Document ID

OTCM-POL-DRP-001

Version

1.0

Effective Date

January 30, 2026

Classification

CONFIDENTIAL

Approved By

Board of Directors

⚖️

Legal Compliance

Ensure compliance with legal and regulatory retention requirements

🛡️

Litigation Protection

Protect the Company in actual or potential litigation

📊

Business Continuity

Support business operations and historical reference

🔐

Data Security

Protect sensitive and confidential information

💾

Storage Efficiency

Manage storage costs and information overload

🔗

Blockchain Integrity

Preserve immutable blockchain records appropriately

Securities Exchange Act of 1934

Broker-dealer and transfer agent records

SEC Rules 17a-3, 17a-4

Books and records requirements

SEC Rules 17Ad-6, 17Ad-7

Transfer agent recordkeeping

Sarbanes-Oxley Act

Audit workpapers, financial records

IRS Code Section 6001

Tax records

ERISA

Employee benefit records

Wyoming Business Corporation Act

Corporate records

SEC January 2026 Guidance

Tokenized securities records

📄

Paper Documents

Contracts, certificates, correspondence

💻

Electronic Files

Emails, spreadsheets, databases, presentations

🔗

Blockchain Records

Smart contracts, transaction logs, wallet data

🎥

Media

Audio, video, photographs

💬

Communications

Instant messages, text messages, voicemails

☁️

Cloud Data

SaaS applications, cloud storage

🏛️

Articles of Incorporation

Permanent

Including all amendments

📜

Bylaws

Permanent

Including all amendments

📋

Board Minutes

Permanent

All board and committee meetings

🗳️

Shareholder Meeting Minutes

Permanent

Annual and special meetings

📊

Stock Ledger

Permanent

All ownership records

📄

Stock Certificates

Permanent

Issued and cancelled

🏷️

Assumed Name Certificates

Permanent

DBA filings

📝

Annual Reports to State

Permanent

All jurisdictions

✅

Board/Committee Resolutions

Permanent

All formal resolutions

📋

Shareholder Consents

Permanent

Written consents in lieu of meeting

📊

Annual Financial Statements

Permanent

Audited statements

📈

Quarterly Financial Statements

7 years

Internal and external

📒

General Ledger

Permanent

All entries

💳

Accounts Payable Records

7 years

Invoices, payment records

💰

Accounts Receivable Records

7 years

Invoices, collection records

🏦

Bank Statements

7 years

All accounts

✅

Bank Reconciliations

7 years

Monthly reconciliations

🧾

Expense Reports

7 years

Employee reimbursements

📋

Budgets

5 years

Annual budgets

🔍

Audit Reports

Permanent

Internal and external

📊

Audit Workpapers

7 years

Per SOX requirements

📋

Income Tax Returns

Permanent

Federal and state

📊

Tax Workpapers

7 years

Supporting documentation

💰

Payroll Tax Returns

7 years

All filings

🧾

Sales Tax Returns

7 years

All jurisdictions

📄

1099 Forms Issued

7 years

Information returns

📝

W-2 Forms

7 years

Employee wage statements

🏢

Property Tax Records

Permanent

Assessments and payments

📋

Tax Exemption Documents

Permanent

Certificates and rulings

👤

Employee Personnel Files

7 years after termination

General employment records

📋

I-9 Forms

3 years after hire or 1 year after termination (longer)

