📢 WHISTLEBLOWER POLICY

Field	Value
Document ID	OTCM-POL-WBP-001
Version	1.0
Effective Date	January 30, 2026
Classification	PUBLIC
Approved By	Board of Directors

📋 TABLE OF CONTENTS

🎯 ARTICLE I: PURPOSE AND COMMITMENT

Section 1.1 — Purpose

This Whistleblower Policy (the "Policy") establishes a framework for the reporting, investigation, and resolution of concerns regarding illegal, unethical, or improper conduct at OTCM Protocol, Inc. (the "Company"). The Policy is designed to:

🎯 Objective	Description
🗣️ Encourage Reporting	Create a safe environment for raising concerns
🛡️ Protect Whistleblowers	Shield reporters from retaliation
🔍 Enable Detection	Identify misconduct early
⚖️ Ensure Compliance	Meet legal and regulatory requirements
🏛️ Promote Ethics	Foster a culture of integrity and accountability
🔗 Protect Platform	Safeguard the OTCM Protocol ecosystem

Section 1.2 — Company Commitment

💬 "OTCM Protocol, Inc. is committed to maintaining the highest standards of ethical conduct, legal compliance, and corporate governance. We encourage all individuals to report concerns without fear of retaliation. Every report will be taken seriously and investigated appropriately."

The Company commits to:

✅ Commitment	Description
👂 Listen	Take all reports seriously
🔍 Investigate	Conduct thorough and fair investigations
🛡️ Protect	Shield reporters from retaliation
⚖️ Act	Take appropriate corrective action
📋 Communicate	Provide feedback where appropriate
🔄 Improve	Learn from issues to prevent recurrence

Section 1.3 — Regulatory Framework

This Policy is adopted pursuant to and in compliance with:

⚖️ Regulation	Description
Sarbanes-Oxley Act Section 301	Audit Committee complaint procedures
Sarbanes-Oxley Act Section 806	Whistleblower protections
Dodd-Frank Act Section 922	SEC whistleblower program
SEC Rule 21F	Whistleblower rules and awards
Securities Exchange Act	Anti-fraud provisions
Wyoming Statutes	State whistleblower protections

👥 ARTICLE II: SCOPE AND COVERAGE

Section 2.1 — Who May Report

This Policy applies to reports made by:

👤 Category	Examples
👔 Employees	Full-time, part-time, temporary employees
🎯 Officers	All executive officers
🏛️ Directors	Board members
🤝 Contractors	Independent contractors, consultants
🏢 Vendors	Suppliers, service providers
🔗 Platform Participants	Issuers, token holders, traders
👨‍👩‍👧‍👦 Family Members	Family members of any of the above
👁️ Third Parties	Any person with knowledge of misconduct

Section 2.2 — Protected Activities

The following activities are protected under this Policy:

🛡️ Protected Activity	Description
📢 Reporting	Making a good faith report of suspected misconduct
🤝 Participating	Participating in an investigation
📋 Providing Information	Providing information to investigators
⚖️ External Reporting	Reporting to regulatory agencies
🗣️ Testifying	Testifying in legal or regulatory proceedings
🚫 Refusing	Refusing to participate in illegal activity

Section 2.3 — Good Faith Requirement

⚠️ Reports must be made in good faith — meaning the reporter genuinely believes the information is true at the time of reporting.

✅ Good Faith	❌ Not Good Faith
Honest belief in truth of report	Knowingly false allegations
Reasonable basis for concern	Malicious or frivolous reports
Reporting for proper purposes	Reports made for personal gain
May be mistaken but sincere	Intentional fabrication

Note: A report made in good faith is protected even if the investigation determines the concern was unfounded.

🚨 ARTICLE III: REPORTABLE CONCERNS

Section 3.1 — Financial and Accounting Matters

💰 Category	Examples
📊 Fraud	Financial statement fraud, asset misappropriation
📋 Accounting	Improper revenue recognition, expense manipulation
🔍 Audit	Interference with auditors, audit deficiencies
💳 Internal Controls	Circumvention of controls, control weaknesses
📈 Disclosure	Misleading SEC filings, omission of material facts
🧾 Tax	Tax evasion, improper tax positions

Section 3.2 — Securities Law Violations

📊 Category	Examples
🔒 Insider Trading	Trading on MNPI, tipping
📈 Market Manipulation	Wash trading, pump and dump schemes
📋 Disclosure Violations	Failure to disclose material information
🤝 Related Party	Undisclosed related party transactions
💰 Offering Fraud	Misrepresentations in token offerings
📊 Reporting Violations	False SEC filings

