Who Approved Our Bitcoin Purchase

Authorization Chain Review for Past Purchase

This memo is published by Bitcoin Treasury Analysis, an independent decision-record instrument for Bitcoin treasury governance.

The question of who approved our bitcoin purchase typically surfaces not at the moment of acquisition but during a subsequent governance event: an internal audit cycle, a compliance review triggered by regulatory inquiry, a board member’s request for treasury documentation, or a due diligence process initiated by a prospective lender or investor. At each of these points, the question requires an answer that traces the authorization chain from the decision to acquire bitcoin through the governance structure to identify which individuals or bodies held the authority to approve the transaction and whether that authority was exercised through documented means. This analysis addresses the governance conditions under which the authorization inquiry arises, the structural characteristics that distinguish adequate authorization documentation from informal approval records, and the institutional dimensions that determine how the inquiry resolves.

The analysis covers the posture of an organization facing an internal accountability inquiry regarding a prior bitcoin acquisition. It does not evaluate whether any specific authorization pathway was legally sufficient, does not prescribe documentation standards, and does not assess the appropriateness of the underlying acquisition.

---

When the Authorization Question Becomes an Institutional Event

Authorization inquiries regarding bitcoin treasury acquisitions carry a different institutional weight than similar inquiries about conventional treasury transactions. When an auditor asks who authorized the purchase of government securities or the establishment of a money market position, the answer typically resides in a treasury policy, a delegation of authority matrix, and transaction records that align with documented approval workflows. The authorization chain is embedded in the operational infrastructure that preceded the transaction.

Bitcoin acquisition often lacks this embedded authorization infrastructure. The question arrives in a context where the transaction may have been executed outside established workflows, where the delegation framework may not explicitly address digital assets, and where the documentation trail may consist of informal communications rather than governance instruments. Under these conditions, the authorization question becomes an institutional event rather than a routine audit response—it triggers a governance investigation into the decision process rather than a straightforward reference to documented approvals.

The timing of the inquiry affects its institutional significance. An authorization question raised during a routine audit cycle produces a finding that can be addressed within normal governance channels. The same question raised during litigation discovery, regulatory examination, or a shareholder derivative action produces a condition in which the answer carries legal and financial consequences for the individuals involved. In either case, the quality of the organization’s response depends on the documentation that existed at the time of acquisition, not on the governance infrastructure the organization may have established afterward.

---

Adequate Authorization Documentation and Its Components

Authorization documentation serves a governance function that extends beyond recording a decision. It establishes the scope of the authorized action, the conditions under which the authorization operates, the identity and authority of the approving body or individual, and the limitations imposed on execution. For a bitcoin treasury acquisition, adequate authorization documentation addresses each of these dimensions with specificity to the transaction type.

A board resolution represents the highest-clarity form of authorization documentation. It identifies the asset, defines the allocation parameters, specifies custody and operational requirements, delegates execution authority to named officers, and establishes reporting conditions. Investment committee minutes documenting a formal vote on a bitcoin allocation proposal serve a comparable function at the committee level. Treasury policy amendments that explicitly incorporate digital assets into the approved investment universe establish standing authorization that applies to transactions falling within the policy’s parameters.

Below these instruments, the documentation quality decreases in ways that affect the authorization inquiry response. A delegation of authority document that predates digital asset consideration provides evidence of general treasury authority but not specific bitcoin authorization. Board meeting minutes that reference a discussion of bitcoin without recording a formal vote provide evidence of awareness without evidence of approval. Email exchanges between executives discussing and agreeing to a purchase provide evidence of management intent without evidence of governance authorization. Each lower tier of documentation shifts the burden of establishing authorization from the document itself to the individuals who must interpret and contextualize it.

---

What Verbal Approvals Assume About Institutional Memory

Organizations that acquired bitcoin through verbal approval at a board meeting, executive conversation, or informal management consensus operate under an assumption about institutional memory that may not hold under scrutiny. Verbal approval assumes that the participants in the conversation will remember the terms of the approval consistently, that their recollections will align on material points, and that the absence of a written record will not be interpreted as the absence of authorization.

Institutional memory degrades predictably. Participants in a verbal approval may leave the organization, taking their recollection of the conversation with them. Those who remain may recall the discussion differently—one executive remembering approval for a specific dollar amount, another remembering approval for a percentage of treasury, a third remembering a general endorsement without specific parameters. When an authorization inquiry requires reconstruction of the approval, these divergent recollections produce a governance record that is ambiguous rather than definitive.

Verbal approval also assumes that the absence of objection constitutes affirmative authorization. In governance terms, silence and consent are not equivalent. A director who does not object to a discussion item has not necessarily voted to approve it; they may have deferred their objection, may not have understood the proposal, or may have considered the discussion preliminary rather than decisional. Under fiduciary analysis, the distinction between silence and affirmative authorization determines whether a director participated in the decision—and therefore whether the decision reflects the deliberative process the business judgment rule requires.

