Banking & Lending

Regulations, frameworks and best practices for daily GRC workflow.

Get your content suite now

Contact us now for a no obligation review of how content suites can accelerate your ACL experience

Tools designed for banks & credit unions.

ACL’s content helps increase the value you bring to your organization by providing a lens on emerging risk while staying on top of the latest regulatory requirements. It’s a platform for you to intelligently manage and execute on your strategic agenda. No matter if you’re a bank or credit union, we’ve curated content toolkits to facilitate cross-collaboration between your three lines of defense. In no time, they’ll be speaking one common language and using a common taxonomy.

Included in the Content For Banking & Lending

Browse by toolkit

A toolkit is a curated set of tools aimed at addressing one area of risk or compliance.

For example, a toolkit might include a set of data analytics, a risk control framework, and a best practices program.

AML/ATF Compliance Toolkit

While you have a program to detect and manage SARs and CTRs, how effective is it? Provide assurance over your AML/ATF compliance program.

  • Anti-money Laundering (AML) detection in banking is a critical activity that can span a series of fraud schemes and fraudulent activity from bank employees and customers alike. Since banking is a highly regulated industry, there are a multitude of external compliance requirements that banks must adhere to in the combat against fraudulent and criminal AML activity. ACL is here to help! To get you running we've got some great analytic scripts on auditing various controls throughout the banking process. Get started today!
  • Last updated October 31, 2017

    The Bank Secrecy Act (BSA) is legislation that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected fraud or money laundering. It requires financial institutions to maintain records of transactions and file reports of suspicious activity.

    U.S. Department of Treasury - Office of the Comptroller of the Currency (OCC): Bank Secrecy Act (BSA). As a work of the U.S. government, this product is not subject to copyright protection.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated February 8, 2018

    The Bank Secrecy Act (BSA) is legislation that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected fraud or money laundering. It requires financial institutions to maintain records of transactions and file reports of suspicious activity.

    U.S. Department of Treasury - Office of the Comptroller of the Currency (OCC): Bank Secrecy Act (BSA). As a work of the U.S. government, this product is not subject to copyright protection.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.

EFT Risk Toolkit

Ensure that the millions of payments passing through your organization are occurring smoothly and easily each day. ACL is arming you with the tools to manage electronic funds transfer (EFT) risk.

  • Automated Clearing House (ACH) monitoring in banking is a critical activity that can span a series of fraud schemes and fraudulent activity from bank employees and customers alike. Since banking is a highly regulated industry, there are a multitude of external compliance requirements that banks must adhere to in the combat against ACH fraudulent and criminal activity. ACL is here to help! To get you running we've got some great scripts on auditing various controls throughout the banking process. Get started today!

Banking Op Risk Toolkit

Financial institutions are facing an ever-expanding landscape of compliance expectations, and operational and compliance risks have become more complex and intertwined. In this toolkit we offer you the necessary tools for managing your banking operational risk, from benchmarking to metrics and assessments.

  • The Financial Services - Banks and Lending Enterprise Risks are used by company's within the banking vertical to identify top risks that may affect their organization. These banking and lending enterprise risks were taken from 10-K reports from top banking companies within the S&P 500 Financial Index. As a required submission to the SEC, 10-K reports are publicly available online.

Banking Consumer Risk Toolkit

Compliance expectations are higher than ever before, so how do you ensure that your team is armed with the tools to avoid conducting unfair, misleading, and discriminatory practices? Get the assurance you need for consumer protection.