Section 3.3 — Platform and Blockchain Concerns

🔗 Category	Examples
🔐 Smart Contract Issues	Vulnerabilities, unauthorized modifications
💧 Liquidity Manipulation	Pool manipulation, unfair trading advantages
🏦 Custody Concerns	Mishandling of custodied assets
📋 Issuer Misconduct	Fraud by platform issuers
🔑 Key Management	Improper handling of private keys
⚠️ Security Breaches	Hacks, unauthorized access
📊 Oracle Manipulation	Falsified reserve or price data

Section 3.4 — Legal and Regulatory Violations

⚖️ Category	Examples
🚫 Bribery/Corruption	Bribery, kickbacks, improper payments
💰 Money Laundering	AML violations, suspicious transactions
🌍 Sanctions	OFAC violations, prohibited transactions
📋 Licensing	Operating without required licenses
🔒 Privacy	Data protection violations
⚖️ Antitrust	Anti-competitive conduct

Section 3.5 — Workplace Concerns

👥 Category	Examples
🚫 Discrimination	Race, gender, age, disability discrimination
⚠️ Harassment	Sexual harassment, hostile work environment
🛡️ Safety	Unsafe working conditions
💼 Labor	Wage and hour violations
🔒 Retaliation	Retaliation against whistleblowers
📋 Policy Violations	Violations of Company policies

Section 3.6 — Ethical Concerns

🏛️ Category	Examples
🤝 Conflicts of Interest	Undisclosed conflicts
🎁 Gifts/Entertainment	Improper gifts or entertainment
📋 Records	Falsification of records
💼 Misuse of Assets	Misappropriation of Company property
🔒 Confidentiality	Improper disclosure of confidential information
⚖️ Code of Conduct	Violations of Code of Conduct

📞 ARTICLE IV: REPORTING CHANNELS

Section 4.1 — Internal Reporting Channels

📧 Option 1: Compliance Officer

📋 Details	Information
Email	compliance@otcmprotocol.com
Subject Line	"Whistleblower Report - Confidential"
Response Time	Acknowledgment within 48 hours

👔 Option 2: Chief Legal Officer

📋 Details	Information
Email	legal@otcmprotocol.com
Subject Line	"Whistleblower Report - Confidential"
Use For	Legal/regulatory concerns, concerns about Compliance Officer

🏛️ Option 3: Audit Committee Chair

📋 Details	Information
Email	auditcommittee@otcmprotocol.com
Use For	Accounting/financial concerns, concerns about management
Direct Access	Reports go directly to independent directors

📞 Option 4: Ethics Hotline

📋 Details	Information
Phone	1-800-XXX-XXXX (24/7)
Web	https://otcmprotocol.ethicspoint.com
Features	Anonymous reporting available
Operated By	Independent third party

👤 Option 5: Direct Supervisor

📋 Details	Information
Use For	Routine workplace concerns
Escalation	If not resolved, use other channels

Section 4.2 — Anonymous Reporting

✅ Anonymous reports ARE accepted and will be investigated.

📋 Anonymous Reporting	Details
🔒 Available Through	Ethics Hotline (phone or web)
✅ Fully Investigated	Same process as identified reports
⚠️ Limitations	May limit ability to follow up or provide feedback
💡 Recommendation	Consider providing contact method for follow-up questions

Section 4.3 — Information to Include in Reports

When making a report, include as much of the following as possible:

📋 Information	Description
📝 Description	What happened or is happening
👤 Who	Individuals involved
📅 When	Dates and times
📍 Where	Location (physical or system)
🔗 Evidence	Documents, transaction hashes, screenshots
👁️ Witnesses	Others who may have knowledge
📊 Impact	Potential or actual harm
💡 Context	Any other relevant information

Section 4.4 — Blockchain-Specific Reports

For concerns involving blockchain or platform operations, include:

🔗 Information	Description
💳 Wallet Addresses	Relevant wallet addresses
🔗 Transaction Hashes	Specific transaction IDs
📜 Smart Contract	Contract addresses involved
📊 Token Symbol	ST22 token or OTCM token
📅 Block Numbers	Relevant block numbers
🔍 Explorer Links	Solscan or other explorer links

🔒 ARTICLE V: CONFIDENTIALITY

Section 5.1 — Confidentiality Commitment

🔒 The Company will protect the confidentiality of whistleblowers to the fullest extent possible.

