Skip to content
RiskTemplates · The Daily Brief Thursday, July 9, 2026
Wire CFPB's New Enforcement Principles: What the Bilt Case Tells You About How the Bureau Intends to Police Consumer Finance JUN 22

◆ For risk & compliance practitioners

Your next risk program starts here.

Risk and compliance frameworks and Excel templates built on SR 11-7, FFIEC, NIST AI RMF, and 20+ regulatory standards. Buy once, tailor to your program, deploy in days.

◆ Sign up for our newsletter — free weekly brief →

Grounded in

SR 11-7 · FFIEC IT Examination Handbook · NIST AI RMF · OCC 2021-7 · ISO 31000

Exhibit A · BCP/DR — Business Impact Analysis

Business Impact Analysis worksheet from the BCP/DR template — real Excel screenshot

★ Bestseller · KRI Library dashboard

KRI Library Excel dashboard with 132 key risk indicators — real template screenshot

Inside the kit

14 templates · 20+ regulatory standards · Excel-native

20+

US regulatory standards

SR 11-7 · FFIEC · NIST AI RMF · OCC · CFPB

2,300+

Pages of guidance

Across every paid and free template

500+

Downloads

Risk & compliance practitioners

495

Briefings

Enforcement, analysis, frameworks

— Why this exists —

Built by a practitioner, for practitioners.

Every risk professional has done it. You join a new team, get asked to build a program from scratch, and end up calling a friend at your old company for their templates.

So I started publishing the analysis I wish I'd had — enforcement breakdowns, regulatory deep dives — and building the templates on actual regulatory guidance. The intelligence keeps you informed. The templates let you act on it.

Rebecca Leung

Rebecca Leung

Editor & Founder · 8 years · Banks · Fintechs · BCG

◆ The Daily Brief

What we're tracking.

All news →

01 · Incident Response

AI-Powered BEC Stole $3 Billion in 2025: What Your Incident Response Playbook Is Missing

The FBI's 2025 IC3 report logged $3.046 billion in BEC losses—86% via wire or ACH—with AI now generating the emails, cloning the voices, and running the deepfakes. Most financial institution IR playbooks were written before this threat existed. Here's the gap analysis and what to add before the next one hits.

JUL 8 · Rebecca

02 · Data Privacy

Connecticut's CDPA Took Effect Last Tuesday: Financial Account Data Is Now Sensitive Data, the Threshold Dropped to 35,000, and There's No 60-Day Grace Period

Connecticut's expanded CDPA took effect July 1, 2026. It lowered the applicability threshold from 100,000 to 35,000 consumers, reclassified financial account information as sensitive data requiring consent before processing or sale, eliminated the guaranteed 60-day cure period, and stripped the entity-level GLBA exemption from fintechs and nonbank lenders. Here's what changed and what your program needs to address this week.

JUL 8 · Rebecca

03 · Operational Risk

1,155 Violations and $1.2 Billion in Restitution: What the FDIC's Spring 2026 Supervisory Highlights Say About Where Your Program Gets Tested

The FDIC's Spring 2026 Consumer Compliance Supervisory Highlights documented 1,155 violations from 2025 exams — with TILA/Reg Z alone accounting for 462, flood insurance violations generating $150 million in orders, and formal enforcement actions requiring $1.2 billion in restitution. Here's how to use the FDIC's own findings as a self-assessment checklist before your next examination.

JUL 8 · Rebecca

Immaterial Findings · Newsletter

The brief, in your inbox.

Enforcement of the week, a framework breakdown, and the prompts that are actually worth running. Delivered to your inbox. Free.