Financial Services
Skill packages tagged with “Financial Services”
AML/BSA Compliance Program (Fintech & MSB)
Draft a complete AML/BSA compliance program for non-bank financial institutions — fintechs, MSBs, crypto exchanges, and insurance companies. Covers all five BSA pillars: compliance officer, policies, independent testing, training, and CDD. Includes CTR filing, transaction monitoring, SAR filing, OFAC screening (50% Rule, proliferation financing), and information sharing procedures.
CFPB — Consumer Complaint Response & UDAAP Compliance
Draft and validate consumer complaint management programme and UDAAP compliance documentation for CFPB-supervised entities. Covers complaint response timelines, UDAAP risk assessment, fair lending, and board reporting.
Cyber Threat Information Sharing (DORA Art. 45)
Draft information sharing arrangements for exchanging cyber threat intelligence per DORA Art. 45, covering participation agreements, data protection safeguards, sharing protocols (TLP, STIX/TAXII), and governance.
Digital Operational Resilience Testing Program (DORA)
Design the resilience testing program required by DORA Arts. 24-27, covering basic testing (vulnerability assessments, penetration testing, scenario-based tests) and advanced TLPT for significant entities per RTS 2025/1190.
DORA Gap Assessment
Conduct a comprehensive gap assessment against all five DORA pillars: ICT risk management, incident management, resilience testing, third-party risk, and information sharing. Produces a scored compliance posture and prioritized remediation roadmap.
DORA ICT Incident Classification & Reporting
Classify ICT incidents using DORA RTS 2024/1772 criteria and produce initial, intermediate, and final notification reports per ITS 2025/302 templates for submission to competent authorities.
DORA Information Register (ICT Third-Party Arrangements)
Create and maintain the Register of Information on ICT third-party service arrangements required by DORA Art. 28(3) and ITS 2024/2956. Covers entity identification, TPP data, contractual arrangements, function mapping, sub-outsourcing chains, and ICT concentration risk assessment.
DORA Policy Generator
Generate the complete set of policies required by DORA from organizational context. Covers ICT security, risk management, incident management, business continuity, third-party risk, access control, encryption, and more.
ICT Business Continuity & Disaster Recovery (DORA)
Draft the ICT business continuity policy and disaster recovery plan required by DORA Articles 11-12, covering recovery objectives, switchover procedures, backup policies, continuity testing, and crisis management.
ICT Contractual Provisions (DORA Art. 30)
Draft and review contractual provisions for ICT service provider agreements per DORA Art. 30, covering general requirements, enhanced provisions for critical functions, sub-outsourcing, audit rights, data location, and exit strategies.
ICT Risk Management Framework (DORA)
Draft the complete ICT risk management framework required by the EU Digital Operational Resilience Act (DORA), covering governance, asset identification, protection, detection, response, recovery, and continuous improvement per Articles 5-16 and RTS 2024/1774.
ICT Subcontracting Oversight (DORA)
Draft the ICT subcontracting oversight framework per DORA and RTS 2025/0532, covering conditions for sub-outsourcing critical functions, notification and approval processes, concentration risk, and monitoring.
ICT Third-Party Risk Policy (DORA)
Draft the ICT third-party risk management policy required by DORA Art. 28 and RTS 2024/1773, covering strategy, due diligence, contractual provisions (Art. 30), monitoring, exit planning, concentration risk, and sub-outsourcing governance.
Individual Accountability Framework (IAF/SEAR) — Ireland
Draft and validate Statements of Responsibility and Management Responsibilities Maps for the Central Bank of Ireland IAF and SEAR. Supports banks, insurers, and investment firms. Includes gap detection for prescribed responsibilities and SEAR role mapping.
Management Body ICT Risk Report (DORA)
Draft periodic ICT risk reports for the management body per DORA Art. 5, covering risk posture, incidents, resilience testing, third-party risk, compliance status, and budget allocation.
MAS TRM — Technology Risk Management Framework
Draft and validate the Technology Risk Management framework for MAS-regulated financial institutions. Covers governance, IT resilience, cyber security, data loss prevention, and technology audit per MAS TRM Guidelines (2021).
Nordic AML/CFT — Enterprise-Wide Risk Assessment
Draft and validate the enterprise-wide AML/CFT risk assessment for Nordic supervisors. Covers inherent risk, control effectiveness, residual risk, and risk appetite per Joint ESA Guidelines and AMLD6.