  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Availability of Funds and Collection of Checks - 12 CFR 229 (FRB Regulation CC). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Bank Holding Company Act (BHCA) - 12 CFR 225 (FRB Regulation Y). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 15, 2018

    The CFPB Electronic Funds Transfer Act (EFTA) 2013 Framework is designed to assist auditors in testing the controls within their organization against compliance with the Electronic Funds Transfer Act. The framework includes a set of controls and test plans built from guidance provided by the CFPB.
  • Last updated October 31, 2017

    Unfair, deceptive, or abusive acts and practices (UDAAPs) can cause significant financial injury to consumers, erode consumer confidence, and undermine the financial marketplace. It is unlawful for any provider of consumer financial products or services or a service provider to engage in any unfair, deceptive or abusive act or practice. The CFPB has enforcement authority to prevent unfair, deceptive, or abusive acts or practices in connection with any consumer financial product or service, and has supervisory authority for detecting and assessing risks to consumers and to markets for consumer financial products and services. Consumer Financial Protection Bureau (CFPB) Supervision and Examination Manual (2017) - Unfair, Deceptive or Abusive Acts or Practices (UDAAPs), October 2012.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Community Reinvestment Act (CRA) - 12 CFR 228 (FRB Regulation BB). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Debit Card Interchange Fees and Routing - 12 CFR 235 (Regulation II). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Electronic Funds Transfer Act (EFTA) - 12 CFR 205 (FRB Regulation E). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Equal Credit Opportunity Act - 12 CFR 1002 (CFPB Regulation B). Organizations can tie their internal controls, provide rationalization, and report any compliance related issues related this regulation.
  • Last updated October 31, 2017

    The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records. In 2010, the Consumer Financial Protection Bureau (CFPB) was granted rule-making authority under FCRA. On December 21, 2011, the CFPB restated FCRA regulations under its authority at 12 CFR Part 1022, also known as CFPB Fair Credit Reporting – Regulation V. Consumer Financial Protection Bureau (CFPB). U.S. Government Publishing Office (GPO) Electronic Code of Federal Regulations (eCFR).
  • Last updated May 2, 2018

    The Gramm-Leach-Bliley Act (GLBA) governs the treatment of nonpublic personal information about consumers by financial institutions. In 2000, the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the former Office of Thrift Supervision (OTS), published regulations implementing provisions of GLBA governing the treatment of nonpublic personal information about consumers by financial institutions. The Consumer Financial Protection Bureau (CFPB) was granted rule-making authority for most provision of GLBA, as well as examination and enforcement authority with respect to financial institutions and other entities subject to the CFPB's jurisdiction. On December 2011, the CFPB recodified the GLBA regulations under its authority at 12 CFR Part 1016, also known as CFPB Privacy of Consumer Financial Information – Regulation P. Consumer Financial Protection Bureau (CFPB). U.S. Government Publishing Office (GPO) Electronic Code of Federal Regulations (eCFR).
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Home Mortgage Disclosure Act (HMDA) - 12 CFR 1003 (CFPB Regulation C). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Real Estate Settlement Procedures Act (RESPA) - 12 CFR 1024 (CFPB Regulation X). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Reserve Requirements of Depository Institutions - 12 CFR 204 (FRB Regulation D). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Truth in Lending Act (TILA) - 12 CFR 1026 (CFPB Regulation Z). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.

FDIC Compliance Toolkit

Do you have the right systems in place to be prepared for the next Federal Deposit Insurance Corporation (FDIC) examination? ACL's curated selection of tools will help you to gain the assurance and oversight you need.

  • Last updated February 8, 2018

    The Equal Credit Opportunity Act (ECOA) prohibits discrimination in any aspect of a credit transaction. It applies to any extension of credit, including extensions of credit to small businesses, corporations, partnerships, and trusts. The Consumer Financial Protection Bureau’s (CFPB) Regulation B, found at 12 CFR Part 1002, implements ECOA. Regulation B describes lending acts and practices that are specifically prohibited, permitted, or required.
  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Effective Practices for Selecting a Service Provider suggests techniques that can facilitate the process by which financial institutions conduct due diligence and select the best service provider.

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Techniques for Managing Multiple Service Providers discusses two techniques to manage risks inherent in multiple service provider relationships. The first technique involves the use of a lead contractor to manage the bank’s various technology providers. The second technique, which may present its own set of implementation challenges, involves the use of operational agreements between each of the service providers.

