Independent Technology Audit & Controls Consultant for TradFi institutions and for stablecoin participants navigating a July 2026 implementation deadline. The OCC, FDIC, and FinCEN are still finalizing the NPRs that define what a compliant stablecoin control environment looks like across the ecosystem. What this moment requires is not more legal analysis — it is someone who can translate regulation → blockchain control architecture → auditability.
See the Stablecoin Compliance Hub →
Three distinct roles over thirty years — building financial systems, leading technology transformation across global institutions, and conducting technology audits. Each phase built directly on the one before it.
That progression is the credential. A practitioner who built trading systems at Bear Stearns and JPMorgan, led regulatory technology programmes across six global institutions, then spent nine years auditing those same system types at Goldman Sachs sees control gaps differently. Most failures trace back to a change management weakness, an entitlement blind spot, or a monitoring gap left unaddressed when the operating model was designed — on a core banking system or a blockchain.
Institutional-grade audit methodology applied to TradFi institutions and digital asset firms. The controls are the same. The regulatory overlay and technology stack differ.
Senior independent execution — audit delivery, regulatory remediation, ERM uplift, or a programme behind schedule. Institutional-grade methodology. Completed workpapers. Fixed deadlines met.
The GENIUS Act is signed law. The OCC, FDIC, and FinCEN are now issuing concurrent implementation rules — all converging on a July 2026 deadline. Most PPSIs have never built institutional-grade controls inside a regulated framework. That is the gap I have spent 30 years closing at major financial institutions.
An 11-layer control stack derived from the GENIUS Act, OCC NPR, FDIC NPR, and FinCEN AML/CFT rules — mapped through to OCC examination procedures. Built for stablecoin participants who need to know what a compliant control environment looks like before the examiners arrive.
If you have a live project, an audit coming up, or a gap on your team, here is how I can step in. I am comfortable working alongside existing teams or independently, on-site or remote, and I focus on delivering completed work rather than recommendations.
Three methodology artifacts and one case analysis, across two domains. The stablecoin compliance pipeline maps GENIUS Act obligations and concurrent agency NPRs through supervisory examination procedures into an 11-layer control stack built to withstand a federal examination. The operational resilience audit work program applies institutional methodology to TradFi across eight control domains. The cross-ledger integrity platform applies that same methodology to the blockchain reconciliation problem. The pre-trade position limit case analysis demonstrates what compounding control failures look like in a live production trading system audit.
No published map connects GENIUS Act statutory obligations through three concurrent agency NPRs to what federal regulators will actually test. An 8-tier pipeline traces from legislation through OCC, FDIC, and Treasury/FinCEN rulemaking, NIST CSF 2.0, FFIEC guidance, and supervisory examination procedures into an 11-layer control stack. Every control traces back to a specific legal obligation and forward to the examination procedure that tests it. For a stablecoin participant who has never been through a federal examination, this maps what the regulators are carrying when they walk in the door.
A structured audit work program covering eight core domains — governance, business continuity, disaster recovery, third-party resilience, crisis management, technology resilience, data integrity, and a supplemental digital asset domain. Built for TradFi institutions and digital asset firms. FFIEC, COSO ERM, NIST CSF, and OCC standards mapped throughout. Representative of the work product a senior institutional practitioner delivers on an engagement.
Any environment where a traditional system of record must stay synchronised with a blockchain ledger creates the same structural control problem — two sources of truth must behave as one. This platform documents the reconciliation monitoring engine, a platform architecture comparison across Legacy and Blockchain systems, and a 30-control audit work program across seven domains. The Reserve Integrity Monitor shows what the output looks like running against live stablecoin reserve data. Anchored in GENIUS Act requirements; the control pattern is reusable across industries.
A TradFi audit case tracing four compounding control failures in a pre-trade Position Limit Monitoring (PLM) system — from a superseded CFTC regulatory standard never updated in code, to OTC positions excluded from the aggregate, to a third-party vendor delta price error accepted without validation. Each gap individually is a finding. In sequence they create a regulatory compliance exposure that appears controlled on the surface. This is the pattern technology auditors find in production trading system audits.
The same control failures that surface in post-incident regulatory reviews — missing segregation of duties, absent pre-trade gates, no reconciliation — appear in both TradFi and digital asset operations. An auditor's ability to analyse a live incident, map the failure chain to ITGC and ITAC controls, and then ask "does this gap exist in our environment?" is the standard both the OCC and internal audit committees expect. The three panels below show the preventive layer, the failure analysis, and the execution tool — in sequence.
If you are working through a regulatory examination, a controls gap, an audit that is running behind, or a deadline that is closing in — a short conversation is the right first step. Describe your situation in the form and I will respond personally.
I work across embedded audit execution, step-in project support, and retained advisory. All engagements start with a scoping conversation at no charge.
Responses within 24 hours · All engagements begin with a scoping conversation