Option 1: Compliance Officer
π Option 2: Chief Legal Officer
ποΈ Option 3: Audit Committee Chair
π Option 4: Ethics Hotline
π€ Option 5: Direct Supervisor
Section 4.2 β Anonymous Reporting
β
Anonymous reports ARE accepted and will be investigated.
investigated πwith Anonymousthe Reporting
| Details
|
|---|
π
Available Through
| Ethics Hotline (phone or web)
| β
Fully Investigated
| Samesame process as identified reports
| β οΈreports.
Limitations
| MayAnonymous limitreporting abilityis toavailable followthrough upthe orEthics provideHotline. feedback
| π‘
Recommendation
| Consider providing a contact method for follow-up questionsquestions, as anonymity may limit the ability to provide feedback or request additional information. |
When making a report, include as much of the following as possible:
Section 4.4 β Blockchain-Specific Reports
For concerns involving blockchain or platform operations, also include:
π ARTICLEArticle V: CONFIDENTIALITYConfidentiality
Section 5.1 β Confidentiality Commitment
π The Company will protect the confidentiality of whistleblowers to the fullest extent possible.
π Protection
| Description
|
|---|
π
Identity Protection
| Reporter'Reporterβs identity is kept confidential
| πconfidential,
Securereports Storage
| Reportsare stored securely with limited access
| π₯access,
Need-to-Know
| Informationinformation is shared only ason necessarya need-to-know basis, and anonymous reporting is available.
| |
π
Anonymous Option
| Anonymous reporting available
|
Section 5.2 β Limits on Confidentiality
Confidentiality may be limited inby: certain circumstances:
β οΈ Circumstance
| Explanation
|
|---|
βοΈ
Legal Process
| Courtcourt order or subpoena
| πsubpoena,
Investigationnecessity Needs
| Necessaryfor to conducta fair investigation
| π¨investigation,
Imminentprevention Harm
| Preventof imminent serious harmharm, to persons or property
| π
Regulatory Requirement
| Requiredrequired disclosure to regulators
| π€regulators,
Reporteror Consent
| Reporterreporterβs consentsconsent. to disclosure
|
Section 5.3 β Confidentiality of Investigations
π Requirement
| Application
|
|---|
π
Investigation Details | Keptdetails confidential
| π€are
Witnesskept Statements
| Notconfidential, witness statements are not disclosed to accused
| πthe
Findings
| Sharedaccused, findings are shared on a need-to-know basis
| β οΈbasis,
Accusedand Rights
| Accusedthe accused is informed of allegations (but not source)the source.
|
π‘οΈ ARTICLEArticle VI: ANTI-RETALIATIONAnti-Retaliation PROTECTIONProtection
Section 6.1 β Prohibition on Retaliation
π« RETALIATION AGAINST WHISTLEBLOWERS IS STRICTLY PROHIBITED AND WILL NOT BE TOLERATED.
Any person who retaliates against a whistleblower will be subject to disciplinary action, up to and including termination.
Section 6.21 β Definition of Retaliation
Retaliation includes any adverse action taken because of a protected activity: π«termination, Retaliationdemotion, Type
| Examples
|
|---|
πͺcompensation
Termination
| Firing,reduction, layoff,undesirable forcedassignments, resignation
| πinvoluntary
Demotion
| Reductiontransfer, in rank, title,intimidation or responsibilities
| π°
Compensation
| Reduction in pay, denial of bonus or raise
| π
Assignments
| Undesirable assignments, exclusion from projects
| π
Transfer
| Involuntary transfer or relocation
| π
Harassment
| Intimidation, threats, hostility
| π
Evaluation
| Negativenegative performance reviews
| π«reviews,
Opportunities
| Denialdenial of promotion or training
| π£οΈtraining,
Reputation
| Negativenegative references,references blacklisting
| βοΈor
Legalblacklisting, Threats
| Threatsand threats of legal actionaction.
|
Section 6.32 β Reporting and Investigating Retaliation
If you believe you have experienced retaliation: β‘ Step
| Action
|
|---|
1οΈβ£
| Reportreport immediately to the Compliance Officer, CLO,Legal Counsel, or Audit Committee
| 2οΈβ£
| DocumentCommittee; document all instancesinstances; ofidentify perceivedwitnesses; retaliation
| 3οΈβ£
| Identifyand any witnesses
| 4οΈβ£
| Preserve anypreserve relevant communications
|
communications. Section 6.4 β Investigation of Retaliation Claims
π Process
| Description
|
|---|
π
Investigation
| All retaliation claims are investigated promptly | βοΈpromptly,
Independent Review
| Maymay involve outside counsel
| π‘οΈcounsel,
Interimand Protection
| Interimmay measuresresult toin protectinterim reporter
| β οΈprotective
Consequences
| measures. Retaliators are subject to discipline up to terminationand including termination. |
Section 6.53 β Protection Period
Anti-retaliation protections apply: apply β±οΈduring Period
| Protection
|
|---|
π’reporting,
Duringthroughout Reporting
| Whilethe makinginvestigation, report
| π
During Investigation
| Throughout investigation
| βοΈ
After Resolution
| Indefinitelyindefinitely after the matter concluded
| π€is
Participation
| Forconcluded, participatingand for participation in any investigationinvestigation.
