Ethics & Compliance Program Charter
This template is provided for illustrative purposes. Client-specific charters are drafted and approved under formal engagement. Regulatory references should be mapped to your entity structure and licensing status.
1. Purpose & Mandate
The Ethics & Compliance Program ("Program") is established to promote a culture of integrity, ethical conduct, and compliance with applicable laws, regulations, and internal standards across all operations of the Company, including regulated financial services and crypto-asset activities.
The Program supports the Company's strategic objectives by preventing, detecting, and responding to ethical misconduct, regulatory breaches, and conduct risk, while safeguarding stakeholders, customers, and market integrity.
For crypto asset service providers, the Program complements — but does not subsume — AML/CTF, licensing, and prudential obligations under frameworks including SPK III-35B.1 (Turkey), MASAK requirements, and the EU Markets in Crypto-Assets Regulation (MiCA) where applicable.
2. Scope of the Program
2.1 Covered persons
The Program applies to:
- All employees, officers, directors, and temporary staff across all group entities
- Third parties acting on behalf of the Company, including agents, vendors, market makers, custodians, KYC/AML service providers, and strategic partners
- Contractors with access to customer data, trading systems, or regulatory reporting functions
2.2 Program coverage
Program coverage includes, but is not limited to:
- Code of Conduct and ethical standards
- Conflicts of interest (including token listing, issuance, and treasury activities)
- Anti-bribery and corruption
- Market conduct and integrity (including wash trading, front-running, and insider dealing in digital assets)
- Whistleblowing / speak-up mechanisms
- Investigations and disciplinary actions
- Third-party compliance and intermediaries
- Data privacy and ethical use of customer and on-chain information
- Responsible marketing and fair disclosure to retail and professional clients
AML/CTF, sanctions screening, and prudential regulatory compliance functions operate in coordination with, but independently from, the E&C Program. The Chief Ethics & Compliance Officer (CECO) and Money Laundering Reporting Officer (MLRO) maintain distinct mandates with defined coordination protocols (see Section 6).
3. Governance & Oversight
The Board of Directors has ultimate oversight responsibility for the Program and receives periodic reporting on Program effectiveness, material incidents, and emerging conduct risks.
A designated Board Committee (Audit, Risk, or Compliance Committee) oversees:
- Program independence and resourcing
- Significant investigations and outcomes
- Program effectiveness reviews
- Approval of the annual E&C work plan and risk assessment
Senior management is responsible for supporting the Program and fostering ethical culture through tone at the top, including visible endorsement of speak-up channels and non-retaliation principles.
3.1 Board reporting cadence
- Quarterly: Program KPIs, open investigations summary, training completion, and conduct risk trends
- Ad hoc: Material incidents, regulatory enquiries with conduct implications, and significant policy breaches within 5 business days of classification
- Annual: Full Program effectiveness review and charter reaffirmation
4. Authority, Independence & Resources
The Chief Ethics & Compliance Officer (or equivalent role):
- Has independent authority to design, implement, and operate the Program
- Reports functionally to the Board Committee and administratively to the CEO
- Has unrestricted access to records, personnel, and information across all relevant entities
- Is protected from retaliation for good-faith execution of duties
- May engage external counsel or investigators without prior management approval for material matters
Adequate resources, budget, and skilled personnel are provided to ensure Program effectiveness, including access to investigation tools, training platforms, and third-party due diligence capabilities.
5. Core Program Components
The Program is risk-based and includes:
- Periodic ethics and conduct risk assessments (at least annually, and upon material business change)
- Clear policies, procedures, and guidance aligned to jurisdiction-specific requirements
- Role-based training and communications (onboarding, annual refresh, and targeted modules for high-risk roles)
- Confidential speak-up and reporting channels (internal and, where appropriate, external)
- Fair, timely, and documented investigations
- Consistent disciplinary and remediation processes
- Third-party due diligence and ongoing monitoring
- Ongoing monitoring, metrics, and continuous improvement
6. Regulatory Coordination & Jurisdiction Matrix
Given multi-jurisdiction operations, the CECO maintains a jurisdiction matrix identifying applicable conduct and governance requirements per entity and market. The CECO coordinates with the MLRO and regulatory affairs function on:
- Joint conduct and financial crime risk assessments
- Shared incident escalation protocols (e.g. token listing conflicts overlapping with AML red flags)
- Regulator liaison on conduct matters — SPK (Turkey), MASAK (AML interface), and competent authorities under MiCA (EU)
- Board and management information flows without duplication or gaps in accountability
Entity-level RACI assignments are documented separately and reviewed annually (see Compliance RACI Matrix).
7. Crypto-Specific Conduct Risks
The Program explicitly addresses conduct risks inherent to crypto-asset services, including:
- Listing integrity: Conflicts of interest in token listing decisions, disclosure of commercial arrangements, and prevention of insider dealing ahead of public announcements
- Market manipulation: Policies against wash trading, spoofing, pump-and-dump coordination, and abusive on-chain activity involving Company accounts or affiliates
- Treasury & proprietary activity: Segregation and disclosure of firm trading, market making, and token treasury holdings relative to customer interests
- DeFi & on-chain exposure: Governance token holdings, protocol participation, and counterparty risk where the Company engages decentralised infrastructure
- Marketing & promotions: Fair, clear, and not misleading communications; restrictions on guaranteed-return claims and influencer arrangements
- Customer asset handling: Ethical standards for custody, reconciliation transparency, and escalation of operational incidents with conduct implications
8. Speak-Up, Investigations & Non-Retaliation
The Company maintains confidential reporting mechanisms available to employees and third parties.
All reports are:
- Assessed promptly and objectively (initial triage within 5 business days)
- Investigated in accordance with documented procedures
- Protected by strict non-retaliation principles
- Logged in a secure register with restricted access
Retaliation against reporters or investigation participants is prohibited and treated as a serious violation, subject to disciplinary action up to and including termination and regulatory notification where required.
9. Monitoring, Reporting & Continuous Improvement
The effectiveness of the Program is monitored through:
- Key risk and performance indicators (speak-up volume, investigation cycle times, training completion, third-party DD coverage, repeat findings)
- Internal reviews and independent assessments (at least every two years)
- Periodic reporting to senior management and the Board (see Board Reporting Outline)
Lessons learned from investigations, audits, regulatory feedback, and incidents are incorporated into Program enhancements within 90 days of closure where practicable.
10. Document Control & Review
- Owner: Chief Ethics & Compliance Officer
- Approver: Board Committee (initial adoption); CECO (subsequent revisions subject to Committee notification)
- Review cycle: Annual, or upon material regulatory change, corporate restructuring, or significant conduct incident
- Distribution: Board, senior management, and all personnel via intranet / policy portal
- Version history: Maintained with change log and effective date