A tailored course, built for your situation
Reference of choice on FFIEC compliance architecture
Become the internal go-to practitioner for FFIEC-aligned controls and financial compliance design
The situation this course is for
Compliance work often defaults to checklist execution. That leaves sharp practitioners under-leveraged, with their deeper understanding overlooked when real design decisions are made. The result? Duplicated effort, inconsistent interpretations, and missed opportunities to shape policy before it lands on desks.
Who this is for
Investment banking professional at a regulated financial institution who is increasingly responsible for compliance interpretation, control mapping, and cross-functional coordination under FFIEC and related guidance
Who this is not for
Entry-level analysts, auditors focused only on testing, or consultants outside the regulated banking environment
What you walk away with
- Lead FFIEC control mapping with confidence and consistency across teams
- Build a documented, reusable compliance playbook tailored to PNC's operating model
- Establish yourself as the first call for compliance interpretation in deal contexts
- Produce clear, source-backed narratives for examiners and internal reviewers
- Reduce rework by designing controls that meet both operational and examiner expectations
The 12 modules (with all 144 chapters)
- Handbook purpose and audience
- Role of the Operations Handbook
- Interpreting Risk Management sections
- IT Audit planning triggers
- Consumer compliance intersections
- FFIEC vs internal policy hierarchy
- Mapping guidance to deal lifecycle
- Identifying materiality thresholds
- Control expectations by asset size
- Regulatory change management process
- Using handbooks in vendor review
- Documenting compliance rationale
- From principle to control statement
- Designing for auditability
- Deal onboarding controls
- Client data handling thresholds
- System access in transaction systems
- Change management in live deals
- Documentation retention rules
- Segregation of duties examples
- Automated vs manual controls
- Risk rating control impact
- Control owner assignment
- Testing frequency benchmarks
- Structuring examiner responses
- Citing FFIEC sections correctly
- Writing for legal review
- Balancing transparency and risk
- Contextualizing exceptions
- Versioning compliance statements
- Creating reusable narrative blocks
- Explaining control gaps responsibly
- Translating technical detail
- Executive summary drafting
- Aligning with legal counsel
- Preempting follow-up questions
- Mapping team responsibilities
- Facilitating control workshops
- Building shared documentation
- Resolving control ownership
- Negotiating implementation timelines
- Handling audit findings
- Escalating interpretation issues
- Creating joint playbooks
- Running tabletop exercises
- Tracking action items
- Measuring alignment progress
- Maintaining stakeholder trust
- Third-party risk classification
- Assessing vendor compliance posture
- Reviewing SOC 2 reports
- Evaluating cloud provider assurances
- Contractual control requirements
- Right to audit clauses
- Penetration test validation
- Incident response coordination
- Subprocessor oversight
- Geographic risk factors
- Financial stability checks
- Vendor exit planning
- Defining sensitive data types
- Encryption in transit and at rest
- Access control policies
- Multi-factor authentication
- Data retention periods
- Client data portability
- Breach notification triggers
- PII handling standards
- Data loss prevention tools
- Logging access events
- Anonymization techniques
- Third-party data sharing
- Defining change thresholds
- Standard change vs emergency
- Approvals and documentation
- Testing change outcomes
- Backout planning
- Version control basics
- Automated deployment risks
- Production access rules
- Post-implementation review
- Audit trail maintenance
- Rollback procedures
- Stakeholder notification
- Identifying critical processes
- RTO and RPO definitions
- Disaster recovery testing
- Geographic redundancy
- Crisis communication plans
- Third-party continuity
- Incident command structure
- Recovery site validation
- Employee safety plans
- Regulatory reporting during outage
- Lessons from past incidents
- Updating BCP documentation
- Audit planning cycle
- Document collection strategy
- Evidence retention standards
- Internal pre-audit reviews
- Responding to findings
- Root cause analysis
- Remediation tracking
- Follow-up timelines
- Working with examiners
- Avoiding repeat findings
- Audit communication tone
- Closing audit loops
- Tracking regulatory sources
- Subscribing to updates
- Assessing impact of changes
- Updating control mappings
- Communicating changes internally
- Training on new requirements
- Maintaining change logs
- Engaging with regulators
- Industry working groups
- Benchmarking against peers
- Updating risk assessments
- Reporting to leadership
- Mapping controls to tech stack
- Identifying automation candidates
- Working with engineering teams
- Designing control alerts
- Logging automated checks
- Testing automated controls
- Documentation for auditors
- Change management for automation
- Monitoring control health
- Alert fatigue mitigation
- Cost-benefit of automation
- Scaling compliance through code
- Structuring the playbook
- Including templates and examples
- Version control approach
- Access and permissions
- Onboarding new team members
- Integrating feedback loops
- Updating with new guidance
- Linking to other resources
- Presenting to leadership
- Gaining formal recognition
- Extending beyond your role
- Leaving a legacy
How this maps to your situation
- When preparing for an internal audit
- When onboarding a new fintech vendor
- When responding to regulatory inquiries
- When designing a new transaction workflow
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per module, designed to fit around deal cycles and peak periods.
How this compares to the alternatives
Unlike generic compliance training, this course is tailored to investment banking associates who need to interpret FFIEC guidance in real deal contexts , not just pass a test, but become the reference point others rely on.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.