Kroll assisted a large international cryptocurrency exchange under investigation by numerous U.S. government agencies.
The Challenge
The client had grown at scale rapidly over a short period, with its compliance infrastructure and capability requiring significant uplift and enhancement to satisfy the demands of a range of regulators, including the U.S.
Kroll's Solution
Our work covered multiple areas including regulatory reporting, know your customer (KYC) assessments, geofencing and enterprise-wide risk assessment, market surveillance, politically exposed person (PEP) backlog remediation, and policies and procedures review.
The Impact
We assisted the external counsel with regulatory requests and the collation of the relevant supporting data, related to an exercise confirming clients had been offboarded in specific jurisdictions. Kroll performed KYC current state assessment, covering policies, procedures, internal controls and systems to assess proper identification of relevant clients. This included customer file testing and proposed remediation procedures based on findings. The current state of IT controls were tested to identify gaps in geofencing controls. This was conducted by testing across laptops, mobile devices, VPNs and APIs and was supported by an open-source review. A draft enterprise-wide risk assessment (EWRA) methodology for control assessments was created covering inherent and residual risk scoring methodologies, reporting requirements and an escalation process. This was alongside a full health check review of the AML control environment to inform the risk assessment report. A controls assessment was undertaken to determine coverage of market surveillance capabilities, which included documenting existing monitoring solutions deployed by the firm, an evaluation of the design effectiveness of these solutions and an assessment of their data feeds. To support the PEP backlog, the necessary tools, processes and procedures to manage remediation of the backlog were reviewed, providing the technical expertise, where appropriate, to automatically resolve/close PEP backlog alerts. Staff augmentation services were provided across the different functional areas to support all aspects of the work.
