Streamlining Treasury Management with Dashboards

Treasury-as-a-Service dashboards take the chaos out of the month-end Bitcoin rush. By integrating fair-value marks, audit evidence, and wallet policy controls into a single, reliable stream, CFOs can finally breathe a little easier. Here’s a practical setup that combines Taproot/Miniscript, PSBTv2, and zero-knowledge attestations with ASC 820 close, SOX-ready controls, and procurement checklists as of January-February 2026.

Treasury-as-a-Service: Developing Dashboards for Corporate Bitcoin Holdings

the technical headache you’re living with

Your controller is asking for ASC 820 Level 1 fair value by 4:00 p.m. ET. At the same time, your auditors need solid proof that you’re in control of each UTXO. Your treasurer is looking for fee certainty, especially with mempool spikes on the horizon. And let’s not forget about procurement; they won’t approve custody unless you’ve got FIPS 140-3 and a roadmap for post-quantum cryptography (PQC) sorted out.

On top of all that, ASU 2023-08 is now in effect for calendar years kicking off January 1, 2025. So, you'll have to deal with rollforwards and significant holdings footnotes each quarter. Check it out for more details: (dart.deloitte.com).

On top of that, Bitcoin Core 28.0 has made some big updates to hardened package relay and policy rules. This means fees can spike anywhere from 10 to 50 times within just a few hours, especially with all the recent inscriptions and Runes activity. Plus, auditors are now required to assess the reliability of external electronic evidence, like explorers and API feeds, due to changes in PCAOB AS 1105 (.10A). If you're still relying on screenshots and CSV exports for your close, you might be setting yourself up for a delay in your 10-K. Check out the details over at (bitcoin.org).

what’s at risk if you “make do”

Missed filing deadlines and review notes: ASU 2023-08 is shaking things up by requiring interim and annual disclosures for major crypto assets. You’ll need to include details like the name, units, cost basis, and fair value; an annual rollforward; and a little insight on any contractual sale restrictions. Just a heads-up: relying on manual workpapers can lead to some control exceptions. Check it out here: (dart.deloitte.com)
P&L volatility with no narrative: When it comes to recording fair value through net income, those Bitcoin price swings can really shake up your earnings. If your dashboard isn’t able to align with a principal-market benchmark (like the CME CF BRRNY at 4:00 p.m. ET), you might find yourself spending hours explaining those variances to the audit committee. Get the details here: (cmegroup.com)
Stuck transactions at quarter-end: The recent waves of Ordinals and Runes have pushed transaction fees to crazy levels. Without handling options like RBF/CPFP/child-with-parent packages, your payment operations could hit a wall, and confirmations might miss the deadline. More info here: (investopedia.com)
Sanctions risk: If your wallet flows are hitting mixers (like Sinbad) or any other SDNs, you’re running the risk of OFAC exposure. Auditors are now expecting you to have programmatic screening and solid evidence of your controls in place. Learn more here: (home.treasury.gov)
Vendor lock or crypto theater: When it comes to "proofs," if they don’t cover liabilities or demonstrate cryptographic ownership, they won’t pass the modern due diligence test. If your attestation can’t be independently verified, be prepared for some serious pushback. Check this out: (blog.kraken.com)

7Block Labs’ methodology for a CFO-grade Bitcoin treasury dashboard

We provide a production system that wraps up close to T+0, meets the ASU 2023-08 requirements, and checks all the boxes for PCAOB evidence expectations. Plus, it helps keep operations running smoothly even when fee spikes hit.

1) Wallet policy and transaction layer (secure control first)

We’ve settled on using Taproot, Miniscript descriptors, and PSBTv2 together with hardware-sealed keys. Plus, we’ve got audit-friendly proofs of control in place.

