Corporate wallet hygiene is the set of policies, procedures, and controls that help keep wallets and centralized accounts ("wallets" collectively) secure. These guidelines minimize risk and miscommunication, improve the accounting ease of transaction coding and reporting, and ultimately optimize the number of company wallets and their purposes.

Create a company wallet legend

An essential first step in practicing corporate wallet hygiene is to put together a company wallet legend. This is a spreadsheet that has a row for every non-custodial company wallet and centralized exchange/custodied account.

As part of the monthly close, you should reconcile this list of wallets to the list of wallets in the crypto accounting software you use. The legend's columns capture important aspects about each company wallet, such as: Nickname, Wallet Address, Blockchain On, Wallet Purpose/Description, Wallet Type, and Signers).

Select the right employee signers to mitigate risk

Employees who are signers on wallets have responsibilities similar to having a corporate credit card. They must keep the account secure, only use it for valid business purposes, and must be able to provide an explanation for each transaction. Employees serving as signers on wallets containing material amounts of digital assets or that authorize important on-chain activities should pass a background check and be detail-oriented, cautious, methodical, and generally tech-savvy.

Selecting the right employee signers mitigates the risk of permanently losing assets due to either employee error or malicious activities by an employee or third-party

EXAMPLE 01

An employee accidentally offering to pay 10,000x more than normal in gas fees and having that amount taken since it's available in the wallet
 

EXAMPLE 02
 

A 3rd party maliciously drains the company wallet being used because the user interacted with a phishing link

Do not mix personal and corporate digital assets

Some founders initially provide a nominal amount of crypto (e.g., some ETH for gas to get web3 activities started), which is ok but shouldn't be a recurring event. Do not commingle personal digital assets and wallets with the company's only use company-owned wallets and accounts that contain only company funds. Failure to do so wil make for a tedious accounting process and could create realized gain/loss issues for both the staff and the company.

Align company wallets with specific business purposes

The company's wallets should efficiently align with how digital assets are used by the business currently and at key future milestones. To aid in this, key aspects to understand about the company include:

– Business model, on-chain operations, and reporting requirements

– How digital assets typically flow in, out, and between company wallets

– Common sources and uses of digital assets, such as investor funding and staking income for sources, gas fees and consultant payments as uses

The company should own enough wallets to operate, protect, monitor, and report on its digital assets and web3 activities effectively. Additional wallets may be required for reporting granularity purposes depending on the information available in the transaction data. Company wallets that do not have a clear need or purpose should be defunded and retired to minimize sprawl, complexity, and unnecessary risk.

Set wallet hygiene practices and standards early

It is important for companies to establish a set of internal control policies for managing their digital assets as early as possible. Companies can rapidly expand how many wallets, cryptocurrencies, and blockchains they utilize. As the company's crypto footprint expands, so does potential risk. Internal controls wil help mitigate the risk and should be documented for a shared understanding.
 

Set wallet hygiene practices and standards early

It is important for companies to establish a set of internal control policies for managing their digital assets as early as possible. Companies can rapidly expand how many wallets, cryptocurrencies, and blockchains they utilize. As the company's crypto footprint expands, so does potential risk. Internal controls wil help mitigate the risk and should be documented for a shared understanding.

When corporate wallet hygiene standards are followed, the result is a set of well-organized and aligned wallets that are safely managed and effectively utilized to the benefit of the company.

The reference table below provides some of the typical hygienic reasons for the creation of a company wallet or centralized account. You wil also find a table that provides some of the typical internal control items that must be addressed before creating a new company wallet.

Hygienic Rationale for New Company Wallets - Reference Table:

TREASURY WALLET/ACCOUNT:

Purpose is to hold material (USD value) amounts of digital assets. Acompany can use multiple wallets to diversify the risk and/or to help track for different purposes, e.g. funds earmarked for the community's benefit in its own treasury wallet separate from the general corporate treasury. Treasury wallets should be of the highest security levels given the value stored in them; typically very reputable/publicly traded centralized exchanges like Coinbase, multi-signature smart contract wallets like Gnosis Safe, and cold wallets. Treasury wallets are the usual source to fund other approved company wallets focused on outflows/expenditures.
 

