Skip to main content

Risk and compliance

This is where most crypto-creator projects either choose to be honest about their regulatory posture or gamble that nothing happens. We choose the former. Below is the actual risk surface for BitView and the design choices that minimize each risk.

Not legal advice. This is product-strategy framing. Final positions are reviewed by qualified counsel in each launch jurisdiction before production rollout, and revised as case law evolves.

Securities risk (US)

The exposure. A token whose value primarily derives from the efforts of a centralized issuer, where buyers expect profit, looks like a security under the Howey test (US v. Howey Co., 328 U.S. 293).

BTV native token posture.

  • Utility-coded, not investment-coded. BTV is positioned as: an anti-sybil stake, a fee-discount mechanism, a sponsorship-marketplace currency, and (in Phase 5+) a governance vote. It does not promise revenue distribution.
  • No revenue share. Holders do not receive any share of BitView's revenue. This is the single most important securities-distance choice.
  • No promised price appreciation. Marketing language never implies BTV's price will rise. We never use phrases like "investment", "yield" (except for explicit liquidity-provider yield, which is a fee not an emission), or "passive income" except for streamer creator royalties (which are royalty-coded, not security-coded).
  • Public emission schedule. The 1B supply curve is fixed at launch. No surprise dilution.
  • Decentralization runway. Governance moves to BTV holders by Phase 5. Reduces "common enterprise" / "efforts of others" exposure over time.

Streamer tokens posture.

  • The streamer is the issuer, not BitView. BitView provides infrastructure.
  • We default-deny streamer tokens that look like investment vehicles (anything pitching "buy now while it's cheap", price-prediction, etc.).
  • We require streamer tokens to have clear non-investment utility (token-gated access, raffles, perks) before listing on the swap router and the discovery page.
  • US streamers above a TBD revenue threshold get an automated compliance prompt to consider Reg D / Reg CF posture for any structured pre-sale of their token (we don't run pre-sales; this is just about awareness).

Money transmitter risk

The exposure. Custodying user funds, settling fiat, or operating an exchange between fiat and crypto in the US triggers state-by-state money transmitter licensing (MTLs). FinCEN federal registration is a separate matter.

BitView posture.

  • We do not custody user crypto. Streamers self-custody their funding wallet. Viewers self-custody their claim wallet. The merkle distributor is on-chain, non-custodial.
  • We do not handle fiat as part of the value flow. The only fiat we touch is Stripe-billed Pro/Plus subscription fees, which is a normal SaaS posture (no MTL needed).
  • The swap router is non-custodial — every swap is signed by the user's wallet, atomically routed, and the user's wallet receives the output. We never hold user funds in transit.

Operational consequence. We do not need state MTLs to operate the core product. We will need MTLs (or partnerships with a licensed entity) if we ever introduce on-platform fiat off-ramps; we don't plan to in Phase 1–4.

Sanctions / OFAC

The exposure. US persons must not transact with sanctioned addresses. Operating a discovery/listing platform that enables sanctioned addresses to claim or swap is risky.

BitView posture.

  • Wallet screening on link. Every wallet that links a Twitch identity is screened against the OFAC sanctions list at link time and on a rolling basis. Hits are denied accrual / claim / swap on the BitView router. The on-chain merkle program is permissionless, but our frontend and backend refuse to facilitate.
  • IP-based geo-blocks for sanctioned jurisdictions on the frontend.
  • Travel rule compliance is not triggered because we don't perform custodial transmission.

KYC / AML

The exposure. AML rules apply when we onboard customers in a financial-services capacity. Streamer subscriptions are SaaS, not financial services.

Tiered posture.

  • Free + Pro tier streamers and viewers — no KYC. Wallet linking uses Twitch OAuth + ed25519 signature; OFAC screening is the bar.
  • Plus tier streamers — light KYC at sign-up because they receive brand sponsorship payouts. Standard KYB-lite (legal name, country, ID document) handled via a third-party provider (Sumsub or Persona).
  • Brand sponsors — full KYB at marketplace onboarding. They are paying funds into BitView escrow.

EU / UK / MiCA

The exposure. Markets in Crypto-Assets Regulation (MiCA) is in force across the EU. UK has its own regime evolving from the FCA's financial-promotions rules.

BitView posture.

  • BTV launches with a white paper meeting MiCA Annex I information requirements (issuer info, token characteristics, technology, risks).
  • No EEA marketing of BTV as an investment. Marketing language is consistent across jurisdictions: utility framing, no profit representations.
  • UK financial-promotions rules — token-related communications in the UK are gated to qualifying audiences or carry the required risk warnings.

Streamer behavior risk

The exposure. A streamer rugpulls their own token, harassment occurs on a stream rewarded by us, a streamer launches a token to sponsor an illegal activity.

Mitigations.

  • Content policy. Streamers agree to a content policy at sign-up. Violations = removal from listings + delisting from the swap router.
  • Vesting locks. Streamer reserves vest 2 years; they can't dump immediately. Reduces fast rugpull risk.
  • Per-launch review. Identity-tier launches above a TBD threshold go through a manual review (token name, image, description) before the discovery page lists them. Automated heuristic + human-in-the-loop.
  • Public on-chain history. Every distribution is auditable. Fraud patterns are visible to the community.

Smart contract risk

The exposure. A bug in the merkle distributor program could let attackers drain vaults or mint claims that don't exist.

Mitigations.

  • Audited base. We use the Jito/Jupiter merkle distributor unchanged. Two audits (Neodyme, OtterSec) — reports in distributor/audit/.
  • Bug bounty program. Up to $100K for critical findings, paid in USDC out of the BitView treasury allocation.
  • Conservative upgrade policy. Program upgrades require a 7-day timelock + multi-sig (3-of-5 of trusted signers including external).
  • Insurance. TBD — we evaluate Solana-native cover from Neptune Mutual / Sherlock once TVL exceeds $5M.

Operational risk

RiskMitigation
MongoDB outageHot-standby in second region. Backups every 4h. RPO 4h, RTO 30m.
Solana RPC outageMulti-provider failover (Helius primary, Triton secondary, Quicknode tertiary).
Twitch API rate limitCache + backoff. Helix-only OAuth verifies are <1 RPS at our scale.
Backend single-binary outageActive-passive deployment. Rolling restart.
Key compromise (BitView treasury)Treasury wallet is multi-sig (3-of-5). Hot wallet for daily ops is a separate, low-balance wallet refilled weekly.

Reputation risk

The exposure. A high-profile streamer rugpull, a viewer-facing exploit, or association with controversial creators damages BitView trust faster than we can fix.

Mitigations.

  • Incident response playbook. Public post-mortem within 72h of any user-impacting event. We don't hide.
  • Streamer onboarding gate for high-impact accounts (>10K avg viewers): manual review of public history before Identity-tier approval.
  • Communications discipline. No exaggerated claims, no influencer paid-promo of BTV, no "buy now" framing.
  • Dispute resolution. A simple in-product flow to flag suspicious distributions or wallets, with SLA-bound human review.

What we publish

In production, this site (the checkpoint) hosts:

  • BTV white paper and emission schedule.
  • Audit reports for the distributor program and (when applicable) BitView custom contracts.
  • Quarterly transparency report — treasury balances, fee revenue, BTV emission progress, sanctions-screen hits (anonymized counts).
  • Bug bounty program details + responsible disclosure policy.
  • Terms of service, privacy policy, content policy.

These are linked from the site footer once the documents reach final form.