banking-risk-compliance

Produces the bank-side principal-supervisory partnership pack on a US bank-fintech relationship. Carries six named sections (service description and risk classification; risk-based diligence summary; contract gaps; customer-facing controls under Reg O / Reg W / Reg E / Reg DD; termination and wind-down readiness; recommended owner actions) plus a Reg O / Reg W / Reg E / Reg DD applicability summary the bank attests to. Audience is the partnership owner, the chief risk officer, the chief compliance officer, the BSA officer, the head of vendor management, the head of deposit operations, the general counsel, and the OCC / FRB / FDIC supervisory team that examines the relationship as a bank service-provider arrangement. Best for: - A national bank, state-member bank, state non-member bank, or federal savings association is onboarding a fintech relationship (BaaS sponsor program, embedded-lending partner, deposit-program partner, fraud / KYC service partner, payments-processor) and second-line needs the partnership pack before commitment, contract execution, or production launch. - A bank is refreshing an existing fintech partnership ahead of an OCC, FRB, or FDIC examination cycle and needs to surface contract, control, and customer-protection gaps. - A bank is responding to an MRA, MRIA, supervisory letter, or consent-order article targeting fintech-partnership oversight (BSA / AML, Reg E division of responsibility, Reg DD advertising, third-party risk, BaaS-specific controls, FBO-account governance) and needs the artifact that demonstrates remediation. - A covered bank under 12 CFR Part 30 Appendix D is integrating a fintech relationship into its risk-governance framework and needs the partnership pack the board independent risk committee will probe. Not the right tool when: - The reviewer is the fintech, not the bank. Use `payments-fintech-compliance/skills/fintech-partner-controls`; that skill produces the fintech-side artifact (bank-program controls, Reg E disclosures the fintech ships, complaint routing) that this pack consumes as an input. - The work is generic vendor diligence on any third party. Use `third-party-operational-resilience/skills/vendor-diligence` with the banking sector overlay; that skill is regulator-agnostic at its core and does not invoke §1867(c), the Reg O insider screen on fintech principals, or the FBO-account governance lens. - The work is exit-plan testing for a critical fintech relationship. Use `third-party-operational-resilience/skills/exit-plan` with the banking sector overlay. - The work is the AML risk assessment for the sponsor-bank program at the program level. Use `financial-crime-governance/skills/aml-risk-assessment` (when present) or `edd-escalation-pack` for individual high-risk relationships. - The work is the bank's full supervision-readiness preparation for an examination cycle. Use `banking-supervision-readiness`; this skill feeds the third-party-risk topical readiness slice in that pack.

Produces the substantive supervision-readiness pack a US bank or bank holding company hands the OCC, FRB, or FDIC examiner-in-charge at the entry meeting and carries through the cycle. Organises preparation around the CAMELS components (or the BHC rated components for a holding-company cycle), the examiner-letter response posture (MRA, MRIA, supervisory recommendation, consent-order article), the MRA / MRIA closure cross-walk with sustained-operation evidence, the Heightened Standards readiness view for covered banks, and the topical examiner-readiness slices (BSA / AML, IT, fair lending, third-party risk) that the cycle scope brings into play. Audience is the head of supervisory affairs, the chief compliance officer, the chief risk officer, the BSA officer, and the examination coordinator. Best for: - A national bank, state-member bank, state non-member bank, or federal savings association is preparing for an OCC, FRB, or FDIC full-scope safety-and-soundness examination and needs the entry-meeting pack with CAMELS-component preparation, evidence inventory, and named-role owners. - A bank holding company is preparing for an FRB BHC supervisory cycle under SR 12-17 (and successors) and needs the BHC rated-component readiness view, consolidated supervision narrative, and risk-governance evidence. - A bank carrying a consent order, a written agreement, an MRIA cluster, or a series of MRAs is building the quarterly remediation update and needs the closure cross-walk plus the sustained-operation evidence package per article. - A covered bank under 12 CFR Part 30 Appendix D (Heightened Standards, $50B+ avg total consolidated assets) is preparing the risk-governance-framework attestation and the board independent-risk-committee evidence ahead of an OCC supervisory engagement. - A bank facing a topical examination (BSA / AML under FFIEC manual, IT under FFIEC IT Handbook, consumer compliance, CRA, fair lending, third-party risk under June 2023 interagency guidance) needs the topical readiness slice that bolts on to the CAMELS spine. - A bank approaching the $50B Heightened Standards threshold needs the forward-looking readiness section examiners will probe in advance of the trigger. Not the right tool when: - The work is the engagement-side scaffolding (entry-meeting choreography, document-handling, privilege posture, request-list mapping, interview-prep) for any FS exam. Use `regulatory-change-management/skills/exam-brief`; this skill chains with that skill, it does not duplicate it. - The work is a single MRA / MRIA write-up artifact for one finding. Use `risk-compliance-core/skills/issue-writeup`; this skill consumes those artifacts and bundles them into the cross-walk. - The work is impact assessment of a newly-published rule. Use `regulatory-change-management/skills/regulatory-impact-assessment`. - The work is a non-bank exam (SEC investment adviser, FINRA broker-dealer, NAIC market-conduct, CFPB non-bank). Use the matching sector-plugin readiness skill or the generic `exam-brief`. - The work is an internal-audit readiness or compliance-testing pack. Use the compliance-testing artifacts; supervision-readiness is built for the regulator handoff, not the internal review cycle.

