Compliance-as-code for regulated credit: check a declarative manifest of your product/journey against FCA Consumer Duty & CONC, CFPB, and FCAC rule packs — in CI. Each rule maps a control reference to a machine-checkable assertion.
⚠️ Not legal advice. The rule packs are illustrative engineering aids and a starting point only. Interpretation varies by jurisdiction, product and circumstance, and every rule must be reviewed by a qualified compliance/legal subject-matter expert before you rely on it. conc-lint reports what your manifest does or doesn't evidence — it cannot tell you whether you are compliant.
TypeScript-first, JSON/YAML manifests, a CLI for pipelines and a programmatic API.
npx conc-lint --manifest product.yaml --packs fca --fail-on highCompliance obligations usually live in PDFs and people's heads. conc-lint turns a curated subset into checks you can run on every change: you keep a structured manifest describing your product/config, and the packs flag where a checkable obligation isn't evidenced — each finding tagged with its control, a severity and a message — failing CI when something material is missing.
npm install @pametan/conc-lint
# or run ad hoc:
npx @pametan/conc-lint --manifest product.yamlRequires Node 24+. ESM, ships type declarations and a conc-lint binary.
A declarative description of your product/journey/config, in JSON or YAML. All
fields are optional — a missing section simply counts as "not evidenced". See
schema/manifest.schema.json for the full shape
and examples/ for per-regulator starting points.
product: { id: personal-loan-v2, type: fixed-sum-loan, regulators: [FCA] }
consumerDuty:
targetMarket: { defined: true }
fairValueAssessment: { completed: true, date: "2026-01-10" }
consumerUnderstanding: { testedComms: true }
consumerSupport: { defined: true }
vulnerableCustomers: { policy: true }
preContract: { adequateExplanations: true }
creditAssessment:
creditworthiness: { performed: true }
affordability: { performed: true }
disclosures:
representativeAPR: { present: true, value: 24.9, workedExample: true }
totalChargeForCredit: { present: true }
fees: [{ name: late-payment, amount: 12 }]conc-lint --manifest <file> [--packs fca,cfpb,fcac] [--fail-on high|medium|low] [--format table|json]
--packs— which packs to run (default: all).--fail-on— minimum severity that fails the run (default:high). Severity order islow < medium < high.--format—table(default) orjson.- Exit code is non-zero when any finding meets the
--fail-onthreshold, so it drops straight into CI.
import { lint, loadManifest } from '@pametan/conc-lint';
const manifest = await loadManifest('product.yaml');
const result = lint(manifest, { packs: ['fca'], failOn: 'high' });
// result.findings: [{ ruleId, control, regulator, severity, message }, ...]
// result.failed: boolean| Export | Description |
|---|---|
lint(manifest, options?) |
Run the packs; returns findings + failed. |
loadManifest(path) |
Load a JSON or YAML manifest. |
formatText / formatJson |
Render a result (both include the disclaimer). |
PACKS, fcaPack, cfpbPack, fcacPack |
The rule packs. |
Types Manifest, Rule, Pack, Finding, Severity, Regulator,
LintOptions, LintResult are exported. Add your own rules by composing Pack
objects and passing them in.
- FCA — Consumer Duty (PRIN 2A: products & services, price & value, consumer understanding, consumer support; vulnerable customers) and CONC (4.2 adequate explanations; 5.2A creditworthiness & affordability; representative APR).
- CFPB (US) — Reg Z/TILA (APR & finance-charge disclosure), Reg B/ECOA (adverse-action notice with reasons), UDAAP (fee transparency).
- FCAC (Canada) — cost-of-borrowing & APR disclosure, plain-language.
Each rule cites its control and is deliberately a narrow, objectively-checkable starting point for SME review — not the whole obligation.
npm install
npm run typecheck
npm test # rule packs, fail-on thresholds, JSON/YAML, CLI exit codes
npm run build # emit dist/Provided as an engineering aid, not legal, financial or compliance advice. You are
responsible for the rules you rely on and whether they meet your obligations. MIT
licensed — see LICENSE.
We're Pametan — a specialist fintech/regtech engineering agency working across UK, US and Canadian rails (FCA · CFPB · FCAC). We build the regulated compliance-as-code that sits behind this: tailored obligation libraries, SME-reviewed rule sets, and the evidence pipelines around them.