DiGi Advisory

About DiGi Advisory

A senior-led advisory firm built for banks and credit unions that take governance and exam readiness seriously.

Founder profile

Headshot of Thomas DiGiovanni, Partner and Founder of DiGi Advisory

Thomas DiGiovanni

Partner and Founder

Twenty five plus years driving first and second line risk management, regulatory compliance, and governance transformations across global financial institutions. Operating depth across operational and technology risk, regulatory affairs, financial crimes, and enterprise risk programs, including RCSA, PRCSA, KRI and KPI design, and audit and exam remediation.

Senior leadership tenure at Credit Suisse as Global Head of Business Risk Management and Regulatory Change for Asset Management, Equiniti Trust Company as Chief Risk and Controls Officer for US Shareholder Services, and advisory roles at Bank of America, SunGard / FIS, and Deloitte. Recent advisory work has uplifted IT policy and governance for regional banks, including examiner-ready policy, programs, and standards documents informed by NIST CSF, NIST SP 800-53, ISO/IEC 27001, CIS Controls v8, FFIEC, and COBIT crosswalks.

Direct experience managing regulatory examinations and remediation before the Federal Reserve, the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the Swiss Financial Market Supervisory Authority (FINMA). Practitioner-level depth in 1st and 2nd Line of Defense governance and risk transformation, with a track record of senior partner ownership end to end on examiner-facing work product. MBA, Dowling College. BBA in Business Economics, Pace University.

Connect on LinkedIn

Firm philosophy

What an engagement with DiGi Advisory looks like

Four operating principles that shape every engagement, from scope through delivery.

Senior-level engagement, no junior handoffs

The same senior partner who scopes the work owns every deliverable end to end. There is no learning curve passed back to the client, and no late-stage handoff that resets the conversation.

AI-accelerated delivery built on decades of institutional knowledge

AI handles the mechanical work: parsing artifacts, mapping evidence, surfacing gaps. Twenty five years of regulatory and framework experience handles the consequential calls.

Fixed-fee models designed for predictability

Engagements are scoped and priced up front. Clients know what the engagement will cost and what they will receive before the work begins.

Domain expertise in 1st and 2nd Line of Defense

Governance and risk transformation across business and technology, calibrated to the supervisory authority that examines you and the frameworks your control environment is built on.

Regulatory and framework alignment

Calibrated to the supervisors and frameworks that govern your work

Engagements reference the supervisory authority and framework vocabulary your examiners, board, and second line already use.

Supervisory authorities

OCC

Office of the Comptroller of the Currency. Primary supervisor of national banks and federal savings associations.

FDIC

Federal Deposit Insurance Corporation. Supervisor of state non-member banks and deposit insurer for the system.

Federal Reserve

Board of Governors and Reserve Banks. Supervisor of state member banks and bank holding companies.

NCUA

National Credit Union Administration. Supervisor of federally chartered credit unions and the share insurance fund.

State Supervisory Authorities

State banking departments. Primary or co-supervisor of state-chartered institutions across the country.

Frameworks and standards

NIST Cybersecurity Framework

Risk-based approach to managing cybersecurity, widely referenced by examiners and the second line.

FFIEC

Examination handbooks and IT booklets that anchor exam expectations across the federal financial regulators.

COSO ERM

Enterprise risk management framework used to structure first and second line risk taxonomies and reporting.

Basel Committee

International standards on capital, liquidity, and operational resilience that shape supervisory expectations.

OCC Heightened Standards

Governance and risk management expectations applicable to large banks under OCC supervision.

ISO/IEC 27001 / 27002

International information security management standards used to structure cyber control environments.

CIS Controls v8

Prioritized set of cybersecurity controls, mapped to NIST and frequently used as a baseline by mid-sized institutions.

COBIT 2019

IT governance and management framework applied across technology risk and audit programs.

A 15-minute triage call to find the fastest path.

Start a Conversation