Page 250 - CA Final PARAM Digital Book.
P. 250
QNO Audit of a Blockchain-Based Pilot Program New Course – (SM23)
DAA.985 TITANIUM CNO --Unique
XY Bank, headquartered in New York, offers a broad range of financial services including asset
management, commercial banking, investment banking, and treasury and securities services.
The Five Indian banks in partnership with XY bank, provide a comprehensive range of banking services and
products encompassing retail banking, corporate banking, international banking, and other financial
services. All these banks have been significant contributors to the digitalization of banking services in India.
Under the pilot programme, the Indian banks will open on-chain Nostro accounts with XY Bank branch in
Gift City. The blockchain-based system is expected to facilitate instant, 24×7 settlement between the
accounts held at the US bank. Essentially, it will create a private intra-correspondent banking network,
redefining the traditional banking hours and enabling seamless money transfer.
Answer The steps for performing an audit of a blockchain-based pilot program.
➢ Preliminary Understanding and Background Checks:
- Obtain a comprehensive understanding of the blockchain-based pilot program, including its
objectives, scope, and key processes involved.
- Review the partnership agreements, contracts, and legal documentation governing the relationship
between the Indian banks and XY Bank.
- Identify the specific blockchain technology used, its functionalities, and the underlying smart
contracts.
➢ Assessment of Internal Controls and Security Measures:
- Assess Internal Controls:
- Review policies and procedures related to the on-chain Nostro accounts, settlement processes, and
money transfer mechanisms.
- Assess the governance framework, risk management practices, and compliance procedures
established by the Indian banks and XY Bank.
➢ Review Security Measures:
- Assess encryption methods, cryptographic key management, and secure transmission protocols
used for data protection.
- Review measures taken to prevent unauthorized access, cyber threats, and potential vulnerabilities
in the blockchain network.
➢ Regulatory and Compliance Evaluation:
- Evaluate Compliance and Regulatory Requirements:
- Review documentation and procedures related to customer due diligence, transaction monitoring,
and reporting obligations.
- Ensure that the pilot program adheres to industry-specific standards and best practices.
➢ Transaction Review and Reconciliation:
- Test Transaction Validity and Accuracy:
- Validate that transactions are recorded and settled accurately on the blockchain, ensuring
adherence to relevant regulations and contractual obligations.
- Perform reconciliations between on-chain Nostro accounts and the corresponding accounts held at
XY Bank to confirm the accuracy of balances and transactions.
➢ Business Continuity and Disaster Recovery Assessment:
- Assess Business Continuity and Disaster Recovery: Evaluate the adequacy of backup and recovery
procedures, redundancy measures, and failover mechanisms to ensure uninterrupted operations.
- Test the effectiveness of these plans by conducting simulations or examining historical incidents and
response procedures.
➢ Reporting and Recommendations:
www.auditguru.in PARAM 12.9 | P a g e