|
π ARTICLEArticle VII: INVESTIGATIONInvestigation PROCEDURESProcedures
Section 7.1 β Receipt and Assessment
| β‘ Step
| | Timeline | Action
|
|---|
1οΈβ£
| Within 24 hours
| Report received and logged | Within 24 hours | 2οΈβ£
| Within 48 hours
| Acknowledgment sent to reporter (if not anonymous) | Within 48 hours | 3οΈβ£Initial assessment completed
| Within 5 business days | Initial assessment completed
| 4οΈβ£Decision on investigation scope
| Within 5 business days | Decision on investigation scope
|
Section 7.2 β Investigation Assignment
| π Concern Type
| | Primary Investigator |
|---|
π°Financial
Financial// Accounting
| Audit Committee (may retain external counsel/forensics)counsel or forensic accountants) | βοΈLegal
Legal// Regulatory
| Chief Legal OfficerCounsel (may involve external counsel)
| π₯HR
HR// Workplace
| Human Resources (may involve external counsel) | πPlatform
Platform// Technical / Blockchain
| CTO + Compliance Officer (may involve blockchain security firm) | π
Senior Management | Audit Committee (external counsel required) | ποΈ
Board Members | Special Committee of independent directors |
Section 7.3 β Investigation Process
β‘ Step
| Action
|
|---|
1οΈβ£
| Plan
β’ Step 1: Plan β Developdevelop investigation plan and timeline | 2οΈβ£
| Preserve
β’ Step 2: Preserve β Preservepreserve relevant documentsdocuments, blockchain data, and dataplatform logs | 3οΈβ£
| Collect
β’ Step 3: Collect β Gathergather documents, records, blockchainon-chain datadata, Chainalysis/TRM reports | 4οΈβ£
| Interview
β’ Step 4: Interview β Interviewinterview witnesses and relevant parties | 5οΈβ£
| Analyze
β’ Step 5: Analyze β Analyzeanalyze evidence and identify findings | 6οΈβ£
| Report
β’ Step 6: Report β Prepareprepare written investigation report | 7οΈβ£
| Recommend
β’ Step 7: Recommend β Recommendrecommend corrective actions | 8οΈβ£
| Close
β’ Step 8: Close β Closeclose investigation and document resolution |
Section 7.4 β Investigation Standards
βοΈ Standard
| Description
|
|---|
π
Thorough
| All relevant facts investigated
| βοΈ
Fair
| All parties treated fairly
| π
Timely
| Completed as quickly as practicable
| π
Documented
| Findings and conclusions documented
| π
Confidential
| Conducted confidentially
| π―
Objective
| Free from bias or prejudgment
|
Section 7.5 β Blockchain Investigations
For blockchain-related concerns, investigations may include: include πon-chain Investigationtransaction Activity
| Description
|
|---|
π
On-Chain Analysis
| Review of blockchain transactions
| π³
Wallet Tracing
| Tracking ofanalysis, wallet activity
| πtracing
Smartvia ContractChainalysis Audit
| ReviewKYT ofand TRM Labs, smart contract code audit and execution
| π
Forensicreview, Analysis
| Blockchainblockchain forensicsforensics, tools
| πLedger
Access Review
| Review ofEnterprise key management logs
| πlog
Platformreview, Logs
| Analysis ofCEDEX platform activity logslog analysis, and Transfer Hook event log review.
|
Section 7.65 β Communication with Reporter
π Communication
| Timing
|
|---|
β
Acknowledgment
| Within 48 hours of report
| π
Status Updates
| Every 30 days (if investigation ongoing)
| π
Outcome
| Upon conclusion (to extent appropriate)
| β οΈ
Limitations
| May be limited for confidentiality/legal reasons
|
Section 7.7 βand Corrective Actions
IfReporters misconductreceive isacknowledgment substantiated,within corrective48 hours, status updates every 30 days during ongoing investigations, and outcome notification upon conclusion (to the extent appropriate). Corrective actions may include:
include β οΈdisciplinary Action
| Examples
|
|---|
π€measures
Disciplinary
| Warning,(warning suspension,through demotion,termination), termination
| π°financial
Financial
| Recoveryrecovery of losses, clawback ofor compensation
| π§
Process
| Policy/clawback, policy/procedure changes, enhanced controls
| π
Training
| Additionaladditional training requirements
| βοΈrequirements,
Legal
| Referralreferral to law enforcement or regulators
| π
Platform
| Suspension(SEC, fromCFTC, platform,FinCEN, DOJ), or platform-level action (suspension, ST22 token freezing via Transfer Hook Control 42).