Taproot + BIP86 derivation lets you handle single-key P2TR outputs, plus you can set up policy trees using Miniscript for recoverability. This means you can create setups like a 3-of-5 scheme with a 90-day timelocked 2-of-3 recovery option. The best part? You get nice, tidy on-chain footprints that make it easy to analyze spend paths. (bips.dev)
With Miniscript support across different toolchains (C++, Rust, JS) and modern wallets like Jade and Liana, analyzing transactions and ensuring device compatibility gets a whole lot easier! (github.com)
We're also rolling with PSBTv2 (BIP-370) for smooth multi-party signing and adding inputs or outputs after the fact. Plus, BIP-372 makes pay-to-contract tweaks easy when necessary. This setup helps you avoid those frustrating “dead-end” unsigned transactions and cuts down on the back-and-forth during approvals. (bips.dev)
Here are some cool features from Bitcoin Core 28.0 that we’re integrating:
- Package relay with TRUC parents to ensure CPFP/RBF reliability, even when things get congested.
- Descriptor wallet RPCs (like createwalletdescriptor and listdescriptors) for a wallet state that you can easily export and count on.
- A block filter index for speedy rescans when you’re bringing in historical descriptors. (bitcoin.org)
When it comes to cryptographic ownership proofs, we’ve got BIP-322 message signing (including with Taproot) so you can control your addresses and UTXOs. Plus, there are optional “proof of funds” signatures that auditors will appreciate. (bips.xyz)
On the key custody front, we’re using FIPS 140-3-validated HSMs or MPC with policy engines. This aligns with the scheduled 2026 sunset for many 140-2 certificates. We’ve compiled evaluation documents and certificate records to make procurement a breeze. (data-protection-updates.gemalto.com)

Where it fits: Our security audit services strengthen the policy tree and device ceremonies. Meanwhile, our blockchain integration crew sets up PSBTv2 flows and HSM/MPC hooks. Plus, our web3 development services enhance the operator experience.

2) Market data and pricing (ASC 820 Level 1 done right)

Principal market benchmark: We use the CME CF Bitcoin Reference Rate -- New York Variant (BRRNY) to mark BTC at 4:00 p.m. ET. This is in line with major spot ETFs like BlackRock's IBIT. It ensures that we have Level 1 fair value alignment and keeps our audit trails nice and tidy. (cfbenchmarks.com)
Intraday: For real-time monitoring, we rely on the BRTI index. Our Treasury dashboards help visualize how real-time data compares to closing values, giving us a clearer picture of earnings volatility before the market opens. (cmegroup.com)
Data lineage: We keep a record of the fix, which includes the timestamp, source endpoint, and the exchanges involved, all according to CF Benchmarks' methodology. These details are stored with hash-stamped artifacts to meet PCAOB AS 1105's “external information in electronic form” reliability requirements. (cfbenchmarks.com)

3) Blockchain data ingestion and reconciliation (auditable, redundant)

We’ve got two Bitcoin Core 28.0 full nodes running (one main and a hot standby), and they’re connected to ZMQ streams that keep a reliable UTXO ledger. When needed, we have pruned replicas for disaster recovery. Currently, we’re assuming the blockchain size is around ~718 GB, with the UTXO set being about ~10.7 GiB. These estimates are all factored into our infrastructure’s total cost of ownership. (ycharts.com)
For our analytics, we set up mirrors that handle both time-series data and on-the-fly queries. We pull in BigQuery’s public blockchain datasets and/or take advantage of ETL frameworks like bitcoin-etl, complete with schema versioning. This setup allows auditors to trace connections between your addresses and the chain activity easily. (cloud.google.com)
When it comes to fee and mempool monitoring, we tap into mempool APIs with clear service-level objectives (like mempool.space or Bitcoiner.live). This helps us determine RBF thresholds and manage coin control better. Plus, we keep track of the estimator and parameters used for each spend (like target blocks and confidence) to ensure we have solid documentation for SOX compliance. (monitoring.mempool.space)

4) Accounting: ASU 2023-08 playbook baked in

The dashboard comes with "crypto assets" subledger fields that are already set up to work with your ERP (like SAP S/4HANA or Oracle NetSuite) and can easily export schedules that are ready for disclosure:

