← Hub v2.0

Crypto XVA™ Knowledge Base

A comprehensive reference for the Digital Asset XVA framework, risk management policies, and treasury operations methodology.

What is this?

This wiki documents the concepts, formulas, thresholds, and governance structures in the Crypto XVA™ framework — the methodology for risk-adjusting digital asset treasury positions. The framework is presented as an illustrative risk policy template using representative example portfolios, positions, and threshold values; it is not a description of any specific institution's actual holdings or parameters. It is designed for quick reference during policy development, client conversations, and Finance Committee presentations.

XVA Components

The valuation adjustments that make up the Crypto XVA framework — an open mapping from instrument, regime, and jurisdiction to active risk surfaces. Current documented components: SVA, SCVA, LCVA, DPVA, OVA, BRVA, GVA, RWVA, and OCVA.

Articles

Core Concepts

The TWAP Paradox, the Accounting Classification Trap, risk-adjusted yield methodology, and calculation approaches.

4 articles

Instruments

Approved stablecoins, tokenized treasuries & MMFs, DeFi protocols, and tokenized bank deposits with their XVA profiles and eligibility criteria.

4 articles

Risk Framework

Position limits, escalation matrix, sweep & funding operations, regulatory compliance, and governance structure.

5 articles

Treasury Policies

The Crypto Risk Management Policy at-a-glance — governance, XVA framework, limits, sweep operations, and regulatory compliance in one orientation guide.

1 article

Use Cases & Technology

Five XVA application scenarios with worked examples, plus the on-chain smart contract architecture.

2 articles

SVA — Stablecoin Valuation Adjustment

Quantifies the risk that a stablecoin de-pegs from its reference currency.

Definition

SVA captures the expected loss from a stablecoin losing its 1:1 peg to the reference fiat currency. It is the single most important XVA component for stablecoin holdings because it directly challenges the assumption that $1 USDC = $1 USD at all times.

SVA = P(de-peg) × E[severity] × Notional × (1 + 0.4 × HoldingPeriod / 365)

The holding-period multiplier reflects that longer exposures increase the probability of encountering a depeg event.

Typical Values by Stablecoin

StablecoinSVA (bps)DriverHistorical Reference
USDC (Circle)18Low depeg history, GENIUS Act compliant, MiCA EMTDepegged to $0.87 during SVB crisis (March 2023), restored in 7 days
USDP (Paxos)6Tight peg, NYDFS regulated, T-Bill reservesMinimal deviation (<0.5%) historically
PYUSD (PayPal)22Limited stress-test history, fintech issuerLaunched Aug 2023, limited track record
USDT (Tether)30Multiple depegs, improving but lagging transparencyDepegged during LUNA (May 2022) and FTX (Nov 2022)

Limits & Escalation

SVA has specific thresholds defined in the policy (§8.3):

LevelThresholdAction
Warning15 bpsTreasurer notification; enhanced monitoring
Hard Limit30 bpsPosition prohibited; immediate exit if existing

Calculation Method

SVA is calculated using Bayesian inference. The prior on P(de-peg) is updated with each new reserve attestation, on-chain depeg event, and issuer credit signal. For example, when Tether’s reserve attestation is 12+ days stale, the Bayesian prior shifts upward (e.g., from 1.5% to 1.8%).

Real-World Example

In the risk positions prototype, USDT shows SVA at 14.2 bps approaching the 15 bps warning threshold, driven by a 12-day-old attestation that increased the Bayesian P(de-peg) prior from 1.5% to 1.8%.

SCVA — Smart Contract Valuation Adjustment

Captures the risk of loss from smart contract exploits, bugs, or vulnerabilities.

Definition

SCVA quantifies the expected loss from smart contract failure — whether from code exploits, logic errors, upgrade vulnerabilities, or governance attacks. Unlike traditional counterparty credit risk, this is a purely technological risk with fat-tailed loss distributions.

SCVA = P(exploit) × LGD × Notional

For the TWAP Paradox context, SCVA also has a lag component: SCVA_lag ≈ LGD × P(mismatch) × σ × √(τ), capturing the staleness risk of oracle pricing mismatches over the TWAP window.

Key Inputs

InputSourceTypical Range
Audit scoreTrail of Bits, OpenZeppelin, etc.0.78 – 0.95
Critical findingsAudit reports0 – 2
Months since auditTracking2 – 4
P(exploit)Bayesian posterior0.1% – 1.0%
LGDHistorical exploit database20% – 100%

Limits

Warning at 10 bps, hard limit at 25 bps. Escalation to Risk Committee. In the positions prototype, BUIDL carries SCVA of 8 bps (P(exploit) = 0.3%, LGD = 25%).

LCVA — Legal/Custody Valuation Adjustment

Captures the risk of loss from legal uncertainty, custody structure, and regulatory change.

Definition

LCVA is the valuation adjustment for legal and custody risk — the possibility that regulatory changes, adverse legal interpretations, or custodial failures cause a loss of access to, or value of, digital asset holdings. It compounds over time, reflecting the cumulative exposure to regulatory uncertainty.

LCVA = P(legal event) × LGD × Notional × (1 + 0.3 × HoldingPeriod / 365)

Drivers

LCVA is the largest single XVA component on average across positions (18.2 bps portfolio-weighted). Key drivers include:

  • Pending regulatory guidance — e.g., SEC guidance on tokenized fund custody under the Investment Company Act
  • Custody structure — whether assets are segregated, bankruptcy-remote, and held by regulated custodians
  • Jurisdictional variation — different legal treatment across US, EU, Singapore, Hong Kong
  • Issuer regulatory status — GENIUS Act compliance, MiCA authorization, state licensing

Limits

Warning at 25 bps, hard limit at 50 bps. Escalation to CFO + Legal. In the positions prototype, BUIDL’s LCVA is at 27 bps (above warning), driven by pending SEC guidance. Outside counsel opinion expected by 18 Apr 2026.

DPVA — NAV/Redemption Valuation Adjustment

Captures the risk that tokenized fund NAV diverges from par or redemptions are delayed.

Definition

DPVA applies specifically to tokenized assets like BlackRock BUIDL, Ondo USDY, and Franklin OnChain. It quantifies the expected loss from NAV deviation under stress and redemption delays.

DPVA = P(stress scenario) × E[NAV discount under stress]

For BUIDL: P(stress) = 20%, E[NAV discount] = 75 bps → DPVA = 15 bps.

Values by Instrument

InstrumentDPVARedemption WindowDriver
BlackRock BUIDL15 bpsT+1Tokenized treasuries; institutional-grade but novel structure
Ondo USDY12 bpsT+2Tokenized MMF; yield-bearing, slightly longer redemption
Franklin OnChain8 bpsT+1SEC-registered fund; established manager, lower structural risk

OVA — Oracle Valuation Adjustment

Captures the risk of loss from oracle manipulation, staleness, or failure.

Definition

OVA quantifies the risk that price oracle feeds are manipulated, stale, or unreliable — leading to mispriced positions. This is the dominant risk factor during crypto stress periods and is central to the TWAP Paradox.

OVA ∝ 1 / (τ × n × f × depth)

Where τ = TWAP window, n = number of oracle sources, f = update frequency, depth = market depth. The inverse relationship with τ creates the paradox: shorter windows reduce staleness but increase manipulation risk.

Sub-Factors

FactorNormalStressedSource
Oracle deviation z-score0.43.4On-chain, ~12s latency
Oracle stalenessNoYes (feeds delayed)Heartbeat monitoring
Oracle redundancyIntact (multiple sources)Lost (single source)Feed count

In the Liquidity Monitor

OVA carries the highest weight (30%) in the Crypto XVA Aggregate formula. In the cascade replay stress scenario, OVA surged more than 6× from baseline — the dominant driver of the aggregate breaching the critical threshold.

BRVA — Bridge Risk Valuation Adjustment

Captures the risk of loss from cross-chain bridge failures, exploits, or concentration.

Definition

BRVA quantifies the risk unique to cross-chain bridges — the infrastructure that moves assets between blockchains. Bridge exploits have historically been among the largest loss events in DeFi (Wormhole: $320M, Ronin: $625M).

BRVA = f(concentration, decentralization_risk, exploit_history)

Sub-Factors

FactorNormalStressed
Concentration (single bridge %)0.320.46
Decentralization risk0.180.25
Exploit score0.050.18

Limits & Current Status

Warning at 20 bps, hard limit at 50 bps. Escalation to Treasurer. In the risk positions prototype, Wormhole BRVA has breached at 52 bps after TVL dropped 18% over 48h following a validator set rotation. Auto-pause triggered on new bridge transfers.

Approved bridges: Wormhole, LayerZero, CCIP (Chainlink). Maximum bridge exposure: $5M or 10% of digital portfolio.

GVA — Gas Valuation Adjustment

Captures the expected cost variance from blockchain gas/execution fees.

Definition

GVA quantifies the expected transaction cost risk — that gas fees spike during periods of high network demand, increasing the cost of executing sweeps, funding operations, or emergency exits.

GVA = E[gas cost] + P(gas spike) × E[excess cost above normal]

Typically a small component (0.5–2 bps) for Ethereum mainnet operations, but can spike during network congestion.

Limits

GVA is often combined with OVA for reporting. Combined GVA + QVA warning at 5 bps, hard limit at 15 bps. Escalation to Treasury Ops. Current worst: 2.5 bps combined.

RWVA — Redemption Window Valuation Adjustment

Quantifies the fair-value discount arising from contractually constrained redemption windows in tokenized assets.

Definition

RWVA quantifies the fair-value discount arising from contractually constrained redemption windows (including T+1 or longer queue delays), capturing the cost of time-to-liquidity impairment relative to instantaneous-redemption benchmark pricing under ASC 820 / IFRS 13. It applies to tokenized assets with defined redemption windows (T+0, T+1, T+2) and quantifies the expected cost of being unable to exit a position within the expected timeframe.

RWVA = P(redemption queue) × E[delay cost]

BUIDL: RWVA = 3 bps (T+1 window). Ondo USDY: RWVA = 4 bps (T+2 window).

ASC 820 / IFRS 13 Context

Under ASC 820 / IFRS 13, a contractually constrained redemption window is a valuation input that affects the Level-2 or Level-3 fair-value measurement of the instrument. RWVA prices this constraint explicitly into the risk-adjusted yield deduction, rather than leaving it as an undisclosed liquidity assumption buried in NAV pricing. This is distinct from DPVA, which captures NAV deviation under stress; RWVA captures the time-to-liquidity cost even when NAV is at par.

OCVA — Operational Valuation Adjustment

Captures operational risk: outages, key management failures, human error.

Definition

OCVA is the catch-all for operational risk in digital asset management — wallet infrastructure outages, key management failures, signing errors, and process breakdowns.

OCVA = P(outage) × E[delay cost]

Typically small (0.5–1.3 bps) but can become material during infrastructure incidents. Mitigated by approved service providers (Fireblocks, Coinbase Prime) with SOC 2 Type II attestations.

The TWAP Paradox

There is no oracle TWAP window that simultaneously minimises manipulation, staleness, and regime-shift risk.

Access Required — Interactive Prototype

The Crypto XVA Interactive Prototype — which renders the four TWAP Paradox curves (Φ(τ), OVA, SCVA_lag, LRVA) with live parameter controls — is available to qualified reviewers on request. You will be prompted for a password when you open it. To request access, email dm@turnhouseconsulting.com.

