Financial Services Listings

The financial services sector operates under one of the most layered audit and compliance frameworks in the US economy, spanning federal banking regulators, securities law, and insurance oversight across dozens of distinct firm types. This directory organizes reference pages covering audit standards, regulatory obligations, firm-specific requirements, and procedural frameworks relevant to banks, investment advisers, broker-dealers, insurers, fintechs, and related entities. Each listing entry points to a subject-specific page that explains the underlying regulatory mechanism, applicable standards body, and procedural context. Understanding how entries are classified helps readers locate authoritative information efficiently.

How listings are organized

Listings are grouped into six functional categories that reflect how the financial services audit landscape is structured by regulators and standards bodies, not by firm marketing segments.

1. Audit type and methodology — Entries covering the classification of audit engagements: financial statement audits, compliance audits, operational audits, IT audits, and risk-based approaches. The distinction between a compliance audit and a financial audit is meaningful under US regulatory definitions and governs which standards apply.

2. Regulatory frameworks and statutes — Entries tied to specific enacted law or regulation: the Sarbanes-Oxley Act (particularly Section 404), the Dodd-Frank Wall Street Reform and Consumer Protection Act, the Bank Secrecy Act, and agency rules issued by the SEC, FDIC, CFPB, and FINRA.

3. Entity-specific requirements — Entries organized by institution type: banks, credit unions, hedge funds, mutual funds, mortgage companies, payment processors, and fintechs. Audit obligations differ substantially across these categories because regulators including the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the SEC each impose distinct examination and reporting standards.

4. Standards and opinions — Entries covering the standards that govern audit conduct: GAAS (Generally Accepted Auditing Standards), PCAOB standards for public-company auditors, and SOC 1/SOC 2 reporting frameworks relevant to service organizations.

5. Auditor and engagement mechanics — Entries covering the structure of audit engagements: independence requirements, engagement letters, materiality determinations, sampling methods, evidence standards, and management response procedures.

6. Emerging and specialized topics — Entries addressing cybersecurity audits, model risk audits, continuous auditing, data analytics, third-party vendor audits, and fair lending assessments — areas where regulatory guidance is actively evolving through agency issuances rather than codified statute.

What each listing covers

Each entry in this directory corresponds to a standalone reference page. Every page is built around four content dimensions:

• Regulatory basis — The statute, rule, or standards document that creates or shapes the requirement. Where the Public Company Accounting Oversight Board (PCAOB) or the American Institute of Certified Public Accountants (AICPA) has issued authoritative guidance, that source is identified and linked.
• Scope and applicability — Which firm types, transaction thresholds, or registration categories trigger the obligation. For example, FDIC audit requirements for banks differ depending on asset size thresholds established under 12 CFR Part 363, which applies to insured depository institutions with $500 million or more in total assets.
• Process structure — The procedural sequence an audit or examination follows, including planning, fieldwork, reporting, and remediation phases.
• Classification boundaries — Where one audit type ends and another begins. The difference between internal and external audits is a foundational classification boundary that affects independence requirements, report audiences, and regulatory credit.

Pages do not provide legal or professional advice. They present regulatory and standards content drawn from named public sources including the SEC, PCAOB, FDIC, FINRA, CFPB, and AICPA.

Geographic distribution

All listings reflect US national regulatory scope. Because the US financial services audit framework is built on federal statutes and federal agency rules, the primary regulatory layer applies uniformly across all 50 states. State-level insurance department audit requirements, which vary across jurisdictions, are noted where they intersect with National Association of Insurance Commissioners (NAIC) model audit rule structures.

Firm-specific entries — such as hedge fund audit requirements and investment adviser audit obligations — address federal registration thresholds that determine whether the SEC or state regulators hold primary jurisdiction. The Investment Advisers Act of 1940 establishes a federal registration threshold at $110 million in assets under management (as adjusted by SEC rulemaking), below which state oversight applies. Geographic distinctions of this kind are explained within the relevant entry rather than applied as a directory filter.

How to read an entry

Each reference page is self-contained and follows a consistent internal structure. Readers can expect the following components in every substantive entry:

Regulatory anchor — The primary statute, rule, or standard governing the subject. For example, the Sarbanes-Oxley Section 404 audit requirements entry anchors to 15 U.S.C. § 7262 and the implementing rules in 17 CFR Part 240.

Definitional precision — Technical terms are defined using the language of the governing source, not paraphrased marketing language. When the PCAOB defines an attestation engagement differently from an audit engagement, the entry reflects that definitional boundary directly.

Comparison structure — Entries that cover overlapping or adjacent topics include explicit contrasts. The bank examination vs. financial audit entry, for instance, distinguishes the supervisory examination conducted by a prudential regulator from an independent audit engagement governed by GAAS or PCAOB standards — two processes that address similar data but carry different legal authority and report destinations.

Source identification — Every major claim within an entry is traceable to a named public source: an agency website, a published standard, a statute, or a regulatory examination manual such as the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual.

Readers navigating the directory for the first time may find the financial services directory purpose and scope page useful as a starting orientation before selecting topic-specific entries. Those already familiar with audit classification may proceed directly to the financial audit types explained entry or the financial services audit standards (US) overview.