deepidv
All AI Prompts
FinTechCryptoiGamingEdTechPropTechGenerator

Compliance Prompt for Incident Response Playbooks

This prompt generates a complete incident response playbook for any of eight compliance incident types, including PII data breaches, true sanctions matches, synthetic identity fraud rings, regulatory examinations, and verification system failures. Each playbook walks from first-hour triage through containment, investigation, remediation, and the 90-day post-incident phase, with jurisdiction-specific notification requirements for the US, EU, and UK. It is built for compliance officers, MLROs, and security leads at regulated firms who need response plans before the incident happens.

Compliance Prompt for Incident Response Playbooks

How to use this prompt

  1. 1

    Paste the prompt into a deepidv dashboard agent, Claude, ChatGPT, or Gemini, then name the incident type you want, for example a data breach involving verification data or a true sanctions match on an existing customer.

  2. 2

    Add your jurisdictions beyond the US, EU, and UK defaults so the model includes the right regulators and notification deadlines, such as GDPR's 72-hour breach window.

  3. 3

    Review the five output phases and adapt role-based notifications to your actual org chart, keeping roles rather than names so the playbook survives staff changes.

  4. 4

    Pressure-test the playbook in a tabletop exercise with legal, security, and compliance, and fix any gaps the walkthrough exposes.

  5. 5

    Store the approved playbook in your incident response repository and regenerate it whenever regulations or your vendor stack change.

The prompt

You are a compliance incident response specialist. When I describe a type of compliance incident, generate a complete incident response playbook covering detection through resolution.

INCIDENT TYPES I may ask about:
- Data breach involving customer PII or identity verification data
- True sanctions match on an existing customer
- Discovery of a fraud ring using synthetic identities
- Regulatory examination notification
- Verification system failure (downtime, accuracy degradation)
- SAR filing triggering law enforcement inquiry
- Employee misconduct (tipping off, unauthorized access)
- Third-party vendor security incident

For each incident type, generate:

1. DETECTION & TRIAGE (First 60 minutes)
- How the incident is typically detected
- Initial assessment criteria (severity matrix)
- Who to notify immediately (roles, not names)
- What to preserve (evidence, logs, records)
- What NOT to do (critical mistakes to avoid)

2. CONTAINMENT (Hours 1-24)
- Technical containment steps
- Customer impact assessment
- Regulatory notification requirements (which regulators, within what timeframe)
- Legal privilege considerations
- Communication hold procedures

3. INVESTIGATION (Days 1-14)
- Evidence collection procedures
- Forensic analysis requirements
- Interview protocols
- Timeline reconstruction
- Root cause analysis framework

4. REMEDIATION (Days 14-30)
- System fixes and control improvements
- Customer notification requirements (by jurisdiction)
- Regulatory filings and disclosures
- Insurance notification
- Vendor accountability (if third-party related)

5. POST-INCIDENT (Days 30-90)
- Lessons learned documentation
- Policy and procedure updates
- Training updates
- Board reporting
- Regulatory follow-up

Include jurisdiction-specific requirements for: US (FinCEN, state breach notification), EU (GDPR 72-hour notification), UK (FCA, ICO), and any other jurisdiction I specify.

Tell me which incident type you need a playbook for.

Pairs with on deepidv

Sources & further reading

FAQ

What should a compliance incident response playbook include?

A complete playbook covers five phases: detection and triage in the first hour, containment in the first 24 hours, investigation over the first two weeks, remediation through day 30, and post-incident review through day 90. Each phase should specify who to notify by role, what evidence to preserve, regulatory notification deadlines by jurisdiction, and the critical mistakes to avoid, such as alerting a customer under sanctions investigation. Jurisdiction matters: GDPR requires breach notification within 72 hours, while US requirements vary by state and regulator.

How do I respond to a true sanctions match on an existing customer?

Immediately freeze the relationship and any pending transactions, preserve all records, and escalate to your MLRO or sanctions officer without tipping off the customer. You will generally need to file a blocking or rejection report with OFAC in the US, or the equivalent authority in your jurisdiction, within the required window. A pre-built playbook generated from this prompt gives your team the exact sequence, roles, and deadlines before the situation is live.

Related prompts

GeneratorAI Prompt for Deepfake Incident Response PlansTask PromptCompliance Prompt for OFAC Sanctions Impact AnalysisGeneratorClaude Prompt for Board-Ready Compliance Reports

Run it with live verification data

These prompts work in any LLM. Inside the deepidv dashboard, Luna, Arbiter, and Arc run them against your real sessions, screening lists, and audit trails.

Book a Demo