Core Insight

Every protocol is choosing a point on a three-way trade-off. The optimal window τ* is an interior minimiser whose location shifts with market conditions. Unlike TradFi counterparty risk, these parameters are controllable at the protocol level — creating a new kind of due diligence for institutional capital.

The Three Competing Risks

RiskXVA ComponentBehavior with τMechanism
ManipulationOVA(τ)Decreases with longer τLonger averaging window dilutes attack capital
StalenessSCVA_lag(τ)Increases with longer τStale prices create mismatch between oracle and market
Cascade/Regime-shiftLRVA(τ)Non-monotonic (U-shaped)Short windows amplify; long windows delay response

The Total Cost Function

Φ(τ) = OVA(τ) + SCVA_lag(τ) + LRVA(τ) + CCVA(τ)

CCVA is the correlation/non-additivity term that scales with volatility. The optimal window τ* minimises Φ and is sensitive to four controllable parameters:

  • Volatility (σ) — higher volatility shifts τ* shorter
  • Market depth — deeper markets allow shorter windows
  • Oracle sources (n) — more sources reduce manipulation risk
  • Update frequency (f) — faster updates improve freshness

Typical τ* Values

At default parameters (σ=80%, medium depth, 3 sources, 5s updates): τ* ≈ 6–15 minutes with total Φ(τ*) around 55–85 bps. Under stress (σ=200%, shallow depth): τ* compresses to 2–5 minutes.

The Accounting Classification Trap

A stablecoin and a T-bill can both be “cash equivalents” under ASC 230 — but they carry fundamentally different risk profiles.

Core Insight

The accounting is solved. The risk-adjustment is not. ASC 230 and IFRS equivalents can classify both T-bills and stablecoins as cash equivalents, creating an illusion of equivalence that masks materially different risk profiles. The Crypto XVA framework exists to close this gap.

The Problem

A 3-month T-bill and a USDC stablecoin holding may receive identical accounting classification, but the T-bill carries ~2 bps of XVA (sovereign credit only) while USDC carries ~60 bps (SVA + SCVA + LCVA). The headline yield spread of 5–10 bps in favor of stablecoins is often more than consumed by the XVA deduction.

Risk-Adjusted Comparison

Metric3-Month T-BillUSDC (Circle)
ASC 230 ClassificationCash EquivalentCash Equivalent
Gross Yield4.80%4.85%
Total XVA2 bps~60 bps
Risk-Adjusted Yield4.78%~4.25%

This is why risk-adjusted yield is the correct metric for treasury decision-making, not headline yield.

Risk-Adjusted Yield

The true return on a digital asset position after deducting all XVA components.

Formula

Risk-Adjusted Yield = Gross Yield − Total XVA (annualized bps)

This is the central metric of the framework. It answers the question: “What is this instrument actually returning once we account for all the digital-asset-specific risks?”

Portfolio Comparison

InstrumentGross YieldXVA (bps)Risk-Adj Yield
T-Bills (3m)4.80%24.78%
Stablecoins (blend)4.90%554.35%
Tokenized Deposits5.25%754.50%
DeFi Lending7.20%1455.75%

DeFi lending has the highest headline yield AND the highest risk-adjusted yield, but also the widest risk band. The portfolio question is how to allocate across these instruments to maximize risk-adjusted return within position limits.

Calculation Methods

The three-tier methodology for computing XVA components: Deterministic, Bayesian, and Monte Carlo.

Method Selection Framework

MethodComponentsWhen to UseStatus
DeterministicGVA (base), OCVA, simple FXVAInputs are observable and stable; closed-form sufficientAlways active
Bayesian InferenceSVA, SCVA, OVA, BRVA, LCVASparse historical data; need to update priors with new signalsCalibrated periodically (every ~2 days)
Monte CarloDPVA (stress), KVA, MVAPath-dependent risks with fat tails; need loss distributions10K paths per simulation
Hybrid Bayesian + MCDe-peg cascades, black swan scenariosExtreme tail risk with cascading dependenciesQuarterly run

Data Sources

SourceFeedLatency
On-chainTVL, gas, MEV, oracle liveness~12s
Off-chainReserve attestations, NAVDaily
Market MicroFX vol, slippage curves~5min
Event DBExploit history, de-pegsManual updates

Stablecoins

Approved stablecoin holdings with XVA profiles, regulatory status, and concentration limits.

Approved Stablecoins (§7.1)

StablecoinRegulatory StatusMax ExposureSVA RangeKey XVA Components
USDC (Circle)GENIUS Act ✓  MiCA EMT ✓25% of digital portfolio5–10 bpsSVA + LCVA + GVA
EURC (Circle)MiCA EMT ✓15% of digital portfolio10–15 bpsSVA + LCVA + GVA
USDT (Tether)Varies by jurisdiction15% of digital portfolio15–25 bpsSVA + LCVA + GVA + OCVA
Bank-issuedGENIUS Act subsidiaryPer counterparty limits~5 bpsSVA + LCVA

Current Portfolio ($21.5M total)

USDC: $12.5M (at 25% limit) • USDT: $5.2M (11%) • EURC: $3.8M (8.1%)

Tokenized Assets

Tokenized treasuries and money market funds with XVA-adjusted yield analysis.

Approved Tokenized Assets (§7.2)

AssetTypeHeadline YieldTotal XVAAdj. YieldKey Components
BlackRock BUIDLTokenized Treasury5.20%42 bps4.78%DPVA(15) + LCVA(12) + SCVA(8) + OVA/GVA(4) + RWVA(3)
Ondo USDYTokenized MMF5.00%38 bps4.62%DPVA(12) + LCVA(12) + SCVA(6) + OVA(3) + RWVA(4) + GVA(1)
Franklin OnChainTokenized MMF5.05%24 bps4.81%DPVA(8) + LCVA(7) + SCVA(4) + OVA(2) + RWVA(2) + GVA(1)
Superstate fundsTokenized MMFTBDTBDTBDApproved, no current position

Key Observation

Franklin OnChain has the highest risk-adjusted yield (4.81%) among tokenized assets despite not having the highest headline yield — because its XVA is materially lower (24 bps vs. 42 bps for BUIDL). This demonstrates why risk-adjustment changes the ranking.

DeFi Protocols

Approved DeFi protocols, chains, and bridges with XVA requirements.

Approved Protocols (§7.3)

CategoryApprovedXVA RequirementConditions
Layer 1 ChainsEthereum Mainnet, Base (L2), SolanaChain-specific GVA calibration
DEX ProtocolsUniswap V3/V4, CurveSCVA + OVAStablecoin swaps only; SCVA < 25 bps
BridgesWormhole, LayerZero, CCIPBRVA < 50 bpsContinuous monitoring; Wormhole currently breached

DeFi Lending Risk Profile

DeFi lending carries the highest XVA at 145 bps (blend) but also the highest gross yield at 7.20%, resulting in a risk-adjusted yield of 5.75%. DeFi exposure is capped at 5% of the digital portfolio per §8.2.

Tokenized Bank Deposits

Deposit tokens: single-bank liability instruments, their topology-conditional XVA profile, and their accounting treatment.

What This Category Is

A tokenized bank deposit (deposit token) is a token that represents a direct, par-redeemable liability of a single issuing bank, made available to that bank's clients and recorded on a distributed ledger. It is commercial bank money in tokenized form. Three conditions define the category: it is a claim on one issuing bank rather than a reserve pool or a fund; issuance and redemption are restricted to the bank's KYC'd clients or network members; and it is redeemable at face value, ordinarily on demand.

The category is defined by the liability structure and the access gating, not by whether the ledger is private. JPMorgan runs Kinexys Digital Payments on a proprietary permissioned ledger, and separately issues its JPMD deposit token on a public chain (Base) with gated access; ANZ's tokens run on public chains too. A deposit token can sit on either a private or a public rail. Ledger privacy is not the test.

What It Is Not (Boundary Cases)

InstrumentWhy it is out of scopeWhere it lives instead
Reserve-backed stablecoins (USDC, USDT, Societe Generale EURCV/USDCV)A claim on an issuer holding a segregated reserve, broadly distributed. Different issuer structure and different accounting.Stablecoins
Tokenized treasuries and MMFs (BUIDL, OUSG)Securities and fund interests, not bank liabilities.Tokenized Assets
Central-bank settlement assets (Fnality)Funds held in a central bank omnibus account, carrying central-bank credit characteristics rather than single-bank credit.Out of category
Shared settlement rails (Partior, Regulated Liability Network)Infrastructure that moves member banks' deposit tokens. Not issuers themselves.Not an instrument in this category

Roster (Snapshot, July 2026)

Live, single-bank own-issued: JPMorgan (Kinexys Digital Payments in USD/EUR/GBP on a proprietary permissioned ledger, and JPMD, a USD deposit token on public Base, live for institutional clients with Canton Network planned), Citi Token Services (USD, private permissioned, EUR expansion underway), HSBC Tokenised Deposit Service (EUR, GBP, HKD, SGD, USD), DBS Token Services / Treasury Tokens (SGD, multi-currency), Standard Chartered Tokenised Deposits (SGD, USD, HKD, CNH), BNY Tokenized Deposits (USD), and Wells Fargo Digital Cash (USD, legacy and narrow).

Pilot or boundary: UBS Digital Cash (pilot), BBVA via Visa VTAP (pilot), and ANZ A$DC / NZ$DC (institutional; self-branded a "stablecoin," structurally a boundary case here).

Shared rails (not issuers): Partior (live), Regulated Liability Network (pilot), The Clearing House shared network (targeting H1 2027).

This is a fast-moving class. Treat the roster as accurate to within days and verify status before external citation.

XVA Profile

The profile is topology-conditional: the same instrument class carries different components depending on where the token is issued. In every case LCVA leads and SVA is zero.

ComponentRole
LCVA (lead)Single-bank credit, counterparty, and legal-finality risk. The bank-failure risk that SVA prices for a stablecoin is captured here for a deposit token, because the risk is bank solvency, not reserve adequacy. This is the SVB-shaped risk, correctly relocated. On a shared multi-bank network, LCVA becomes multi-issuer.
OCVAOperational, settlement, and availability risk on the issuing network.
GVAGovernance risk, single-issuer, Tier I, Level 3, assessed per issuing bank. The host chain's or shared network's own governance is not a second GVA input.
SVA = 0A deposit token has no reserve to depeg. This corrects a prior Live Monitor drift that applied 1.6 bps of SVA to the Kinexys position; policy section 7.2.3 never applied SVA here.

By Topology

TopologyExampleProfile
Closed proprietary permissioned ledgerKinexys Digital Payments, Citi Token ServicesBRVA, OVA, and CompVA are near-zero. The core profile above is the whole picture.
Single-bank liability on a public railJPMD on BaseOVA and BRVA stay strictly zero at the instrument level, because a bank IOU has no oracle dependency and no bridge dependency of its own. Any cascade risk from sharing chain infrastructure with unrelated protocols routes to CompVA (Tier III), not to a diluted OVA, BRVA, or GVA.
Shared multi-bank settlement networkPartior, RLN, The Clearing HouseEach bank's GVA stays Tier I and single-issuer, assessed per bank. Network-governance correlation (participant admission, shared parameters, correlated-participant stress) is a CompVA (Tier III) surface. LCVA is multi-issuer.

Methodology note: pricing CompVA on a shared bank-deposit network requires generalizing the policy section 5.3 CompVA definition from "protocols" to "network participants." Flagged for the next policy revision.