Interim and annual “significant holdings” table: You’ll find details like the name, units, cost basis, and fair value for each asset. There’s also a line for aggregated immaterial holdings and info on contractual sale restrictions. (dart.deloitte.com)
Annual rollforward: This covers the opening balance, any additions or disposals (with realized gains and losses), remeasurement gains or losses that hit net income, and a disclosure about the cost-basis method used. (dart.deloitte.com)
Journal automation: The BRRNY close automatically drives fair value remeasurements into the right income statement line, while realized gains are tagged based on the cost-basis method, like specific ID. (dart.deloitte.com)

Where it fits: Our blockchain development services crew handles the subledger implementation; our blockchain integration team links up SAP/NetSuite; and our asset management platform development snugly packages everything into the dashboard UX with seamless automation.

5) Compliance and audit evidence (designed for PCAOB scrutiny)

OFAC screening: We’ve got our inbound and outbound wallet screening all set up through API integrations (think TRM Wallet Screening or Chainalysis oracles for those smart-contract checks on EVM rails). Our evidence packets include the SDN list version, a timestamp, and the risk rationale for easy reference. Check it out here.
PCAOB AS 1105 updates: We keep track of our source systems, make sure reconciliations between external electronic data and internal ledgers are spot on, and we’ve got control testing hooks that line up with paragraph .10A to make life easier for auditors. More details can be found here.
FinCEN awareness: We’re on the ball when it comes to flagging counterparties tied to mixing exposure based on FinCEN’s NPRM context and OFAC designations. This helps our sanctions and AML teams keep everything under control. You can read more about it here.

6) ZK and on-chain attestations (optional, IR-ready transparency)

Merkle-based proof-of-holdings: Think of this like the exchange PoR, but tailored for corporate treasuries. Your dashboard can publish a Merkle root of the controlled UTXOs, making it easy for auditors or counterparties to verify inclusion without actually seeing any addresses. Plus, you can use ZK extensions (like zk-SNARK overlays) to keep sensitive balances hidden at the leaf level. Check it out on Kraken.
Proof-of-SQL for price/position queries: When sensitive holdings are involved, we can harness off-chain analytics while still ensuring query accuracy. With Space and Time’s Proof of SQL plugged into BigQuery pipelines, we can ZK-prove everything’s on the up and up. Dive into it on Google Cloud.

Where it fits

Our cross-chain solutions development team connects Solidity-based attestations--like an on-chain registry for your daily Merkle roots--to your investor relations or counterparty portals. And if you're looking for on-chain settlement or hedges, our smart contract development crew has got you covered with top-notch Solidity interfaces.

A) Quarter-close evidence packet (T+0)

3:59:55 p.m. ET: Quick look at wallet balances and the current state of the mempool (including fee targets and any backlog).
4:00:00-4:05 p.m.: Grab the BRRNY close; lock in the “principal market” fair value and sort out the remeasurement entries. (cfbenchmarks.com)
Ownership proofs: We'll be using BIP-322 message signatures for each descriptor fingerprint involved in our disclosures, plus PSBTv2 “proof-of-funds” style signatures for the UTXOs we sampled. (bips.dev)
Export: Get ready to pull together the interim footnote schedule (for our significant holdings), ERP journal entries, and a PCAOB AS 1105 evidence index (which includes source endpoints, hashes, and timestamps). (dart.deloitte.com)

B) Fee control under congestion

Policy: Try to consolidate dust during those low-fee windows. When fees spike, go for Replace-By-Fee (RBF) with a pre-approved max sat/vB. And don’t forget to enable Child Pays for Parent (CPFP) with package relay when parent transactions drop below the threshold. (bitcoin.org)
Estimation: Use a reliable fee API, like Bitcoiner.live, targeting an 80-90% confidence level for your estimates. Make sure to log both the recommended and actual mined fee rates for a thorough review later. (bitcoiner.live)
Result: This approach helps steer clear of any quarter-end slowdowns that can be triggered by bursts from Ordinals or Runes, especially after major events like the April 19, 2024 halving. (investopedia.com)

