◆ For risk & compliance practitioners
Your next risk program starts here.
Risk and compliance frameworks and Excel templates built on SR 11-7, FFIEC, NIST AI RMF, and 20+ regulatory standards. Buy once, tailor to your program, deploy in days.
◆ Sign up for our newsletter — free weekly brief →Grounded in
SR 11-7 · FFIEC IT Examination Handbook · NIST AI RMF · OCC 2021-7 · ISO 31000
Exhibit A · BCP/DR — Business Impact Analysis
★ Bestseller · KRI Library dashboard
Inside the kit
14 templates · 20+ regulatory standards · Excel-native
20+
US regulatory standards
SR 11-7 · FFIEC · NIST AI RMF · OCC · CFPB
2,300+
Pages of guidance
Across every paid and free template
500+
Downloads
Risk & compliance practitioners
495
Briefings
Enforcement, analysis, frameworks
★ Bestsellers
Most popular picks.
The four most-downloaded templates this quarter. Real screenshots, real templates, ready to deploy.
#01 bestseller
KRI Library
132 Key Risk Indicators with thresholds, data sources, and escalation triggers.
#02 bestseller
New Product Risk Assessment
Pre-launch risk evaluation across compliance, operational, financial, and reputational lenses.
#03 bestseller
BCP/DR Kit (with BIA)
Full Business Continuity & Disaster Recovery kit including Business Impact Analysis.
#04 bestseller
Risk Register — Fintech Edition
141 pre-populated fintech risks across 21 categories. ISO 31000 structure.
◆ Ready to deploy
Templates & toolkits.
Built on real regulatory guidance — not someone's old employer's templates with the logo swapped out. Tailor in an afternoon.
Template
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
Template
Issues Management Tracker & Template
End-to-end issues tracking and remediation management for risk and compliance teams.
Template
Financial Risk Management Kit
Credit risk, liquidity, concentration, and capital adequacy templates built for fintechs.
Template
Loss Monitoring & Event Tracking Kit
Basel-aligned operational loss event tracking and root cause analysis for financial services.
Template
RCSA (Risk & Control Self-Assessment)
141 pre-populated fintech risks with control assessments, questionnaire framework, and testing calendar.
Template
Data Privacy Compliance Kit
Multi-state privacy compliance templates covering 19 state laws plus GLBA and CCPA.
21 templates · 4 bundles · $49–$499
See all templates →★ Free · Delivered to your inbox
Start with the free frameworks.
Working introductory guides — read, evaluate, decide whether the full template is worth your money.
★ Free
AI Risk Assessment Guide
A free introductory guide to AI risk assessment for financial services teams.
Download →
★ Free
Issues Management Guide
A free introductory guide to building an effective issues management process.
Download →
★ Free
Risk Register — Fintech Edition
141 pre-populated fintech risks across 21 categories. ISO 31000 structure. Ready to use in a week.
Download →
★ Free
Threat Modeling for Agentic Payments
A 20,000-word whitepaper on threat modeling for AI-powered autonomous payment systems in financial services.
Download →
— Why this exists —
Built by a practitioner, for practitioners.
Every risk professional has done it. You join a new team, get asked to build a program from scratch, and end up calling a friend at your old company for their templates.
So I started publishing the analysis I wish I'd had — enforcement breakdowns, regulatory deep dives — and building the templates on actual regulatory guidance. The intelligence keeps you informed. The templates let you act on it.
Rebecca Leung
Editor & Founder · 8 years · Banks · Fintechs · BCG
◆ The Daily Brief
What we're tracking.
01 · Incident Response
AI-Powered BEC Stole $3 Billion in 2025: What Your Incident Response Playbook Is Missing
The FBI's 2025 IC3 report logged $3.046 billion in BEC losses—86% via wire or ACH—with AI now generating the emails, cloning the voices, and running the deepfakes. Most financial institution IR playbooks were written before this threat existed. Here's the gap analysis and what to add before the next one hits.
JUL 8 · Rebecca
02 · Data Privacy
Connecticut's CDPA Took Effect Last Tuesday: Financial Account Data Is Now Sensitive Data, the Threshold Dropped to 35,000, and There's No 60-Day Grace Period
Connecticut's expanded CDPA took effect July 1, 2026. It lowered the applicability threshold from 100,000 to 35,000 consumers, reclassified financial account information as sensitive data requiring consent before processing or sale, eliminated the guaranteed 60-day cure period, and stripped the entity-level GLBA exemption from fintechs and nonbank lenders. Here's what changed and what your program needs to address this week.
JUL 8 · Rebecca
03 · Operational Risk
1,155 Violations and $1.2 Billion in Restitution: What the FDIC's Spring 2026 Supervisory Highlights Say About Where Your Program Gets Tested
The FDIC's Spring 2026 Consumer Compliance Supervisory Highlights documented 1,155 violations from 2025 exams — with TILA/Reg Z alone accounting for 462, flood insurance violations generating $150 million in orders, and formal enforcement actions requiring $1.2 billion in restitution. Here's how to use the FDIC's own findings as a self-assessment checklist before your next examination.
JUL 8 · Rebecca