Accounting Treatment

  • Out of scope of ASU 2023-08 (ASC 350-60). A deposit token fails two independent scope gates: it is a direct deposit claim (Condition (b)), and deposits with financial institutions are carved out as financial assets. It is not a crypto-intangible asset.
  • Holder-side measurement. Cash equivalent under ASC 305 in the base case (par-redeemable, on demand, original maturity of three months or less). Otherwise an amortized-cost receivable with CECL. Not fair value through income.
  • Issuer-side. A deposit liability under ASC 942. The ledger does not change the liability's character.
  • Client-electable election. The cash-equivalent versus amortized-cost-receivable branch is a client election with a recommended default of cash equivalent. The out-of-scope conclusion itself is not elective.
  • Disclosure. Largely outside the ASC 820 fair-value hierarchy, because the instrument is not carried at fair value. This is a lower disclosure burden than a stablecoin. A CECL allowance disclosure applies on the receivable branch.
  • IFRS. No crypto-asset standard applies; the token is treated as a financial asset under IFRS 9. US and IFRS books converge without the "crypto asset" framing.

Audit Confirmation Required

This accounting treatment is presented as illustrative policy guidance, consistent with the rest of this Knowledge Base. External audit confirmation is required before any of this reaches a financial statement.

Why This Is Its Own Category

Three tokenized instrument types that look alike at the wrapper level resolve to three different treatments:

ClassASU 2023-08Measurement (holder)Lead XVA
Reserve-backed stablecoinIn scope (contested)Fair value through incomeSVA
Tokenized treasury or MMFOut of scopeFair value (NAV security)Asset-specific
Tokenized bank depositOut of scopeCash equivalent or amortized costLCVA

Both the risk decomposition and the accounting reach "distinct fourth category" independently, from different disciplines. A deposit token is not a bank-issued stablecoin, and stating that plainly heads off the first objection a sophisticated reader raises.

Limits & Thresholds

Position limits, XVA-based restrictions, and aggregate exposure controls from §8.

XVA-Based Position Limits (§8.1)

Total XVAMax PositionAction Required
< 25 bpsUp to 100% of approved limitStandard monitoring
25–50 bpsUp to 75% of approved limitEnhanced monitoring; CFO notification
50–100 bpsUp to 50% of approved limitRisk Committee review required
> 100 bpsPosition prohibitedImmediate exit if existing position

Aggregate Exposure Limits (§8.2)

LimitCurrentMaximumStatus
Total Digital Assets / Portfolio7.8%10%OK
Max Single Issuer (USDC/Circle)26.5%25%At limit
Max Single Protocol4.9%15%OK
Max Single Chain (Ethereum)34%40%Near
DeFi Protocol Exposure4.9%5%Near limit
Cross-Chain Bridge$1.2M$5MOK

Individual XVA Component Limits (§8.3)

ComponentWarningHard LimitEscalation
SVA15 bps30 bpsTreasurer
SCVA10 bps25 bpsRisk Committee
LCVA25 bps50 bpsCFO + Legal
BRVA20 bps50 bpsTreasurer
GVA + QVA5 bps15 bpsTreasury Ops

Escalation Matrix

Who gets notified at each threshold, and what exception authority exists (§13).

Exception Approval Authority (§13.1)

Exception TypeApproval AuthorityTime Limit
Temporary XVA exceedanceTreasurer with CFO notification< 48 hours
Extended XVA exceedanceCFO approval required> 48 hours
Non-approved stablecoin or protocolCFO + Risk CommitteeUntil reviewed
Aggregate limit exceedanceBoard Finance CommitteeUntil resolved
Policy amendmentBoard Finance CommitteeAnnual cycle

Sweep & Funding Operations

Automated fiat-crypto sweep execution, funding triggers, and cross-chain movements (§9).

Sweep Formula (§9.1)

Sweep Amount = Available Balance − Min Retained ($50K) − 24h Projected Outflows

Execute if Sweep Amount > $100,000 threshold

Sweeps execute daily at 16:00 local (after settlement finality). Currency matching: USDC→USD, EURC→EUR.

Funding Trigger (§9.2)

If (Projected Outflows × 1.05) > Current Stablecoin Balance → Fund at 08:00

5% safety buffer above projected outflows. Same-day settlement for funding triggered at 08:00.

Regional Sweep Timing

RegionSweep TimeFunding TimeCut-off
Domestic (US)5:00 PM ET8:00 AM ETAfter same-day settlement finality
European4:00 PM CET8:00 AM CETAfter TARGET2 settlement
APAC4:00 PM local8:00 AM localAfter local RTGS settlement

Minimum Balance Thresholds

Operating accounts retain a minimum balance after sweep to cover next-day operational needs. Standard minimum: $50,000 or local currency equivalent. Emergency threshold: if balance exceeds $5M outside scheduled sweep time, an ad-hoc sweep is triggered with Treasurer notification. Funding horizon: maintain 1.05× projected outflows (5% safety buffer).

Exception Handling

Failed sweeps retry up to 3 times with 15-minute intervals. After 3 failures: alert to Treasury Ops + Treasurer. Manual override available for critical funding with dual approval. Weekend/holiday sweeps: pre-positioned on prior business day for known obligations.

Cross-Chain (§9.4)

Treasurer approval required for bridge transfers >$500K. Bridge failure fallback activates if delay >4 hours. BRVA must be <50 bps for bridge execution. See Smart Contract Architecture for the on-chain anchoring of sweep execution proofs.

Tax Impact (§11.3)

ActivityTax Treatment
Stablecoin → Fiat sweepsTaxable; recognize gain/loss on stablecoin
Fiat → Stablecoin fundingAcquisition; establish cost basis
Cross-chain bridgesSame-wallet transfer (not taxable)
Stablecoin → Stablecoin swapsTaxable exchange

Regulatory Compliance

Multi-jurisdictional compliance framework per §10.

Jurisdictional Coverage

JurisdictionKey RegulationsStatus
United StatesGENIUS Act, BSA/AML, OFAC, SEC, Travel Rule, BitLicenseCompliant (SEC custody guidance pending)
European UnionMiCA (EMT/CASP), MiFID II, EMIR, DORACompliant
SingaporeMAS PSA, SFA classificationCompliant
Hong KongVASP license, Stablecoin Ordinance1 item pending

United States — Federal Regulatory Landscape

AgencyScopeKey Requirements
SECSecurities classification, custodyHowey test for tokens; custody rule for investment advisers; pending tokenized fund guidance
CFTCCommodities, derivativesBitcoin/ETH classified as commodities; DeFi derivatives oversight
FinCENAML/KYCBSA compliance, Travel Rule ($3K threshold), suspicious activity reporting
OCCNational banksInterpretive letters on custody, stablecoin reserves, blockchain settlement
GENIUS ActPayment stablecoinsReserve requirements (100% high-quality liquid assets), issuer licensing, consumer protection
OFACSanctionsWallet screening; Tornado Cash precedent; SDN list compliance
IRSTax reportingDigital asset broker reporting (Form 1099-DA); cost basis tracking
State regulatorsMoney transmissionBitLicense (NY), state money transmitter licenses

European Union

MiCA (Markets in Crypto-Assets): Full framework effective June 2024. EMT (e-money tokens) and ART (asset-referenced tokens) classifications. CASP licensing for service providers. Reserve requirements for stablecoin issuers. MiFID II / EMIR: Applies when tokenized assets qualify as financial instruments. DLT Pilot Regime: Sandbox for DLT-based market infrastructure. DORA: Digital operational resilience requirements for financial entities.

Asia-Pacific & Other Key Jurisdictions

JurisdictionFrameworkStatus
SingaporePSA (Payment Services Act), SFA (Securities & Futures Act), MAS guidelinesComprehensive
Hong KongAMLO (VASP licensing), HKMA stablecoin framework, Stablecoin OrdinanceEvolving
JapanPSA (stablecoins), FIEA (security tokens), FSA oversightComprehensive
UAEVARA (Dubai), ADGM (Abu Dhabi), CBUAE for stablecoinsProgressive
UKFSMA (Financial Services & Markets Act amendments), FCA registration, DSS BillIn progress

Global Standards Bodies

BIS / Basel Committee: Prudential treatment of crypto-asset exposures (Group 1a/1b/2). FATF: Travel Rule (Recommendation 16), VASP licensing guidance. IOSCO: 18 policy recommendations for crypto/DeFi markets. FSB: High-level framework for crypto-asset activities (9 recommendations). IMF: Crypto-Asset Reporting Framework (CARF) for cross-border tax transparency.

Restricted Jurisdictions (§11.2)

China: Cross-border crypto prohibited; all crypto trading banned since 2021. India: 30% tax on crypto gains; 1% TDS; restricted but not banned. Venezuela: CADIVI/CENCOEX restrictions; VES-only netting. Capital control jurisdictions require per-transaction regulatory checks.

Approved Service Providers (Appendix C)

All providers must have SOC 2 Type II, segregated custody, and bankruptcy-remote structures: Coinbase Prime (custodian), Fireblocks (wallet infra), Circle (issuer), Anchorage Digital (OCC-chartered custodian).

Governance

Roles, responsibilities, and policy review structure per §4 and §14.

Roles & Responsibilities (§4)

RoleResponsibilities
Board of DirectorsApproves policy, reviews effectiveness annually, sets max aggregate exposure limits
CFOImplements and oversees crypto risk program, approves XVA methodologies
TreasurerExecutes strategies, monitors XVA, manages sweep/funding, maintains custodian relationships
Risk ManagementCalculates XVA, validates models, performs stress tests, escalates breaches
Compliance OfficerEnsures regulatory adherence, monitors developments, maintains AML/KYC
Tax DepartmentTransfer pricing, sweep tax implications, gain/loss recognition

Reporting Cadence (§12)

Daily: Position report, XVA dashboard, sweep execution, exceptions. Weekly: XVA trends, protocol health, regulatory updates. Monthly: Comprehensive XVA, risk-adjusted returns, counterparty exposure, tax lots, compliance. Quarterly: Board strategy review, model validation, compliance certification.

Policy Review (§14)

Annual review by Finance Committee. This policy is subordinate to the Corporate Treasury Policy and overall Investment Policy. Interim amendments can be proposed by Treasurer for material market or regulatory changes.

Risk Positions Dashboard

Real-time position monitoring with XVA decomposition, limit utilization, alerts, and sweep execution tracking.

Access Required

The live prototype described in this article (Crypto Treasury Risk Positions Prototype) is available to qualified reviewers on request. You will be prompted for a password when you open it. To request access, email dm@turnhouseconsulting.com.

What This Covers

The Risk Positions prototype is the operational control centre for the Crypto XVA framework. It provides a live dashboard, position-level XVA decomposition, sweep & funding tracking, limit monitoring, alert management, compliance status, reporting, approved asset reference, and governance views — all in a single interface.

Dashboard Metrics (as of 12 Apr 2026)

MetricValueStatus
Total Digital Asset Exposure$47.2M7.8% of portfolio (limit 10%)
Aggregate XVA28.4 bpsEnhanced monitoring zone (25–50 bps)
Risk-Adjusted Yield4.67%Headline 4.95% − XVA 28 bps
Active Alerts31 Critical 2 Warning

Position Breakdown (6 Active Positions)

AssetTypeHoldingXVAAdj. YieldStatus
USDCStablecoin$12.5M7 bpsNormal
USDTStablecoin$5.2M22 bpsWatch
EURCStablecoin$3.8M12 bpsNormal
BUIDLTokenized Treasury$15.0M42 bps4.78%Enhanced
Ondo USDYTokenized MMF$8.2M38 bps4.62%Normal
Franklin OnChainTokenized MMF$2.5M24 bps4.81%Normal

Allocation: Stablecoins $21.5M (45%), Tokenized Treasuries $12.7M (27%), Tokenized MMFs $10.7M (23%), DeFi $2.3M (5%).