C) Sanctions and counterparty hygiene

We do some inbound address checks before we accept any receivables. Plus, we also have a last-minute outbound screening right before the signing happens. And don’t worry, we keep an audit trail that tracks list versions and provides evidence. Check it out here: (ofac.treasury.gov)
If a UTXO gets too close to any sanctioned mixers (like Sinbad) or other high-risk services, we’ve got automatic escalations in place. You can read more about that here: (home.treasury.gov)

D) PQC roadmap for key ceremonies (procurement win)

HSMs: Make sure you get FIPS 140-3 Level 3 validation. It's important to keep track of your certificate numbers and firmware baselines. You can read more about it here.
Crypto agility: When you're encrypting backups or shards, consider using post-quantum cryptography (PQC) primitives like ML‑KEM, ML‑DSA, and SLH‑DSA as they get standardized (think FIPS 203/204/205). It’s also a good idea to maintain a register of the algorithms you’re using for each system. Check out the details here.

Best emerging practices (Jan 2026)

Use Miniscript for treasury recoverability: Set up inactivity timelocks and tiered approvals right in your spend policy; make sure to check those policy properties off-chain before you roll them out. (github.com)
Descriptor-first operations: Always link your wallets to output script descriptors like tr() or wsh(). It's time to move away from those xpub-only setups that don't offer any policy traceability. (casey.github.io)
Prove control with BIP‑322 instead of using random message signing; this way, auditors can easily validate Taproot addresses without being tied down by legacy rules. (bips.xyz)
Align marks to BRRNY and keep a clear record of the methodology; this helps sidestep debates on ASC 820 classifications and syncs up with the practices that ETF investors are already accustomed to. (cmegroup.com)
Treat mempool telemetry as a control input: If the recommended fees start straying from the mined medians, it's time to put that under review. Bitcoin Core’s package relay offers a safer path for CPFP--definitely take advantage of it. (bitcoin.org)
Encode auditability: Each pricing pull, fee quote, wallet signature, and screening decision should generate a solid, hash-stamped record. PCAOB's .10A focus makes this absolutely essential. (pcaobus.org)

Who this is for -- and the keywords your teams already use

Corporate Treasury and Assistant Treasurers are all about that “ASC 820 Level 1 close,” “BRRNY alignment,” “fee policy with RBF/CPFP,” and gearing up for “package relay readiness.” (cmegroup.com)
Controllers and CAOs are juggling “ASU 2023-08 rollforward,” keeping an eye on “significant holdings by fair value,” and handling those “modified retrospective adoption entries.” (dart.deloitte.com)
Procurement and InfoSec are making sure everything aligns with “FIPS 140-3 Level 3 HSM,” looking for “BIP-322 ownership proofs,” pushing for “PSBTv2 compatibility,” and mapping out a “PQC roadmap (FIPS 203/204/205).” (data-protection-updates.gemalto.com)
External Auditors and Audit Committees want to see some solid “PCAOB AS 1105 .10A evidence,” are curious about “external electronic data reliability,” and are checking on “observable market close consistency.” (pcaobus.org)

How we implement -- 7Block Labs delivery motions

Design + Build: We’re diving into policy design using Miniscript, working with Taproot descriptors, orchestrating PSBTv2, setting up BRRNY price pipelines, and handling ERP subledger and postings. Check out our custom blockchain development services for more details!
Controls + Audit: We cover everything from BIP‑322 proofs and sanctions screening to evidence packaging according to PCAOB .10A, key ceremonies, and HSM baselines. If you’re interested, take a look at our security audit services.
Integration: Our integration services include nodes, ZMQ, mempool feeds, BigQuery ETL, SAP/NetSuite connectors, SSO, and managing secrets governance. Curious about what we can do? Check out our blockchain integration.
Optional: We also offer on-chain attestations and ZK verifiability, perfect for investor relations or meeting counterparty SLAs. Explore our cross-chain solutions development if this sounds like what you need!

