Governance Model
The decision framework, authority structure, and control mechanisms governing the Helios Digital gold reserve system and HGA token operations.
Governance Principles
Transparency First
All material governance actions are disclosed publicly. Proof of Reserves is published on-chain. Board decisions affecting token operations are announced with rationale.
Segregation of Authority
No single individual holds unilateral authority over minting, burning, freezing, or reserve custody. All critical operations require multi-party authorization.
Holder Protection
Governance exists to protect token holders. Reserve integrity, redemption rights, and operational continuity take precedence over commercial objectives.
Board Authority Structure
Helios Digital is governed by a board with defined authority levels for critical operations. Board composition is designed to prevent concentration of control and ensure independent oversight.
| Action | Required Authority | Threshold |
|---|---|---|
| Token Minting | Board + Vault Confirmation | 2-of-3 |
| Token Burning | Board + Vault Confirmation | 2-of-3 |
| Emergency Halt | Any Board Member | 1-of-3 |
| Halt Release | Board Majority | 2-of-3 |
| Account Freeze | Compliance + Board Member | 2-of-3 |
| Vault Provider Change | Full Board | 3-of-3 |
| Fee Structure Change | Board Majority + 30-day Notice | 2-of-3 |
| Governance Amendment | Full Board + 60-day Notice | 3-of-3 |
Multisig Key Architecture
XRPL Issuing Wallet
- → 2-of-3 multisig with geographically distributed key holders
- → Cold storage for master key; operational keys on hardware security modules
- → Key rotation conducted annually with auditor oversight
- → No single key holder can unilaterally approve transactions
Vault Authorization Keys
- → Dual custody: Helios key + vault operator key required for access
- → Neither party can access gold unilaterally
- → Emergency access requires board resolution + legal process
- → All vault access events are logged and included in audit trail
Halt & Circuit Breaker Mechanisms
Emergency Halt Triggers
The following conditions automatically or manually trigger a system halt:
Halt Resolution Protocol
To release a halt: (1) root cause identified and documented, (2) remediation completed and verified, (3) 2-of-3 board vote to release, (4) public disclosure of incident and resolution within 48 hours, (5) PoR attestation re-run to confirm reserve integrity.
KYC/AML Governance Gates
HGA token operations are subject to identity verification and anti-money laundering controls at defined gates:
| Gate | Requirement | Verification |
|---|---|---|
| Token Purchase | Full KYC (ID, proof of address, source of funds) | Prior to allocation |
| Physical Redemption | Enhanced KYC + shipping verification | Prior to dispatch |
| USDC Redemption | KYC + wallet screening | Prior to settlement |
| Large Transfer (>$10k) | AML review + source of funds | Prior to execution |
| Periodic Review | Re-verification for active holders | Annual |
Transparency Commitments
On-Chain PoR
Proof of Reserves attestation published on XRPL every 4 hours with Merkle root and custody hash.
Public Audit Reports
SOC 2 Type II audit reports published annually. Physical vault audit results published quarterly.
Governance Decisions
All board decisions affecting token operations, fees, or custody arrangements are disclosed within 7 days.
Incident Disclosure
Any security incident, halt event, or material operational disruption is disclosed publicly within 48 hours.