IT Examiner School

Regulatory Authority Examples: Non-Depository Institutions

Regulators / Licensure

Laws, Regulations, or Guidance Related to IT, InfoSec, Privacy, etc.

Types of Entities

Mortgage Originators and Servicers CFPB, FTC, States

16 CFR 314; 501 and 505(b)(2) of GLBA; State Laws and Regulations (e.g., Part 500 and CCPA).

Money Service Businesses / Money Transmitters

FTC, States

Consumer Finance

CFPB, FTC, States

Examination Approach Examples: Depository Institutions

Types of Entities

IT Exam Approaches/Rating Systems

Banks

Information Technology Risk Examination (InTREx); UFIRS/CAMELS, FFIEC Uniform Rating System for IT (URSIT); CAMEL, where “M” includes a review of information systems

Credit Unions

Trust Companies

FFIEC Uniform Interagency Trust Rating System (UITRS)

Foreign Banking Organizations & Bank Holding Companies

FRB, States; ROCA Rating System – where “O” is operational controls

Made with FlippingBook Digital Publishing Software