FTI Consulting was engaged by a financial services client to assist with remediating and enhancing their Bank Secrecy Act/Anti-Money Laundering (BSA/AML) program following a consent order issued by the Office of the Comptroller of the Currency (OCC). Through seven workstreams, our experts helped the bank mature from a start-up to a more established institution after being regulated as the first of its kind in the crypto-native industry.

Our Impact
Strengthened Compliance Framework:
FTI Consulting enhanced the bank’s compliance framework by bolstering its automated transaction monitoring system, improving its third-party risk management (TPRM) program, and upgrading its AML customer risk rating (CRR) tool and documentation.

Improved Cybersecurity Measures:
We conducted a thorough assessment of the bank’s cybersecurity program, providing actionable recommendations to enhance security measures, ultimately reducing the risk of cyber threats and potential data breaches.

Client Remediation and Regulatory Compliance:
FTI Consulting assisted the bank in remediating alleged shortcomings in its BSA/AML program, ensuring compliance with regulatory requirements.

Advertisement

Enhanced Operational Efficiency:
Through our expertise and support, the bank experienced enhanced operational efficiency across various areas, likely resulting in future cost savings and improved risk management.

Our Role
TRM Labs Model Validation:
FTI Consulting performed an independent model validation of the bank’s automated transaction monitoring system, TRM Labs, using OCC Risk Management. We provided a final model validation assessment report with our methodology, observations, and recommendations based on our testing and evaluation of conceptual soundness, ongoing monitoring, and outcomes analysis.

Third-Party Risk Management Program Advisory:
We assisted the bank with its TPRM program by conducting a current state assessment and using the results to enhance the program design. This included onboarding procedures, vendor selection, subject-matter expert support, report designs for onboarding backlog, governance, inventory management, active management procedures, and initial integration support.

Customer Risk Rating:
FTI Consulting performed a two-phase engagement to first conduct a current state analysis of the AML CRR tool and then enhance it. The assessment involved interviews with key stakeholders, understanding the business and risks, and a review of policies and procedures to ensure compliance with regulatory guidance. We provided an updated AML CRR tool with increased functionality, incorporating our recommendations relating to risk factors. Additionally, we provided updated and enhanced procedures, methodology, and audit log documentation.

Cybersecurity Program Assessment:
We conducted an independent assessment of the bank’s cybersecurity program, including its security architecture, policies, and procedures, using industry best practices and frameworks. We provided a final assessment report with our approach, quantitative and qualitative findings, and recommendations based on the information and documentation received and interviews performed. We also assessed the bank’s dark web and digital footprint exposure to provide actionable feedback on potential areas of vulnerability.

Advertisement

KYC Uplift:
FTI Consulting’s team was engaged to assist the bank in enhancing its Know Your Customer (KYC) processes for more than 400 high- and medium-risk customers. This involved updating policies and procedures, utilizing an advanced AML CRR tool, collecting missing information, and verifying Customer Identification Program (CIP), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD) documentation.

Compliance Testing Resource Support:
We supported the bank by conducting second line of defense control testing for its IT security controls, including incident management, cyber threat, access, asset and configuration management, resiliency, endpoint security, and Hardware Security Modules (HSM) operations. We produced workpapers evidencing the fieldwork, as well as summary reports outlining the results, issues identified, and recommended remediation activities.

Source: ftinconsulting.com

The post Crypto Evolution: From Consent Order to Regulatory Renaissance appeared first on HIPTHER Alerts.

Advertisement