For risk & compliance practitioners
Your next risk program starts here.
Excel frameworks grounded in SR 11-7, FFIEC, NIST AI RMF, and 20+ regulatory standards. Buy once, tailor to your program, deploy in days.
20+
Ready-to-deploy templates
$49–$79
Individual templates
20+
Regulatory standards covered
500+
Downloads
What makes these different
Grounded in regulatory guidance
Not someone's old employer's templates with the logo swapped out. Built on SR 11-7, FFIEC, OCC bulletins, and NIST AI RMF.
Deploy in days, not months
Fully editable Excel templates with pre-populated risk taxonomies, scoring models, and dashboards. Populate in an afternoon.
Price of a team lunch
Individual templates from $49. Bundles from $199. No subscriptions, no license restrictions. Buy once, use forever.
The 2025–2026 Risk & Compliance Landscape
Free Resources
Start here — frameworks and guides to get you going, no email required.
AI Risk Assessment Guide (Free)
A free introductory guide to AI risk assessment for financial services teams.
Issues Management Guide (Free)
A free introductory guide to building an effective issues management process.
Risk Register — Fintech Edition (Free)
141 pre-populated fintech risks across 21 categories. ISO 31000 structure. Ready to use in a week.
Threat Modeling for Agentic Payments (Free)
A 20,000-word whitepaper on threat modeling for AI-powered autonomous payment systems in financial services.
Need the full framework?
Templates & Toolkits
Reading about an enforcement action is step one. Having the right framework in place before the next exam is what actually matters.
Individual Templates
AI Risk Assessment Template & Guide
Comprehensive AI model governance and risk assessment templates for financial services teams.
Issues Management Tracker & Template
End-to-end issues tracking and remediation management for risk and compliance teams.
KRI Library (132 Key Risk Indicators)
132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.
New Product Risk Assessment
Structured risk review process for new products, services, and business initiatives.
Financial Risk Management Kit
Credit risk, liquidity, concentration, and capital adequacy templates built for fintechs.
Loss Monitoring & Event Tracking Kit
Basel-aligned operational loss event tracking and root cause analysis for financial services.
RCSA (Risk & Control Self-Assessment)
141 pre-populated fintech risks with control assessments, questionnaire framework, and testing calendar.
Data Privacy Compliance Kit
Multi-state privacy compliance templates covering 19 state laws plus GLBA and CCPA.
Incident Response & Breach Notification Kit
Step-by-step incident response playbooks and breach notification templates for all 50 states.
Third-Party Risk Management (TPRM) Kit
Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.
Enterprise Risk Management Framework (ERMF)
Complete ERM documentation: risk appetite, 3 Lines of Defense, committee charter, and board reporting.
SOC 2 Compliance Checklist
151 controls mapped to AICPA Trust Services Criteria with evidence collection guidance.
Business Continuity & Disaster Recovery (BCP/DR) Kit
BCP and DR templates with BIA, recovery procedures, and a standalone tabletop exercise kit.
Bundles
GRC Starter Kit
Everything a new compliance hire needs to build their first risk program — 6 products at 46% off.
Compliance Essentials
Multi-domain compliance coverage: data privacy, incident response, BCP/DR, and SOC 2 — 43% off.
Operational Risk Program
Build a complete ORM program: ERM framework, RCSA, loss monitoring, financial risk, and KRIs — 37% off.
Complete GRC Library
Every template in the library — all 14 products at 58% off individual prices.
What We're Tracking
SEC enforcement, DOJ settlements, AI regulation, and the frameworks that matter — updated daily.
College Student Stole $7M from Investors. The SEC's Case Against Krish Kumar Has Lessons for Every Investment Adviser.
SEC charged Tulsa college student Krish Kumar with misappropriating nearly $7M from two investment funds. Here's what compliance officers at investment advisers need to know.
Mar 28, 2026
Regulatory ComplianceDOJ Hits Atlanta Urology Practice With $14 Million False Claims Act Settlement — What Compliance Teams Should Learn
Advanced Urology and Dr. Jitesh Patel will pay $14M to settle DOJ allegations of fraudulent billing and unnecessary procedures. Key compliance takeaways inside.
Apr 2, 2026
Regulatory ComplianceA.G. Morgan Financial Advisors Fraud: Vincent Camarda Pleads Guilty to $160M Investment Adviser Scheme
Vincent Camarda of A.G. Morgan Financial Advisors pleads guilty to defrauding 400+ clients of $160M. What compliance professionals need to know about this investment adviser fraud case.