FIAT ON/OFF RAMP ACCOUNT:

Companies that convert digital assets to/from fiat currencies like USD wil typically utilize a reputable centralized exchange, e.g. Coinbase or Kraken, to interact with their commercial bank accounts). This fiat on/off ramp account can also serve as a treasury account.

PETTY CASH / OPERATIONS WALLET:

Keep nominal amounts of crypto for authorized signers to make on-chain payments for the company and for test transactions. Typically in a single-signature wallet for speed and simplicity since immaterial amounts of crypto kept in wallet. If the operations account is used to pay more material amounts, then a multi-signature wallet may be more appropriate.
 

DEVELOPER / EMPLOYEE WALLET:

If an employee, often a developer, needs a wallet to perform web3 activities for the company, e.g. minting an NFT or deploying a smart contract. Only nominal amounts of crypto would be sent to these wallets, e.g. enough to cover gas fees for a period of time. Typically in a single- signature wallet for speed and simplicity since immaterial amounts of crypto kept in wallet.
 

DEFI TRADING WALLET:

Some companies swap cryptocurrencies and bid for NFTs on decentralized exchanges + applications. To minimize the risk of losing a material amount of digital assets, companies should not engage in these DeFi activities from treasury wallets that hold the majority of the company's digital assets. Instead, only move the required amount of digital assets to the defi trading wallet and then sweep it back out afterward. Smaller amounts in the wallet allow it to be single-signature so the trader can move more quickly; two signatures if slightly larger amounts or to provide a second set of eyes on trading + bidding executions.

REVENUE WALLET:

Companies that earn on-chain revenue often have those revenue transactions be the vast majority of all its on-chain transactions. By creating a wallet for to receive revenue, or one wallet for each major type of revenue the company wants to track, it will help streamline coding and reporting. Revenue wallets shouldn't need funding from treasury wallets since they're not used to pay for things, instead digital assets in revenue wallets are swept into treasury wallets at appropriate intervals depending on the materiality threshold. Depending on the max amount (USD value) kept in the revenue wallet will help decide if a single- signature wallet is ok for speed and simplicity, or if a multi-signature wallet is more prudent to minimize the risk of unauthorized or erroneous withdrawal; some companies create permissionless smart contracts instead that sweep the revenue periodically to the designated treasury wallet.
 

FREQUENT PAYMENT TYPE WALLET:

If you have a consistent payment type you make to 3rd parties, e.g. cost of goods sold payments to artists or gas fee reimbursements, consider a separate wallet for it to more easily track and reconcile.
 

MARKETING WALLET

If the company has numerous on-chain marketing expenditures, such as airdrops, promotions/ giveaways, and paying marketing contributors, then it could be easier to reconcile and track with the marketing manager if all the activity is occurring in a dedicated wallet.

Internal Controls Sample Checklist for New Company Wallets - Reference Table:

• Who is authorized to create a new company wallet, as well as from where wil the new wallet be funded or where its proceeds will be swept to?

• What is the purpose for the new company wallet, is it necessary or duplicative with an existing wallet's purpose?

• What is the expected typical flow of funds for this new wallet, how does it interact with other company wallets vs. external wallets?

• Confirm only company funds will be in this new wallet. If not, who owns the non-company
portion, and how is it easily tracked?

• How is the accounting team notified so that the new wallet is added to the company
wallet legend and crypto accounting software?

• How should the typical transactions be coded from an accounting perspective?

• What is the approximate USD value of the digital assets that will need to be typically kept
in this wallet?

• What type of wallet is it, is it appropriate for its purpose and amount of assets held?

• Who are the signer(s) on the new wallet, should it be multi-signature?

• How is the wallet being protected, and does the company have recovery information
securely stored offline?