XVA Monitor

Portfolio-weighted XVA of 28.4 bps sits in the 25–50 bps enhanced monitoring zone. Largest single component: LCVA averaging 18.2 bps across positions. Two components in warning status: BRVA (Wormhole breached at 52 bps) and USDT SVA approaching 15 bps threshold.

PositionSVASCVALCVADPVAOVABRVAGVARWVAOCVATotal
USDC510.50.57
USDT14.242.51.322
BUIDL812154342
Ondo USDY6121231438
Franklin47821224

Active Alerts

Critical: BRVA Limit Breach — Wormhole

BRVA reached 52 bps (hard limit 50 bps). TVL dropped 18% over 48h following validator set rotation. Auto-pause triggered on new bridge transfers. Escalated to Treasurer.

Warning: USDT SVA Approaching Threshold

SVA at 14.2 bps (warning at 15 bps). Reserve attestation 12 days old, increasing Bayesian P(de-peg) prior from 1.5% to 1.8%.

Warning: BUIDL LCVA Elevated

LCVA at 27 bps (warning at 25 bps). Driven by pending SEC guidance on tokenized fund custody. Outside counsel opinion expected by 18 Apr 2026.

Prototype Pages

The full risk positions prototype includes 9 operational pages: Dashboard, Position Monitor, XVA Monitor (with heatmap), Sweep & Funding (execution timeline), Limits (utilization bars), Alerts (critical/warning/info), Regulatory (compliance cards), Reports (daily/weekly/monthly/quarterly), Approved Assets (reference table), and Governance (roles & responsibilities).

Liquidity Risk Monitor

The unified TradFi + Crypto XVA early-warning engine.

Access Required

The live prototype described here runs at live.crypto-xva.app — a separate credentialed application behind HTTP Basic Auth, distinct from the prototype suite. Access is by invitation. To request credentials, email dm@turnhouseconsulting.com.

Three-Domain Architecture

The monitor tracks risk across three domains simultaneously, using a worst-of approach for consolidated status:

DomainKey MetricsWarning/Critical Thresholds
LiquidityUnsecured spread, JPY basis, 24h delta, liquidity ratioUnsecured: 50/100 bps; JPY: 115/135 bps
Market / XVA30d z-score, 5d % change, FVA cumulative, CVA cumulativeZ-score: 2σ/3σ; 5d%: varies
Crypto XVAAggregate add-on, adjusted exposure, TVL vs 30d, oracle dev zAggregate: 22%/32%

Crypto XVA Aggregate Formula

Crypto XVA = Exposure × (0.25 × LVA + 0.30 × OVA + 0.25 × SCVA + 0.20 × BRVA)

Weights reflect the relative importance: OVA carries the highest weight (30%) as oracle risk is the most dynamic and consequential factor. SCVA and LVA at 25% each, BRVA at 20%.

Stress Testing

How the framework behaves under extreme but plausible scenarios — the 10-event calibration set.

Access Required

The Crypto XVA Stress Library prototype — 10-event calibration set with interactive scenario replay — is available to qualified reviewers on request. You will be prompted for a password when you open it. To request access, email dm@turnhouseconsulting.com.

Design Principles

The stress library calibrates the framework against ten historical and hypothetical scenarios drawn from real crypto-native and cross-market stress events. Each scenario isolates a distinct failure mode:

  • Cross-domain correlation — TradFi liquidity stress (unsecured funding spike, FX basis widening) amplified by simultaneous crypto-native stress
  • Oracle cascade — oracle staleness and manipulation during high-volatility episodes; OVA as the dominant driver
  • Bridge exploit — concentrated bridge exposure combining TVL collapse, validator set changes, and exploit history; BRVA breaching limits
  • Stablecoin depeg — reserve opacity combined with a market stress trigger; SVA crossing the hard limit
  • Cross-protocol cascade — composability contagion through shared collateral; CompVA SCC and CPBUC sub-factors as early-warning signals

Illustrative Stress Amplification Factors

Across the 10-event calibration set, components exhibit characteristic amplification patterns under stress. The values below are representative of a severe cross-domain scenario in the library:

MetricBaseline (Normal)Peak StressRepresentative Factor
Crypto XVA Aggregate~11%>32% (critical threshold)~3×
OVA0.090.616.8×
LVA0.020.189.0×
BRVA0.210.381.8×

OVA consistently shows the highest amplification factor — reflecting its role as the most dynamic and consequential component during crypto stress periods.

Monitor Response

For each scenario, the Liquidity Monitor demonstrates the transition path Normal → Warning → Critical with recommended actions at each stage. The cascade replay (April 2026 Aave / Kelp DAO / LayerZero event) is the primary demo scenario; see CompVA for the detailed sub-factor timeline.

FX Hedging Policy

Foreign exchange risk management framework with target hedge ratios, permitted instruments, and recommendation procedures.

Policy Overview

The FX hedging policy covers both traditional TradFi hedging (for multinational corporate treasury) and digital-asset-specific considerations where stablecoin FX pairs (e.g., USDC/EUR via EURC) introduce new hedging dynamics. The framework applies to all entities with non-functional currency exposures exceeding $500K equivalent.

Target Hedge Ratios by Maturity

Months to MaturityTarget Hedge RatioPermitted Range
0 – 3 months90%80% – 100%
3 – 6 months75%60% – 90%
6 – 12 months50%30% – 70%
12 – 24 months25%10% – 40%

Hedge Ratio Formula

Hedge Ratio = Notional Value of Hedging Instruments / Total Exposure in Foreign Currency

Calculated per currency pair. Reviewed weekly; rebalanced when ratio drifts outside the permitted range by more than 5 percentage points.

Permitted Hedging Instruments

InstrumentMax TenorUse Case
FX Forward contracts24 monthsPrimary hedging tool for forecast exposures
FX Swaps12 monthsLiquidity management and rollover
Purchased FX Options12 monthsProtection with upside retention (requires CFO approval)
Cross-currency swaps5 yearsLong-term debt hedging only

Prohibited: Selling naked options, speculative FX positions, leveraged FX derivatives, binary/exotic options.

Hedge Recommendation Procedure

Step 1: Identify all non-functional currency exposures by entity and currency pair. Step 2: Categorize exposures by maturity bucket. Step 3: Calculate current hedge ratio per bucket. Step 4: Compare to target ratio and determine gap. Step 5: Select appropriate instrument and counterparty. Step 6: Obtain required approvals per Delegation of Authority. Step 7: Execute and confirm. Step 8: Document hedge designation (if hedge accounting applied).

Intercompany Netting

Hub-and-spoke multilateral netting framework with FX rules, transfer pricing addendum, and worked example.

Three-Level Agreement Structure

LevelAgreementPurpose
Level 1HQ Netting PolicyGroup-wide framework, currency rules, frequency, governance
Level 2HQ ↔ Pool HeaderRegional pooling arrangements, target balances, escalation
Level 3Pool Header ↔ SubsidiaryEntity-specific netting schedules, minimum thresholds, cut-off times

Hub-and-Spoke Model

Central treasury (HQ) acts as the netting centre. Regional Pool Headers (e.g., EU Pool, APAC Pool, Americas Pool) aggregate subsidiary positions before settling net amounts with HQ. This reduces the number of cross-border payments from O(n²) bilateral to O(n) hub-spoke, cutting transaction costs and FX spread leakage.

Worked Example

4-Entity Netting Cycle

Gross obligations: €2,650K across 4 subsidiaries (Sub A owes B €500K, A owes C €300K, B owes C €450K, B owes D €200K, C owes A €350K, D owes A €400K, D owes B €450K).

Net positions after multilateral netting: Sub A receives €50K net, Sub B pays €300K net, Sub C receives €100K net, Sub D pays €150K net (total: 3 payments vs. 7 gross).

Savings: ~57% reduction in payment count, ~40% reduction in FX transaction costs.

Transfer Pricing Addendum

Intercompany FX conversions within the netting cycle must include an arm’s-length markup to satisfy transfer pricing requirements:

Currency TypeMarkup (bps)Benchmark
G10 currencies (standard)0 – 10 bpsWM/R fix ± observable spread
Exotic / restricted currencies10 – 25 bpsLocal market quotes
Stablecoin conversions5 – 15 bpsOn-chain DEX mid-rate

Netting Cycle Timing

Standard cycle: Monthly, with cut-off on T-5 business days before month-end. Submission deadline for intercompany invoices: T-7. Dispute resolution window: T-5 to T-3. Net settlement: Last business day of month. Emergency ad-hoc netting available with Treasurer approval for amounts >$1M.

Short-Term Investment Policy

Approved traditional instruments, diversification limits, and category constraints for short-term cash deployment.

Context

This policy covers the traditional (TradFi) side of cash management — the instruments that form the base of the treasury portfolio before digital asset allocations. The stablecoin and tokenized asset policies sit alongside this as the digital extension.

Approved Instruments

InstrumentMax TenorMin Credit RatingNotes
Bank time deposits12 monthsA- (S&P) / A3 (Moody’s)Primary liquidity tool
Certificates of deposit (CDs)12 monthsA-Negotiable CDs preferred
Commercial paper (CP)270 daysA-1 / P-1SEC Rule 2a-7 eligible only
US Treasury bills12 monthsSovereignBenchmark risk-free; unlimited allocation
Government agency securities12 monthsSovereign / AA-GSE obligations (FHLB, FFCB, etc.)
Money market funds (MMFs)Daily liquidityAAAm2a-7 Government or Prime funds
Separately managed accountsPer mandatePer mandateRequires Investment Committee approval

Diversification Limits

Limit TypeMaximumCurrent
Single bank counterparty (deposits + CDs)90% of total short-term portfolioVaries by entity
Government securities (T-Bills + agencies)95% (essentially unlimited)
Commercial paper — single issuer5% of total portfolio
Commercial paper — category total25% of total portfolio
MMF — single fund25% of total portfolio

Prohibited Instruments

Equity securities, structured notes (unless Board-approved), auction-rate securities, inverse floaters, mortgage-backed securities (unless Government agency), and any instrument with embedded leverage.

Delegation of Authority (DoA)

Approval tiers for payments, investments, and digital asset operations with five governing principles.

Five Key Principles

#PrincipleRule
1Peer-level delegationAuthority may only be delegated to individuals at the same or higher organizational level
2Segregation of dutiesInitiator and approver must be different individuals; no self-approval
3Self-approval prohibitionNo individual may approve a transaction they initiated or that benefits them personally
4Documentation requirementAll delegations must be documented, time-limited, and reviewed quarterly
5Jurisdictional complianceDelegation must comply with local laws, including power of attorney and banking regulations

Payment Approval Tiers

AmountApprover(s)Conditions
< $50,000Treasury AnalystWithin budget; standard beneficiary
$50K – $500KTreasury ManagerDocumented purpose; budget check
$500K – $5MTreasurerDual signature for >$1M
$5M – $25MCFOTreasurer co-sign required
> $25MCFO + CEO (or Board delegate)Board notification within 24h

Digital Asset Approval Tiers

ActivityApproverAdditional Requirements
Stablecoin purchase <$500KTreasurerApproved stablecoin list only
Stablecoin purchase $500K–$5MTreasurer + CFO notificationXVA check < 100 bps
New protocol onboardingCFO + Risk CommitteeFull XVA assessment required
Bridge transfer >$500KTreasurer + CFOBRVA < 50 bps
DeFi protocol deploymentCFO + Risk CommitteeSmart contract audit current; SCVA < 25 bps
Emergency digital asset exitTreasurer (with CFO notification within 1h)Any XVA hard limit breach

Digital Asset Compliance Requirements

All digital asset transactions must satisfy: GENIUS Act compliance verification (US entities), SEC custody rule checks, MiCA authorization (EU entities), approved custodian whitelisting (Fireblocks, Coinbase Prime, Anchorage), AML/KYT screening via Chainalysis or equivalent, and OFAC sanctions screening on all wallet addresses.

