For risk & compliance professionals
Risk & compliance templates.
Built by someone who's used them.
Not recycled consulting decks. Not AI-generated policies. Frameworks built across 8+ years at commercial banks, fintechs, and BCG's Risk & Compliance practice — for the price of a team lunch.
Grounded in the guidance regulators actually cite. Ready to deploy.
Grounded in regulatory guidance
Not someone's old employer's templates with the logo swapped out. Built on SR 11-7, OCC bulletins, FFIEC standards, and state privacy laws — so you can defend what you're using.
Deploy in days, not months
You got hired to build a program, not spend 3 months formatting spreadsheets. Start with a defensible foundation and customize from there.
Better than what AI generates
ChatGPT can draft a policy — but can it tell you which regulatory guidance it's based on? These templates are built by a practitioner who's been through the exams.
Why this exists 💡
Every risk and compliance professional has done it: you join a new team, get asked to build a program from scratch, and end up calling a friend at your old company for their templates. Or a consultant brings in frameworks recycled from another client. The result? Documents that don't quite fit, questionable data privacy practices, and no confidence they'll hold up under regulatory scrutiny.
These templates are built on actual regulatory guidance — SR 11-7, OCC bulletins, FFIEC standards — so you're starting from a defensible foundation, not someone else's best guess.
More about me →Templates & Toolkits 🧰
From individual frameworks to comprehensive bundles — everything you need to build and run a risk program.
🎁 Free Resources
AI Risk Assessment Guide (Free)
A free introductory guide to AI risk assessment for financial services teams.
Issues Management Guide (Free)
A free introductory guide to building an effective issues management process.
Risk Register — Fintech Edition (Free)
141 pre-populated fintech risks across 21 categories. ISO 31000 structure. Ready to use in a week.
Threat Modeling for Agentic Payments (Free)
A 20,000-word whitepaper on threat modeling for AI-powered autonomous payment systems in financial services.
📄 Individual Templates
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
Issues Management Tracker & Template
End-to-end issues tracking and remediation management for risk and compliance teams.
KRI Library (132 Key Risk Indicators)
132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.
New Product Risk Assessment
Structured risk review process for new products, services, and business initiatives.
Financial Risk Management Kit
Credit risk, liquidity, concentration, and capital adequacy templates built for fintechs.
Loss Monitoring & Event Tracking Kit
Basel-aligned operational loss event tracking and root cause analysis for financial services.
RCSA (Risk & Control Self-Assessment)
141 pre-populated fintech risks with control assessments, questionnaire framework, and testing calendar.
Data Privacy Compliance Kit
Multi-state privacy compliance templates covering 19 state laws plus GLBA and CCPA.
Incident Response & Breach Notification Kit
Step-by-step incident response playbooks and breach notification templates for all 50 states.
Third-Party Risk Management (TPRM) Kit
Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.
Enterprise Risk Management Framework (ERMF)
Complete ERM documentation: risk appetite, 3 Lines of Defense, committee charter, and board reporting.
SOC 2 Compliance Checklist
151 controls mapped to AICPA Trust Services Criteria with evidence collection guidance.
Business Continuity & Disaster Recovery (BCP/DR) Kit
BCP and DR templates with BIA, recovery procedures, and a standalone tabletop exercise kit.
📦 Bundles
GRC Starter Kit
Everything a new compliance hire needs to build their first risk program — 6 products at 46% off.
Compliance Essentials
Multi-domain compliance coverage: data privacy, incident response, BCP/DR, and SOC 2 — 43% off.
Operational Risk Program
Build a complete ORM program: ERM framework, RCSA, loss monitoring, financial risk, and KRIs — 37% off.
Complete GRC Library
Every template in the library — all 14 products at 58% off individual prices.
8+
Years in risk & compliance
20+
Templates, toolkits & frameworks
50+
State laws & regulations covered
From the Journal ✍️
View all posts →Identifying & Prioritizing Contingent Funding Sources: A Practical Ranking Framework
Not all contingent funding sources are created equal. Here's how to rank your backup liquidity options by reliability, cost, and access speed — before you actually need them.
Apr 6, 2026
Business ContinuityISO 22301 Gap Analysis Template: Assess Your BCMS Maturity
ISO 22301 gap analysis maps where your BCMS falls short clause by clause. Use this template and scoring guide to assess maturity and prioritize before your certification audit.
Apr 6, 2026
Regulatory ComplianceCommon CFP Exam Findings: Top Deficiencies Regulators Flag (And How to Fix Them)
The OCC, FDIC, and Fed repeatedly flag the same CFP deficiencies across examination cycles. Here's exactly what they find, why SVB is the case study, and what remediation actually looks like.
Apr 5, 2026
Operational RiskHow to Build a Contingency Funding Plan: A Step-by-Step Framework for Financial Institutions
Learn how to create a robust contingency funding plan (CFP) for your financial institution with our step-by-step framework, covering regulatory requirements and best practices for liquidity risk management.
Apr 5, 2026
Business ContinuityISO 22301 Internal Audit Checklist: How to Prepare for Your BCMS Audit
ISO 22301 Clause 9.2 requires documented internal audits at planned intervals. Use this clause-by-clause checklist to find gaps before your external auditor does.
Apr 5, 2026
Operational RiskLiquidity Stress Testing for Your CFP: Scenarios, Assumptions & Methodology
Build a defensible CFP liquidity stress test: three required scenarios, assumption documentation, survival horizon metrics, and lessons from SVB's $18B 30-day deficit.
Apr 5, 2026
Immaterial Findings ✉️
Weekly newsletter
Sharp risk & compliance insights practitioners actually read. Enforcement actions, regulatory shifts, and practical frameworks — no fluff, no filler.
Join practitioners from banks, fintechs, and asset managers. Delivered weekly.