SAMPLE DELIVERABLE

What a Readiness Snapshot looks like.

This is a redacted sample based on a digital asset exchange profile. Your Snapshot is scoped to your specific entity, licenses, and activities.

Delivered as a board-ready DOCX within 5 business days of questionnaire completion.

Regulatory Readiness Snapshot
[CLIENT NAME] — Digital Asset Exchange
Engagement: DAC-2026-XXXX
Date: March 2026
Classification: Confidential
SECTION 1

Executive Summary

[CLIENT NAME] operates a centralized digital asset exchange offering spot trading, fiat on/off ramps, and custodial wallet services to retail and institutional customers in the United States. The firm holds active money transmitter licenses in 34 states and has a pending BitLicense application with the New York Department of Financial Services.

This Readiness Snapshot assesses regulatory exposure across 7 applicable regulatory regimes encompassing 127 mapped requirements. The assessment identified 12 findings — 3 higher-priority, 5 moderate, and 4 lower-priority — requiring remediation attention.

7
Applicable Regulators
127
Requirements Mapped
12
Findings Identified
3
Higher-Priority

The most critical gaps involve incomplete suspicious activity monitoring coverage for cross-chain transactions, absence of a formalized OFAC screening validation program, and a gap in the firm's BSA independent testing scope. These represent areas that would likely receive examiner attention and may result in matters requiring attention (MRA) or matters requiring immediate attention (MRIA) designations.

SECTION 2

Regulatory Perimeter

The following regulators have jurisdiction over [CLIENT NAME] based on entity type, licensed activities, and operational scope.

REGULATOR BASIS REQS TIER
FinCEN (BSA/AML) MSB registration; money transmission and exchange activities under 31 CFR Chapter X 21 TIER 1
OFAC (Sanctions) U.S. person engaging in financial transactions subject to IEEPA and OFAC regulations 16 TIER 1
NYDFS (BitLicense) Pending BitLicense application; virtual currency business activity in New York 24 TIER 1
State MTL Active money transmitter licenses in 34 states 18 TIER 1
SEC Token listings may include digital asset securities; exchange anti-fraud provisions 20 TIER 1
CFTC Spot digital commodity transactions; anti-manipulation provisions 18 TIER 1
GENIUS Act Stablecoin listing and custody activities; payment stablecoin reserve requirements 9 TIER 1

Token Taxonomy (SEC/CFTC Joint Interpretation) also assessed. OCC and CFPB determined not applicable based on entity type and activity scope — rationale documented in full report.

SECTION 3

Findings — Sample

Findings are formatted in MRA/MRIA style with regulatory citation, description, remediation path, and target timeline. Shown below are 4 of 12 findings from this assessment.