Immigration verification

💰

Payroll Records

7 years

Wages, deductions, hours

🏥

Benefits Records

7 years after plan termination

ERISA requirement

📊

Performance Reviews

5 years after termination

Evaluations

⚠️

Disciplinary Records

7 years after termination

Warnings, actions

🏆

Training Records

5 years after termination

Certifications, completions

📝

Employment Applications

3 years

Hired and not hired

🔒

Background Check Records

5 years

Per FCRA

📋

OSHA Records

5 years

Injury/illness logs

📜

Executed Contracts

10 years after expiration

All material contracts

🏢

Real Estate Documents

Permanent

Deeds, leases, mortgages

📋

Intellectual Property

Permanent

Patents, trademarks, copyrights

⚖️

Litigation Files

10 years after final resolution

All legal matters

📝

Settlement Agreements

Permanent

All settlements

🔒

NDAs/Confidentiality Agreements

10 years after expiration

Non-disclosure agreements

📄

Insurance Policies

Permanent

All policies

💳

Insurance Claims

10 years after settlement

Claims and correspondence

📋

Licenses and Permits

Permanent

Current and expired

⚖️

Legal Opinions

Permanent

Outside counsel opinions

📊

SEC Filings

Permanent

All forms filed

📋

Form D Filings

Permanent

Reg D exemption notices

📜

Private Placement Memoranda

Permanent

Offering documents

✅

Subscription Agreements

Permanent

Investor subscriptions

👤

Accredited Investor Verification

7 years

Documentation of status

📊

Cap Table Records

Permanent

All ownership records

📋

Investor Communications

7 years

Reports, notices

🔒

Insider Trading Records

7 years

Pre-clearance, blackout

📄

Related Party Transaction Records

7 years

Approvals, documentation

📊

Section 16 Filings

Permanent

Forms 3, 4, 5

📜

Smart Contract Source Code

Permanent

All deployed contracts

🔍

Smart Contract Audits

Permanent

Security audit reports

📊

Deployment Records

Permanent

Transaction hashes, addresses

🔧

Contract Upgrade History

Permanent

All modifications

🏦

Custody Agreements

Permanent

Empire Stock Transfer agreements

📄

Series M Share Certificates

Permanent

Underlying equity documentation

📊

Token Minting Records

Permanent

Issuance documentation

🔗

Transfer Hook Configurations

Permanent

Security control settings

📋

Reserve Oracle Data

7 years

Daily balance verifications

👤

Token Holder Registry

Permanent

Off-chain holder information

📊

Transaction Logs

7 years

Off-chain transaction records

📜

Token Sale Documents

Permanent

ICO/offering materials

✅

SAFT/Purchase Agreements

Permanent

Token purchase agreements

📊

Token Distribution Records

Permanent

All distributions

🔒

Vesting Schedules

7 years after full vesting

Locked token records

💰

Staking Records

7 years

Staking activity logs

💳

Company Wallet Addresses

Permanent

All controlled wallets

🔑

Key Generation Records

Permanent

Key ceremony documentation

👥

Multi-Sig Configurations

Permanent

Signer requirements

📋

Wallet Access Logs

7 years

Access and transaction logs

🔄

Key Rotation Records

7 years

Key changes and reasons

📋

Issuer Onboarding Records

Permanent

All issuer documentation

📊

Trading Volume Data

7 years

Historical platform data

💧

Liquidity Pool Records

7 years

Pool configurations, balances

📈

Bonding Curve Parameters

Permanent

Historical configurations

🔧

Platform Incident Reports

7 years

Security incidents, outages

📊

API Access Logs

3 years

Third-party integrations

📊

Master Securityholder File

Permanent

DLT-based records

🔄

Transfer Journals

6 years

All transfers

❌

Cancelled Certificates

6 years

Physical and digital

📋

Stop Transfer Orders

6 years

Stop orders and releases

📝

Written Communications

6 years

Holder correspondence

📊

Reconciliation Records

6 years

Daily reconciliations

💼

Business Critical

Per subject matter schedule

Contracts, legal, financial

📋

Operational

3 years

Day-to-day business

🗑️

Transitory

1 year

Scheduling, routine inquiries

⚠️

Litigation Hold

Until hold released

All related emails

📁

Filing

File business-critical emails to appropriate folders

🏷️

Categorization

Use consistent subject lines and categories

🔗

Attachments

Save important attachments separately

🚫

Personal

Do not use company email for personal matters

💼

Slack/Teams (Business)

