Skip to main content

Compliance Management Review – Information Technology Examination Procedures

Published Sep. 20, 2021

Download compliance management review - information technology examination procedures | PDF


Institutions often use information technology (IT) that could impact compliance with Federal consumer financial laws. As part of its overall CMS assessment, the CFPB may evaluate the technology controls of an institution and its service providers. The CFPB may also evaluate an institution’s IT as it relates to compliance with Federal consumer financial laws. The Compliance Management System – Information Technology (CMS-IT) examination procedures set forth below are used by examiners to assess IT and IT controls as part of a CMS review.

This CMS-IT examination manual is divided into five Modules:

  • Module 1: Board and Management Oversight
  • Module 2: Compliance Program
  • Module 3: Service Provider Oversight
  • Module 4: Violations of Law and Consumer Harm
  • Module 5: Examiner Conclusions and Wrap-Up