---

The Compliance Function’s Position in the Inquiry

Internal audit and compliance functions occupy a specific position when the authorization inquiry arises. Their mandate requires them to assess whether the bitcoin acquisition occurred within the organization’s established governance framework and to document any deviations from that framework. This mandate does not permit them to accept informal assurances that the acquisition was approved; it requires them to identify the documentation that evidences the approval and to evaluate whether that documentation satisfies the organization’s governance requirements.

When the documentation is inadequate—when no board resolution, committee approval, or policy-based authorization exists—the compliance function faces a reporting obligation. The authorization gap constitutes a control deficiency that internal audit standards require the auditor to communicate to the appropriate governance body. For organizations subject to external audit, the internal finding may escalate to an external audit finding, which in turn may appear in management letters, audit committee communications, or regulatory filings.

The compliance function’s inquiry also surfaces a temporal dimension that complicates the institutional response. The inquiry may occur months or years after the acquisition, by which time the governance context has changed. Personnel involved in the original decision may hold different roles or may have departed. The delegation framework may have been amended. The organization’s risk tolerance may have shifted. Compliance evaluates the authorization against the framework that existed at the time of the transaction, not the current framework, and this historical analysis may reveal conditions that the organization has since corrected but that remain relevant to the authorization question for the specific transaction under review.

---

Reconstruction Versus Documentation

A fundamental distinction in authorization inquiry resolution separates organizations that can produce documentation from those that must reconstruct authorization from circumstantial evidence. Documentation is contemporaneous, specific, and self-contained: a board resolution dated prior to the acquisition, authorizing the specific action, under stated terms. Reconstruction is retrospective, interpretive, and assembled: emails compiled after the fact, meeting notes that reference but do not memorialize a decision, and testimony from participants whose recollections may conflict.

Reconstruction carries inherent credibility limitations that documentation does not. The act of assembling a retrospective authorization record raises the question of whether the record reflects what actually occurred or what the organization wishes had occurred. Under adversarial review—in litigation, regulatory enforcement, or shareholder proceedings—reconstructed authorization is subject to challenge on grounds that documented authorization is not. Each piece of the reconstructed record is individually contestable, and the overall narrative depends on the assembled pieces holding together under cross-examination or regulatory scrutiny.

For organizations in the authorization inquiry posture, the quality of the response available to them was determined at the time of acquisition, not at the time of inquiry. An organization that documented the authorization when it occurred can produce that documentation in response to any inquiry at any future point. An organization that did not document the authorization is permanently in a reconstruction posture for that transaction, regardless of what governance infrastructure it may establish afterward.

This permanence distinguishes the authorization documentation question from other governance deficiencies that can be remediated prospectively. A missing treasury policy can be adopted. A missing risk assessment can be conducted. A missing custody governance framework can be established. Each of these instruments, once created, serves its governance function going forward. Authorization documentation for a specific transaction, however, is inherently tied to the moment of the transaction. A board resolution adopted after the acquisition can ratify the prior action, but it cannot transform itself into contemporaneous authorization—the temporal gap between the transaction and the resolution remains visible in any governance review, and the resolution’s governance weight depends on the reviewing party’s assessment of that gap.

---

Determination

The governance posture documented in this memorandum reflects a condition in which an organization faces an internal or external inquiry into the authorization chain for a prior bitcoin treasury acquisition. The question of who approved our bitcoin purchase requires an answer grounded in contemporaneous documentation, and the adequacy of that answer depends on the authorization instruments that existed at the time of the transaction.

Where adequate documentation exists—board resolutions, committee approvals, or policy-based authorizations that specifically address the bitcoin acquisition—the inquiry resolves through reference to a formal governance record. Where documentation is absent or informal, the inquiry requires reconstruction from circumstantial evidence, a process that is inherently less reliable, more subject to conflicting interpretation, and more vulnerable to adverse characterization under fiduciary, regulatory, or litigation review. The distinction between documented and reconstructed authorization is permanent for any given transaction and cannot be remediated by governance infrastructure established after the acquisition occurred.

---

Scope Limitations

This memorandum assumes a governance structure in which material treasury decisions are subject to formal authorization requirements, in which internal audit or compliance functions hold a mandate to evaluate transaction authorization, and in which the organization’s governance framework distinguishes between formal authorization instruments and informal approval. Organizations without internal audit functions, without formal authorization requirements for treasury transactions, or operating under governance frameworks that do not require documented board or committee approval for investment decisions face different conditions. The record does not constitute legal advice, does not prescribe authorization documentation standards, does not evaluate the legal sufficiency of any specific authorization instrument, and does not assess the appropriateness of any particular bitcoin acquisition. The documented conditions reflect the posture when this record was produced.

---

Framework References

Bitcoin Treasury Ongoing Monitoring Program

Interim CFO Finds Bitcoin on Books

Why Does Our Company Hold Bitcoin?

Relevant Scenario Contexts

Ecommerce — Considering (1M) →

Manufacturing — Holding (25M) →

Venture Backed Saas — Considering (10M) →

← Return to Bitcoin Treasury Analysis

Explore Related Scenario Contexts →