Skip to content
RiskTemplates · The Daily Brief Thursday, July 9, 2026
Wire CFPB's New Enforcement Principles: What the Bilt Case Tells You About How the Bureau Intends to Police Consumer Finance JUN 22

Topic Operational Risk

The operational risk program, built one template at a time.

ERMF, RCSA, KRIs, issues management, loss tracking, third-party risk — the operational risk stack practitioners actually use. Aligned with COSO ERM, ISO 31000, FFIEC IT, and FRB SR 21-3.

◆ COSO ERM · ISO 31000 · FFIEC IT · FRB SR 21-3 · Basel

◆ What you'll find here

The core risk program — without the consulting markup.

◆ 01

ERMF, RCSA, KRIs

The three core building blocks of every operational risk program. Inventory the risks, self-assess the controls, monitor the indicators. Mapped to COSO ERM and FRB SR 21-3.

◆ 02

Issues & loss tracking

Track MRAs, audit findings, and operational losses with severity scoring, owners, and remediation timelines. Built for teams that need to show progress to regulators and bank partners.

◆ 03

Third-party & vendor risk

TPRM intake, due diligence, ongoing monitoring, and the evidence regulators expect when a critical vendor goes down. Aligned with FFIEC and OCC third-party guidance.

◆ Operational risk templates

Tools for the operational risk team.

Excel-native templates with editable workbooks and PDF guides. Buy once, tailor to your program, deploy in days.

Template
$79

Enterprise Risk Management Framework (ERMF)

Complete ERM documentation: risk appetite, 3 Lines of Defense, committee charter, and board reporting.

Template
$69

RCSA (Risk & Control Self-Assessment)

141 pre-populated fintech risks with control assessments, questionnaire framework, and testing calendar.

Template
$49

KRI Library (132 Key Risk Indicators)

132 KRIs with thresholds, data sources, and escalation triggers pre-built for financial services.

Template
$49

Issues Management Tracker & Template

End-to-end issues tracking and remediation management for risk and compliance teams.

Template
$59

Loss Monitoring & Event Tracking Kit

Basel-aligned operational loss event tracking and root cause analysis for financial services.

Template
$59

Financial Risk Management Kit

Credit risk, liquidity, concentration, and capital adequacy templates built for fintechs.

Template
$79

Contingency Funding Plan — Banks

Examiner-ready contingency funding plan for chartered banks built to the 2023 Interagency Addendum.

Template
$79

Contingency Funding Plan — Fintechs

Contingency funding plan for sponsor-bank fintechs — FBO reconciliation, runway-based triggers, post-Synapse stress scenarios.

Template
$69

Third-Party Risk Management (TPRM) Kit

Complete vendor risk management lifecycle from initial due diligence to ongoing oversight.

Template
$79

Fintech Customer AUP Kit

Acceptable Use Policy framework for fintech compliance teams evaluating high-risk customers and merchants.

159+

Operational risk articles

10

Templates · Excel + PDF

US

COSO · ISO 31000 · FFIEC · Basel

◆ Latest analysis

From the journal.

Operational Risk

1,155 Violations and $1.2 Billion in Restitution: What the FDIC's Spring 2026 Supervisory Highlights Say About Where Your Program Gets Tested

The FDIC's Spring 2026 Consumer Compliance Supervisory Highlights documented 1,155 violations from 2025 exams — with TILA/Reg Z alone accounting for 462, flood insurance violations generating $150 million in orders, and formal enforcement actions requiring $1.2 billion in restitution. Here's how to use the FDIC's own findings as a self-assessment checklist before your next examination.

· 12 min read

Compliance Strategy

FinCEN's June 2026 Update Turns Section 314(b) Into a Real-Time Fraud-Fighting Tool

FinCEN's June 12, 2026 guidance expanded the Section 314(b) safe harbor to explicitly cover fraud—wire fraud, bank fraud, mail fraud, computer fraud—without requiring an institution to connect the activity to money laundering first. Here's what changed, why it matters for BSA programs, and what enrollment and real-time sharing actually look like in practice.

· 12 min read

Third-Party Risk

The Marquis Software Breach: What 80 Banks and Credit Unions Need to Learn About Vendor Concentration Risk

In August 2025, Akira ransomware hit Marquis Software Solutions through an unpatched SonicWall firewall. By the time breach notifications went out—over two months later—80 banks and credit unions had been exposed, 824,000 consumers' data was compromised, and a ransom had reportedly been paid. Here's what your third-party risk program should take from it.

· 9 min read

Operational Risk

What the OCC's CFSB Consent Order Says About BSA/AML Risk in Fintech Payment Partnerships

On May 21, 2026, the OCC released a consent order against Community Federal Savings Bank—sponsor bank for Wise and Crypto.com—for BSA/AML failures tied directly to rapid payment processing growth. The core problem wasn't the fintech partners. It was that alert tuning, CDD, and staffing never scaled with transaction volume. Here's the operational risk lesson for every institution growing through fintech relationships.

· 10 min read

Compliance Strategy

OCC's 2026 Exam Rightsizing: What Community Banks Should Stop Doing—and What Still Gets You Written Up

Effective January 1, 2026, OCC Bulletin 2025-24 eliminated mandatory examination activities that aren't required by law for community banks. That means fair lending risk assessments and flood insurance transaction testing are no longer mandatory every exam cycle. Here's what actually changed, what didn't, and where compliance teams are misreading this shift.

· 9 min read

Operational Risk

The 2026 CRE Loan Maturity Wall: How Community Banks Should Stress-Test Their Commercial Real Estate Portfolios Right Now

More than $1.5 trillion in commercial real estate loans mature in 2026. Roughly 31% of all U.S. banks are CRE-concentrated. Here's the stress-testing methodology community banks need — before examiners ask for it.

· 9 min read

Immaterial Findings · Newsletter

The brief, in your inbox.

Enforcement of the week, a framework breakdown, and the prompts that are actually worth running. Delivered to your inbox. Free.