Logo

What are you looking for?

Get help straight from our team...

Mortgage Manuals Knowledge Base

State Examination Support

New York Ongoing Operations Compliance Requirements

State Examination Support

New York Ongoing Operations Compliance Requirements

New York regulators recommend having these assessments and tools regularly reviewed.

Last updated on 03 Nov, 2025

  1. Copy of the compliance review (including loan-level quality control review reports for the loans sampled)

  2. Copy of the company’s Enterprise-wide Risk Assessment

  3. Copy of the AML/BSA Risk Assessment (can be included in Enterprise-wide Risk Assessment)

  4. Copy of the most recent AML/BSA independent test

  5. Copy of the most recent Cybersecurity Risk Assessment

Compliance Review

A compliance review is the collection, review, and retention of all the compliance-related documents in a loan file. You will find this in your Quality Control Plan > State Audit Preparation/Compliance Review. You can aggregate these into a QC report using the instructions provided in the plan. Take each loan-level compliance review and add a line to the QC report showing the number of missing items. 

Image

Enterprise-wide Risk Assessment

The enterprise-wide risk assessment is included in a short (condensed) form in Section 1-80 of your quality control plan. It is also included as a detailed worksheet and report in the FORMS folder. 

Image

 

AML Risk Assessments

Your AML Plan is either a stand-alone plan, or included as part of your QC Plan > Section 1-70 BSA AML and SAR Reporting. Section 1-70 address Risk Assessments. The AML Risk assessment may NOT be combined with the overall risk assessment. There are two levels of risk assessment for AML: the Company-wide assessment and the loan-level risk assessment. You may use the same form for both. 

Image

 

AML Independent Review

The AML Independent Review may be conducted by any knowledgeable 3rd Party. We offer this service here: https://www.mortgagemanuals.com/annual-amlbsa-audit.html

Image

 

Cybersecurity Risk Assessment

A cybersecurity risk assessment is a significant review of all technology related risks to consumer Non-Public Information (NPI) and the steps you take to secure it. This includes all the steps listed in the 2-9 IT Security Plan > Sections 2-90-2-92. The risk assessment starts with an inventory of all technology assets and how you access them, vendors, and the security of the physical plan. We conduct these risk assessments here:  https://www.mortgagemanuals.com/itcyber-audit.html

Image
Previous

Louisiana Mortgage License Examination Process

Next