|
ποΈ ARTICLEArticle VIII: AUDIT COMMITTEE OVERSIGHT
Section 8.1 β Audit Committee Role
Oversight
The Audit Committee of the Board of Directors has primary oversight responsibility for: πestablishing Responsibility
| Description
|
|---|
π’
Complaint Procedures
| Establishing procedures forcomplaint receipt ofprocedures, complaints
| π°
Financial Concerns
| Overseeingoverseeing investigation of financial/accounting concerns
| πconcerns,
Management Concerns
| Handlinghandling concerns involvingabout senior management
| πmanagement,
Reporting
| Receiving reports onreceiving whistleblower activity reports, and monitoring program effectiveness.
| |
π
Monitoring
| Monitoring effectiveness of program
|
Section 8.2 β Direct Access
β
Any person may report directly to the Audit Committee at auditcommittee@otcm.io without going through management.
πReports Direct Access Channel
| Details
|
|---|
Email
| auditcommittee@otcmprotocol.com
| Recipient
| Goesgo directly to the Audit Committee Chair
| Bypass
| Bypasses and bypass all management channelschannels.
|
Section 8.3 β Audit Committee Reporting
The Compliance Officer shall reportreports to the Audit Committee: quarterly summary of reports received, quarterly investigation status, significant matters immediately, trends and patterns annually, and program effectiveness annually.
π Report
| Frequency
|
|---|
π
Summary of Reports
| Quarterly
| π
Investigation Status
| Quarterly
| β οΈ
Significant Matters
| Immediately
| π
Trends and Patterns
| Annually
| π§
Program Effectiveness
| Annually
|
π ARTICLEArticle IX: EXTERNALExternal REPORTINGReporting RIGHTSRights
Section 9.1 β Right to Report Externally
β
Nothing in this Policy prevents any person from reporting concerns directly to government agencies or regulators.
You have the right to report to:
| ποΈ Agency
| | Types of Concerns |
|---|
π
SEC | Securities law violations β sec.gov/whistleblower β (202) 551-4790 | π°
CFTC | Commodities law violations β cftc.gov/whistleblower | π¦
FinCEN | Money laundering, BSA violations β fincen.gov | βοΈ
DOJ | Criminal matters | π₯
EEOC | Employment discrimination β eeoc.gov | π‘οΈ
OSHA | Workplace safety, whistleblower retaliation β osha.gov | ποΈ
State Regulators | State law violations (Wyoming, New Jersey, others) |
Section 9.2 β SEC Whistleblower Program
The SEC Whistleblower Program provides: provides π―financial Benefit
| Description
|
|---|
π°awards
Financial Awards
| 10-(10β30% of sanctions overexceeding $1 million
| π‘οΈmillion),
Retaliation Protection
| Federalfederal anti-retaliation protections
| πprotections,
Confidentiality
| SECconfidentiality protectsof whistleblower identity
| βοΈidentity,
Legaland Remedies
| Privateprivate right of action for retaliationretaliation.
|
SEC Contact Information:
π Channel
| Details
|
|---|
Website
| https://www.sec.gov/whistleblower
| Phone
| (202) 551-4790
| Mail
| SEC Office of the Whistleblower, 100 F Street NE, Washington, DC 20549
|
Section 9.3 β No Prior Internal Reporting Required
β
You are NOT required to report internally before reporting to a government agency.
However, internal reporting may: may Allowallow faster resolutionProvide opportunityand for Company to correct issuesDemonstratedemonstrate good faith
faith.
Section 9.4 β Protection for External Reporting
π‘οΈ Protection
| Description
|
|---|
π«
No Retaliation
| Protected from Company retaliation
| π
Confidentiality
| May share confidential information with regulators
| βοΈ
Attorney-Client
| Does not waive privilege for internal communications
| π°
Awards
| May be eligible for whistleblower awards
|
Section 9.5 β Defend Trade Secrets Act Notice
π NOTICE: Pursuant to the Defend Trade Secrets Act of 2016 (18 U.S.C. Β§ 1833(b)):
Immunity: An individual shall not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made:
(i)made in confidence to a federal,government state,official or local government official, either directly or indirectly, or to an attorney,attorney solely for the purpose of reporting or investigating a suspected violation of law;law, or(ii) in a complaint or other document filed under seal in a lawsuit or other proceeding, if such filing is made under seal.
Use in Anti-Retaliation Lawsuit:lawsuit. An individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of lawlawsuit may disclose the trade secretsecrets to thetheir attorney and use the trade secret informationthem in the court proceeding,proceedings if the individual files any document containing the trade secretfiled under sealseal.
and
does not disclose the trade secret except pursuant to court order.
