Process, Risk & Control ·← Domain View (L01–L11)
Program Overview Process, Risk & Control Control Standard
Stablecoin ICA · Phase 6 · Program Stream — Design Input
ICA Control Standard
Eleven control layers defining the integrated compliance architecture for payment stablecoin issuers. Each layer maps GENIUS Act obligations, OCC/FDIC/FinCEN NPR requirements, NIST CSF 2.0 functions, FFIEC IT Handbook guidance, and OCC CSW examination procedures into a single actionable control design. This is the central organizing architecture of the Stablecoin ICA program — every subsequent phase references it.
GENIUS Act 2025 · OCC / FDIC / FinCEN / OFAC NPRs NIST CSF 2.0 · FFIEC IT Handbook · COSO · ISO 27001 OCC CSW · FDIC IT Exam · Fed SR 11-7 Feeds → Phase 7 ICA Gap Assessment
Pipeline Position Phase 6 · Design Input Feeds → Phase 7 Program Stream (ICA Gap Assessment) · The central organizing architecture of the Stablecoin ICA program
Legend
NIST CSF 2.0 — Framework mapping
FFIEC IT Handbook — Guidance reference
OCC CSW — Supervisory examination procedures
Primary frameworks per layer
NPR Gap Fill — Apr 8 2026 content update
Control Standard — At a Glance
Click any layer to open its examination procedures, NIST CSF mapping, and implementation requirements.
01🏛
Governance & Risk Oversight
Board oversight, risk appetite, and 3 Lines of Defense
Open layer →
02📋
Legal Entity & Regulatory Perimeter
Charter, licensing, and permissible activities
Open layer →
03💰
Reserve & Financial Integrity
Reserves, attestation, and financial controls
Open layer →
04🔄
Mint / Burn & Token Lifecycle
Stablecoin issuance, redemption, and token controls
Open layer →
05🔐
Custody & Key Management
Custody standards and cryptographic key controls
Open layer →
06🔍
Financial Crime & Sanctions
AML, BSA, sanctions, and financial crimes compliance
Open layer →
07💻
Technology & Cybersecurity
IT risk, cybersecurity, and NIST CSF controls
Open layer →
08⚙️
Operational Resilience
Business continuity, disaster recovery, and resilience
Open layer →
09🛡
Market Integrity & Consumer Protection
Redemption, disclosures, and consumer protections
Open layer →
10🌐
Ecosystem & DeFi Risk
DeFi protocol exposure and ecosystem risk controls
Open layer →
11📊
Real-Time Monitoring & Analytics
On-chain analytics, SIEM, and continuous monitoring
Open layer →
Stablecoin ICA · Control Standard · IT Audit Consulting
GENIUS Act (Pub. L. 119-27) · OCC 12 CFR Part 15 · FDIC 12 CFR Part 350
FinCEN/OFAC Joint NPR Apr 8 2026 · NIST CSF 2.0 · FFIEC IT Examination Handbooks · COSO 2013 · ISO/IEC 27001:2022
Phase 6 Design Input — Stablecoin ICA Program · itauditconsulting.com
Control Standard complete — next step
Now assess your gaps against this design standard
The Gap Assessment compares this Control Standard ("should be") against your Process Taxonomy ("as is"), weighted by the Risk Taxonomy, to identify missing, weak, or untested controls.
Start Gap Assessment →