Nine years auditing trading, post-trade, and risk platforms at Goldman Sachs and Tradeweb. Before that, building those same systems at Bear Stearns, JPMorgan, and Bank of America, and leading regulatory technology transformation programmes at UBS, HSBC, and Citigroup. Available independently — for TradFi institutions that need a senior practitioner to step in and execute, and for digital asset firms building institutional-grade controls under the GENIUS Act and OCC for the first time.
Three distinct roles over thirty years — building financial systems, leading technology transformation across global institutions, and conducting technology audits. Each phase built directly on the one before it.
That progression is the credential. A practitioner who built trading systems at Bear Stearns and JPMorgan, led regulatory technology programmes across six global institutions, then spent nine years auditing those same system types at Goldman Sachs sees control gaps differently. Most failures trace back to a change management weakness, an entitlement blind spot, or a monitoring gap left unaddressed when the operating model was designed — on a core banking system or a blockchain.
Institutional-grade audit methodology applied to TradFi institutions and digital asset firms. The controls are the same. The regulatory overlay and technology stack differ.
Senior independent execution — audit delivery, regulatory remediation, ERM uplift, or a programme behind schedule. Institutional-grade methodology. Completed workpapers. Fixed deadlines met.
The GENIUS Act and OCC charter require the same institutional controls that major regulated banks have operated against for decades. Most digital asset firms are building that infrastructure for the first time under a live regulatory deadline. That is precisely the work I have been doing for 30 years.
The operational resilience audit work program demonstrates institutional audit methodology applied to TradFi — eight control domains built to FFIEC, COSO ERM, and NIST CSF standards. The cross-ledger integrity platform applies that same methodology to the blockchain reconciliation problem — monitoring engine, architecture analysis, a 30-control audit work program, and a Reserve Integrity Monitor showing what the output looks like running against live stablecoin reserve data.
A structured audit work program covering eight core domains — governance, business continuity, disaster recovery, third-party resilience, crisis management, technology resilience, data integrity, and a supplemental digital asset domain. Built for TradFi institutions and digital asset firms. FFIEC, COSO ERM, NIST CSF, and OCC standards mapped throughout. Representative of the work product a senior institutional practitioner delivers on an engagement.
Any environment where a traditional system of record must stay synchronised with a blockchain ledger creates the same structural control problem — two sources of truth must behave as one. This platform documents the reconciliation monitoring engine, a platform architecture comparison across Legacy and Blockchain systems, and a 30-control audit work program across seven domains. The Reserve Integrity Monitor shows what the output looks like running against live stablecoin reserve data. Anchored in GENIUS Act requirements; the control pattern is reusable across industries.
A TradFi audit case tracing four compounding control failures in a pre-trade Position Limit Monitoring (PLM) system — from a superseded CFTC regulatory standard never updated in code, to OTC positions excluded from the aggregate, to a third-party vendor delta price error accepted without validation. Each gap individually is a finding. In sequence they create a regulatory compliance exposure that appears controlled on the surface. This is the pattern technology auditors find in production trading system audits.
The same control failures that surface in post-incident regulatory reviews — missing segregation of duties, absent pre-trade gates, no reconciliation — appear in both TradFi and digital asset operations. An auditor's ability to analyse a live incident, map the failure chain to ITGC and ITAC controls, and then ask "does this gap exist in our environment?" is the standard both the OCC and internal audit committees expect. The three panels below show the preventive layer, the failure analysis, and the execution tool — in sequence.
If you have a live project, an audit coming up, or a gap on your team, here is how I can step in. I am comfortable working alongside existing teams or independently, on-site or remote, and I focus on delivering completed work rather than recommendations.
The three downloadable PDFs above are part of a broader set of tools — including an interactive regulatory library covering the GENIUS Act and OCC NPR, a 43-step Process, Risk & Control (PRC) Mapping, a risk taxonomy, and a live Reserve Integrity Monitor. The full library spans both TradFi and digital asset audit methodology.
If you are working through a regulatory examination, a controls gap, an audit that is running behind, or a deadline that is closing in — a short conversation is the right first step. Describe your situation in the form and I will respond personally.
I work across embedded audit execution, step-in project support, and retained advisory. All engagements start with a scoping conversation at no charge.
Responses within 24 hours · All engagements begin with a scoping conversation