Apr 2, 2026
Regulatory ComplianceSEC Charges Jon Fullenkamp and Scott Sand in $2.6 Million Penny Stock Fraud Scheme
The SEC filed fraud charges against Jon Fullenkamp and Scott Sand for misappropriating millions through sham agreements and fraudulent preferred share issuances at two penny stock companies.
Mar 31, 2026
Regulatory ComplianceState AI Laws Tracker 2026: Every US AI Regulation You Need to Know
45 states have introduced 1,561 AI bills in 2026 — already surpassing 2024's full-year total. Colorado, Texas, and California are the three to watch. Every enacted state AI law, organized by what your compliance team actually needs to do.
Apr 2, 2026
AI RiskAI Model Inventory Template: Fields Examiners Ask For First
Build an AI model inventory with ownership, use case, data, decision role, risk tier, vendor source, controls, monitoring, and review evidence.
Mar 26, 2026
Regulatory ComplianceContingency Funding Plan Evidence Binder: What to Keep Before the Examiner Asks
Examiners don't just read your CFP — they ask for evidence that it works. Here's the complete list of documentation, test records, and artifacts that belong in a CFP evidence binder, organized by funding source and review cycle.
May 15, 2026
Operational RiskFunding Sources Aren't Real Until Tested: How to Prove Your Contingency Funding Plan Works
Most CFPs list contingent funding sources without proving they're accessible. Here's how to run fund-flow tests, build an evidence file, and show regulators that your liquidity plan actually works when it needs to.
May 15, 2026
Compliance StrategyWho Should Own the Contingency Funding Plan? Treasury, Finance, Risk, and the Review-and-Challenge Model
Practical guide to CFP ownership: who drafts, who challenges, who approves. Three-lines-of-defense roles, board oversight, and what examiners expect after SR 10-6 and the 2023 addendum.
May 15, 2026
Operational RiskKRI Thresholds: How to Stop Your Dashboard From Creating False Greens and False Reds
Set KRI thresholds that actually warn before risk materializes. Calibration methods, the 60-day parallel run, and how to fix dashboards stuck in alert fatigue or perpetual green.
May 15, 2026
Regulatory ComplianceSEC's Final Judgment Against Black Hawk's Robert Newell: How a $37M Cannabis Fund Became a Ponzi Case Study
Robert Newell raised $37M for cannabis funds and used investor money to pay earlier investors. Here's the May 2026 SEC judgment and what private-fund advisers should learn from it.
May 15, 2026
Third-Party RiskCritical Vendor Exit Planning: How to Build a Wind-Down Strategy Before You Need One
A practitioner's guide to building vendor exit strategies that satisfy OCC, FDIC, and Federal Reserve examiners — with lessons from the Synapse collapse and the six components every exit plan must cover.
May 14, 2026
Regulatory ComplianceSEC Adani $18M Settlement: When Anti-Bribery Disclosures Become Securities Fraud
SEC settles Adani Green bond offering case for $18M, charging Gautam and Sagar Adani with materially false anti-bribery statements to US investors.
May 14, 2026
Regulatory ComplianceSEC and DOJ Charge 21 in BigLaw M&A Insider Trading Ring — What the Document Management Trail Tells You
The SEC's May 6 complaint against 21 defendants tied to a decade-long Big Law M&A insider trading scheme is a master class in supervision failure. Here is what compliance functions should pull from the document-access trail.
May 13, 2026
Regulatory ComplianceOCC Consent Orders: From Issuance to Termination — A Practitioner's Walkthrough
What an OCC consent order actually is, how it differs from a Formal Agreement, what the articles require, and what it takes to get out — with Wells Fargo as the documented case study.
May 12, 2026
Regulatory ComplianceSEC Charges Reign Financial and Berone Capital in $26M Prime Bank Scheme: The Due Diligence Failures Every Adviser Should Audit
SEC's $26M Reign Financial fraud case shows what happens when 'due diligence' is just a Google search. Control gaps, red flags, and what advisers should fix this week.
May 12, 2026
Regulatory ComplianceParmar's $212M Constellation Healthcare Sentencing: Take-Private Fraud Lessons for Risk and Compliance
Former Constellation Healthcare CEO Parmjit Parmar got 5 years and $125M restitution for a $212M securities fraud built on fake subsidiaries. Here's what risk teams should rebuild this week.
