Practitioner-built policy packs, not boilerplate

Examiner-ready compliance programs for fintech and crypto startups.

Self-service policy foundations — BSA/AML and compliance management — drafted by a former Chief Compliance Officer from programs that passed real examinations. Instant download. Editable Word. A fraction of a law firm invoice.

See pricing → What's included
NO. 001 — UPDATED FOR 2026 EXAMINATIONS
EXAMINER
READY
Anti-Money Laundering
Compliance Program
Rev. 04.2026
SEC. 4.2.1
PAGE 12 / 47
§ 4.2 — Customer Risk Rating
Risk-Based Approach
The Company applies a customer risk rating methodology aligned with FFIEC guidance and NYDFS Part 504 expectations.
§ 4.3 — Enhanced Due Diligence
Built on real programs that passed scrutiny at —
BlockFi
FanDuel
15+ yrs fintech & digital assets compliance
01 — The Situation

Your bank partner just asked for your policy suite. You have two weeks.

"We need to see your BSA/AML program, KYC procedures, transaction monitoring rules, and vendor management policy before we can onboard you."
— Every sponsor bank, every partnership call
  • I. The templates online are useless. Generic, bank-focused, written before crypto existed, or stitched together from unrelated sources. They don't reflect how your business actually works.
  • II. Law firms quote $25K–$75K for a full policy suite and take eight weeks. You need it before your next board meeting.
  • III. Your fractional CCO is stretched thin across four other startups and can't draft from scratch in time.
  • IV. Examiners and bank DD teams can smell a template. A boilerplate program without your actual risk profile gets flagged in the first read.
02 — The Deliverables

Twelve documents. Two foundations.

Every document is a practitioner-drafted template in editable Word format — bracketed placeholders, a built-in drafting guide, and margin notes that explain the judgment calls. Watermarked to your license at delivery.

AML Foundation — 6 documents · $3,500
I.
AML Risk Assessment

Product, geography, customer, and channel risk scored against a defensible methodology. The document examiners ask for first.

II.
BSA/AML Program

The master compliance program document. Governance, roles, escalation, SAR workflow, training, independent testing. The anchor of your entire suite.

III.
KYC / CIP Policy

Customer identification, beneficial ownership, sanctions and PEP screening, EDD triggers. Tailored for retail, institutional, or mixed models.

IV.
Transaction Monitoring Procedures

Typology-based rules, thresholds, alert disposition, and escalation. Built to map against the monitoring stack you actually use.

V.
Vendor Management Policy

Third-party due diligence, tiering, ongoing monitoring, termination. What bank partners and examiners check after the BSA program.

VI.
Fraud Prevention Plan + Recordkeeping

Account takeover, first-party fraud, synthetic identity, and a recordkeeping policy that maps to §1010.410 and state retention rules.

CMS Foundation — 6 documents · $3,500
I.
Compliance Management System Policy

The umbrella framework: the four CMS components, compliance officer authority, board oversight, and how the pieces fit together.

II.
Regulatory Compliance Risk Assessment

Enterprise-wide regulatory inventory and product-by-product risk scoring with a defensible rating methodology — the CMS counterpart to your AML risk assessment.

III.
Compliance Monitoring & Testing Program

Ongoing monitoring and independent testing: cadences, risk-based sampling, severity classification, and quarterly reporting.

IV.
Issues Management Policy

Centralized intake, severity classification, root cause analysis, remediation, and closure validation for compliance issues and control gaps.

V.
Compliance Training Program

Role-based curriculum, delivery and frequency, attestation tracking, and recordkeeping across federal consumer financial laws.

VI.
Independent Compliance Audit Plan

Audit scope and frequency, auditor independence and selection, finding classification, and remediation tracking on the record.

03 — Pricing

Two foundations. Start with the one being asked of you.

Bank partner asking for your AML program? Start there. Building the compliance management system an examiner will test? Start with CMS. Both are practitioner-built template packs — instant download, editable Word, watermarked to your license. Most companies eventually adopt both.

