Topic Operational Risk
The operational risk program, built one template at a time.
ERMF, RCSA, KRIs, issues management, loss tracking, third-party risk — the operational risk stack practitioners actually use. Aligned with COSO ERM, ISO 31000, FFIEC IT, and FRB SR 21-3.
◆ COSO ERM · ISO 31000 · FFIEC IT · FRB SR 21-3 · Basel
◆ What you'll find here
The core risk program — without the consulting markup.
◆ 01
ERMF, RCSA, KRIs
The three core building blocks of every operational risk program. Inventory the risks, self-assess the controls, monitor the indicators. Mapped to COSO ERM and FRB SR 21-3.
◆ 02
Issues & loss tracking
Track MRAs, audit findings, and operational losses with severity scoring, owners, and remediation timelines. Built for teams that need to show progress to regulators and bank partners.
◆ 03
Third-party & vendor risk
TPRM intake, due diligence, ongoing monitoring, and the evidence regulators expect when a critical vendor goes down. Aligned with FFIEC and OCC third-party guidance.
◆ Operational risk templates
Tools for the operational risk team.
Excel-native templates with editable workbooks and PDF guides. Buy once, tailor to your program, deploy in days.
Enterprise Risk Management Framework (ERMF)
Complete ERM documentation: risk appetite, 3 Lines of Defense, committee charter, and board reporting.
RCSA (Risk & Control Self-Assessment)
141 pre-populated fintech risks with control assessments, questionnaire framework, and testing calendar.
KRI Library (132 Key Risk Indicators)
132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.
Issues Management Tracker & Template
End-to-end issues tracking and remediation management for risk and compliance teams.
Loss Monitoring & Event Tracking Kit
Basel-aligned operational loss event tracking and root cause analysis for financial services.
Financial Risk Management Kit
Credit risk, liquidity, concentration, and capital adequacy templates built for fintechs.
Contingency Funding Plan — Banks
Examiner-ready contingency funding plan for chartered banks built to the 2023 Interagency Addendum.
Contingency Funding Plan — Fintechs
Contingency funding plan for sponsor-bank fintechs — FBO reconciliation, runway-based triggers, post-Synapse stress scenarios.
Third-Party Risk Management (TPRM) Kit
Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.
Fintech Customer AUP Kit
Acceptable Use Policy framework for fintech compliance teams evaluating high-risk customers and merchants.
159+
Operational risk articles
10
Templates · Excel + PDF
US
COSO · ISO 31000 · FFIEC · Basel
◆ Latest analysis
From the journal.
Operational Risk
1,155 Violations and $1.2 Billion in Restitution: What the FDIC's Spring 2026 Supervisory Highlights Say About Where Your Program Gets Tested
The FDIC's Spring 2026 Consumer Compliance Supervisory Highlights documented 1,155 violations from 2025 exams — with TILA/Reg Z alone accounting for 462, flood insurance violations generating $150 million in orders, and formal enforcement actions requiring $1.2 billion in restitution. Here's how to use the FDIC's own findings as a self-assessment checklist before your next examination.
Compliance Strategy
FinCEN's June 2026 Update Turns Section 314(b) Into a Real-Time Fraud-Fighting Tool
FinCEN's June 12, 2026 guidance expanded the Section 314(b) safe harbor to explicitly cover fraud—wire fraud, bank fraud, mail fraud, computer fraud—without requiring an institution to connect the activity to money laundering first. Here's what changed, why it matters for BSA programs, and what enrollment and real-time sharing actually look like in practice.
Third-Party Risk
The Marquis Software Breach: What 80 Banks and Credit Unions Need to Learn About Vendor Concentration Risk
In August 2025, Akira ransomware hit Marquis Software Solutions through an unpatched SonicWall firewall. By the time breach notifications went out—over two months later—80 banks and credit unions had been exposed, 824,000 consumers' data was compromised, and a ransom had reportedly been paid. Here's what your third-party risk program should take from it.
Operational Risk
What the OCC's CFSB Consent Order Says About BSA/AML Risk in Fintech Payment Partnerships
On May 21, 2026, the OCC released a consent order against Community Federal Savings Bank—sponsor bank for Wise and Crypto.com—for BSA/AML failures tied directly to rapid payment processing growth. The core problem wasn't the fintech partners. It was that alert tuning, CDD, and staffing never scaled with transaction volume. Here's the operational risk lesson for every institution growing through fintech relationships.
Compliance Strategy
OCC's 2026 Exam Rightsizing: What Community Banks Should Stop Doing—and What Still Gets You Written Up
Effective January 1, 2026, OCC Bulletin 2025-24 eliminated mandatory examination activities that aren't required by law for community banks. That means fair lending risk assessments and flood insurance transaction testing are no longer mandatory every exam cycle. Here's what actually changed, what didn't, and where compliance teams are misreading this shift.
Operational Risk
The 2026 CRE Loan Maturity Wall: How Community Banks Should Stress-Test Their Commercial Real Estate Portfolios Right Now
More than $1.5 trillion in commercial real estate loans mature in 2026. Roughly 31% of all U.S. banks are CRE-concentrated. Here's the stress-testing methodology community banks need — before examiners ask for it.