Ark 21Shares Bitcoin ETF 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Ark 21Shares Bitcoin ETF reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 16:30:27 EDT.

Filings

10-K filed on 2024-03-26

Ark 21Shares Bitcoin ETF filed an 10-K at 2024-03-26 16:30:27 EDT
Accession Number: 0001213900-24-026067

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity The Trust, through the Sponsor, has established procedures to manage significant cybersecurity risks. The Trust s operations depend on the systems of the Sponsor and other third-party providers. The Sponsor manages the Trust s day-to-day operations and has implemented a cybersecurity program that applies to the Trust and its operations. Cybersecurity Program Overview The Sponsor has developed a cybersecurity program to manage cyber risks relevant to the Trust. This program includes risk assessments, security measures, and continuous monitoring of systems and networks. The Sponsor proactively identifies significant risks from new and evolving cybersecurity threats. The Trust relies on the Sponsor to engage external experts, such as cybersecurity assessors, consultants, and compliance professionals, to review the cybersecurity measures and risk management processes. These third parties are engaged on an as-needed basis, with some hired on an ongoing basis as managed service providers. The Trust relies on the Sponsor s risk management program, which includes cyber risk assessments. These processes have been integrated into the Sponsor s overall risk management system. The Trust engages various third parties to support its operations. The Trust relies on the Sponsor s expertise in risk management, legal, information technology, and compliance when managing risks from cybersecurity threats associated with these entities. Prior to engaging a key service provider, the Sponsor conducts a due diligence process. The Sponsor has adopted a cybersecurity strategy focused around a Zero Trust Network model throughout the entire operational environment, operating on the premise that no entity, system or service provider within the Sponsor s IT security perimeter can be inherently trusted. The Sponsor actively monitors its cybersecurity risks and has appointed an internal Cybersecurity Lead and partners with an outside service provider responsible for system monitoring and alerting. In addition, the Sponsor enforces stringent security requirements for storage devices and applications, including encryption at rest, full user activity tracking, and secure sharing of client data. The Sponsor s email environment is further fortified with dual factor authentication and other security measures. The Sponsor requires both two-factor and at rest encryption on all systems. The Sponsor requires through its compliance and cyber-security policy that all system breaches detected by an employee are immediately escalated to the Chief Compliance Officer and Head of Legal. The Sponsor also has several archival systems in place to monitor compliance. The Sponsor relies on a trusted firewall to manage and safeguard the Sponsor s network. Furthermore, the Sponsor conducts regular reviews on third parties to ensure they have policies in place that are designed to prevent information security lapses or breaches. Board Oversight of Cybersecurity Risks The Sponsor does not have a board of directors, but rather, the board of directors (the Board ) of Amun Holdings Limited ( Parent Company ) provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board relies upon the Parent Company s Risk Committee for cybersecurity risk governance. The Parent Company s Risk Committee receives periodic updates regarding the overall state of the Sponsor s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting the Trust. Management s Role in Assessing & Managing Material Risks from Cybersecurity Threats The Sponsor s management, including the Sponsor s CCO, is responsible for assessing and managing material risks from cybersecurity threats. The Sponsor s CCO approves all changes to the cybersecurity policy. The Sponsor relies on its full-service compliance partner to stay updated on all SEC rules and regulations and to recommend changes in the compliance policies when necessary. Management of the Sponsor is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Trust, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Sponsor. The Head of Legal and CCO would receive notifications of a cybersecurity incident that impacts a service provider of the Trust. 51 The Trust has an Incident Response Plan and Business Continuity/Disaster Recovery Plan, which it relies on the Sponsor s plans. The CCO of the Sponsor is responsible for determining whether a cybersecurity incident is material to the Trust. Pursuant to the Sponsor s policies and procedures, an internal team at the Sponsor is tasked with investigating all reported and suspected security breaches. The Sponsor is required to provide the required notifications without unreasonable delay after the discovery of a breach. Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats on the Trust is assessed on an ongoing basis, and how such risks could materially affect the Trust s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Trust has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Trust believes have materially affected, or are reasonably likely to materially affect, the Trust, including its business strategy, operational results, and financial condition.

Company Information