ποΈ ARTICLEArticle X: ADMINISTRATIONAdministration
Section 10.1 β Policy Owner
The Compliance Officer is the owner of this Policy and is responsible for: for π Duty
| Description
|
|---|
π
Administration
| Day-day-to-day administrationadministration, of program
| π
Intake
| Receivingreceiving and logging reports
| πreports,
Tracking
| Trackingtracking investigations and outcomesoutcomes, reporting to the Audit Committee, conducting training, and recommending program improvements.
| |
π
Reporting
| Reporting to Audit Committee
| π
Training
| Conducting whistleblower training
| π§
Improvements
| Recommending program improvements
|
Section 10.2 β Training
| π Training Type
| | Audience | | Frequency |
|---|
π
Policy Overview | All employees | Upon hire,hire + annually | π
Investigation Training | InvestigatorsDesignated investigators
| Upon assignment,assignment + annually | ποΈ
Audit Committee Training | Committee members | Annually | π
Management Training | Supervisors and managers | Annually | π
Platform-Specific | Technical staff (blockchain, CEDEX, Transfer Hooks) | Annually |
Section 10.3 β Recordkeeping
| π Record
| | Retention Period |
|---|
π’
Reports Received | 7 years | π
Investigation Files | 7 years after closure | π
Audit Committee Reports | Permanent | π
Training Records | 5 years | β οΈ
Retaliation Complaints | 7 years after resolution |
Section 10.4 β Annual Review and Amendments
This Policy shall beis reviewed annually by the Compliance Officer and Audit Committee tocovering assess: legal πcompliance, Reviewprogram Area
| Consideration
|
|---|
βοΈeffectiveness,
Legalprocess Compliance
| Changesimprovements, inindustry laws/regulations
| πbest
Program Effectiveness
| Metricspractices, and outcomes
| π§
Process Improvements
| Lessons learned
| π
Best Practices
| Industry developments
| π
Platform Changes
| New platform features/risks
|
changes. SectionAdministrative 10.5changes β Amendments
π Amendment Type
| Approval Required
|
|---|
π
Administrative
| Compliance Officer
| π
Reporting Channels
| CLO approval
| ποΈ
Material Changes
| Audit Committee approval
|
Section 10.6 β Questions
π§ Contact: compliance@otcmprotocol.com
Questions regarding this Policy shouldmay be directedapproved toby the Compliance Officer.Officer; reporting channel changes require Legal Counsel approval; material changes require Audit Committee approval.
Questions: compliance@otcm.io
βοΈAcknowledgment ACKNOWLEDGMENTand AND CERTIFICATIONCertification
I acknowledge that I have received and read the Groovy Company, Inc. dba OTCM Protocol, Inc.Protocol Whistleblower Policy. I understand its contents and my rights and responsibilities under this Policy.
I understand that: that - I may report concerns through any of the channels described in this
Policy - Policy, I may report anonymously through the Ethics
Hotline - Hotline, I will be protected from retaliation for good faith
reports - reports, and I may report directly to government agencies at any
time
time.
I agree to report any concerns about illegal, unethical, or improper conduct that I become aware of in connection with my relationship with the Company.
| Field | | Value
|
|---|
Signature | _________________________________ | Date | _________________________________ | Printed Name | _________________________________ | Title/Title / Position
| _________________________________ |
π APPENDIXAppendix A: REPORTINGReporting QUICKQuick REFERENCEReference
π Internal Reporting Channels
External Agencies
ποΈ External Reporting Agencies
β
What
to
β
Report
| β Don't Report Through This Channel
|
|---|
Fraud or theftField
| Routine HR issues (use HR)Value
| SecuritiesDocument violationsID
| General complaints about coworkersOTCM-POL-WBP-001
| Financial irregularitiesVersion
| IT help desk issues8.0
| RegulatoryEffective violationsDate
| CompensationMarch disputes2026
| Safety concernsClassification
| Customer service mattersPUBLIC
| RetaliationLegal Entity
| GeneralGroovy suggestionsCompany, Inc. dba OTCM Protocol
| ConflictsEntity of interestType
|
Wyoming Corporation
| PlatformGoverning manipulationLaw
|
Federal Securities Law, SOX, Dodd-Frank, and New Jersey State Law
| Approved By | Board of Directors |
OTCM Protocol, Inc. A Wyoming Digital Asset Corporation
πΒ© 2026 Groovy Company, Inc. dba OTCM Protocol SEC| Category 1All Issuer-SponsoredRights Tokenized Securities InfrastructureReserved
Document ID: OTCM-POL-WBP-001 | Version 1.0 | Effective: January 30, 2026
|
|