Jurisdictional Netting Rules

Country-specific regulatory constraints on intercompany netting, FX, and capital controls with policy engine syntax.

Implementation Note

These rules are implemented as policy engine directives that automate compliance checks within the intercompany netting and sweep & funding systems. Each rule maps to an IF/THEN statement in the treasury management system.

Americas

CountryCurrency RestrictionNetting RuleKey Constraint
BrazilBRL only (no USD netting)RESTRICT currency_netting TO [“BRL”]Central Bank registration required; IOF tax applies
ChileNo restrictionALLOW multi_currencyCentral Bank reporting required for >$10K
USANo restrictionALLOW multi_currencyOFAC screening mandatory; IRS reporting
VenezuelaVES onlyRESTRICT currency_netting TO [“VES”]CADIVI/CENCOEX approval; highly restricted

Asia-Pacific

CountryCurrency RestrictionNetting RuleKey Constraint
ChinaCNY onlyRESTRICT currency_netting TO [“CNY”]SAFE approval; cross-border netting prohibited without license
IndiaINR only for domesticRESTRICT currency_netting TO [“INR”]RBI approval required; AD Category I bank routing
JapanNo restrictionALLOW multi_currencyBOJ reporting for >¥30M
SingaporeNo restrictionALLOW multi_currencyMAS reporting; PSA compliance for digital assets
AustraliaNo restrictionALLOW multi_currencyAUSTRAC reporting obligations

EMEA

CountryCurrency RestrictionNetting RuleKey Constraint
UKNo restrictionALLOW multi_currencyFCA reporting; FSMA compliance
GermanyNo restrictionALLOW multi_currencyBaFin reporting; EU netting regulation
FranceNo restrictionALLOW multi_currencyAMF reporting; mandatory cash pooling declaration
SwitzerlandNo restrictionALLOW multi_currencyFINMA compliance; withholding tax considerations
UAENo restrictionALLOW multi_currencyCBUAE reporting; VARA for digital assets in Dubai
South AfricaZAR restrictedRESTRICT cross_border TO approved_dealersSARB Exchange Control; “loop structure” rules

Policy Engine Rule Syntax

IF entity.country = “Brazil” THEN RESTRICT currency_netting TO [“BRL”]
IF entity.country = “China” THEN RESTRICT currency_netting TO [“CNY”]
IF entity.country = “India” THEN RESTRICT currency_netting TO [“INR”]
IF entity.country IN [“US”,“UK”,“Singapore”,“Japan”] THEN ALLOW multi_currency
IF transaction.amount > reporting_threshold THEN REQUIRE regulatory_filing

Crypto Risk Management Policy — At a Glance

An abridged orientation guide to the policy governing digital asset XVA, governance, limits, sweep operations, and regulatory compliance.

Orientation Aid Only

This page is an abridged orientation aid. The policy document is authoritative. Appendix D is the definitional record for all terms — see the Glossary page, which syncs from it. Section numbers cited inline (e.g. §8.2) refer to the Crypto Risk Management Policy v3.

Four Things to Know Before Reading Further

1. Tier vs. Level — keep them separate. Tier I / II / III is the architectural structure of the XVA framework (protocol-level / asset-level / cross-protocol). Level 1 / 2 / 3 is the ASC 820 / IFRS 13 observability hierarchy (quoted prices / observable inputs / unobservable inputs). They are distinct axes; the framework spans both simultaneously.

2. XVA is an open mapping. Components active for a given instrument, regime, and jurisdiction vary. The policy does not define a fixed closed roster; it maps each position to the surfaces that apply.

3. Three tiers plus a residual cluster. Tiers I–III are SSRN-grounded. The Level 3 Residual cluster (DPVA, RWVA, FXVA, QVA, OCVA, TXVA, KVA, MVA) is policy-only by design — institutional implementation completeness, not academic taxonomy.

4. CompVA is the cascade monitor. The Tier III component, introduced after the April 18–19, 2026 Aave / Kelp DAO / LayerZero cascade (§5.3), is CompVA. Its three sub-factors (SCC, UQL, CPBUC) are the real-time early-warning instruments — see the CompVA deep-dive for the Live Monitor replay of the cascade.

Policy Structure at a Glance

The map below visualises the five interlocking pillars of the policy on one canvas. Read left-to-right: governance sets authority; the XVA framework prices risk per position; limits convert XVA readings into position constraints; sweep & funding operations execute within those constraints; and the regulatory pillar defines external boundary conditions for all of the above.

Crypto Risk Management Policy v3 — Structure Map Five-panel policy map: Governance chain (Board to CFO to Treasurer to Risk and Compliance), XVA Framework tiers I through III plus Level 3 Residuals, Risk Limits and escalation thresholds, Sweep and Funding operations cadence, and Regulatory pillars for US, EU, and Asia-Pacific. §4 GOVERNANCE Board of Directors Approves policy; sets max exposure Chief Financial Officer Approves XVA methodology & thresholds Treasurer Executes; monitors XVA; sweep ops Risk Mgmt XVA calc, stress, escalate Compliance AML/KYC, reg monitoring Annual Finance Committee review (§14) §5 XVA FRAMEWORK TIER I — Protocol-Level  •  Typically ASC 820 Level 2 (§5.1) SCVA Smart contract OVA Oracle feeds LRVA Liquidity regime BRVA Bridge exploit GVA Gas spikes TIER II — Asset-Level  •  Level 2 / Level 3 (§5.2) SVA De-peg risk TVLVA TVL adoption LCVA Legal/custody TIER III — Cross-Protocol / Network  •  Level 3 (§5.3) CompVA SCC (0.40) + UQL (0.30) + CPBUC (0.30) Introduced after the Apr 18–19 2026 cascade (§5) Level 3 Residuals (§5.4) DPVA • RWVA • FXVA • QVA OCVA • TXVA • KVA • MVA §8 RISK LIMITS Position Limits by Total XVA (§8.1) < 25 bps → 100% limit (standard) 25–50 bps → 75% • CFO notified 50–100 bps → 50% • Risk Cmte review > 100 bps → PROHIBITED / immediate exit Component Hard Limits (§8.3, Table 6) SVA: warn 15 / limit 30 bps SCVA: warn 10 / limit 25 bps LCVA: warn 25 / limit 50 bps BRVA: warn 20 / limit 50 bps CompVA: warn 30 / limit 60 bps SCC: warn 0.45 / limit 0.60 CPBUC: warn 0.65 / limit 0.80 UQL z: warn 2.0σ / limit 2.8σ Aggregate Caps (§8.2) Digital assets: max 10% of total portfolio §9 SWEEP & FUNDING OPERATIONS Stablecoin → Fiat Sweep (§9.1) Daily 4:00 PM (post-settlement finality) Min threshold: $100,000 USD equiv. Retained float: $50,000 USD equiv. Amt = Balance − Float − 24hr outflows USDC → USD  •  EURC → EUR Fiat → Crypto Funding (§9.2) Trigger: outflows exceed stable balance Initiated by 8:00 AM same-day Safety buffer: 5% above projections Amt = Outflows × 1.05 − Balance Tokenized Redemption (§9.3) Trigger: DPVA or RWVA exceeds warning T+1 / T+2 settlement windows apply Redemption timing per issuer disclosure Liquidity need exceeds cash+stablecoin Cross-Chain Movement (§9.4) BRVA calc required per bridge & size Treasurer approval: amounts > $500,000 Real-time bridge monitoring required Fallback plan if delay > 4 hours §10 REGULATORY FRAMEWORK United States GENIUS Act (2025) 1:1 reserves; OCC license Monthly attestation; no interest SEC / CFTC Permitted stables not securities CFTC: tokenized collateral OK BSA / AML / FinCEN MSB registration required Travel Rule: > $3,000 OFAC: all wallet addresses Jurisdictional Basis (§10.4) Basel SCO60 vs OCC FAQ divergence → priced in LCVA OCC Bulletin 2026-7 Mar 5 2026 interagency FAQ European Union MiCA EMT: e-money institution only 30–60% reserves in EU credit institutions MiFID II / EMIR / CSDR Tokenized securities: full MiFID EMIR: crypto deriv reporting DORA ICT risk mgmt; incident RPT Third-party risk (CASP) Basel SCO60 Higher capital: permissionless infra vs OCC FAQ divergence Asia-Pacific Singapore (MAS/PSA/SFA) PSA license: DPT services MAS stablecoin framework SFA: tokenized securities Hong Kong (HKMA/SFC) Stablecoin Ordinance (2025) HKMA-licensed HKD stables VASP license: verify exchanges Tax & Transfer Pricing (§11) Digital assets = property (US) Intercompany: arm's-length China / India: restricted pools Reporting (§12) Daily: position + XVA dashboard Monthly: full XVA + yield analysis Quarterly: Board strategy review

Purpose, Scope & Objectives (§1–3)

The policy establishes comprehensive guidelines for identifying, measuring, managing, and monitoring risks associated with digital assets, including cryptocurrencies, payment stablecoins, tokenized real-world assets, and DeFi protocol interactions (§1). It applies to all subsidiaries, including regional treasury centers and foreign subsidiaries, covering cross-chain transactions, automated sweep and funding operations, and intercompany settlements denominated in or facilitated by digital assets (§2). The five stated objectives are: preserve principal through XVA-based limits; ensure operational liquidity through coordinated fiat-crypto sweep mechanisms; maximize risk-adjusted return after accounting for all applicable XVA components; maintain full regulatory compliance across all applicable jurisdictions; and provide complete audit trails for all digital asset transactions and risk calculations (§3). The policy operates in conjunction with the Short-Term Investment Policy, FX Risk Management Policy, Treasury Sweep and Funding Policy, and In-House Banking Policy.

Governance Chain (§4)

Authority flows from the Board of Directors (approves policy; sets maximum aggregate exposure limits) to the CFO (approves XVA calculation methodologies and risk tolerance thresholds) to the Treasurer (executes digital asset strategies, monitors XVA metrics, manages sweep and funding operations, maintains counterparty relationships). Risk Management calculates and monitors XVA components, validates model inputs, performs stress testing, and escalates limit breaches. The Compliance Officer ensures adherence to all applicable regulations and maintains AML/KYC compliance. The Tax Department manages transfer pricing documentation for intercompany digital asset flows. The Finance Committee of the Board reviews and approves the policy annually and monitors effectiveness against market developments and regulatory changes (§14).

Digital Asset XVA Framework (§5)

The framework is a systematic methodology for quantifying crypto-native risks, grounded in the SSRN working paper §2.1. The fundamental unit is: XVA Component = Probability of Event × Severity of Loss × Discount Factor. The framework maps each position to the surfaces that apply across three architectural tiers and a policy-only residual cluster — this is an open mapping by instrument, regime, and jurisdiction, not a fixed closed roster.

