Scope: Integrated technology audit across all 11 ICA layers. Organized into five audit domains. Special focus on three technically complex areas requiring IT audit expertise: AML model governance (Fed SR 11-7 model validation framework applied to transaction monitoring), block/freeze/reject technical testing (GENIUS Act § 4(a)(5)(iv) capability verified in test environment), and event-triggered AML risk assessment (FinCEN NPR Apr 8, 2026 new obligation with no industry precedent). Procedures produce audit work papers organized for direct OCC/FDIC examination submission.
Three specialist audit areas requiring IT audit expertise: (1) AML model audit per Fed SR 11-7 — assessing conceptual soundness, data quality, implementation accuracy, and outcomes analysis of the transaction monitoring model against stablecoin-specific typologies. (2) Block/freeze/reject technical capability testing — independent verification that the smart contract function operates correctly for primary and secondary market transactions on all deployed networks. (3) FinCEN NPR event-triggered assessment evidence — confirming the procedure exists and has been followed before each new blockchain deployment or smart contract change.
Audit Procedures — All 11 ICA Layers
25 Test Procedures Across 5 Audit Domains
L01 – L02
Governance, Charter & Regulatory Perimeter
4 procedures
01
Test board governance document completeness
OCC CSW D1 · FFIEC Mgmt
Inspect board minutes for formal approval of issuance policy, risk appetite statement, and WISP before launch date. Verify board-level sign-off with dated signatures.
Evidence: Board minutes · Policy documents · WISP
02
Test AML officer designation and authority
FinCEN/OFAC NPR · OCC CSW D4
Confirm named AML officer with board resolution, documented authority, adequate resources, and direct board reporting line. Review org chart and job description.
Evidence: Board resolution · Job description · Org chart
03
Test charter/licensing perimeter controls
OCC NPR § 15.3
Confirm OCC or state PPSI authorization received before first token mint. Review authorization letter and legal entity structure documentation.
Evidence: Authorization letter · Legal entity docs
04
Test capital adequacy and backstop calculation
OCC NPR § 15.6 · FDIC NPR § 350.9(b)
Recalculate 12-month OPEX reserve and operational backstop independently. Verify segregation of backstop from reserve assets in custodian account structure.
Evidence: Capital calculation · Custodian statements · Bank accounts
L03
Reserve & Financial Integrity
5 procedures
01
Test 1:1 reserve coverage on 5 sample dates
OCC NPR § 15.10 · GENIUS Act § 4(a)(1)
Independently recalculate reserve coverage ratio using custodian statements on 5 business days within the test period. Agree to CEO/CFO certification amounts.
Evidence: Custodian daily statements · CEO/CFO certifications · Reserve dashboard
02
Test WAM calculation accuracy and automation
OCC NPR § 15.10(b)
Independently recalculate WAM for 3 sample dates. Confirm automated WAM calculation runs daily. Test that pre-trade WAM check blocks purchases that would breach 20-day limit.
Evidence: WAM calculation logs · Pre-trade check records · Alert logs
03
Test liquidity ladder bucket thresholds
OCC NPR § 15.11
Confirm ≥10% overnight, ≥30% within 30 days, ≥50% within 90 days on 5 sample dates. Test that automated alerts fire below thresholds.
Evidence: Liquidity bucket reports · Alert logs · Custodian confirmations
04
Test CEO/CFO certification workflow and liability awareness
OCC NPR § 15.12 · FDIC NPR § 350.15
Inspect monthly certification workflow: auto-populated data, reconciliation sign-off, officer signature, and documented 18 U.S.C. §1001 briefing for certifying officers.
Evidence: Certification workflow records · 18 U.S.C. §1001 briefing documentation
05
Test FDIC 10% redemption notification trigger
FDIC NPR § 350.5(c)(1)
Test that automated monitoring would have triggered FDIC notification on any historical day when single-day redemptions exceeded 10%. Inspect notification workflow.
Evidence: Redemption monitoring logs · Notification workflow · FDIC correspondence
L04 – L05
Issuance, Minting & Custody
5 procedures
01
Test block/freeze/reject technical capability
GENIUS Act § 4(a)(5)(iv) · FinCEN/OFAC NPR
Conduct technical testing of block/freeze/reject function on both primary and secondary market transactions in a test environment. Confirm capability for all deployed blockchain networks.
Evidence: Smart contract test results · Technical testing evidence · Network deployment list
02
Test multi-sig authorization for mint/burn
OCC NPR § 15.10 · GENIUS Act § 109
Inspect signing threshold configuration (e.g., 3-of-5). Attempt to sign a mock mint transaction with fewer than threshold signers. Confirm rejection. Review signer identity verification.
Evidence: Multi-sig configuration · Test signing logs · Signer identity records
03
Test key ceremony documentation
OCC NPR § 15.10 · FFIEC InfoSec Handbook
Inspect key ceremony procedure. Confirm HSM used for key generation. Verify witness documentation, shard distribution, and geographic separation of key shards.
