If you set up an ERC20 token for say XYZcompany, the person setting it up then has the private key and can send tokens at will to their private account.
Doing it jointly with others just proliferates the problem.
Is it possible to have a mechanism that requires multiple sign-offs before large or frequent payments can be made?
the ERC20 token is a smart contract, that creates this new coin. The person setting it up has control, but if they send some to their private account in a disonest way the token just loses it’s value.
You can put the tokens in the control of a smart contract, and in that you can program any set of rules for their distribution, and it will not be possible to change it afterwards.
you can assign managers or Administrators after the contract is deployed, depends on how you create the code
could also require a transaction from a multisig wallet with 3 of 5 keys to sign or something like this