Map and score BaaS-specific compliance controls across Reg E, UDAAP, card network obligations, and sponsor bank programme management. Outputs maturity heatmap, gap register, control Policy Mandate JSON, and Markdown compliance memo. Explicitly excludes general AML/KYC — see Cat-12 tools for transaction monitoring.
🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.
Educational Use OnlyThis tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.
⚠ Scope: BaaS-specific obligations only — Reg E, UDAAP, card network rules, sponsor bank programme management. General AML/KYC and transaction monitoring are out of scope (see Cat-12).
Programme Configuration
Reg E — Electronic Fund Transfers
Error resolution procedures (§205.11)
Initial error notices & provisional credits
Periodic statement disclosures
Investigation timelines (10/45-day)
Limitation of consumer liability
UDAAP — Consumer Protection
Unfair practices review programme
Deceptive marketing / disclosure review
Abusive practices assessment
Complaint handling & remediation
Product design & consumer outcome review
Card Network Obligations
Chargeback & dispute resolution SLAs
PCI DSS scope & compliance status
Network rule acknowledgement & training
Transaction monitoring & fraud controls
Card programme registration & BIN mgmt
Sponsor Bank Programme Management
Programme oversight & governance structure
Ongoing compliance monitoring & reporting
Incident escalation & notification procedures
Exam readiness & regulator access
Change management & model risk controls
Configure programme type and control maturity ratings, then click Generate Control Map