Evidence: Key ceremony protocol · HSM generation logs · Witness signatures · Shard locations
04
Test custodian covered-custodian status
GENIUS Act § 10 · OCC NPR Subpart C
Confirm each custodian meets GENIUS Act § 10 covered-custodian definition. Review annual custodian due diligence reports and financial health documentation.
Evidence: Custodian agreements · GENIUS Act § 10 eligibility confirmation · Due diligence reports
05
Test reserve asset segregation
GENIUS Act § 115 · FDIC NPR § 350.4
Confirm reserve assets held in dedicated trust accounts separate from operational accounts. Obtain independent legal opinion on bankruptcy-remote trust structure.
Evidence: Trust account structure · Legal opinion · Custodian account confirmations
L06
Financial Crime & Sanctions — AML Model Audit
5 procedures
01
Test 5-element AML program completeness
FinCEN/OFAC NPR Apr 8, 2026 · 31 CFR § 1010
Inspect all 5 elements: (1) designated BSA officer, (2) written policies and procedures, (3) independent testing, (4) ongoing training, (5) CDD. Cross-reference against FinCEN/OFAC NPR Apr 8, 2026 requirements.
Evidence: AML program documentation · Training records · Independent testing report
02
AML model governance audit (Fed SR 11-7)
Fed SR 11-7 · FinCEN/OFAC NPR
Assess AML model against Fed SR 11-7 model risk management framework: conceptual soundness (validate transaction monitoring logic against stablecoin typologies), data quality (confirm completeness and accuracy of monitoring inputs), implementation accuracy (test that rules fire correctly), outcomes analysis (review false positive/negative rates and back-testing results).
Evidence: Model documentation · Data quality assessment · Back-testing results · False +/- rate reports
03
Test event-triggered AML risk assessment process
FinCEN/OFAC NPR Apr 8, 2026
Confirm written procedure exists requiring AML risk assessment update before (1) new blockchain deployment and (2) material smart contract change. Inspect evidence of compliance on any changes in test period.
Evidence: Risk assessment procedure · Change log · AML risk assessments
04
Test OFAC screening — onboarding and secondary market
31 CFR Part 502 · GENIUS Act § 4(a)(5)
Test OFAC screening at customer onboarding: use SDN test names to confirm screening fires and blocks. Test on-chain analytics coverage for secondary market wallet screening.
Evidence: Onboarding screening logs · SDN test results · On-chain analytics configuration
05
Test Travel Rule deployment
31 CFR § 1010.410 · GENIUS Act AML provisions
Select 10 transfers ≥$3,000. Confirm Travel Rule messaging transmitted with required beneficiary/originator information. Test that transfers without required information are flagged.
Evidence: Travel Rule messaging logs · Transfer records · Flagged transaction evidence
L07 – L11
Technology, Resilience & Operations
5 procedures
01
Test smart contract audit documentation
OCC NPR § 15.8 · GENIUS Act § 109
Confirm independent audit by two separate firms with different tooling. Inspect audit reports for critical/high findings and evidence of remediation before deployment. Confirm audit covered block/freeze/reject capability.
Evidence: Smart contract audit reports (2 firms) · Remediation evidence · Deployment sign-off
02
Test SDLC environment segregation
OCC CSW D4 · FFIEC Dev & Acquisition Handbook
Confirm infrastructure-level separation of dev/test/prod. Attempt to identify any developer with direct production access. Inspect emergency access control procedure with full audit trail.
Evidence: Access control configuration · Infrastructure diagrams · Emergency access logs
03
Test BCP/DR — test results and RTO/RPO
OCC NPR § 15.8 · GENIUS Act § 113 · FFIEC BCP Handbook
Review most recent BCP/DR test results. Confirm test conducted within 12 months. Verify documented RTO ≤4 hours and RPO ≤1 hour for critical stablecoin operations. Confirm §113 notification workflow tested.
Evidence: BCP/DR test report · RTO/RPO documentation · §113 tabletop exercise evidence
04
Test validator and cloud concentration monitoring
FDIC NPR § 350.39 · OCC NPR § 15.8
Confirm validator concentration monitoring produces periodic reports. Test that cloud provider concentration report calculates single-provider percentage against 40% limit. Inspect most recent reports.
Evidence: Validator concentration reports · Cloud concentration reports · Alert threshold configurations
05
Test on-chain analytics model governance
FinCEN/OFAC NPR · OCC CSW D5 · Fed SR 11-7
Confirm on-chain analytics platform deployed for all issued stablecoin networks. Inspect monitoring model documentation (conceptual soundness, data quality, outcomes testing). Test alert workflow for flagged transactions.
Evidence: On-chain analytics configuration · Model documentation · Alert log · Escalation records
Audit Work Program output
Work papers organized for OCC submission
Each procedure produces evidence organized by ICA layer and OCC CSW domain. The full set becomes the Day 1 examination package — presented proactively to the examiner alongside the SOC 2 Type II report.
Integration with SOC engagement
The Audit Work Program and SOC 2 engagement are designed to run concurrently. SOC Type II provides operating effectiveness evidence; the Audit Work Program adds technology-specific procedures the SOC engagement does not cover (model governance, block/freeze/reject technical testing).