Tier I — Protocol-Level Adjustments (§5.1): Capture risks endogenous to a single protocol's design and operation. Components active include SCVA (smart contract bugs, exploits, upgrade vulnerabilities; typically Level 2), OVA (price manipulation, stale oracle feeds, liveness failures; the TWAP Paradox is an OVA sub-problem), LRVA (pro-cyclical market depth and liquidity regime shifts during stress), BRVA (bridge exploits, message delays, cross-chain liquidity shortfalls; a leading indicator — feeds CompVA infrastructure overlap), and GVA (gas price spikes, network congestion, failed transaction execution).

Tier II — Asset-Level Adjustments (§5.2): Capture risks attached to the asset itself irrespective of venue. Components include SVA (de-peg events and reserve opacity; example: P(de-peg) = 2%, E[discount] = 50 bps, Exposure = $10M → SVA = $1,000), TVLVA (adoption-decline risk where TVL contraction triggers reverse-flywheel outflows), and LCVA (jurisdictional uncertainty, bankruptcy remoteness, custodian failure; example: P(event) = 2%, LGD = 20% → LCVA = 40 bps — often the largest single component for cross-border tokenized exposures).

Tier III — Cross-Protocol / Network-Level (§5.3): Introduced in SSRN v3 following the April 2026 Aave / Kelp DAO / LayerZero cascade. The component is CompVA, operationalised through three sub-factors with weights that aggregate as: CompVA = 0.40 × SCC + 0.30 × UQL + 0.30 × CPBUC. CompVA is not currently hedgeable; management responses are limited to portfolio rebalancing and SCC reduction below the hard limit (§8.2: SCC ≤ 0.55). Note the distinction from CCVA (Compositional Correlation Valuation Adjustment), which is a within-protocol non-additivity term — a separate concept defined in SSRN v3 §5.5.

Level 3 Residual Adjustments (§5.4): Policy-only by design — operational and capital adjustments retained for institutional implementation completeness but explicitly not part of the SSRN academic taxonomy. These include DPVA (NAV mismatch, stale pricing, redemption gates), RWVA (withdrawal queues and liquidity window gates), FXVA (FX volatility during cross-border settlement), QVA (MEV / sandwich attack exposure), OCVA (custodian downtime, API failures), TXVA (cross-border tax treatment uncertainty), KVA (regulatory capital cost), and MVA (initial margin on on-chain derivatives).

Approved Assets & Instruments (§7)

Approved stablecoins include USDC (Circle; GENIUS Act compliant, MiCA EMT authorized; max 25% of digital asset portfolio; SVA 5–10 bps based on reserve attestation recency), EURC (Circle; MiCA EMT; max 15%; SVA 10–15 bps), USDT (Tether; max 15%; SVA 15–25 bps, reflecting reserve transparency discount), and bank-issued stablecoins (per counterparty limits; SVA 5 bps) (§7.1). Approved tokenized assets include tokenized money market funds (Ondo USDY, Franklin OnChain U.S. Government Money Fund, Superstate funds — apply DPVA + RWVA + LCVA, plus CompVA evaluation if used as DeFi collateral), tokenized treasuries (BlackRock BUIDL, Securitize — apply DPVA + LCVA + SCVA), and bank-issued tokenized deposits (§7.2). DeFi protocol interactions are restricted to Ethereum mainnet, Base (L2), and Solana; DEX protocols Uniswap V3/V4 and Curve (stablecoin swaps only, requiring SCVA < 25 bps); and approved bridges (BRVA < 50 bps; currently Wormhole, LayerZero, CCIP, monitored continuously) (§7.3). Any new protocol must pass a Tier III pre-listing test confirming the addition does not push portfolio-level SCC above 0.45, UQL z-score above 2.0σ, or CPBUC above 0.65 (§8.3 warning thresholds).

Risk Limits & Thresholds (§8)

XVA-based position limits apply as a four-band scale: below 25 bps permits up to 100% of approved limit under standard monitoring; 25–50 bps reduces the limit to 75% with CFO notification and enhanced monitoring; 50–100 bps reduces to 50% and requires Risk Committee review; above 100 bps, the position is prohibited and any existing position must be exited immediately (§8.1). Aggregate caps include: maximum 10% of total cash and short-term investment portfolio in digital assets; maximum 25% of digital asset portfolio per single stablecoin issuer (combined across currencies from the same issuer); maximum 15% per single protocol; maximum 40% per single chain; maximum 5% in DeFi protocols; maximum $5 million or 10% of the digital asset portfolio in cross-chain bridge exposure at any time; dependency-graph density (SCC) ≤ 0.55, with rebalancing required if breached for more than 5 consecutive days (§8.2). Key component hard limits per Table 6 are summarised (abridged — not the full Table 6 roster) in the map above — see the Limits & Thresholds and Escalation Matrix articles for the full escalation-path detail (§8.3).

Sweep & Funding Operations (§9)

Stablecoin balances sweep to fiat concentration accounts daily at 4:00 PM local time following settlement finality confirmation. The minimum sweep threshold is $100,000 USD equivalent; the minimum retained operational float is $50,000 USD equivalent. Sweep Amount = Available Stablecoin Balance − Minimum Retained Balance − Projected 24-hour Outflows. Currency matching applies: USDC sweeps to USD, EURC to EUR; cross-currency sweeps require FX conversion per the FX Risk Management Policy (§9.1). Fiat-to-stablecoin funding is initiated by 8:00 AM when projected payment obligations exceed available stablecoin balance, with a 5% safety buffer: Funding Amount = Projected Outflows × 1.05 − Current Stablecoin Balance (§9.2). Tokenized asset redemptions are triggered by: liquidity needs exceeding available stablecoin and cash balances; DPVA or RWVA exceeding warning thresholds; or a regulatory or compliance requirement; T+1 or T+2 settlement windows apply as disclosed by the fund issuer (§9.3). Cross-chain movements require a BRVA calculation for the specific bridge and transaction size, Treasurer approval for amounts exceeding $500,000, real-time monitoring of bridge status and liquidity, and a documented fallback plan for delays exceeding 4 hours (§9.4). See the Sweep & Funding article for full operational detail.

Regulatory Compliance Framework (§10)

In the United States, payment stablecoins must be from GENIUS Act–permitted issuers meeting: 1:1 reserve backing in high-quality liquid assets (USD, T-bills, repos, government MMFs); monthly reserve attestation by a registered public accounting firm; OCC or substantially similar state license; no interest payments to stablecoin holders (§10.1). BSA/AML/FinCEN compliance requires FinCEN MSB registration for all digital asset service providers, transaction monitoring and SAR filing obligations, Travel Rule compliance for transfers exceeding $3,000, and OFAC sanctions screening for all wallet addresses and counterparties. In the EU, only E-Money Tokens from MiCA-authorized credit institutions or electronic money institutions are permissible; EMT issuers must hold 30–60% of reserves in EU credit institutions; custodians and CASPs must comply with DORA operational resilience requirements including ICT risk management, incident reporting, and third-party risk management (§10.2). Asia-Pacific coverage spans Singapore's PSA / MAS framework for digital payment token services and the Hong Kong Stablecoin Ordinance (2025) for HKMA-licensed HKD-backed stablecoins (§10.3). The jurisdictional basis risk — the valuation differential arising from the substantive divergence between Basel SCO60 (higher capital charges for permissionless infrastructure) and the March 5, 2026 OCC / Federal Reserve / FDIC interagency FAQ position (OCC Bulletin 2026-7) — is a priced risk entering through LCVA at the asset level and CompVA cross-tier correlations at the portfolio level (§10.4). See the Regulatory article for the full jurisdiction-by-jurisdiction breakdown.

Tax, Reporting, Exceptions & Continuity (§11–13)

Digital assets are treated as property for U.S. federal income tax purposes; any exchange for fiat, other digital assets, or goods/services is a taxable event. Cross-border stablecoin pooling requires arm's-length transfer pricing per OECD guidelines, with restricted participation for entities in China (prohibited) and India (verify current regulatory status) (§11). Daily reporting covers the Digital Asset Position Report, XVA Dashboard (current XVA by component with limit utilization indicators), Sweep/Funding Execution Report, and Exception Report. Monthly reporting includes the Comprehensive XVA Report with methodology documentation and uncertainty disclosures per SSRN v3 §8.1.4. Quarterly reports to the Board cover digital asset strategy review, XVA model validation back-testing results, and regulatory compliance certification (§12). Exception approval authority scales with severity: Treasurer alone for XVA threshold exceedances under 48 hours; CFO for extended exceedances; CFO plus Risk Committee for non-approved instruments; Board Finance Committee for aggregate limit breaches and policy amendments (§13.1). Business continuity procedures include manual sweep and funding fallback, backup custodian relationships, alternative bridge paths, emergency liquidation procedures, and annual disaster recovery testing (§13.2).

Abridged from Crypto Risk Management Policy v3 (2026) · The policy document is authoritative · Glossary terms sync from Appendix D · Section references (§) cite v3 sections directly

XVA Use Cases

Five practical application scenarios demonstrating how the Crypto XVA framework drives real treasury decisions.

Use Case 1: Tokenized Treasury Allocation

Scenario

Corporate treasury considering moving 5% of $500M cash portfolio from T-Bills to tokenized treasury funds (BUIDL, Franklin OnChain) for yield enhancement and 24/7 liquidity.

XVA Analysis: T-Bills carry ~2 bps total XVA vs. BUIDL at 42 bps and Franklin OnChain at 24 bps. The yield pickup of 20–40 bps gross is partially consumed by XVA. Franklin OnChain emerges as optimal: highest risk-adjusted yield (4.81%) despite lower headline yield. Decision: Allocate to Franklin OnChain first, BUIDL second; monitor LCVA as SEC guidance evolves.

Use Case 2: Stablecoin Reserve Optimisation

Treasury holds $25M in stablecoins for operational payments. The XVA framework reveals USDC (SVA 18 bps) vs. USDP (SVA 6 bps) vs. USDT (SVA 30 bps). Optimal blend: 60% USDC (liquidity), 30% USDP (lowest XVA), 10% USDT (counterparty diversification with enhanced monitoring). Total portfolio SVA reduces from 18 bps (all-USDC) to 14.4 bps.

Use Case 3: Cross-Chain Liquidity

Treasury needs USDC on both Ethereum and Solana for different payment rails. BRVA analysis: Wormhole currently at 52 bps (breached), CCIP at 18 bps (within limits). Decision: Route via CCIP; hold native USDC on each chain rather than bridging where possible; cap bridge exposure at $5M total.

Use Case 4: Cross-Border Payments

Worked Example: US → Singapore $25M

Traditional route: SWIFT wire, T+1 settlement, FX spread 15–25 bps, correspondent bank fees $35–75.

Stablecoin route: USD → USDC → XSGD conversion → SGD off-ramp. Settlement: <4 hours. FX spread: 5–8 bps. XVA cost: ~12 bps (SVA + SCVA + GVA). Total cost: 17–20 bps.

Net saving: ~5–10 bps per transaction + same-day settlement. At $25M monthly volume, annual saving: $150K–$300K.

Use Case 5: Intercompany Optimisation

Group with $150M monthly intercompany flows across 12 entities. Combining multilateral netting (40% payment reduction) with stablecoin settlement (for approved corridors) reduces total treasury costs by an estimated 25–35 bps on netted flows. Key constraint: jurisdictional rules restrict stablecoin netting in Brazil (BRL only), China (CNY only), and India (INR only).

Smart Contract Architecture

On-chain policy anchoring (TreasuryAnchor.sol) and off-chain sweep engine (sweep-engine.ts).

