ZYC-CRYRISK-001 Cryptoasset Risk Assessment Policy

Purpose

To ensure Zeyro consistently evaluates and manages the risks of cryptoassets promoted by its clients. This policy explains how cryptoasset risk informs our decisions on whether to approve promotions and how we determine the intensity of ongoing monitoring.

Scope

Applies to all staff involved in assessing, approving, or monitoring cryptoasset financial promotions. It covers all tokens and digital assets that may be referenced in a client’s materials.

Policy Statement

Cryptoassets carry distinct volatility, liquidity, and governance risks. Zeyro maintains a structured assessment framework so that these risks are understood before any promotion is approved. Operational staff assign risk ratings manually and record them in Confluence. These ratings directly influence whether a financial promotion can be approved and how often it will be reviewed once published.

Methodology

Risk assessment draws on the DueCue and related due-diligence frameworks. Each cryptoasset is evaluated against transparent criteria, including:

  • Market factors: capitalisation, trading volume, and volatility.

  • Token structure: circulating supply, inflation, or burn schedule.

  • Operational integrity: exchange presence, holder concentration, smart-contract risk.

  • Governance and disclosure: developer transparency, regulatory posture, and community activity.

Each asset receives one of five ratings: Low, Medium, High, Very High, or Prohibited. Assets rated Prohibited cannot be promoted under any circumstances.

Integration with Zeyro’s Control Framework

  • Promotion Approval: High or above may lead to rejection unless mitigating factors are documented.

  • Client Relationship: All cryptoasset clients are automatically treated as EDD under ZYC-AML-001.

  • Review Frequency: Risk ratings determine how often each promotion is re-reviewed (typically every 2–6 months).

  • Monitoring: Ratings inform ongoing checks of client websites, social channels, and materials under ZYC-FINPROM-001.

  • Record Keeping: Ratings and supporting evidence are retained per ZYC-REC-001.

Controls risk: Ensures promotional approvals and monitoring intensity are consistent with the underlying cryptoasset’s risk profile.

Oversight

Operational staff conduct and document assessments. The MLRO provides guidance on consistency and updates the framework when regulatory expectations change.

Review

This policy and the associated scoring framework are reviewed annually, or sooner if there are significant market or regulatory developments.

Document Control

Field

Details

Policy Code

ZYC-CRYRISK-001

Policy Title

Cryptoasset Risk Assessment Policy

Document Owner

Gareth Malna – MLRO (SMF 16 & 17)

Responsible Reviewer(s)

Zeyro Board

Version

v 1.0

Date Approved

October 2025

Next Scheduled Review

October 2026

Last Reviewed By

Gareth Malna

Change History

v 1.0 (Oct 2025): Initial publication of cryptoasset risk assessment framework defining rating method and integration with promotion approvals.

Classification

Internal policy – distributed to all staff; available to regulators on request.

PreviousZYC-CLC-001 Client Categorisation PolicyNextZYC-COMPL-001 Complaints Handling Policy

Last updated