F-001 HIGH
Incomplete SAR Monitoring for Cross-Chain Transactions
31 CFR 1022.320 · FinCEN FIN-2019-G001
[CLIENT NAME]'s suspicious activity monitoring system does not adequately cover cross-chain transfers, bridge transactions, or privacy-enhancing technologies. Current transaction monitoring rules are calibrated for on-platform activity only, leaving a material gap in off-chain and cross-chain surveillance.
REMEDIATION
Extend SAR monitoring rules to cover cross-chain bridge transactions, privacy coin conversions, and chain-hopping patterns. Integrate blockchain analytics tooling with cross-chain tracing capability. Document monitoring thresholds and escalation workflows.
TARGET TIMELINE
Immediate — 30 days
F-002 HIGH
OFAC Screening Validation Not Documented
OFAC Compliance Framework § III · Executive Order 13694
[CLIENT NAME] uses automated OFAC screening for customer onboarding and transactions but has not conducted or documented validation testing of screening effectiveness, including false-negative analysis, fuzzy-matching accuracy, and SDN list update frequency verification.
REMEDIATION
Conduct and document initial validation testing of OFAC screening technology. Include test cases for exact matches, fuzzy matches, transliteration, and known aliases. Establish a recurring validation schedule (no less than annual) with documented results.
TARGET TIMELINE
30 days
F-005 MEDIUM
BSA Independent Testing Scope Insufficient
31 CFR 1022.210(d)(4) · FinCEN Examination Manual § 4
[CLIENT NAME] has engaged an independent auditor for annual BSA program testing, but the audit scope does not include digital asset-specific transaction monitoring, blockchain analytics effectiveness, or Travel Rule compliance for VASP-to-VASP transfers.
REMEDIATION
Expand the BSA independent testing scope to include digital asset transaction monitoring, blockchain analytics tool validation, and Travel Rule compliance assessment. Ensure the testing engagement letter reflects these expanded scope items.
TARGET TIMELINE
60 days
F-009 LOW
NYDFS Cybersecurity Event Notification Procedures Not Formalized
23 NYCRR 500.17(a)
[CLIENT NAME] maintains an incident response plan but has not formalized procedures specific to the NYDFS 72-hour cybersecurity event notification requirement, including internal escalation paths, materiality determination criteria, and filing workflows for the DFS portal.
REMEDIATION
Document NYDFS-specific incident notification procedures covering the 72-hour reporting window, materiality thresholds, Superintendent notification process, and post-event follow-up requirements.
TARGET TIMELINE
90 days
8 additional findings in the full Snapshot
Each Readiness Snapshot typically includes 8–15 source-cited findings with regulatory citations, remediation paths, and prioritized timelines.
Get Your Readiness Snapshot →
F-006MEDIUM
Inadequate Customer Due Diligence for Institutional Accounts
31 CFR 1010.230 · FinCEN CDD Rule
The firm's CDD procedures for institutional and entity accounts do not include beneficial ownership verification beyond the 25% threshold or ongoing monitoring of ownership changes.
F-007MEDIUM
Travel Rule Technology Not Implemented for VASP Transfers
31 CFR 1010.410(f)
The firm does not have operational Travel Rule compliance technology for transmitting originator and beneficiary information on qualifying transfers exceeding $3,000.
F-010LOW
Stablecoin Reserve Disclosure Procedures Not Established
GENIUS Act § 4(a)(2)
The firm lists payment stablecoins but has not established procedures for verifying issuer reserve attestation compliance or consumer disclosure requirements under the GENIUS Act.
F-011LOW
BSA Recordkeeping Policy Retention Periods Not Documented
31 CFR 1010.430
The firm retains transaction records but lacks formalized 5-year retention schedules covering all required BSA record categories including SARs, CDD records, and training documentation.
SECTION 4

Remediation Priority Matrix

Findings ranked by severity with target timelines. Formatted for board presentation or examination response.

ID FINDING SEVERITY TIMELINE REGULATOR
F-001 Incomplete SAR Monitoring — Cross-Chain HIGH Immediate FinCEN
F-002 OFAC Screening Validation HIGH 30 days OFAC
F-003 ████████████████████ HIGH 30 days SEC
F-004 ████████████████████ MEDIUM 60 days NYDFS
F-005 BSA Independent Testing Scope MEDIUM 60 days FinCEN
F-006 – F-012 7 additional findings in full report
SECTION 5

Methodology

Every requirement in this Snapshot is classified using the DAC Hierarchy of Authority — a four-tier framework that reflects how examiners weight regulatory sources.

TIER 1
Binding
Statutes and regulations with force of law. 31 CFR 1022.210, GENIUS Act (Pub. L. 119-27), 23 NYCRR 200.
TIER 2
Supervisory / Interpretive
Agency guidance and interpretive frameworks. OFAC Compliance Framework, OCC Interpretive Letters.
TIER 3
Enforcement-Informed
Patterns derived from consent orders and enforcement actions. FinCEN civil penalties, NYDFS enforcement precedent.
TIER 4
Emerging / Proposed
Tracked for planning, not represented as obligations. Pending rulemaking and proposed frameworks.

DAC provides mapped applicability and readiness analysis, not legal conclusions or guarantees of compliance. All regulatory mappings are based on publicly available statutes, regulations, and agency guidance. DAC has not independently verified client representations.

Get yours in 5 business days.

Start with a scoping questionnaire. Receive a board-ready Readiness Snapshot with source-cited findings, remediation timelines, and a prioritized action plan.

Get Your Readiness Snapshot →

$5,000 one-time · or email us · or book a call