AML Foundation
Your BSA/AML program. For startups facing bank-partner diligence, an MTL application, or an AML exam.
$3,500 one-time
INSTANT DOWNLOAD
  • All 6 foundational BSA/AML documents
  • Editable Word format with fillable fields
  • Built-in drafting guides & margin notes
  • Crypto-native and fintech-native variants
Buy AML Foundation →
New
CMS Foundation
The management framework around your whole program — what examiners and bank partners call a CMS.
$3,500 one-time
INSTANT DOWNLOAD
  • All 6 CMS framework documents
  • Compliance risk assessment & monitoring/testing
  • Issues management & independent audit plan
  • Role-based training program
  • Editable Word with drafting guides
Buy CMS Foundation →
Coming soon
Examiner-Ready Suite
Everything: both foundations plus the full specialized module library, for the program that has to hold up end to end.
$15,000 one-time
IN DEVELOPMENT
  • Both foundations (12 documents)
  • Specialized AML modules — OFAC, EDD, SAR, PEP, crypto Travel Rule & more
  • Fair Lending & UDAAP policy
  • First access at launch
Get notified →
04 — How it works

From checkout to examiner-ready, without an eight-week law firm engagement.

01
MINUTE ONE
Buy & download

Pay by card or ACH. Your watermarked Word package is ready to download on the confirmation page immediately.

02
DAY ONE
Customize

Work through each document's built-in drafting guide: replace the bracketed placeholders, pick your variants, delete what doesn't apply.

03
WEEK ONE
Calibrate

Tune severity scales, escalation timelines, and product lists to your operation — the margin notes explain each judgment call.

04
BEFORE ADOPTION
Review & adopt

Final pass by your counsel, board approval, and your program is in force. Questions along the way? [email protected].

Built & maintained by
David Spack
Principal, D Spack Consulting

Former Chief Compliance Officer at BlockFi and VP of Compliance & Enterprise Risk at FanDuel. Principal of D Spack Consulting, advising fintech and digital asset startups on BSA/AML, state licensing, and regulatory strategy. The policy architecture in Complyable is descended from live programs that passed bank partner due diligence, state regulator exams, and institutional counterparty scrutiny.

  • Chief Compliance OfficerBlockFi
  • VP, Compliance & ERMFanDuel
  • PrincipalD Spack Consulting
05 — Why this, not a template shop

The templates online weren't written by a CCO who sat through examinations.

Compliance documents are only useful when they reflect how your business actually operates — and when the person who drafted them knows what examiners, bank partners, and state regulators look for first. Generic templates fail on both counts.

Complyable is built on the same policy architecture I've used to build live programs at BlockFi and FanDuel, and to advise startups through state MTL applications and bank sponsor due diligence. It's the kit I wish existed when I was a first compliance hire at an early-stage fintech.

06 — Questions

Things people ask before they buy.

Is this a substitute for a compliance lawyer?

No, and it's not trying to be. Complyable gives you a defensible, examiner-ready policy foundation at a fraction of the cost of a law firm engagement. For sign-off on novel products, enforcement response, or litigation, you still need outside counsel — every pack's drafting guide says so explicitly.

Which business models are supported?

The packs support money transmitters, crypto exchanges and custodians, BaaS-stacked fintechs, neobanks, payments companies, and sports betting / iGaming operators. If your model sits outside those, email [email protected] and we'll tell you straight whether the templates fit.

What's the difference between the AML Foundation and the CMS Foundation?

The AML Foundation is your BSA/AML program — risk assessment, KYC, transaction monitoring, the documents a bank partner or AML examiner asks for first. The CMS Foundation is the management framework around your whole compliance program — governance, compliance risk assessment, monitoring and testing, issues management, training, and independent audit. They're complementary, and they cross-reference each other. Start with the one being asked of you now.

What if a regulator changes something after I buy?

Templates are point-in-time documents — no auto-updates are included in the purchase. When the regulatory framework changes materially, updated editions are released. If you want ongoing monitoring of FinCEN, OFAC, state MTL, and bank partner expectations, email [email protected] — maintenance arrangements are available through D Spack Consulting.

What if I need bespoke policies, not templates?

That's a different engagement — custom drafting, with a practitioner's name behind it, scoped to your business. It's handled separately through D Spack Consulting LLC (mutual NDA standard before any scoping discussion). Email [email protected] with a sentence or two about your situation.

07 — Your move

Get your compliance program off the starting blocks.

Two foundations, clear scope, practitioner-built. Instant download, watermarked to your license.

See pricing → Email for bespoke scope