🔐 Protection	Description
🔒 Identity Protection	Reporter's identity kept confidential
📁 Secure Storage	Reports stored securely with limited access
👥 Need-to-Know	Information shared only as necessary
📋 Anonymous Option	Anonymous reporting available

Section 5.2 — Limits on Confidentiality

Confidentiality may be limited in certain circumstances:

⚠️ Circumstance	Explanation
⚖️ Legal Process	Court order or subpoena
🔍 Investigation Needs	Necessary to conduct fair investigation
🚨 Imminent Harm	Prevent serious harm to persons or property
📋 Regulatory Requirement	Required disclosure to regulators
👤 Reporter Consent	Reporter consents to disclosure

Section 5.3 — Confidentiality of Investigations

🔒 Requirement	Application
📋 Investigation Details	Kept confidential
👤 Witness Statements	Not disclosed to accused
📊 Findings	Shared on need-to-know basis
⚠️ Accused Rights	Accused informed of allegations (not source)

🛡️ ARTICLE VI: ANTI-RETALIATION PROTECTION

Section 6.1 — Prohibition on Retaliation

🚫 RETALIATION AGAINST WHISTLEBLOWERS IS STRICTLY PROHIBITED AND WILL NOT BE TOLERATED.

Any person who retaliates against a whistleblower will be subject to disciplinary action, up to and including termination.

Section 6.2 — Definition of Retaliation

Retaliation includes any adverse action taken because of a protected activity:

🚫 Retaliation Type	Examples
🚪 Termination	Firing, layoff, forced resignation
📉 Demotion	Reduction in rank, title, or responsibilities
💰 Compensation	Reduction in pay, denial of bonus or raise
📋 Assignments	Undesirable assignments, exclusion from projects
📍 Transfer	Involuntary transfer or relocation
😠 Harassment	Intimidation, threats, hostility
📊 Evaluation	Negative performance reviews
🚫 Opportunities	Denial of promotion or training
🗣️ Reputation	Negative references, blacklisting
⚖️ Legal Threats	Threats of legal action

Section 6.3 — Reporting Retaliation

If you believe you have experienced retaliation:

⚡ Step	Action
1️⃣	Report immediately to Compliance Officer, CLO, or Audit Committee
2️⃣	Document all instances of perceived retaliation
3️⃣	Identify any witnesses
4️⃣	Preserve any relevant communications

Section 6.4 — Investigation of Retaliation Claims

📋 Process	Description
🔍 Investigation	All retaliation claims investigated promptly
⚖️ Independent Review	May involve outside counsel
🛡️ Interim Protection	Interim measures to protect reporter
⚠️ Consequences	Retaliators subject to discipline up to termination

Section 6.5 — Protection Period

Anti-retaliation protections apply:

⏱️ Period	Protection
📢 During Reporting	While making report
🔍 During Investigation	Throughout investigation
⚖️ After Resolution	Indefinitely after matter concluded
🤝 Participation	For participating in any investigation

🔍 ARTICLE VII: INVESTIGATION PROCEDURES

Section 7.1 — Receipt and Assessment

⚡ Step	Timeline	Action
1️⃣	Within 24 hours	Report received and logged
2️⃣	Within 48 hours	Acknowledgment sent to reporter (if not anonymous)
3️⃣	Within 5 business days	Initial assessment completed
4️⃣	Within 5 business days	Decision on investigation scope

Section 7.2 — Investigation Assignment

📋 Concern Type	Primary Investigator
💰 Financial/Accounting	Audit Committee (external counsel/forensics)
⚖️ Legal/Regulatory	Chief Legal Officer (may involve external counsel)
👥 HR/Workplace	Human Resources (may involve external counsel)
🔗 Platform/Technical	CTO + Compliance (may involve security firm)
👔 Senior Management	Audit Committee (external counsel required)
🏛️ Board Members	Special Committee of independent directors

Section 7.3 — Investigation Process

⚡ Step	Action
1️⃣	Plan — Develop investigation plan and timeline
2️⃣	Preserve — Preserve relevant documents and data
3️⃣	Collect — Gather documents, records, blockchain data
4️⃣	Interview — Interview witnesses and relevant parties
5️⃣	Analyze — Analyze evidence and identify findings
6️⃣	Report — Prepare written investigation report
7️⃣	Recommend — Recommend corrective actions
8️⃣	Close — Close investigation and document resolution

Section 7.4 — Investigation Standards

⚖️ Standard	Description
🔍 Thorough	All relevant facts investigated
⚖️ Fair	All parties treated fairly
🕐 Timely	Completed as quickly as practicable
📋 Documented	Findings and conclusions documented
🔒 Confidential	Conducted confidentially
🎯 Objective	Free from bias or prejudgment

Section 7.5 — Blockchain Investigations

For blockchain-related concerns, investigations may include:

