> ## Documentation Index
> Fetch the complete documentation index at: https://docs.aarc.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Governance & Controls

> Multi-party authorization and operational controls

iBTCY employs multi-party governance ensuring no single party can unilaterally execute critical operations.

## Core Principle

<Info>
  **No single party can unilaterally move funds, mint/burn tokens, or execute material operations.**
</Info>

External regulated parties participate in key decisions, providing institutional-grade oversight independent of the issuer.

## Multi-Party Authorization

All critical operations require authorization from multiple independent parties:

| Operation                     | Issuer Alone?                |
| ----------------------------- | ---------------------------- |
| Token minting/burning         | No                           |
| Buffer movements              | No (requires custodian)      |
| SSBAF subscription/redemption | No (requires fund manager)   |
| Contract upgrades             | No (requires notice period)  |
| Fee changes                   | No (requires notice period)  |
| Emergency pause               | No (requires external party) |

## External Oversight

Key signers include regulated external parties across multiple jurisdictions, ensuring independent oversight of critical operations.

## Authorization Matrix

| Operation                                                    | Authorization                          |
| ------------------------------------------------------------ | -------------------------------------- |
| Administrative functions (parameters, upgrades via timelock) | Multi-party admin multisig             |
| Emergency pause (critical security events)                   | Dedicated emergency authorization path |

Exact signer arrangements are implemented on-chain and described in the audited contracts.

## Emergency Response

In emergencies (smart contract exploit, oracle manipulation, funds at risk), contracts can be paused with multi-party authorization.

<Info>
  Under normal operations, BTCY transfers are permissionless. The BTCY contract includes an emergency pause reserved for critical security events (for example smart contract exploit or oracle manipulation), authorized via multi-party governance including a dedicated emergency authorization path. The design intent is to keep transfers permissionless except in those critical security events so DeFi liquidations can execute under normal conditions.
</Info>

## Notice Periods

| Change type                                                                                      | Advance notice                                  |
| ------------------------------------------------------------------------------------------------ | ----------------------------------------------- |
| Material changes (fee increases, buffer range adjustments, new yield sources, custodian changes) | 30 days                                         |
| Minor operational adjustments                                                                    | 7 days                                          |
| Contract upgrades                                                                                | 15 business days plus 48-hour on-chain timelock |

During any applicable notice period, investors may redeem at the then-current NAV, subject to gating, suspension, and settlement mechanics.

## Smart Contract Controls

| Control     | Description                              |
| ----------- | ---------------------------------------- |
| Audit       | Cyfrin audit completed pre-deployment    |
| Pause       | Emergency pause capability               |
| Whitelist   | Only KYC'd wallets can hold iBTCY        |
| Rate limits | Per-wallet and aggregate limits on-chain |

## Upgradeability

Smart contracts may be upgradeable via admin multisig with timelock. Investors receive advance notice of any upgrades.

<Warning>
  Upgradeability enables bug fixes but introduces centralization risk. Multi-party authorization and notice periods mitigate this risk.
</Warning>

## Key Management

Keys are managed through institutional-grade MPC infrastructure with:

* Multiple independent signers
* Hardware security modules
* Comprehensive audit trails

<Card title="Audits" icon="shield-check" href="/security/audits">
  Smart contract security
</Card>

***

<Note>
  Available only to eligible professional/qualified investors on an invite-only basis, subject to onboarding and compliance approval. For informational purposes only and not investment advice. Not an offer to the public or a solicitation where unlawful. No retail distribution. Not available to US Persons.

  [Disclaimers](/legal/disclaimers) · [Platform and issuer](/legal/platform-legal)
</Note>
