Independent Technology Audit & Controls Consultant for TradFi institutions and for stablecoin participants navigating a July 2026 implementation deadline. The OCC, FDIC, and FinCEN are still finalizing the NPRs that define what a compliant stablecoin control environment looks like across the ecosystem. What this moment requires is not more legal analysis — it is someone who can translate regulation → blockchain control architecture → auditability.
See the Stablecoin ICA Program →
Three distinct roles over thirty years — building financial systems, leading technology transformation across global institutions, and conducting technology audits. Each phase built directly on the one before it.
That progression is the credential. A practitioner who built trading systems at Bear Stearns and JPMorgan, led regulatory technology programmes across six global institutions, then spent nine years auditing those same system types at Goldman Sachs sees control gaps differently. Most failures trace back to a change management weakness, an entitlement blind spot, or a monitoring gap left unaddressed when the operating model was designed — on a core banking system or a blockchain.
Institutional-grade audit methodology applied to TradFi institutions and digital asset firms. The controls are the same. The regulatory overlay and technology stack differ.
Senior independent execution — audit delivery, regulatory remediation, ERM uplift, or a programme behind schedule. Institutional-grade methodology. Completed workpapers. Fixed deadlines met.
The GENIUS Act is signed law. The OCC, FDIC, and FinCEN are now issuing concurrent implementation rules — all converging on a July 2026 deadline. Most PPSIs have never built institutional-grade controls inside a regulated framework. That is the gap I have spent 30 years closing at major financial institutions.
A complete compliance program for Permitted Payment Stablecoin Issuers — six sections covering Regulation, Process-Risk-Control taxonomy, Maturity & Assessment (Gap Assessment, Multi-Regulator Exam, Program Maturity), Assurance (SOC 1/2 / SOX ICFR, Audit Work Program), and Solutions (Reserve Integrity Monitoring, Operational Resilience). The only published PPSI program that traces every control from GENIUS Act statute through OCC/FDIC/FinCEN NPRs, NIST CSF 2.0, FFIEC, and OCC CSW examination procedures to audit evidence.
If you have a live project, an audit coming up, or a gap on your team, here is how I can step in. I am comfortable working alongside existing teams or independently, on-site or remote, and I focus on delivering completed work rather than recommendations.
Four methodology artifacts and one case analysis, across two domains. The Stablecoin ICA program maps GENIUS Act obligations and four concurrent agency rulemakings (OCC, FDIC, FinCEN/OFAC, Treasury) through a dual-track methodology into three taxonomies (Process, Risk, Control) and a sequential assessment-and-assurance pipeline — Gap Assessment → Multi-Regulator Examination → Compliance Readiness → SOC Readiness → Audit Work Program. The operational resilience audit work program applies institutional methodology to TradFi across eight control domains. The cross-ledger integrity platform applies that same methodology to the blockchain reconciliation problem. The pre-trade position limit case analysis demonstrates what compounding control failures look like in a live production trading system audit.
The only published end-to-end compliance program for Permitted Payment Stablecoin Issuers under the GENIUS Act. Built from a dual-track methodology: top-down regulatory analysis (GENIUS Act + 4 NPRs → NIST CSF 2.0 → FFIEC Handbook → OCC CSW → control requirements) and bottom-up operational analysis (PPSI business lifecycle → 63 process steps → risk statements → controls). The intersection produces three taxonomies — Process Taxonomy, Risk Taxonomy, and Control Architecture — that feed a complete assessment and assurance pipeline. Every control traces from statutory citation through examination procedure to audit evidence.
A structured audit work program covering eight core domains — governance, business continuity, disaster recovery, third-party resilience, crisis management, technology resilience, data integrity, and a supplemental digital asset domain. Built for TradFi institutions and digital asset firms. FFIEC, COSO ERM, NIST CSF, and OCC standards mapped throughout. Representative of the work product a senior institutional practitioner delivers on an engagement.
Any environment where a traditional system of record must stay synchronised with a blockchain ledger creates the same structural control problem — two sources of truth must behave as one. This platform documents the reconciliation monitoring engine, a platform architecture comparison across Legacy and Blockchain systems, and a 30-control audit work program across seven domains. The Reserve Integrity Monitor shows what the output looks like running against live stablecoin reserve data. Anchored in GENIUS Act requirements; the control pattern is reusable across industries.
A TradFi audit case tracing four compounding control failures in a pre-trade Position Limit Monitoring (PLM) system — from a superseded CFTC regulatory standard never updated in code, to OTC positions excluded from the aggregate, to a third-party vendor delta price error accepted without validation. Each gap individually is a finding. In sequence they create a regulatory compliance exposure that appears controlled on the surface. This is the pattern technology auditors find in production trading system audits.
The same control failures that surface in post-incident regulatory reviews — missing segregation of duties, absent pre-trade gates, no reconciliation — appear in both TradFi and digital asset operations. An auditor's ability to analyse a live incident, map the failure chain to ITGC and ITAC controls, and then ask "does this gap exist in our environment?" is the standard both the OCC and internal audit committees expect. The three panels below show the preventive layer, the failure analysis, and the execution tool — in sequence.
Whether you have a GENIUS Act compliance build underway, an audit behind schedule, or a board reporting requirement you need help structuring — send a message and I will respond within one business day.
Thank you — I will be in touch within one business day.