Fidelity Wise Origin Bitcoin Fund - (FBTC)
10-K Filing Date: March 21, 2024
The Sponsor, FMR LLC, and their respective affiliates operating as a business organization (collectively, “Fidelity”) and its Enterprise Cybersecurity organization, on behalf of the Trust, have established a comprehensive risk management program, which includes processes to identify, assess, and manage cybersecurity risks, including material risks from cybersecurity threats, and to put in place appropriate controls to mitigate these risks and reduce the potential impact to the Trust and its Shareholders. The Trust does not have any employees and relies upon Fidelity and its Enterprise Cybersecurity organization for the Trust’s day-to-day operations and to establish strategies, policies, and standards for the security of, and operations in, cyberspace.
The Trust depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. Through its vendor management program, and on behalf of the Trust, Fidelity oversees and identifies risks from cybersecurity threats associated with the use of third-party service providers. This vendor oversight program includes periodic reviews of the cybersecurity controls of third-party service providers. The frequency of such reviews is generally based on the nature of Trust’s information processed by the vendor and the vendor’s criticality to business operations.
On behalf of the Trust, Fidelity engages third-party consultants to assess, identify, and/or manage material risks from cybersecurity threats. For example, Fidelity engages third-party consultants to perform audits of its cybersecurity measures and risk management processes, including those applicable to Trust. Fidelity has also hired qualified independent assessors to review applicable security controls in accordance with the American Institute of Certified Public Accountant’s System and Organization Controls assurance programs. Additionally, Fidelity utilizes third-party consultants with specific areas of cybersecurity expertise to review and report on various aspects of its cybersecurity program, including those applicable to the Trust. The results of these consulting engagements are shared with the Sponsor as part of periodic reports.
Fidelity’s Enterprise Cybersecurity organization has a threat intelligence program which monitors for emerging cyber threats. Taking information gathered from public and private sources, including industry groups such as the U.S. Cybersecurity and Infrastructure Security Agency and the Financial Services Information Sharing and Analysis Center, the organization analyzes such information and incorporates tactics, techniques, and procedures into the program’s security monitoring and detection tools and processes.
The potential impact of risks from cybersecurity threats on the Trust are assessed on an ongoing basis, and how such risks could materially affect the Trust’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Sponsor did not identify any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Trust, including its day-to-day operations, financial condition, and business strategies. In conjunction with Fidelity’s Enterprise Cybersecurity, the Sponsor, on behalf of the Trust, participates in regular testing of applicable incident response processes to ensure appropriate escalation, mitigation, communication and reporting processes are in place.
The Sponsor provides strategic oversight regarding cybersecurity risks and threats. The Sponsor’s Compliance and Risk Management Committee (“CRMC”) comprised of various officers of the Sponsor and the broader Fidelity organization receives and reviews periodic reports from senior executives in Fidelity’s enterprise cybersecurity organization, including Fidelity’s Chief Information Security Officer (“CISO”) and members of the CISO’s staff. These reports contain information about risks from cybersecurity threats, including the results of recent independent reviews of the cybersecurity program, summaries of recent cybersecurity threat intelligence assessments, progress on key initiatives and strategies, and updates on recent regulatory activities, including new regulations and examinations.
The CRMC is responsible for assessing and managing material risks from cybersecurity threats. In connection with the Trust’s reliance on Fidelity and its Enterprise Cybersecurity organization, the CRMC relies on the cybersecurity expertise of Fidelity's CISO and members of the CISO's staff to assist in assessing and managing the Trust’s material risks from cybersecurity threats. The CISO has over twenty years of experience in technology and information security and has served as Fidelity’s CISO since May 2021.
19
Management of the Sponsor is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Trust, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of Fidelity. The Sponsor is also made aware of material cybersecurity incidents which impact the Trust.