🔗 Investigation Activity	Description
📊 On-Chain Analysis	Review of blockchain transactions
💳 Wallet Tracing	Tracking of wallet activity
📜 Smart Contract Audit	Review of contract code and execution
🔍 Forensic Analysis	Blockchain forensics tools
🔑 Access Review	Review of key management logs
📋 Platform Logs	Analysis of platform activity logs

Section 7.6 — Communication with Reporter

📋 Communication	Timing
✅ Acknowledgment	Within 48 hours of report
📊 Status Updates	Every 30 days (if investigation ongoing)
📋 Outcome	Upon conclusion (to extent appropriate)
⚠️ Limitations	May be limited for confidentiality/legal reasons

Section 7.7 — Corrective Actions

If misconduct is substantiated, corrective actions may include:

⚠️ Action	Examples
👤 Disciplinary	Warning, suspension, demotion, termination
💰 Financial	Recovery of losses, clawback of compensation
🔧 Process	Policy/procedure changes, enhanced controls
🎓 Training	Additional training requirements
⚖️ Legal	Referral to law enforcement or regulators
🔗 Platform	Suspension from platform, token freezing

🏛️ ARTICLE VIII: AUDIT COMMITTEE OVERSIGHT

Section 8.1 — Audit Committee Role

The Audit Committee of the Board of Directors has primary oversight responsibility for:

📋 Responsibility	Description
📢 Complaint Procedures	Establishing procedures for receipt of complaints
💰 Financial Concerns	Overseeing investigation of financial/accounting concerns
👔 Management Concerns	Handling concerns involving senior management
📊 Reporting	Receiving reports on whistleblower activity
🔍 Monitoring	Monitoring effectiveness of program

Section 8.2 — Direct Access

✅ Any person may report directly to the Audit Committee without going through management.

📋 Direct Access Channel	Details
Email	auditcommittee@otcmprotocol.com
Recipient	Goes directly to Audit Committee Chair
Bypass	Bypasses all management channels

Section 8.3 — Audit Committee Reporting

The Compliance Officer shall report to the Audit Committee:

📊 Report	Frequency
📋 Summary of Reports	Quarterly
🔍 Investigation Status	Quarterly
⚠️ Significant Matters	Immediately
📊 Trends and Patterns	Annually
🔧 Program Effectiveness	Annually

🌐 ARTICLE IX: EXTERNAL REPORTING RIGHTS

Section 9.1 — Right to Report Externally

✅ Nothing in this Policy prevents any person from reporting concerns directly to government agencies or regulators.

You have the right to report to:

🏛️ Agency	Types of Concerns
📊 SEC	Securities law violations
💰 CFTC	Commodities law violations
🏦 FinCEN	Money laundering, BSA violations
⚖️ DOJ	Criminal matters
👥 EEOC	Employment discrimination
🛡️ OSHA	Workplace safety, whistleblower retaliation
🏛️ State Regulators	State law violations

Section 9.2 — SEC Whistleblower Program

The SEC Whistleblower Program provides:

🎯 Benefit	Description
💰 Financial Awards	10-30% of sanctions over $1 million
🛡️ Retaliation Protection	Federal anti-retaliation protections
🔒 Confidentiality	SEC protects whistleblower identity
⚖️ Legal Remedies	Private right of action for retaliation

📞 SEC Contact Information:

📋 Channel	Details
Website	https://www.sec.gov/whistleblower
Phone	(202) 551-4790
Mail	SEC Office of the Whistleblower, 100 F Street NE, Washington, DC 20549

Section 9.3 — No Prior Internal Reporting Required

✅ You are NOT required to report internally before reporting to a government agency.

However, internal reporting may:

Allow faster resolution
Provide opportunity for Company to correct issues
Demonstrate good faith

Section 9.4 — Protection for External Reporting

🛡️ Protection	Description
🚫 No Retaliation	Protected from Company retaliation
📜 Confidentiality	May share confidential information with regulators
⚖️ Attorney-Client	Does not waive privilege for internal communications
💰 Awards	May be eligible for whistleblower awards

Section 9.5 — Defend Trade Secrets Act Notice

📜 NOTICE: Pursuant to the Defend Trade Secrets Act of 2016 (18 U.S.C. § 1833(b)):

Immunity: An individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made:

(i) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney, solely for the purpose of reporting or investigating a suspected violation of law; or
(ii) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.

Use in Anti-Retaliation Lawsuit: An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney and use the trade secret information in the court proceeding, if the individual files any document containing the trade secret under seal and does not disclose the trade secret except pursuant to court order.