3 years

Business channels

📊

Project Channels

Life of project + 3 years

Project-specific

🔒

Confidential Channels

7 years

Legal, HR, Finance

📱

Text Messages (Business)

3 years

Business-related SMS

📁

Google Drive/OneDrive

Per document type

Apply document schedules

📊

CRM Data

7 years after relationship ends

Customer/issuer records

💰

Accounting Software

7 years

Financial data

👤

HR Systems

Per employment record schedule

Personnel data

🔧

Development Tools

Life of product + 5 years

Code repositories, tickets

👤

User Account Data

7 years after account closure

Platform user records

📊

Transaction History

7 years

All platform transactions

📈

Analytics Data

5 years

Aggregated platform data

📋

Audit Logs

7 years

System access logs

🔐

Security Logs

7 years

Authentication, authorization

📅

Daily Backups

30 days

Rolling daily

📆

Weekly Backups

12 weeks

Rolling weekly

📊

Monthly Backups

24 months

Rolling monthly

📁

Annual Backups

7 years

Year-end snapshots

🔗

Blockchain Node Data

Permanent

Full node archives

⚖️

Lawsuit Filed

Immediate hold on all related records

📋

Demand Letter Received

Immediate hold pending evaluation

🔍

Government Investigation

Immediate hold on all related records

⚠️

Anticipated Litigation

Hold when litigation reasonably anticipated

📊

Regulatory Inquiry

Hold on all requested categories

🔒

Internal Investigation

Hold as directed by Legal

1️⃣

Identify triggering event

Legal Department

2️⃣

Define scope of hold

Legal Department

3️⃣

Identify custodians and systems

Legal + IT

4️⃣

Issue written hold notice

Legal Department

5️⃣

Suspend destruction of affected records

All Custodians

6️⃣

Collect and preserve relevant records

IT + Custodians

7️⃣

Document preservation efforts

Legal Department

8️⃣

Monitor compliance with hold

Legal Department

9️⃣

Release hold when appropriate

Legal Department

📅

Date

Date hold is effective

📋

Matter

General description of matter (if appropriate)

📁

Scope

Categories of records subject to hold

⏱️

Time Period

Relevant date range

🚫

Prohibition

Clear prohibition on destruction

👤

Contact

Person to contact with questions

✅

Acknowledgment

Requirement to acknowledge receipt

📊

On-Chain Data

No action needed (immutable)

📋

Off-Chain Metadata

Standard hold procedures apply

💳

Wallet Access Logs

Preserve all access records

🔧

Smart Contract Modifications

Document and preserve

📊

Platform Analytics

Export and preserve relevant data

⚖️

Spoliation Sanctions

Court-imposed penalties for destruction

📊

Adverse Inference

Jury may assume destroyed evidence was harmful

💰

Monetary Sanctions

Fines and cost-shifting

👤

Personal Liability

Individual responsibility for destruction

🚪

Termination

Employment termination for intentional destruction

📅

Retention Period Expired

Minimum retention period has passed

⚖️

No Litigation Hold

No active or anticipated hold

🔍

No Audit

No pending audit requiring records

✅

Approval Obtained

Required approvals received

📋

Documented

Destruction properly documented

📄

Paper Documents (Confidential)

Cross-cut shredding or incineration

📄

Paper Documents (Non-Confidential)

Recycling acceptable

💾

Electronic Media

Secure wiping (DoD 5220.22-M or equivalent)

💿

Hard Drives/SSDs

Degaussing and physical destruction

☁️

Cloud Data

Certified deletion with confirmation

🔗

Blockchain Data

Cannot be destroyed (document off-chain only)

📅

Date

Date of destruction

📁

Records Destroyed

Description of records

📆

Date Range

Dates covered by records

🗑️

Method

Destruction method used

👤

Authorized By

Person authorizing destruction

👤

Performed By

Person/vendor performing destruction

📄

Certificate

Certificate of destruction (if vendor)

