN SLAVERY AND HUMAN TRAFFICKING
OTCM Protocol is committed to ensuring that modern slavery and human trafficking are NOT taking place in our business or supply chain.
π‘οΈ We Will:
Commitment | Description |
|---|---|
π Due Diligence | Conduct due diligence on suppliers and partners |
π Contract Provisions | Include anti-slavery provisions in contracts |
π Training | Train personnel on recognizing signs of modern slavery |
π¨ Reporting | Report any suspected instances to authorities |
11. π’ REPORTING VIOLATIONS
11.1 π Reporting Obligation
All personnel have an obligation to report:
Report Type | Description |
|---|---|
β Code Violations | Violations of this Code of Conduct |
βοΈ Legal Violations | Violations of law or regulation |
π« Unethical Conduct | Unethical business conduct |
π° Financial Concerns | Concerns about accounting or auditing matters |
π‘οΈ Compliance Issues | Category 1 compliance concerns |
π Security Issues | Cybersecurity or Transfer Hook concerns |
11.2 π Reporting Channels
Reports can be made to:
Channel | Contact |
|---|---|
π¨βπΌ Direct Supervisor | Your immediate supervisor |
βοΈ Legal Department | legal@otcm.io |
π‘οΈ Compliance Team | compliance@otcm.io |
π€ Human Resources | hr@otcm.io |
π¨ Anonymous Hotline | ethics@otcm.io (anonymous reporting available) |
11.3 π‘οΈ No Retaliation
OTCM Protocol prohibits retaliation against anyone who:
Protected Activity | Description |
|---|---|
β Good Faith Reports | Makes a good faith report of violations |
π Investigation Participation | Participates in investigations |
π« Refuses Wrongdoing | Refuses to participate in wrongdoing |
βοΈ Exercises Rights | Exercises legal rights |
12. β οΈ CONSEQUENCES OF VIOLATIONS
Violations of this Code of Conduct may result in:
Consequence | Description |
|---|---|
β οΈ Verbal Warning | Initial warning for minor violations |
π Written Warning | Documented warning for repeated or serious violations |
π° Financial Penalties | Forfeiture of bonus, clawback of compensation |
π Reassignment | Reassignment to different role |
β Termination | Termination of employment |
βοΈ Legal Action | Civil or criminal prosecution |
ποΈ Regulatory Referral | Referral to SEC or other regulators |
13. β ACKNOWLEDGMENT AND CERTIFICATION
All personnel must:
Requirement | Frequency |
|---|---|
π Read | Read and understand this Code of Conduct |
βοΈ Acknowledge | Acknowledge receipt and understanding annually |
β Certify | Certify compliance with all provisions |
π Training | Complete required training |
π Conflicts Disclosure | Disclose conflicts of interest annually |
π Trading Disclosure | Disclose personal trading in platform tokens |
14. π AMENDMENTS
This Code of Conduct may be amended at any time by the Company's Board of Directors.
All amendments will be:
Action | Description |
|---|---|
π’ Communicated | Communicated to personnel |
π Published | Posted on the Company website |
π§ Notified | Personnel notified via email |
15. π CONTACT INFORMATION
For questions about this Code of Conduct:
Contact | |
|---|---|
βοΈ Legal Department | legal@otcm.io |
π‘οΈ Compliance Team | compliance@otcm.io |
π€ Human Resources | hr@otcm.io |
π¨ Ethics Hotline | ethics@otcm.io |
Mailing Address:
OTCM Protocol, Inc.
Attn: Legal & Compliance
[Address]
Wyoming, United Statesπ Document Information
Field | Value |
|---|---|
π Document Version | 3.0 |
π Last Updated | January 2026 |
π Jurisdiction | Wyoming, United States |
ποΈ Entity Type | Wyoming Digital Asset Corporation |
βοΈ Regulatory Framework | SEC Category 1 (Issuer-Sponsored Tokenized Securities) |
π FINAL ACKNOWLEDGMENT
By working at OTCM Protocol, Inc., you acknowledge that you have:
Acknowledgment | |
|---|---|
β Read | Read this Corporate Code of Conduct |
π§ Understood | Understood all provisions and requirements |
π€ Agreed | Agreed to comply with this Corporate Code of Conduct |
βοΈ Category 1 | Understand our Category 1 compliance obligations |
π Securities Laws | Understand ST22 tokens are securities under federal law |
π‘οΈ Integrity | Committed to maintaining Transfer Hook and compliance system integrity |
πΌ Professional Excellence Through Ethical Conduct β Your commitment to these standards helps build trust in our Category 1 compliant platform and protects our community of users, issuers, and stakeholders.
Β© 2026 OTCM Protocol, Inc. | All Rights Reserved
ST22 Tokenized Securities are securities under federal securities laws. Personnel must understand and comply with all applicable securities laws and Category 1 requirements.