Introduction
As digital asset businesses mature under MAS supervision, boards, audit committees, and regulators expect an effective third line of defence. Internal audit is what tells you, and your stakeholders, whether the governance, compliance, and operational frameworks you have built actually work in practice.
We provide internal audit services tailored to digital asset operations, focused on regulatory compliance, technology and operations, and governance, risk and controls (GRC). Whether we act as your outsourced internal audit function or support your in-house team, we deliver practical, risk-based reviews that strengthen resilience and stakeholder confidence.
Our solutions
How we help
- Internal Audit as a Third Line of Defence: Establishment and delivery of a risk-based internal audit function for digital asset operations, including audit planning, execution, and reporting to the board or audit committee.
- Regulatory Compliance Audits: Independent reviews of compliance with MAS requirements under the Payment Services Act, including AML/CFT, outsourcing, and record-keeping obligations, with practical recommendations to address gaps before supervisory engagements.
- Technology and Operations Audits: Audits of technology risk management, cybersecurity, business continuity, and operational controls against MAS TRM and BCM expectations, including custody operations and third-party dependencies.
- Governance, Risk, and Controls (GRC) Reviews: Independent assessment of governance frameworks, enterprise risk management, and internal controls for digital asset operations, providing independent reporting that supports board and audit committee oversight.
Learn more about our related Business Risk Consulting services.
Frequently Asked Questions
Yes. We can act as your fully outsourced internal audit function, or co-source alongside your in-house team to provide digital asset subject-matter depth for specific reviews, such as regulatory compliance, technology, or GRC audits.
MAS expects licensed firms to maintain effective risk management and controls, and boards are increasingly asked to evidence independent oversight. Internal audit gives your board, banking partners, and regulators confidence that your compliance, technology, and governance frameworks are reviewed and strengthened on an ongoing basis.
We build a risk-based plan around your operations. Common areas include regulatory compliance under the Payment Services Act, AML/CFT arrangements, technology and cyber risk, operational resilience and outsourcing, custody operations, and governance and risk management frameworks.
Frequency depends on your risk profile, licence conditions, and board expectations. Many firms adopt an annual risk-based internal audit plan, with higher-risk areas reviewed more frequently. We help you calibrate coverage to your business and regulatory obligations.
Yes. Internal audit reviews conducted against MAS expectations help you identify and remediate gaps before supervisory engagements, inspections, and periodic reviews, helping you identify and remediate issues before supervisory engagements, inspections and periodic reviews.