GTM metrics from recent treasury programs

Close compression: We’ve trimmed down the median BTC fair-value closing time from T+2 to T+0. Plus, the 95th percentile variance against BRRNY is now under 2 bps, thanks to complete data lineage.
Audit readiness: We got a thumbs up on the first-pass acceptance of ASU 2023-08 disclosures in our Q1 filings. And guess what? There were zero auditor re-performance findings for the BIP-322 control-of-address tests.
Ops reliability: We’re rocking a 99.98% uptime for ingestion across our dual nodes and BigQuery. There were no hiccups in quarter-end confirmations during three congestion events post-halving, all thanks to our package-relay-enabled CPFP.
Cost control: Our average fee per transaction during peak times is now 34-52% lower, thanks to our adaptive estimators and coin-control playbooks. Plus, we’re seeing less than 5 bps slippage during rebalancing windows.
Procurement velocity: We’ve sped up our award decisions by 4-6 weeks by pre-bundling FIPS 140-3 materials and rolling out our PQC adoption plans.

Source: Data from 7Block Labs’ aggregated client programs (2025-2026). Keep in mind, results can differ based on environment, custody model, and reporting calendar.

Brief, in-depth details: what’s under the hood

Descriptor schema: tr(sortedmulti_a(3,[xpub…],[xpub…],[xpub…]),older(777600)) for a 3-of-5 setup featuring a 9-day emergency path. This was all put together using rust-miniscript and got a solid round of unit testing before we rolled it out. Check it out on GitHub.
Evidence artifacts:
- Pricing: We’ve got the BRRNY JSON payload, a snapshot of the constituent list, and the digest, all lined up with ETF benchmark conventions. More details here: CF Benchmarks.
- Ownership: Check out the BIP-322 signatures (both full and simple) according to the descriptor fingerprint. We’ve also archived the to_spend/to_sign payloads. More info on BIPs.
- Sanctions: We’ve kept the OFAC guidance brochure version along with proofs from API responses; all SDN changes are logged by job run. Find out more at OFAC.
Fee safety:
- We saved the estimator-of-record with a confidence target of 80/90% right in the transaction metadata. Plus, the mined feerate has been back-tested, and our coin control is designed to dodge any toxic change. Learn more at Bitcoiner Live.
- Package submission (parent+child) is handled through Core 28.0 for any under-floor parents; RBF thresholds have been given the green light in policy. More on that here: Bitcoin.org.
PQC posture: We encrypt backups and key ceremony transcripts using ML-KEM and sign our operational artifacts with ML-DSA or SLH-DSA as those libraries get FIPS-validated in your stack. For the latest updates, check NIST.

What you get on day one

A CFO dashboard featuring:
- “Fair value at close (BRRNY)” and “delta vs intraday” tiles. You can check it out here.
- “ASC 820 Level 1 classification” status and “ASU 2023‑08 significant holdings” tables. Dive into the details here.
- “Mempool pressure” and “Recommended fee/RBF headroom” widgets, which you can explore here.
- “Sanctions screening status” complete with the latest SDN sync timestamps. All the info is available here.
A controller’s export that includes:
- Journal entries, rollforward, and footnote disclosures formatted for your ERP.
An auditor’s packet featuring:
- An immutable evidence index showcasing cryptographic hashes, sources, and signatures, all lined up with PCAOB AS 1105 .10A. You can read more about it here.

Ready to move fast without breaking controls?

If you're the corporate treasurer for a U.S.-listed company that's rolling out ASU 2023‑08 on January 1, 2025, and you're still managing BTC rollforwards in Excel, let’s set up a quick 30-minute working session. We can brainstorm your BRRNY valuation pipeline together, connect the dots for BIP‑322 proofs with your “significant holdings,” and get you a PSBTv2 + descriptor wallet sandbox that's hooked up to your ERP--all within 10 business days.

Kick things off with our custom blockchain development services. If you’ve already got custody sorted and just need the integrations, feel free to dive right into blockchain integration.