Crypto Evolution Consent Order Regulatory Renaissance

FTI Consulting was engaged by a financial services client to assist with remediating and enhancing their Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program following a consent order issued by the Office of the Comptroller of the Currency (“OCC”). Through seven workstreams, our experts helped the bank mature from a start-up to a more established institution after being regulated as the first of its kind in the crypto-native industry.

Our Role

• TRM Labs Model Validation: FTI Consulting performed an independent model validation of the bank’s automated transaction monitoring system, TRM Labs, using OCC Risk Management. A final model validation assessment report with our methodology, observations and recommendations was provided to the client based on our testing and an evaluation of conceptual soundness, ongoing monitoring and outcomes analysis.
• Third-Party Risk Management Program Advisory: FTI Consulting assisted the bank with its TPRM program by conducting a current state assessment and using the results to drive the enhancement of the program design through onboarding procedures, vendor selection, subject-matter expert support, report designs for onboarding backlog, governance, inventory management, active management procedure and initial integration support.
• Customer Risk Rating: FTI Consulting was brought in to perform a two-phase engagement, first to conduct a current state analysis of the AML CRR tool, and then to enhance it. The assessment involved interviews with key stakeholders, understanding the business and risks, and a review of policies and procedures to ensure compliance with regulatory guidance. FTI Consulting provided the bank with an updated AML CRR tool with increased functionality, which incorporated the team’s recommendations relating to risk factors. Furthermore, FTI Consulting provided updated and enhanced procedure, methodology and audit log documentation.
• Cybersecurity Program Assessment: FTI Consulting performed an independent assessment of the bank’s cybersecurity program (to include its security architecture, policies and procedures), using industry best practices and frameworks. A final assessment report with our approach, quantitative and qualitative findings and recommendations was provided to the client based on the information and documentation received, as well as the interviews performed. FTI Consulting also assessed the bank’s dark web and digital footprint exposure to provide actionable feedback on potential areas of vulnerability.
• KYC Uplift: FTI Consulting’s team was engaged to assist the bank in enhancing its Know Your Customer (“KYC”) processes for more than 400 high- and medium-risk customers. This involved updating policies and procedures, utilizing an advanced AML CRR tool, collecting missing information and verifying Customer Identification Program (“CIP”), Customer Due Diligence (“CDD”) and Enhanced Due Diligence (“EDD”) documentation.
• Compliance Testing Resource Support: FTI Consulting supported the bank by conducting second line of defense control testing for the bank’s IT security controls (incident management, cyber, threat, access, asset and configuration management, resiliency, endpoint security, Hardware Security Modules [“HSM”] operations, etc.). FTI Consulting produced workpapers evidencing the fieldwork, as well as summary reports outlining the results, issues identified and remediation activities recommended.