A focused course, tailored for you
The Bank Tech Risk Quarterly Committee Pack Playbook
A 12-module course for technology risk officers at US regional and super-regional banks who own the quarterly tech risk committee pack and need vendor, change, cloud, and AI/ML risk lines that the first line, the second line, internal audit, and the OCC examiner all accept on first read.
The quarterly tech risk committee pack is due in three weeks. The vendor concentration line needs a defensible methodology. The cloud inheritance map for the most recent SaaS migration is half-drawn. The AI/ML model inventory is missing two of the production models the data science team stood up last quarter. And the committee chair has already said the last pack read as a list of issues without a position.
Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.
Why this course
Tech risk inside a US bank is not a single artefact. It is the quarterly committee pack that has to defend, in one slide each, the bank's posture on third-party technology risk, change-management exceptions, cloud control inheritance, and AI/ML model governance. Each of those lines has a regulator behind it. Third-party risk maps to the OCC third-party relationships guidance. Change management maps to the FFIEC IT Handbook operations booklet. Cloud control inheritance is examined under the FFIEC IT Handbook outsourcing technology services booklet plus the bank's CSP shared-responsibility matrix. AI/ML model risk maps to SR 11-7 plus the more recent supervisory letters on generative AI. The job is not running each assessment. The job is producing the one-page-per-topic committee memo that the first line accepts as fair, the second line accepts as documented, internal audit accepts as evidenced, and the OCC examiner accepts as a defensible methodology. This course is the playbook for that pack.
What you walk away with
- A vendor technology risk register with a defensible concentration methodology tied to OCC third-party expectations.
- A change-management exception log the committee accepts as evidence of a working control, not a list of misses.
- A cloud control inheritance map for each major SaaS and IaaS provider, mapped to FFIEC IT Handbook outsourcing expectations and the CSP shared-responsibility matrix.
- An AI/ML model inventory and risk register aligned to SR 11-7 and the recent generative AI supervisory guidance.
- A one-page-per-topic quarterly committee memo template that lands cold with the first line, second line, internal audit, and the OCC examiner.
The 12 modules
How this addresses your situation
Specific modules that map to what you said you are dealing with.
What you get with this course
- Twelve written modules in the Art of Service learning environment, self-paced.
- Downloadable templates for the vendor risk register, the change-management exception log, the cloud control inheritance matrix, the AI/ML model inventory, the AI/ML risk register, the application risk assessment, the exam-ready evidence pack, and the one-page committee memo.
- Worked examples drawn from US regional bank technology risk programmes (de-identified).
- A hand-built implementation playbook tailored to the buyer's specific committee cadence, regulator footprint, and cloud and AI/ML estate.
- Thirty-day money-back if the playbook does not land the next committee pack on first read.
What you will have in hand by Day 1, Week 1, Month 1
Within 24 hours of purchase, account provisioned in the Art of Service learning environment and the hand-built implementation playbook delivered alongside it.
Self-paced through twelve modules, typical completion four to six weeks alongside the quarterly cadence.
Templates downloadable from each module page, usable immediately on the buyer's current quarter pack.
Money-back guarantee window of thirty days from purchase.
Before and after
The quarterly committee memo is rewritten twice before it lands. The vendor concentration line keeps getting sent back. The cloud line is a paragraph of acronyms. The AI/ML line is whatever the model risk management function sent over. The committee chair has stopped pre-reading because the pack reads as a list of issues.
The committee memo lands on first read. Each line has a defensible methodology, a documented data source, and a one-line position the chair accepts. The pack reads as a position on tech risk, not a list of issues. The OCC examiner closes the tech risk question without a follow-up.
What happens if you do not address this
The next exam cycle opens with the OCC asking for the methodology behind the vendor concentration score and the AI/ML model inventory. Neither is written down in a form that survives challenge. The tech risk function takes a finding. The committee chair pulls reporting out of the function and hands it to internal audit.
Who it is for
Technology risk officer, tech risk manager, or second-line technology risk analyst at a US regional or super-regional bank. Owns or contributes to the quarterly technology risk committee pack. Holds working relationships with the CISO function, the third-party risk office, the cloud platform team, and the model risk management function. Reads OCC bulletins, FFIEC IT Handbook updates, and SR letters in the first week they publish.
How it arrives
Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.
Time investment. Four to six hours per module, twelve modules. Most buyers run the course alongside their current quarterly committee cycle and complete one to two modules per week.
Why $199 is the right number
The Big4 advisory engagement that produces a one-time committee pack costs forty to a hundred thousand and walks out the door with the engagement team. The internal build-it-yourself path costs six months of two FTE while the next committee meeting still happens. This course is the methodology and the templates the advisory engagement would hand over, plus an implementation playbook tailored to the buyer's specific cadence, for 199 USD.
FAQ
30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.