Architecture Pattern

The system follows a hybrid on-chain/off-chain architecture. Complex policy logic and calculations run off-chain (TypeScript sweep engine) for flexibility and gas efficiency, while state hashes and execution proofs are anchored on-chain (Solidity contract) for tamper-proof audit trails. This separates computation from verification.

TreasuryAnchor.sol — On-Chain Anchor

Solidity contract (^0.8.19) built on OpenZeppelin AccessControl. Provides immutable audit trails for off-chain treasury operations.

ComponentPurpose
PolicyAnchor structStores state hash, rules hash, version, timestamp, signer addresses, and policy ID
ExecutionProof structRecords pre/post state hashes, transaction type, amount, currency, executor
TransactionType enumSWEEP, FUNDING, THRESHOLD_CHANGE, SCHEDULE_CHANGE, EMERGENCY_OVERRIDE
Role-Based AccessTREASURER_ROLE, CFO_ROLE, OPERATOR_ROLE, AUDITOR_ROLE (maps to DoA)

Key Contract Functions

FunctionAccessPurpose
registerPolicy()TREASURER_ROLERegister a new policy with initial state and rules hashes
anchorState()OPERATOR_ROLEAnchor new state with multi-sig verification (min N signatures from Treasurer/CFO)
recordSweepExecution()OPERATOR_ROLERecord sweep proof with pre/post state transition validation
recordFundingExecution()OPERATOR_ROLERecord funding proof
triggerEmergencyStop()TREASURER_ROLEHalt all anchoring operations
liftEmergencyStop()CFO_ROLEResume operations (different role for separation of duties)
verifyStateHash()PublicAnyone can verify current state matches expected hash

State Transition Validation

Pre-state hash must match current anchored state → Execute → Post-state hash becomes new anchor

This creates an immutable chain: State_0 → Proof_1 → State_1 → Proof_2 → State_2 → ...

Any gap or mismatch in the chain is detectable by auditors using the on-chain record, without needing to trust the off-chain system.

sweep-engine.ts — Off-Chain Policy Engine

TypeScript class (SweepPolicyEngine) implementing Treasury Sweep and Funding Policy §6. Manages evaluation, execution, compliance checks, and audit trail generation.

MethodPurpose
evaluateSweep()Determines if sweep should occur: Available Balance − Min Threshold = Sweep Amount. Runs compliance checks, selects payment rail, determines required approvals.
executeSweep()Executes after evaluation and approvals. Verifies signatures, creates transaction record, updates balances, generates audit hash.
evaluateAllSweeps()Batch evaluation for all operating accounts (skips concentration and disbursement accounts). Called by scheduler at sweep time.
runComplianceChecks()Three checks: counterparty exposure limits, bank credit rating (minimum A-), segregation of duties.
getCurrentStateHash()Returns current state hash for on-chain anchoring via TreasuryAnchor.

Compliance Checks (Policy §8)

Every sweep evaluation runs three automated compliance gates:

CheckRuleFailure Action
Counterparty ExposureProjected destination balance ≤ absolute limit AND counterparty-specific limitSweep blocked; escalate to Treasurer
Credit RatingDestination bank rating ≥ minimum (A-)Sweep blocked; escalate to Risk
Segregation of DutiesRequester cannot both configure rules and execute transactions (unless SYSTEM)Sweep blocked; audit flag

SSRN Paper — Crypto XVA v3.1

The academic working-paper foundation of this framework. SSRN abstract_id 6448638, v3 posted May 2026 · v3.1 revision live June 2026.

Citation

Martin, D. (2026). Crypto XVA: A Valuation Adjustment Framework for Digital Asset Treasury Management. SSRN Working Paper. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6448638

Abstract (v3.1)

This paper develops a systematic valuation adjustment (XVA) framework for digital asset holdings in corporate treasury portfolios. We identify nine valuation adjustments — SVA, SCVA, LCVA, DPVA, OVA, BRVA, GVA, RWVA, and OCVA — that collectively capture the risk premium embedded in digital assets relative to traditional cash equivalents. The framework is grounded in ASC 820 / IFRS 13 fair-value measurement principles and calibrated against the April 2026 Aave V3/V4 – Kelp DAO rsETH – LayerZero bridge cascade (~$292M primary bridge loss, ~$6.6B system-level cascade). The CompVA (Compositional Valuation Adjustment) extension introduces a Tier III cross-protocol network measure capturing cascade and composability risk not addressable at the per-position level.

JEL Classification

CodeDescription
G23Non-bank Financial Institutions; Financial Instruments; Institutional Investors
G32Financing Policy; Financial Risk and Risk Management
G28Government Policy and Regulation
G12Asset Pricing
G13Contingent Pricing; Futures Pricing
G17Financial Forecasting and Simulation
G21Banks; Depository Institutions
M41Accounting

Version History

VersionDateKey Changes
v1Early 2026Initial framework: SVA, SCVA, LCVA, DPVA, OVA, BRVA, GVA
v2Apr 2026RWVA (Redemption Window VA — renamed from prior working label) + OCVA added; TWAP Paradox formalised; ASC 820 mapping
v3May 2026CompVA (SCC · UQL · CPBUC) Tier III extension; §6.3 aggregation methodology; Phase 3 aggregation shipped live
v3.1Jun 2026Drift-detection terminology correction (Page–Hinkley → CUSUM-R, §8.1.4); content otherwise unchanged

Framework Structure (v3.1)

TierComponentsScope
Tier I — ProtocolSCVA, OVA, BRVA, GVAPer-position, protocol-level risk
Tier II — AssetSVA, LCVA, DPVA, RWVA, OCVAPer-position, asset-level risk
Tier III — NetworkCompVA (SCC · UQL · CPBUC)Portfolio-level, cross-protocol cascade risk

CompVA — Compositional Valuation Adjustment

Tier III, portfolio-level. Captures cross-protocol cascade and composability risk not addressable at the per-position level.

Core Insight

Per-position XVA components price risk within each instrument. CompVA prices the risk between instruments — the network-level contagion that arises when DeFi protocols compose on one another. The April 2026 cascade demonstrated that a bridge exploit on LayerZero propagated through rsETH (Kelp DAO) into Aave V3/V4 liquidity pools within hours. No per-position XVA component captures this path; CompVA does.

Definition

CompVA is a Tier III, portfolio-level valuation adjustment that quantifies the expected loss from cross-protocol composability cascades. It is computed from three sub-factors aggregated via the §6.3 weighted+operational formula:

CompVA = w₁ × SCC + w₂ × UQL + w₃ × CPBUC

Weights (v3.1): SCC 0.40 · UQL 0.30 · CPBUC 0.30

Sub-Factors

Sub-FactorFull NameWhat It MeasuresData Source
SCCSmart Contract Composability CoefficientDegree of cross-protocol dependency in the portfolio; how tightly coupled the positions are via shared contracts, liquidity pools, or oracle feedsOn-chain graph analysis; DefiLlama protocol dependency maps
UQLUtilisation Queue LengthDepth of the unstaking / redemption queue across liquid-staking and restaking positions; a leading indicator of liquidity stress before it shows in priceOn-chain queue data (Dune Analytics); position-level queue depth per asset
CPBUCCross-Protocol Borrowing Utilisation CoefficientAggregate borrow utilisation across DeFi lending pools holding portfolio assets; high utilisation compresses exit liquidity during stressAave, Compound, Morpho utilisation feeds via DefiLlama

The April 2026 Cascade — CompVA in Action

The April 15–19, 2026 cascade (Aave V3/V4 + Kelp DAO rsETH + LayerZero bridge) provides the calibration anchor for CompVA. The Live Monitor v2 replay shows CompVA firing a CRITICAL alert at April 17, 2026 12:00 UTC — approximately 20 hours before the bridge exploit propagated into visible market impact. At that point:

  • SCC was elevated as rsETH cross-protocol dependencies tightened
  • UQL was rising as the Kelp DAO unstaking queue began to lengthen
  • CPBUC was spiking as Aave V3 borrow utilisation approached the liquidity compression zone

The per-position XVA components (BRVA, SCVA, OVA) were in warning territory but had not yet reached CRITICAL thresholds individually. CompVA aggregated the three signals and crossed the critical threshold ~20 hours early. Primary bridge loss: ~$292M. System-level cascade: ~$6.6B.

ASC 820 Level Classification

Sub-FactorASC 820 LevelRationale
SCCLevel-3 (model-derived)Computed from on-chain graph topology; no direct market observable
UQLLevel-2 (observable on-chain)Queue depth is directly observable from on-chain state (Dune)
CPBUCLevel-2 (observable)Borrow utilisation is a published protocol metric
CompVA aggregateLevel-2 / Level-3 blendDriven by SCC model input; overall measurement is Level-3 where SCC dominates

Limits & Escalation

StatusCompVA bpsAction
Normal< 10 bpsStandard monitoring
Warning10 – 20 bpsEnhanced monitoring; Treasurer notification
Critical> 20 bpsImmediate Risk Committee escalation; position review required

How We Changed the Way We Measure Risk

A visual explainer tracing the evolution of risk measurement across four moves, and where Crypto XVA fits.

Visual Explainer — Gamma Deck

This topic is covered in a public visual deck. Open the deck →

The Four Moves

Risk measurement in finance did not arrive fully formed. It evolved through four distinct conceptual moves, each resolving a failure of the previous approach:

MoveApproachWhat It FixedWhat It Missed
1Summing bilateral exposuresSimple aggregation of counterparty-level credit riskEach bilateral relationship measured in isolation; no visibility into how exposures connect across the network
2Network modelsCounterparty interconnections and contagion pathsAssumed static graph structure; missed reflexive feedback loops
3Eigenvector centrality and reflexivityNode importance weighted by neighbor importance; dynamic feedbackGraph topology assumed fixed; composability creates non-stationary edges
4Composability and dynamic, non-stationary graphsEdges between protocols form and dissolve in real time; risk surfaces are instrument × regime × jurisdiction mappings, not static rostersActive frontier — Crypto XVA framework addresses this directly

Where Crypto XVA Fits

The Crypto XVA framework sits at Move 4. The core insight is that DeFi protocol composability creates non-stationary dependency graphs: two protocols may share no risk surface today and be tightly coupled tomorrow, depending on which assets are listed as collateral, which oracle feeds are shared, and which bridges are active. A static adjacency matrix cannot capture this.

The framework formalises risk as an open mapping R : (instrument × regime × jurisdiction) → active risk surfaces rather than a fixed roster of components. The April 2026 Aave / Kelp DAO / LayerZero cascade demonstrated this empirically: the propagation path (bridge exploit → rsETH liquidity compression → Aave V3/V4 borrow utilisation spike) was not visible in any per-position XVA component in isolation. CompVA was designed specifically to capture this cross-protocol, graph-level signal — and the cascade was subsequently reconstructed through the framework as an empirical validation of that design.

Audience

The visual deck targets an informed-general finance audience — Treasury, Risk, and Accounting readers who know what XVA is but have not necessarily worked through the graph-theoretic evolution of risk measurement.

Fair Value Accounting for Digital Assets

ASC 820 / IFRS 13 measurement, ASU 2023-08 recognition, and how the XVA framework connects to financial statement disclosure.

The Core Disambiguation

Most digital-asset accounting questions conflate two independent axes: fair-value input vs. prudential risk reserve (which ledger the number lives in) and Level 1 / 2 / 3 (how observable its inputs are). They connect — your risk response drives the accounting consequence — but they are not the same question. Untangling them is the single most clarifying move in this body of work.

