PliOS Resources
Policy template library
21 examiner-ready policy frameworks written in real regulatory language — browse section outlines free, then customize for your institution in PliOS.
Anti-Money Laundering
BSA/AML Compliance Program
Comprehensive Bank Secrecy Act / Anti-Money Laundering program covering all required pillars.
View outlineSuspicious Activity Reporting (SAR) Policy
SAR triage, decision matrix, narrative standards, and the tipping-off prohibition aligned to FinCEN guidance.
View outlineBSA/AML Risk Assessment Policy
Methodology for measuring inherent risk, control effectiveness, and residual risk across customers, products, geographies, and channels.
View outlineFraud Prevention & Detection Policy
Governance for preventing, detecting, investigating, and reporting internal and external fraud, integrated with the AML program.
View outlineKnow Your Customer
Know Your Customer (KYC) / Customer Identification Program (CIP) Policy
CIP and KYC procedures including identity verification, risk tiering, and EDD.
View outlineEnhanced Due Diligence (EDD) Policy
Triggers, source-of-funds and source-of-wealth standards, and senior-management approval flows for higher-risk customers.
View outlineCustomer Due Diligence & Beneficial Ownership Policy
CDD Rule compliance: legal-entity beneficial ownership, control prong, and customer risk profiling.
View outlineTravel Rule
Travel Rule Compliance Policy
VASP counterparty verification, required data elements, transmittal standards, and unhosted-wallet treatment.
View outlineUnhosted (Self-Hosted) Wallet Policy
Proof-of-ownership, blockchain analytics screening, and risk thresholds for deposits to and withdrawals from self-hosted wallets.
View outlineGovernance & Operations
Customer Data Privacy Policy
Customer disclosures and internal data-handling rules aligned to GLBA, the FTC Safeguards Rule, and state privacy laws (CCPA).
View outlineBusiness Continuity & Disaster Recovery Plan
Tabletop scenarios examiners care about — outages, key-person loss, vendor failure — with RTO/RPO targets and recovery roles.
View outlineCompliance Program Charter
Board oversight, compliance authority and independence, and reporting cadence — the governance document examiners ask for first.
View outlineInformation Security Policy
Administrative, technical, and physical safeguards aligned to the FTC Safeguards Rule — access control, encryption, and incident response.
View outlineIdentity Theft Prevention Program (Red Flags Rule)
Red Flags Rule program: identify, detect, respond to, and update for identity-theft red flags in covered accounts.
View outlineCustomer Complaint Management Policy
Intake, tracking, resolution, root-cause analysis, and escalation of customer complaints — a core consumer-compliance and UDAAP control.
View outlineCode of Conduct & Ethics Policy
Ethical standards, conflicts of interest, confidentiality, and a culture of compliance applicable to all personnel.
View outlineWhistleblower Policy
Confidential, non-retaliatory reporting channels for misconduct, with investigation and protection standards.
View outlineTemplates are educational starting points and do not constitute legal advice. Every policy must be tailored to your institution's products, customers, and jurisdictions and reviewed by qualified compliance counsel before adoption.
Not sure which policies you need?
Run a free 3-minute gap snapshot — we'll flag the documentation gaps examiners look for first. No signup required.
Run My Free Assessment