Regulatory and Compliance Risk Assessment

Name of Project

Regulatory and Compliance Risk Assessment

Proposal overview

See Regulatory and Compliance Issues for background information.


In order to assist Harmony in assessing certain regulatory risks, Consultants will apply its expertise as follows:

Phase I Customized Risk Assessment and Strategic Alignment Services ( “Customized RASA Services” );

Consultants’ proposed Phase I Customized RASA Services as outlined below are designed to be initiated upon the commencement of the Proposed Engagement. Through these Services, Consultants will immediately begin performing gap analysis work associated with Harmony’s Bank Secrecy Act ( “BSA” ) / anti-money laundering ( “AML” ) program.


Customized RASA Services. A core goal of the Proposed Engagement is an assessment of HARMONY’s BSA/AML program to meet the Regulatory standards and industry best practices of a compliance program by focusing on the following five pillars:

a) Know your Customer;

b) Governance/Appointment of BSA/AML Officer;

c) Internal Control Environment;

d) Training; and

e) Independent Testing.

To this end, Consultants will target its Risk Assessment and Strategic Alignment Services ( “RASA Services” ) to evaluate Harmony’s compliance program in meeting relevant U.S. regulatory standards, through the following:

i. Review and analysis of Harmony’s Know Your Customer ( “KYC” ) and other relevant onboarding forms, policies, and procedures;

ii. Assessment of Harmony’s organization, business model, governance, regulatory impact, and compliance practices;

iii. Evaluation of HARMONY’s internal control system, through examining its AML/BSA policies, programs, practices, and procedures;

iv. Assessment of Harmony’s AML/BSA training requirements and program; and

v. Review and analysis of HARMONY’s Independent Testing requirements and function.

Customized RASA Deliverables. Consultants anticipates collaborating with Harmony to deliver an Regulatory Compliance Report, following Consultants’ review of relevant HARMONY document production material. This Report will assess Harmony’s BSA/AML program compliance with the Five Pillars of the Regulatory Manual, and include a presentation of global standards for each of the Five Pillars against which HARMONY will be evaluated.

Consultants’ Regulatory Compliance Report will provide HARMONY with a clear understanding of whether it is meeting Regulatory and other relevant global standards and regulatory expectations, and areas where improvement needs to be considered.

Consultants’ Regulatory Compliance Report will also identify areas of regulatory uncertainty regarding the application of BSA/AML regulations to cryptocurrency and defi products and services, projects, and platform providers.

Consultants will deliver a Compliance Implementation Roadmap , this roadmap will contain detailed recommendations identified through the development of the Regulatory Compliance Report. This roadmap will contain prioritized requirements for developing and implementing appropriate procedural, technical and training controls necessary to implement a comprehensive compliance program, develop technical compliance systematic requirements and mitigate overall compliance risk to the organization.


Time frame: Upon award, it is anticipated that Phase I deliverables will take approximately 8 weeks to complete.

The grant applicants have significant technology, business, compliance, regulatory and management experience, including development of platform, application, and financial software, as well as significant experience serving in US regulatory enforcement actions.

Note that to keep within budget and to comply with regulations, these risk assessments will not be considered exhaustive (the US CFR contains about 70,000 pages of regulations) and will not be construed as legal advice, but will cover major areas of regulatory concern and enforcement within the crypto industry and those currently being publicly discussed by regulators. Furthermore, because of the public and community nature of Harmony’s projects and procurement process, we would not in any way be considered an “agent” of any individual, group, or corporation, and we would explicitly not be bound by any form of fiduciary duty, duty of confidentiality, or any other form of liability or duty. Materials would be provided “as is”, without any express or implied warranties.

Proposal ask


Metrics for success

Our primary metric of success will be delivery of a final report to the Harmony executive team.

External links

1 Like

This is well written and in my opinion, very much needed. I sincerely hope you get some sort of feedback on your proposal soon.

I can see the hammer coming down harder in the crypto space in the near future, and those who don’t prepare will likely be caught flat-footed too late to act.