The Two Governing Standards

Two standards define the accounting landscape for digital assets held at fair value:

StandardWhat it governsKey requirementEffective
ASC 820 (IFRS 13) How to measure fair value — the exit-price definition, the Level 1/2/3 hierarchy, and the disclosure machinery that fires at Level 3. Measurement uses the price in the principal (or most advantageous) market; the orderly-exit assumption is load-bearing. Ongoing — applied to every fair-value measurement
ASU 2023-08 When to apply fair-value measurement to in-scope crypto assets — recognition, remeasurement each reporting period, and new balance-sheet / disclosure requirements. In-scope crypto assets must be remeasured to fair value each period; gains and losses flow through net income. Eliminates the cost-less-impairment approach for in-scope assets. Fiscal years beginning after 15 Dec 2024 (calendar-year filers: FY2025)

ASU 2023-08 answers "must I mark this to fair value?" ASC 820 answers "how do I measure that fair value, and at what level?" They are complementary, not alternatives.

The Two Questions — in Order

Before any number goes in the books, two questions must be answered in sequence. Most audit findings in this space trace back to skipping Question 1:

Question 1 — Which ledger?

Is this adjustment a fair-value input, or a prudential risk reserve?

A fair-value input — a market-participant-observable adjustment — belongs inside ASC 820 and hits the financial statements at whatever level its inputs imply.

A prudential risk reserve — a model-risk buffer, a tail-scenario reserve, an XVA that no market participant would independently price — belongs in the risk ledger, labeled non-GAAP. It is reconciled back to the GAAP number but does not itself appear in the financial statements. Booking a prudential reserve as GAAP fair value is the audit finding the framework exists to prevent.

Question 2 — What level?

If it is a fair-value input: what is its lowest significant input?

The Level is set by the lowest significant input, not by any input. A small observable tweak (e.g., a 25 bps bid-side adjustment on a liquid ETH position) does not drag the measurement to Level 2 if it is not significant to the measurement as a whole — the position stays Level 1. Landing at Level 3 pulls in the full disclosure package: the rollforward, the unobservable-input table, and the sensitivity analysis.

ASC 820 Level Hierarchy — Digital Asset Applications

LevelInput typeDigital asset examplesDisclosure burden
Level 1 Quoted prices in active markets for identical assets. No adjustment to the price. ETH spot on a principal exchange; BTC; liquid large-cap tokens with deep order books and high daily turnover. Minimal — disclose the quoted price source and fair-value total.
Level 2 Observable inputs other than Level 1. Adjustment required but inputs are market-observable. Liquid staking tokens where the basis (stETH/ETH discount) is market-observable; tokenized treasuries whose NAV derives from observable T-bill prices; stablecoins with thin secondary markets but observable reserves. Disclose valuation technique and observable inputs used.
Level 3 Significant unobservable inputs — the entity's own assumptions about what market participants would use. LP positions in thin DEX pools; governance tokens with blockage concerns; de-peg reserves where no comparable market data exists; XVA reserves that reflect model-risk overlays the market would not independently price. Full package: Level-3 rollforward, unobservable-input table, sensitivity to significant assumption changes, and valuation-technique narrative.

The Blockage-Factor Prohibition

Under ASC 820, a holder of a large block of a thinly-traded token cannot mark it below the quoted price solely because selling the block would move the market. The unit of account is the individual unit, not the block — the blockage factor is explicitly prohibited at Level 1. This is the most common misapplication for governance-token and concentrated-position holdings.

ASU 2023-08 — In Scope, Out of Scope, Contested

The scope determination is the first accounting decision for any new digital asset position:

Asset typeScopeAccounting treatment
Bitcoin, Ether, major liquid crypto assetsIn scopeFair value each period; gains and losses in net income. Prior cost-less-impairment approach eliminated for in-scope assets.
Natively staked ETHIn scopeStaked principal in scope; staking rewards recognized as income at receipt. Lock-up / unbonding period triggers a restriction disclosure.
Liquid staking tokens (stETH, rETH)In scope (likely)Subject to enforceable-rights confirmation. Peg/basis risk → Level 2 for the observable component; de-peg tail reserve may be Level 3.
Wrapped / bridged assets (wBTC)ContestedWrapper creates a new instrument; ASU scope is debated. Bridge counterparty risk (BRVA) compounds the measurement uncertainty.
AMM / DEX LP positionsOut of scope (likely)LP token is a claim on a pool, not a crypto asset under the ASU definition. Falls back to general ASC 820; impermanent loss recognition is the key accounting challenge.
Tokenized treasuries (BUIDL, USDY)Out of scopeUnderlying is a regulated fund with enforceable rights to the T-bill / MMF portfolio. Account under ASC 320 / 321 for the underlying. Wrapper smart-contract risk is an XVA overlay, not a scope driver.

The Four Risk Responses — and Their Accounting Consequences

The classic risk-management taxonomy (price / hedge / disclose / avoid) connects directly to accounting consequences. They are not the same concept, but they are coupled — your risk response determines which ledger the resulting number lives in:

Risk responseAccounting consequence
Price it If a market-participant fair-value input → reduces GAAP fair value (inside ASC 820, hits the books at the implied level). If a prudential buffer → risk ledger only (non-GAAP, reconciled but not booked).
Hedge it Introduces a derivative that is itself fair-valued under ASC 815. Hedge accounting (if designated) changes the timing of gain/loss recognition but does not remove the measurement obligation.
Disclose it ASU 2023-08 disclosures (significant-holdings table, annual rollforward, cost-basis policy) + ASC 820 leveling table + the full Level-3 package if a reserve genuinely sits in GAAP. Disclosure is never a substitute for measurement — you can and usually must both price and disclose.
Avoid it No position → no measurement. The decision to avoid still belongs in the governance record.

The Three-Statement Interlock

Fair-value accounting under ASU 2023-08 threads through all three statements. The cash-flow linkage is where most preparers make errors:

  • Balance sheet — carrying value at fair value on its own line, separate from other intangibles. ASU 2023-08 requires cost basis disclosed alongside fair value.
  • Income statement — unrealized gains and losses hit net income each period (the key change from prior cost-less-impairment treatment). Realized and unrealized gains must be shown separately — never netted.
  • Cash flow statement (ASC 230) — an unrealized gain lifted net income, but it is non-cash. Under the indirect method, it must be reversed out in the operating section. At sale, full proceeds appear in investing, and the cumulative gain is reclassified. Failure to reverse the unrealized gain overstates operating cash flow — the most common ASU 2023-08 cash-flow misstatement in practice.

Who Does This at a Firm?

The competency required is the derivative-accounting / XVA skill set. Most firms holding crypto today are corporates with a treasury, a controller, and an external auditor — with no Product Control or Model Risk function. That structural gap is where the advisory opening sits.

FunctionOwns
Treasury / Trading deskThe position, P&L, the hold / hedge / sell decision.
Market RiskThe risk ledger, limits, the daily monitor, escalation, XVA reserve methodology.
Product / Valuation ControlIndependent price verification (IPV), validating marks, the practical ASC 820 leveling for the books.
Technical Accounting / ControllersASU 2023-08 application, journal entries, disclosures — how the number hits all three statements.
Model Risk ManagementIndependent validation of XVA models under SR 26-2 / OCC 2026-13 (superseding SR 11-7) / CRR Art. 105 AVA / DORA.
External AuditorTests all of the above under PCAOB AS 2501 (auditing fair-value estimates).

Model Governance — The Other Axis

Fair-value accounting (ASC 820 / ASU 2023-08) and model governance (SR 26-2 / OCC 2026-13) are distinct regulatory requirements, but they are tightly coupled in practice: a Level-3 number that appears in the financial statements must be produced by a model that has been independently validated. Complying with ASC 820 while skipping model governance leaves the valuation methodology exposed — auditors and regulators increasingly treat model documentation as a pre-condition for accepting Level-3 estimates.

The Governing Regime

SR 26-2 / OCC 2026-13 (effective April 17, 2026, superseding SR 11-7 / OCC 2011-12) is the primary US model risk management standard. It extends the SR 11-7 three-pillar framework (development & implementation, independent validation, governance & controls) to cover AI/ML models and novel quantitative approaches — both of which the Crypto XVA components squarely implicate. Any model whose output influences a financial statement figure or a risk limit falls within scope.

CRR Art. 105 / AVA (Additional Valuation Adjustments) is the closest EU regulatory analog for XVA-style prudential reserves. Under the AVA framework, fair-value positions must carry valuation adjustments for market price uncertainty, close-out costs, concentrated positions, and model risk — each mapping to a component in the Crypto XVA taxonomy. For EU-regulated entities, AVA is arguably the more direct fit than SR 26-2, though the conceptual requirements are similar. CRR Art. 105 makes model risk an explicit capital deduction, not merely a governance requirement.

DORA adds a third layer for EU financial entities: the model infrastructure itself (data feeds, computation, validation pipelines) must satisfy ICT risk management and third-party risk requirements — relevant wherever XVA relies on external oracle feeds or off-chain data providers.

Governance requirementWhat it demands for Crypto XVAAccounting consequence if absent
Model documentation
SR 26-2 §III.A
Written methodology for each XVA component: inputs, assumptions, calibration sources, limitations, and the link between the model output and the ASC 820 Level determination. Auditor cannot assess Level-3 unobservable inputs — likely a disclosure deficiency or qualified opinion.
Independent validation
SR 26-2 §III.B
A function independent of the model owner validates the methodology, tests conceptual soundness, and performs ongoing monitoring. For most corporates this means external validation for high-risk-tier models. Without validation, a Level-3 reserve may not satisfy PCAOB AS 2501’s “sufficient appropriate evidence” standard for fair-value estimates.
Model inventory & risk tiering
SR 26-2 §III.C
Each XVA component model must be registered, risk-tiered (high / medium / low), and validated at a frequency commensurate with its tier. Tier III cross-protocol models (CompVA) warrant high-risk classification given their novelty and consequential scope. An unregistered model whose output appears in the financial statements is a material internal control weakness under SOX §404.
AVA — model risk component
CRR Art. 105(10) / EBA RTS 2016/101
For EU-regulated entities, a separate model-risk AVA must be calculated and deducted from CET1, distinct from the GAAP accounting reserve. The AVA and the GAAP reserve are parallel, not interchangeable. Failure to compute AVA is a prudential reporting violation; auditors increasingly cross-check the GAAP reserve and the AVA for consistency.

The Practical Coupling

A Level-3 XVA reserve flows through two separate approval chains simultaneously: the accounting chain (Technical Accounting signs off the GAAP journal entry and ASC 820 disclosure) and the model governance chain (Model Risk Management validates the underlying methodology under SR 26-2 / OCC 2026-13). Neither chain substitutes for the other. In practice, the model validation report becomes the primary exhibit in the auditor’s Level-3 evidence file — a validated model is a necessary, though not sufficient, condition for a clean opinion on a Level-3 position.

Coming: Worked Examples — Digital Asset Accounting Manual

A chapter-by-chapter worked example set is in development, running a full 10-beat skeleton (position → Tier × Level map → risk measurement → risk-ledger entry → ASC 820 measurement → journal entries → three-statement interlock → disclosure → audit note → the one lesson) for eight instrument types: ETH spot, natively staked ETH, liquid staking tokens, restaking positions, wrapped assets, AMM LP positions, governance tokens, and tokenized RWAs. Each chapter escalates exactly one new accounting dimension. Contact david@crypto-xva.app for early access.

Glossary

All terms from the Crypto XVA framework — alphabetized. Includes DeFi explainers for prospect audiences and policy definitions from Crypto Risk Management Policy v3 Appendix D.