Pillar 3 — Think

Regulatory Radar.

Every change from the OCC, FDIC, Federal Reserve, CFPB, FINRA, SEC, FinCEN, state regulators, and DORA in the EU — tracked, classified by impact, annotated with AI-generated analysis of partnership consequences, and linked to concrete action deadlines. Your compliance team's desk, in the same app where the partnership actually happens. Built so a non-compliance-specialist partnership lead can tell at a glance whether a given change requires action this week, this month, or this year.

Why it matters

Bank-FinTech partnerships are regulated from every direction simultaneously — OCC on third-party risk, CFPB on consumer protection, FINRA on communications, SEC on marketing, state regulators on licensing, DORA on EU operational resilience. The speed of regulatory change in 2025-2026 has doubled relative to the prior decade. Manual tracking through multiple newsletters and regulator websites does not scale.

What gets tracked

Regulators publish bulletins, final rules, enforcement actions, proposed rules with comment periods, FAQs, and guidance in a dozen different formats across a dozen different destinations. The Radar normalises all of them into a single schema the compliance desk can actually use:

Regulators covered

OCC

Office of the Comptroller of the Currency — national banks and federal savings associations

FDIC

Federal Deposit Insurance Corporation — insured depositories, deposit insurance, resolution

Federal Reserve

Holding companies, member banks, Regulation Y / YY, stress testing

CFPB

Consumer Financial Protection Bureau — consumer-facing products, open banking, UDAAP

FINRA

Broker-dealer oversight, Rule 4511, communications, supervision

SEC

Investment advisers (Rule 206(4)-1), market structure, disclosure, AI guidance

FinCEN

BSA / AML, beneficial ownership reporting, sanctions coordination

State regulators

Lending licences, money-transmission, state-level privacy regimes (CCPA, CDPA, etc.)

DORA (EU)

Digital Operational Resilience Act — ICT risk, third-party, incident reporting for EU-regulated entities

International

FCA (UK), BaFin (Germany), MAS (Singapore), BCBS guidance as relevant to TECH members

Fields per update

Every entry in the Radar carries seven structured fields you can actually filter and act on:

Regulator — one of the above, with subregulator context where relevant.
Impact level — Critical (immediate action required), High (action within 30 days), Medium (monitor and plan), Low (awareness only).
Category — third-party risk, data privacy, consumer protection, cybersecurity, operational resilience, AI governance, capital requirements, fair lending, licensing.
AI analysis — Claude-generated commentary on how this specifically affects bank-FinTech partnerships.
Recommended actions — concrete, deadline-bearing steps (not "review for applicability" — "update your vendor due diligence template to reflect the new OCC Tier III criteria by 2026-06-30").
Affected partnership types — BaaS, co-brand, API integration, data sharing, white-label, referral.
Source — URL, bulletin number, and publication date. Every item has a verifiable link back to the regulator's primary publication.

Impact levels explained

CRITICAL

Immediate action required. The update creates a compliance gap that exists as soon as the rule takes effect and cannot be resolved by a "watching brief." Examples: a final rule with a 90-day compliance window affecting current partnerships, a Critical sanctions action requiring immediate screening updates. Critical items raise a banner in the app and fire a High-severity SHIELD Alert.

HIGH

Action required within 30 days. Typical for: interpretive guidance that changes how existing practices are evaluated, enforcement actions against peer institutions that signal examination priorities, proposed rules with near-term comment deadlines where response matters.

MEDIUM

Monitor and plan. Updates with longer implementation timelines (12+ months) or limited direct applicability to your organization's current book of partnerships. Review quarterly.

LOW

Awareness only. Background information — analyst summaries of regulator speeches, comment letters from trade associations, academic commentary. Useful for context, rarely actionable.

Relevance to your organization

Not every item applies to every org. An item is surfaced to your org if any of:

affects_banks matches your org type (for bank members) or affects_fintechs matches (for fintech members).
The item's affected_partnership_types overlaps with the partnership types in your active Pipeline.
You've subscribed to the relevant regulator via Settings → Regulatory subscriptions.
A partner on your active Pipeline is regulated by the issuing regulator (cross-relevance).

Critical items always surface regardless of filter; Medium and Low respect the above filters.

AI analysis section

Every Radar entry includes an AI-generated commentary on partnership implications. This is not legal advice — it is editorial analysis the way a trade press columnist might summarise what a rule means for practitioners. The prompt explicitly instructs Claude to:

Describe who is most affected (by partnership type, stage, geography).
Identify the first operational action a reasonable team would take.
Flag second-order implications (e.g., "this rule increases cost of BaaS partnerships, which may accelerate consolidation among smaller BaaS fintechs").
Avoid definitive claims about litigation risk or specific enforcement outcomes.

Per-org read and action tracking

Each Radar item has a per-org state: unread → read → actioned → dismissed. Admins can mark items actioned with a short note describing the action taken (e.g., "updated vendor DD template 2026-05-15, new template rolled out to partnerships team 2026-05-20"). Actioned items drop out of the active list but remain in history and are included in the compliance export — so an examiner can see exactly when your team reviewed each change and what they did about it.

Notification channels

In-app banner — Critical items surface as a top-of-screen banner for all admins.
Email digest — weekly Monday digest of new Medium+ items. Configurable to daily for High+ or critical-only.
SHIELD Alert — Critical items automatically emit a High-severity SHIELD Alert with full context.
Webhook (Enterprise) — POST per new item to a configured URL for integration with GRC platforms.

Not legal advice

The Radar is a monitoring and synthesis tool; the AI analysis is editorial commentary, never legal advice. Use it to surface issues and calibrate priorities — then consult your compliance officer or counsel before making any specific decision. TECH does not hold itself out as a provider of legal services.

API surface

GET /cortex/regulatory/

Full radar feed with filters + stats + upcoming deadlines

POST /cortex/regulatory/<id>/action/

Mark item as read / actioned / dismissed with optional note

Weekly compliance desk check

Open the Radar every Monday.

A 15-minute review on Mondays replaces the 2-hour "what do we know about this rule?" scramble when an examiner brings it up.

Open CORTEX →