SITUATION
FTI Consulting was engaged by a financial services client to assist with remediating and enhancing their BSA/AML program following a Consent Order issued by the OCC, and through seven workstreams, helped the bank mature from a startup to a more established institution after being regulated as the first of its kind in the crypto-native industry.
OUR ROLE
- TRM Labs Model Validation – FTI Consulting performed an independent model validation of the Bank’s automated transaction monitoring system, TRM Labs (Digital Asset Compliance and Risk Management system), using OCC Management Risk Management standards. A final model validation assessment report with our methodology, observations, and recommendations were provided to the client based on our testing and an evaluation of conceptual soundness, ongoing monitoring, and outcomes analysis.
- Third-Party Risk Management Program Advisory – FTI Consulting assisted the Bank with their TPRM Program first by conducting a current state assessment and then used that to drive enhancing the TPRM Program design through onboarding procedures, vendor selection SME support, report designs for onboarding backlog, governance, inventory management, and active management procedure, and initial integration support.
- Customer Risk Rating – FTI Consulting was brought in to perform a two-phase engagement, first to conduct a current state analysis of the AML Customer Risk Rating Tool (AML CRR Tool) and then to enhance the AML CRR Tool. The assessment involved interviews with key stakeholders, understanding the business and risks, and review of policies and procedures ensure compliance with regulatory guidance. FTI Consulting provided the Bank with an updated AML CRR Tool with increased functionality, which incorporated the team’s recommendations relating to risk factors. Furthermore, FTI Consulting provided updated and enhanced procedure, methodology, and audit log documentation.
- Cybersecurity Program Assessment – FTI Consulting performed an independent assessment of the Bank’s cybersecurity program (to include its security architecture, policies, and procedures), using industry best practices and frameworks. A final assessment report with our approach, quantitative and qualitative findings, and recommendations was provided to the client based on the information/documentation received and the interviews performed. FTI Consulting also assessed Anchorage’s dark web and digital footprint exposure to provide actionable feedback on potential areas of vulnerability.
- KYC Uplift – FTI Consulting’s 8-member team was deployed to assist the Bank with helping KYC uplift of over 400+ of the Bank’s high- and medium- risk customers per enhanced and updated policies, procedures, Customer Risk Rating tool, collecting missing information, and verifying CIP, CDD, and EDD documentation.
- Compliance Testing Resource Support – FTI Consulting assisted the Bank by conducting various incident management fieldwork (cyber, threat, access, asset and configuration, resiliency, endpoint security, HSM operations, etc.) and produced reports and documentation on completed fieldwork.
OUR IMPACT
- Strengthened Compliance Framework: FTI Consulting enhanced the Bank’s compliance framework by strengthening their automated transaction monitoring system, improving their Third-Party Risk Management Program, and enhancing their Anti-Money Laundering (AML) Customer Risk Rating Tool and documentation.
- Improved Cybersecurity Measures: FTI Consulting conducted a thorough assessment of the Bank’s cybersecurity program, providing actionable recommendations to enhance security measures, ultimately reducing the risk of cyber threats and potential data breaches.
- Client Remediation and Regulatory Compliance: FTI Consulting assisted the Bank in remediating alleged shortcomings in their BSA/AML program, ensuring compliance with regulatory requirements, thereby potentially avoiding penalties and reputational damage.
- Enhanced Operational Efficiency: Through FTI Consulting’s expertise and support, the Bank experienced enhanced operational efficiency across various areas, including transaction monitoring, third-party risk management, AML compliance, and cybersecurity, likely resulting in cost savings and improved risk management.