Castleigh Johnson
Fintech Compliance Advisor. Fractional CCO. Former Federal Reserve Bank Examiner.
Fintech companies lose sponsor bank deals for reasons that rarely appear in the bank's official rejection. The policy documents looked adequate. The technology was solid. The product was compelling. What failed was the compliance program, not because the founders did not care, but because nobody had told them what a bank examiner actually reads first, what they look for in the second pass, and what makes them stop reading entirely.
I know what they read. I spent three years at the Federal Reserve Bank of New York reading it. And I spent the next decade on the other side, building a fintech that had to survive exactly that scrutiny. CJ Advisory exists because that combination is rare, and because the gap it closes costs founders real money and real time when nobody fills it.
The Regulatory Side
At the Federal Reserve Bank of New York, I analyzed international banks during the 2008 to 2011 financial crisis. My portfolio included 30+ institutions across Ireland, Japan, the Netherlands, France, and the United Kingdom. The work was detailed and unforgiving: rank the largest US lenders by asset quality and underwriting compliance, identify where credit risk frameworks were adequate on paper but broken in practice, and assess whether a bank's compliance program matched the actual risk it was carrying.
What I learned that matters for fintech founders is specific. Bank examiners do not begin with your product. They begin with your governance. Before they evaluate whether your BSA/AML program is adequate, they look for evidence that your board knows what the BSA/AML program is. They look for compliance committee minutes that contain real discussions, not approval lines. They look for a BSA Officer who has actual authority and budget, not just a title. A compliance program with no genuine board engagement fails examination before the policy documents are opened.
At Ernst and Young, I worked with top-20 financial institutions on risk governance assessments, including enabling GE Capital's $75 billion bank spin-off. The consistent pattern I encountered was a gap between what an institution's compliance program said and what it actually did under examination conditions. Organizations had written policies that described rigorous processes. The documentation trail to prove those processes were being followed did not exist. At AIG, building the global model governance and board reporting framework from inception, I learned what it takes to construct a compliance program that does not just survive examination but produces evidence of its own functioning continuously. At BMO Financial Group, leading SR 11-7 and SR 15-19 regulatory remediation for a $600 billion institution and directing the annual CCAR compliance process, I learned that documentation is not bureaucracy. It is the proof that the program is real. Fintechs that treat documentation as an afterthought are the ones who face the most difficult bank conversations.
The Fintech Founder Side
In 2020, I started My Home Pathway, which became Dreamfund, a fintech focused on community-backed homeownership and down payment savings. I went from being the examiner to being the founder sitting across the table from the bank's BSA officer. The experience was instructive in ways that no amount of regulatory experience fully prepares you for.
What closed the deals was not the product pitch. It was showing up with documentation organized the way a compliance team expects to review it, being able to answer questions about our BSA/AML program without referring to a policy document, and demonstrating that the compliance function was real, not a set of PDFs assembled the week before the meeting. I closed 8 strategic partnerships, including ICE Mortgage Technology, TransUnion, and Chime Bank. I secured OCC regulatory collaboration on a responsible innovation initiative, which is a formal engagement with the Office of the Comptroller of the Currency that affirmed the approach as sound. That distinction carries weight in bank conversations because it signals the regulator has reviewed and engaged with the model, not just acknowledged it. I led the company through SOC 2 Type II certification, which required building security controls from scratch, engaging an independent auditor, and sustaining the control environment through the audit period. That is not a checkbox. It is 12 to 18 months of operational discipline. Having done it as a founder, I understand what the timeline actually looks like when you are also building a product and closing deals simultaneously.
Why CJ Advisory Exists
Fintech founders preparing for bank due diligence typically have two options. They can hire a law firm that understands the regulatory framework but does not know what a bank's BSA officer needs to see operationally. Or they can engage a Big 4 firm at $50,000 to $150,000 for an assessment that produces a findings report but not a functioning compliance program. Neither approach gets a pre-Series A fintech through a sponsor bank review efficiently. CJ Advisory delivers the program, organized and documented the way banks actually review it, at a price point that makes sense for a seed-stage company. The founder gets a practitioner who has supervised banks and built fintechs, not a generalist who has read the OCC examination manual.
Experience
Supervised and analyzed 30+ international banks across Ireland, Japan, the Netherlands, France, and the United Kingdom during the 2008 to 2011 financial crisis. Analyzed the $800 billion loan settlement market. Ranked the 10 largest US lenders by asset quality and underwriting compliance.
Settled $42 billion in loan transactions, 270+ right lead and 25+ left lead, within one year. Provided technical advisory to investment banking deal teams on loan structuring and compliance.
Enabled GE Capital's $75 billion bank spin-off via enterprise risk gap assessment. Conducted risk governance assessments for top-20 US financial institutions.
Built global model governance and board reporting framework from inception. Authored the annual Risk Control Self-Assessment and quarterly board committee control assessments.
Led SR 11-7 and SR 15-19 regulatory compliance for a $600 billion asset institution. Directed the annual CCAR compliance process.
Closed 8 strategic partnerships including ICE Mortgage Technology, TransUnion, and Chime Bank. Secured OCC regulatory collaboration on responsible innovation. Led SOC 2 Type II certification. Generated $70K revenue and raised seed capital while building the technology platform and compliance infrastructure.
Education and Fellowships
Work Together
Schedule a 30-minute discovery call to discuss your compliance priorities.
Book a Discovery CallNot legal advice. Clients requiring legal counsel are referred to qualified fintech attorneys.