CFES Core Operating Standards provide a comprehensive foundation for compliance in bank-fintech partnerships. Built on the STARC Framework, these standards evaluate six critical compliance areas (BSA/AML, Compliance Management Systems, Third-Party Risk Management, Complaint Handling, Operational Risk, and Marketing and Product Compliance) across eight program elements using maturity-based ratings from Level 5 (Rudimentary) to Level 1 (Optimized). Companies can be certified against these core standards to demonstrate compliance readiness and streamline partnership due diligence across the financial ecosystem.
The Core Operating Standards offer two pathways based on your company’s stage and needs:
Start with the Pre-Launch Checklist to ensure minimum controls are in place before going live.
Use the comprehensive Core Standards for full STARC assessment and certification.
Each standard includes a summary of the expected control, process, or program, along with criteria for rating the quality of a company’s application of the standard along a five point scale: Level 5 (Rudimentary), Level 4 (Documented), Level 3 (Integrated), Level 2 (Strategic), and Level 1 (Optimized). For each company being certified, assessors are expected to utilize the rating criteria, along with other industry insights and experience to assign an appropriate certification level for each standard. The CFES expects to periodically update the criteria over time in future releases as needed to capture emerging best practices.
Importantly, these ratings are not meant to be purely linear or prescriptive. A nonbank may have different ratings across different compliance and risk areas based on their business model, risk profile, and stage of growth. This approach ensures the framework provides a meaningful framework for guiding nonbanks to pursue stronger risk and compliance programs while avoiding setting unrealistic expectations for all industry participants. However, as a general rubric, nonbanks early on their journey should strive to consistently achieve ratings of 3-4 while established companies should achieve ratings of 1-3.
Essential compliance readiness assessment for financial product launches. This comprehensive checklist identifies the minimum controls that must be in place before launching any financial product with a banking partner. Built from CFES Core Risk and Compliance Standards, the checklist ensures nonbanks meet fundamental regulatory requirements across BSA/AML, compliance management, third-party risk management, complaint handling, operational risk, and marketing compliance before going to market.
The Standardized Assessment for Risk Management & Compliance (STARC) framework evaluates six Core Compliance Areas (BSA/AML, CMS, TPRM, Complaint Handling, Operational Risk, and Marketing and Product Compliance) across eight Program Elements, using a maturity-based rating system from Level 5 (Rudimentary) to Level 1 (Optimized). Developed from interagency guidance and OCC handbooks, this matrix approach enables nonbanks to systematically assess their compliance posture, recognizing that organizations require different levels of sophistication as they progress from informal, reactive approaches to strategic, automated systems that optimize compliance and create value.
The comprehensive CFES Core Standards provide detailed compliance guidance across six critical areas: BSA/AML, Compliance Management Systems, Third-Party Risk Management, Complaint Handling, Operational Risk, and Marketing and Product Compliance. Built on the STARC framework with full maturity-based ratings (Levels 5-1), these standards enable established operations to demonstrate compliance readiness while supporting innovation in modern banking partnerships.