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.

  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Tools to Manage Technology Providers' Performance Risk: Service Level Agreements discusses the Service Level Agreement (SLA) as an effective tool for managing the risks associated with technology outsourcing and describes practices for measuring and monitoring service providers’ performance. 

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated February 8, 2018

    The Gramm-Leach-Bliley Act (GLBA) governs the treatment of non-public personal information about consumers by financial institutions, and establishes rules governing duties of a financial institution to provide particular notices and limitations on its disclosure of nonpublic personal information. The Consumer Financial Protection Bureau’s (CFPB) Regulation P, found at 12 CFR Part 1016, implements GLBA.
  • Last updated February 8, 2018

    The Home Mortgage Disclosure Act (HMDA) requires lenders to report the ethnicity, race, gender, and gross income of mortgage applicants and borrowers to help show whether financial institutions are serving the housing credit needs of the neighborhoods and communities in which they are located, and to assist in identifying possible discriminatory lending patterns and enforcing anti-discrimination statutes. The Consumer Financial Protection Bureau’s (CFPB) Regulation C, found at 12 CFR Part 1003, implements HMDA.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over FDIC Servicemember Civil Relief Act (SCRA) 2016 Framework. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated December 1, 2017

    The FDIC's Trust Examination Manual is designed to assist regulators in planning and conducting regulatory examinations of trust departments. The manual serves as a comprehensive reference on trust concepts, principles, common and statutory law - both State and Federal - and regulations along with the applicable regulations that together govern the behavior of fiduciaries.

    Federal Deposit Insurance Corporation (FDIC) 2016. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.

Banking IT Risk Toolkit

Cybersecurity, privacy, confidentiality, ITGC, vendor oversight... sigh. Get a handle on your framework, controls, and policies through our ready-built tools for IT standards and frameworks.

  • Last updated October 31, 2017

    The InTREx Program is an enhanced, risk-based approach for conducting IT examinations. The Program helps to ensure that financial institution management promptly identifies and effectively addresses IT and cybersecurity risks.

    Federal Deposit Insurance Corporation (FDIC) 2016. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated February 8, 2018

    The InTREx Program is an enhanced, risk-based approach for conducting IT examinations. The Program helps to ensure that financial institution management promptly identifies and effectively addresses IT and cybersecurity risks.

    Federal Deposit Insurance Corporation (FDIC) 2016. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Audit 2012. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Business Continuity Planning 2015. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Development and Acquisition 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - E-Banking 2003. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This “Information Security” booklet is an integral part of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) and should be read in conjunction with the other booklets in the IT Handbook. This booklet provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. It also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Management 2015. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated May 1, 2018

    This booklet is one in a series that comprise the Federal Financial Institutions Examination Council (FFIEC) Information Technology Handbook (IT Handbook). It provides guidance to examiners and financial institutions on risk management processes that promote sound and controlled operation of technology environments.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Outsourcing Technology Services 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Retail Payment Systems 2016. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Examination Handbook - Supervision of Technology Service Providers 2012. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Wholesale Payment Systems 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated October 31, 2017

    The New York State Department of Financial Services (DFS) implemented this Cybersecurity regulation to promote the protection of customer information as well as the information technology systems of regulated entities. The regulation requires banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.

    New York State Department of Financial Services (DFS). This regulation is available for download at http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf.

Not what you were looking for? Explore more content suites

Governments & Higher Education

  • Improper Payments Toolkit
  • Yellow Book (GAGAS) Toolkit
  • Grants Management Toolkit
  • And more

Financial Control Monitoring

  • Accounts Payable Toolkit
  • Vendor Management Toolkit
  • Human Resources Management Toolkit
  • And more

IT Governance

  • General IT Compliance Toolkit
  • NIST Toolkit
  • ISO 2700X Toolkit
  • And more

Subscription Value

  • GRC Subscription Value Toolkit
  • Analytics Subscription Value Toolkit
  • And more