🏛️ ARTICLE X: ADMINISTRATION

Section 10.1 — Policy Owner

The Compliance Officer is the owner of this Policy and is responsible for:

📋 Duty	Description
📋 Administration	Day-to-day administration of program
🔍 Intake	Receiving and logging reports
📊 Tracking	Tracking investigations and outcomes
📋 Reporting	Reporting to Audit Committee
🎓 Training	Conducting whistleblower training
🔧 Improvements	Recommending program improvements

Section 10.2 — Training

🎓 Training Type	Audience	Frequency
📋 Policy Overview	All employees	Upon hire, annually
🔍 Investigation Training	Investigators	Upon assignment, annually
🏛️ Audit Committee	Committee members	Annually
👔 Management	Supervisors and managers	Annually
🔗 Platform-Specific	Technical staff	Annually

Section 10.3 — Recordkeeping

📁 Record	Retention Period
📢 Reports Received	7 years
🔍 Investigation Files	7 years after closure
📊 Audit Committee Reports	Permanent
📋 Training Records	5 years
⚠️ Retaliation Complaints	7 years after resolution

Section 10.4 — Annual Review

This Policy shall be reviewed annually by the Compliance Officer and Audit Committee to assess:

🔍 Review Area	Consideration
⚖️ Legal Compliance	Changes in laws/regulations
📊 Program Effectiveness	Metrics and outcomes
🔧 Process Improvements	Lessons learned
🏆 Best Practices	Industry developments
🔗 Platform Changes	New platform features/risks

Section 10.5 — Amendments

📋 Amendment Type	Approval Required
📋 Administrative	Compliance Officer
📞 Reporting Channels	CLO approval
🏛️ Material Changes	Audit Committee approval

📋 Amendment Type

Approval Required

📋

Administrative

Compliance Officer

📞

Reporting Channels

CLO approval

🏛️

Material Changes

Audit Committee approval

Section 10.6 — Questions

📧 Contact: compliance@otcmprotocol.com

Questions regarding this Policy should be directed to the Compliance Officer.

✍️ ACKNOWLEDGMENT AND CERTIFICATION

I acknowledge that I have received and read the OTCM Protocol, Inc. Whistleblower Policy. I understand its contents and my rights and responsibilities under this Policy.

I understand that:

I may report concerns through any of the channels described in this Policy
I may report anonymously through the Ethics Hotline
I will be protected from retaliation for good faith reports
I may report directly to government agencies at any time

I agree to report any concerns about illegal, unethical, or improper conduct that I become aware of in connection with my relationship with the Company.

Field	Value
Signature	_________________________________
Date	_________________________________
Printed Name	_________________________________
Title/Position	_________________________________

📎 APPENDIX A: REPORTING QUICK REFERENCE

📞 Internal Reporting Channels

Channel	Contact	Best For
📧 Compliance Officer	compliance@otcmprotocol.com	General concerns
⚖️ Chief Legal Officer	legal@otcmprotocol.com	Legal/regulatory issues
🏛️ Audit Committee	auditcommittee@otcmprotocol.com	Financial, senior management
📞 Ethics Hotline	1-800-XXX-XXXX	Anonymous reporting
🌐 Ethics Web Portal	otcmprotocol.ethicspoint.com	Anonymous reporting

🏛️ External Reporting Agencies

Agency	Contact	Concerns
📊 SEC	sec.gov/whistleblower	Securities violations
💰 CFTC	cftc.gov/whistleblower	Commodities violations
🏦 FinCEN	fincen.gov	Money laundering
👥 EEOC	eeoc.gov	Discrimination
🛡️ OSHA	osha.gov	Safety, retaliation

✅ What to Report

✅ Report	❌ Don't Report Through This Channel
Fraud or theft	Routine HR issues (use HR)
Securities violations	General complaints about coworkers
Financial irregularities	IT help desk issues
Regulatory violations	Compensation disputes
Safety concerns	Customer service matters
Retaliation	General suggestions
Conflicts of interest
Platform manipulation

OTCM Protocol, Inc. A Wyoming Digital Asset Corporation

📜 SEC Category 1 Issuer-Sponsored Tokenized Securities Infrastructure

Document ID: OTCM-POL-WBP-001 | Version 1.0 | Effective: January 30, 2026

🛡️ Privacy Policy

📋 Terms and Conditions

⚠️ INVESTMENT RISK DISCLOSURE

🔐 KYC, AML, KYB, & ACCREDITED INVESTOR VERIFICATION PROCEDURES

IMPORTANT NOTICE

🍪 Cookie Notice

💼 CORPORATE CODE OF CONDUCT

⚖️ SEC REGULATORY FRAMEWORK ANALYSIS

🛡️ SEC CATEGORY 1 COMPLIANCE FRAMEWORK