May 10, 2026
AI RiskEU AI Act Digital Omnibus: What the December 2027 Deadline Deferral Means for Financial Services AI Teams
The EU AI Act's Digital Omnibus deal, reached May 7, 2026, defers Annex III high-risk AI obligations from August 2, 2026 to December 2, 2027. Here's what changed, what didn't, and how financial services AI teams should use the extra 16 months.
May 14, 2026
AI RiskEU AI Act Article 5 Prohibited AI Systems: The Compliance Checklist Financial Institutions Can't Ignore
Article 5 prohibitions have been in force since February 2025 and the enforcement regime launched August 2025. Here's what financial institutions must audit, stop doing, and document — with the credit scoring carve-out explained.
May 12, 2026
AI RiskEU AI Act High-Risk AI in Financial Services: What Banks and Fintechs Must Document by August 2, 2026
Annex III of the EU AI Act covers credit scoring, insurance pricing, and financial standing assessment. Here's what the seven compliance obligations actually require — and who they apply to.
May 10, 2026
AI RiskAI Red Teaming Techniques: How to Stress-Test LLMs Before Deployment
A practitioner's playbook for AI red teaming in financial services. Covers the five attack categories regulators care about, how to structure an exercise, what scoring looks like, and how to document results for examiners.
May 6, 2026
AI RiskDisparate Impact Testing Techniques: Statistical Methods Examiners Actually Accept
The four statistical methods used in fair lending disparate impact testing — adverse impact ratio, regression analysis, Fisher's exact test, and BISG proxy methodology — and how to document them for exam readiness even after the federal regulatory shift.
May 5, 2026
AI RiskAI Risk Assessment Template: Pre-Deployment Checklist for Financial Services
A pre-deployment AI risk assessment for banks and fintechs — model inventory, tiering, scorecard, and the controls examiners ask about under SR 26-02 and FS AI RMF.
May 4, 2026
Business ContinuityCrisis Communication Plan: The BCP Component Most Financial Institutions Treat as an Afterthought
Your BCP has 60 pages on recovery procedures and three paragraphs on communication. Here's what regulators actually test, the four audience streams every plan needs, and the pre-approved templates to build before the crisis hits.
May 12, 2026
Business Continuity50 Essential Questions for Your Business Impact Analysis (BIA) Questionnaire
Master your BIA with our comprehensive 50-question template, designed to identify critical business functions, RTOs, RPOs, and ensure robust business continuity planning. Download free template.
May 10, 2026
Business ContinuityBusiness Impact Analysis (BIA) Questionnaire Template: 50 Essential Questions
Master business continuity with our BIA questionnaire template. Identify critical functions, assess impacts, and set recovery objectives with 50 essential questions.
May 6, 2026
Business ContinuityTabletop Exercise Facilitation Techniques: How to Run Drills That Actually Surface Gaps
The facilitation mechanics that separate tabletop exercises that find real gaps from ones that generate paperwork. Role structure, inject design, hot wash technique, and the common mistakes that turn a good scenario into a wasted afternoon.
May 5, 2026
Business ContinuityOperational Resilience vs. BIA: The Regulatory Shift from RTOs to Impact Tolerances
Traditional BIA produces RTOs. Operational resilience requires impact tolerances. They're different questions with different methodology — here's how to update your BIA process.
Apr 17, 2026
Business ContinuityThird-Party Dependencies in BIA: How Deep Should You Go?
When mapping third-party dependencies in your BIA, one tier isn't enough for critical functions. Here's how to scope the analysis — and where going deeper actually matters.
Apr 15, 2026
Why this exists
Every risk and compliance professional has done it: you join a new team, get asked to build a program from scratch, and end up calling a friend at your old company for their templates. Or a consultant brings in frameworks recycled from another client. The result? Documents that don't quite fit and no confidence they'll hold up under regulatory scrutiny.
So I started publishing the analysis I wish I'd had — enforcement breakdowns, regulatory deep dives, practical frameworks — and building the templates on actual regulatory guidance. The intelligence keeps you informed. The templates let you act on it.
Immaterial Findings ✉️
Weekly newsletter
Sharp risk & compliance insights practitioners actually read. Enforcement actions, regulatory shifts, and practical frameworks — no fluff, no filler.
Join practitioners from banks, fintechs, and asset managers. Delivered weekly.