Produces the second-line credit risk governance review pack a US bank's chief credit officer or chief risk officer carries to the credit risk committee or hands the OCC, FRB, or FDIC examiner reviewing credit administration. Organises the artifact around credit policy alignment, underwriting framework, risk-rating discipline, concentration governance, allowance methodology oversight (ACL / CECL), Reg O and Reg W applicability for insider and affiliated credit, second-line challenge of first-line lending decisions, and (for covered banks) the Heightened Standards posture for credit risk. Audience is the chief credit officer, chief risk officer, head of credit risk review, ALLL / ACL governance committee, audit committee, and examiner-in-charge for a credit-administration scope cycle. Best for: - A national bank, state-member bank, state non-member bank, or federal savings association is refreshing its credit policy or credit risk-rating framework and second-line needs to challenge the first-line proposal against the public credit-administration expectations. - A bank is preparing for a credit-administration examination (OCC asset-quality scope, FDIC asset-quality and management scope, FRB BHC consolidated supervision) and needs the credit-governance evidence pack as a topical readiness slice. - A bank is responding to an MRA on credit risk-rating discipline, ALLL / CECL methodology, concentration management, or insider-lending governance and needs the second-line review artifact behind the response. - A bank is reviewing affiliated-credit or insider-credit transactions for Reg O or Reg W posture before a transaction lands or as part of a quarterly Reg O reporting cycle. - A bank's credit portfolio has crossed the 100% / 300% interagency CRE concentration screen and the credit risk committee has commissioned a second-line review of the proposed concentration governance refresh. Not the right tool when: - The work is fair-lending or ECOA review on consumer or small-business credit. Use the consumer-compliance fair-lending skills; this skill covers the safety-and-soundness lens, not the fair-lending lens (the two reviews are complementary but not the same artifact). - The work is model-risk validation of a credit scorecard or PD / LGD / EAD model. Use `ai-governance-model-risk/skills/validation-plan` (or `model-card-builder` for documentation); this skill covers second-line oversight of model use within the credit framework, not the validation itself. - The work is the BSA / AML aspect of customer due diligence on a borrower. Use the financial-crime-governance skills. - The work is broader than credit (enterprise risk-appetite review, the full CAMELS readiness pack, the full BHC supervisory cycle). Use `risk-reporting/skills/risk-committee-pack` or `banking-supervision-readiness`. - The work is a single MRA or MRIA write-up on one credit finding. Use `risk-compliance-core/skills/issue-writeup`; this skill bundles issues into the governance artifact, not the per-issue write-up.

Drafts the second-line deposit-operations control matrix for a US bank: account opening and CIP, beneficial-ownership collection at deposit channels, account-opening and advertising disclosures, EFT and ATM controls under the consumer-EFT regime, funds-availability holds and exception-hold notification, NSF and overdraft fee disclosure under the truth-in-savings regime, garnishments and levies, escheatment and dormant-account governance, deposit-insurance coverage representation under the federal misrepresentation rule, FBO-account ledgering and pass-through deposit-insurance recordkeeping for sponsor-bank fintech programs, exception handling, access controls, and evidence retention. Audience is the deposit-operations director, the bank's compliance officer, the BSA officer, internal audit, and the federal banking examiner reading the matrix line-by-line. Best for: - A bank standing up or refreshing the deposit-operations control framework after a process change, a system migration, an internal-audit finding, or an examiner finding. - A bank's deposit-operations team preparing for a federal-banking compliance examination touching consumer-EFT, truth-in-savings, funds-availability, or CIP and beneficial-ownership scope. - A bank integrating a new sponsor-bank fintech-program FBO account flow and needing the deposit-operations control overlay specific to ledgering, end-user reconciliation, and pass-through deposit-insurance recordkeeping. - A bank responding to a finding on dispute-timing failure, NSF or overdraft fee disclosure, hold-policy disclosure, or deposit-insurance representation on consumer surfaces. Not the right tool when: - The work is the partnership-level review of a fintech relationship (use `bank-fintech-partnership-review`); this skill produces the operations-control matrix once the partnership is in operation. - The work is the BSA / AML risk assessment of the customer base or the CDD program design (use `financial-crime-governance/cdd-risk-review`); CIP control activities are in scope here, the AML risk assessment is not. - The work is generic risk-control matrix design for a non-deposit process (use `risk-compliance-core/control-matrix` with the banking sector overlay). - The work is fair-lending review on overdraft programs or fees (use `consumer-compliance-fair-lending` skills); UDAAP screen rows on overdraft and fee overrides sit here, the fair-lending substantive review does not. - The work is incident-specific dispute-handling or hold-release (use `payment-operations-incident-review` for a payments-rail incident; this matrix is the standing control framework, not the incident workflow).