Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB addresses IT examinations in updated Supervision and Examination Manual

    Agency Rule-Making & Guidance

    Recently, the CFPB updated its Supervision and Examinations Manual to include a new section, Compliance Management Review – Information Technology, to assist examiners when assessing an institution and its service providers’ IT controls as part of a compliance management systems (CMS) review. All institutions under the Bureau’s supervision and enforcement authority are required to have a CMS adapted to its business strategy and operations. Among other things, the new CMS-IT examination manual outlines the following five modules: (i) Module 1: Board and Management Oversight; (ii) Module 2: Compliance Program; (iii) Module 3: Service Provider Oversight; (iv) Module 4: Violations of Law and Consumer Harm; and (v) Module 5: Examiner Conclusions and Wrap-Up. Each module addresses the examination objectives of the relevant policies and procedures, including those related to the oversight and commitment to an institution’s CMS, change management, risk management, self-identification and corrective action, and consumer complaint responses. The modules also discuss appropriate training, monitoring, and auditing of the various stages of an effective CMS program.

    Agency Rule-Making & Guidance CFPB Supervision Examination IT

    Share page with AddThis