January

Identify records eligible for destruction

February

Verify no litigation holds or audits

March

Obtain required approvals

April

Execute destruction

May

Document and file certificates

✅

Approval

Approve this Policy and material amendments

👁️

Oversight

Oversee compliance with retention requirements

📊

Review

Review annual compliance report

🎯

Tone at Top

Set expectations for compliance

💰

Resources

Allocate resources for implementation

📋

Accountability

Hold departments accountable

⚖️

Litigation Holds

Implement and manage litigation holds

📋

Legal Guidance

Advise on retention requirements

🔍

Compliance

Monitor compliance with legal requirements

📊

Updates

Recommend Policy updates

💰

Financial Records

Ensure retention of financial records

🔍

Audit Support

Support audit record requirements

📊

Tax Records

Ensure retention of tax records

🔗

Blockchain Records

Oversee blockchain record retention

💾

Systems

Implement technical retention controls

🔐

Security

Ensure secure storage and destruction

💾

Backups

Manage backup retention schedules

📋

Administration

Day-to-day Policy administration

🎓

Training

Conduct retention training

🔍

Monitoring

Monitor compliance

📊

Reporting

Prepare compliance reports

📁

Department Records

Ensure proper retention of department records

👥

Staff Training

Train staff on retention requirements

🗑️

Destruction

Authorize department record destruction

⚖️

Litigation Holds

Implement holds within department

📁

Compliance

Comply with this Policy

🎓

Training

Complete required training

⚖️

Holds

Comply with litigation holds

🚨

Reporting

Report potential violations

📋

Initial Training

Upon hire

All employees

🔄

Annual Refresher

Annually

All employees

🔗

Blockchain-Specific

Upon assignment

Technical staff

⚖️

Litigation Hold

As needed

Affected custodians

👔

Management Training

Annually

Department heads

📋

Compliance Audit

Annually

Policy compliance

💾

Systems Audit

Annually

Technical controls

🔗

Blockchain Audit

Quarterly

On-chain/off-chain alignment

🗑️

Destruction Audit

Annually

Destruction practices

⚠️

Verbal Warning

Minor or first-time violations

📝

Written Warning

Repeated or more serious violations

🚪

Termination

Intentional destruction or serious violations

⚖️

Legal Liability

Personal liability for spoliation

💰

Regulatory Penalties

Fines for regulatory non-compliance

📧

Compliance Officer

compliance@otcmprotocol.com

📞

Ethics Hotline

[To be established]

👔

Direct Supervisor

Department management

⚖️

Legal Department

legal@otcmprotocol.com

📊

Maintenance

Keeping Policy current

🔍

Interpretation

Providing authoritative interpretation

📋

Amendments

Recommending amendments

📊

Reporting

Reporting to Board on compliance

⚖️

Legal Changes

New laws and regulations

🔗

Technology Changes

New systems and platforms

💼

Business Changes

New business activities

📊

Audit Findings

Issues identified in audits

🏆

Best Practices

Industry developments

📋

Administrative

Chief Legal Officer

📅

Retention Schedule Changes

CEO + CLO

🏛️

Material Policy Changes

Board of Directors

Signature

_________________________________

Date

_________________________________

Printed Name

_________________________________

Title/Position

_________________________________

Department

_________________________________

Articles/Bylaws

Permanent

Board Minutes

Permanent

Stock Records

Permanent

Annual Reports

Permanent

Financial Statements

Permanent

General Ledger

Permanent

AP/AR Records

7 years

Bank Statements

7 years

Tax Returns

Permanent

Supporting Docs

7 years

Personnel Files

7 years after termination

Payroll

7 years

I-9 Forms

3 years or 1 year after term

Contracts

10 years after expiration

Litigation Files

10 years after resolution

IP Records

Permanent

Smart Contracts

Permanent

Custody Agreements

Permanent

Token Records

Permanent

Transaction Logs

7 years