IT Examiner School
Regulatory Authority Examples: Non-Depository Institutions
Regulators / Licensure
Laws, Regulations, or Guidance Related to IT, InfoSec, Privacy, etc.
Types of Entities
Mortgage Originators and Servicers CFPB, FTC, States
16 CFR 314; 501 and 505(b)(2) of GLBA; State Laws and Regulations (e.g., Part 500 and CCPA).
Money Service Businesses / Money Transmitters
FTC, States
Consumer Finance
CFPB, FTC, States
Examination Approach Examples: Depository Institutions
Types of Entities
IT Exam Approaches/Rating Systems
Banks
Information Technology Risk Examination (InTREx); UFIRS/CAMELS, FFIEC Uniform Rating System for IT (URSIT); CAMEL, where “M” includes a review of information systems
Credit Unions
Trust Companies
FFIEC Uniform Interagency Trust Rating System (UITRS)
Foreign Banking Organizations & Bank Holding Companies
FRB, States; ROCA Rating System – where “O” is operational controls
Made with FlippingBook Digital Publishing Software