The CFPB has recently added to its Examination Manual a new section, “Compliance Management Review – Information Technology”. This new section is part of the Compliance Management System review.
The CMS-IT examination manual contains five Modules as follows:
- Module 1: Board and Management Oversight
- Module 2: Compliance Program
- Module 3: Service Provider Oversight
- Module 4: Violations of Law and Consumer Harm
- Module 5: Examiner Conclusions and Wrap-Up
In the summary of this new section, the CFPB now makes the evaluation of an institution’s technology controls and its service providers part of the overall CMS assessment.