FDIC Part 370 Rule: Recordkeeping for Timely Deposit Insurance Determination

In April 2017, FDIC introduced the “Recordkeeping for Timely Deposit Insurance Determination” rule (Part 370) requiring insured institutions with more than two million deposit accounts to configure their systems to be capable of calculating the insured and uninsured amount in each deposit account by ownership right and capacity by April 2020.

For compliance with the Part 370 rule, including:

  1. An articulation of the Rules set and timeline
  2. A review of the data quality profiling and cleansing requirements necessary to perform data transformation and ingestion
  3. Deposit insurability determination and reporting required for compliance with the rule
  4. Part 370 readiness assessmentThree years will pass quickly as banking institutions craft plans, design and construct systems, manage data cleanliness, interpret results, and produce accurate reporting for FDIC auditors. Financial institutions need to assess their readiness now.

FixNix Regulatory Risk Data Lake comes handy for this purpose. More info here


General Data Protection Regulation (GDPR) Explained

The General Data Protection Regulation (GDPR) is new EU legislation that comes into force on 25th May 2018 and will apply to businesses of all sizes operating in EU.

GDPR Financial penalties – Increased fines

Penalties for not conforming to the legislation will increase under GDPR, creating a bigger risk for businesses. Under the existing Data Protection Act, security breaches could be met with a maximum fine of £500,000. With the introduction of GDPR, this increases to €20,000,000, or 4% of annual global turnover, whichever is greater

The right of access

New rules around personal information mean that customers have the right to access any information held about them by a business or organisation. Businesses are also obligated to securely delete data if a customer decides to stop using their services and asks to be ‘forgotten’.

GDPR Breach Notifications and faster reporting

Under GDPR, companies will be held to stricter regulations on reporting major data breaches to the authorities and customers. A breach must be reported within three days if it’s likely to pose ‘a risk for the rights and freedoms of individuals’, and data processors will need to inform their clients immediately.

Personally Identifiable Information (PII data)

GDPR expands the definition of personally identifiable, or PII, data to include things like genetic information, photos, social media posts, and IP addresses.

Opt in, not out – explicit consent required

To gain data consent from customers, companies will have to use clear opt-in tick boxes, rather than a potentially misleading opt-out box that’s commonly used now.

Loved the way VirtualCollege has depicted GDPR explanation in GIF files


Try world’s 1st #SaaS #regTech platform http://FreshGRC.com to automate the GDPR compliance on the go with a straight forward 30$/user/month/module approach. write to sales@FixNix.co if you want to go through GDPR Compliance suite


Robotic Process Automation for Compliance

According to KPMG, three classes based on the level of automation:

 Class 1: Basic process automation  Class 2: Enhanced process automation  Class 3: Cognitive automation
addresses transactional work activities that are rules-based and primarily repetitive in nature. This includes screen-scraping, macros, incorporating workflows and basic design capabilities. enables the recognition of unstructured data and aids in adapting to the business environment. enables decision support with the help of advanced decision algorithms, the evolution of these tools are generally interlinked with artificial intelligence e, natural language processing, big data analytics
and evidenced-based learning.

Areas where more RPA is happening at this point of time.

  • Accounts payables
  • Accounts receivables
  • Reconciliations
  • Fixed assets accounting
  • Supplier setup and amends
  • Purchase order management
 Payroll Management
  • Payroll accounting and processing
  • ComplianceSettlements
  • Travel desk
  • Attendance tracking
  • Reporting
  • Data processing
 Information Technology
  • IT helpdesk
  • Data center management
  • Infrastructure management

RPA for Compliance

Personally I feel Robotic Process Automation is going to disrupt the way the compliance business is taken care inside the large banking, fortune corporations.

Internal Audit
  • The Audit is a deep domain which has lots of scope to automate in different aspects of audit meant for corporation, branch, computer, IT security, manufacturing, site inspection.
 Risk Management
  • Complex risk scoring for Enterprise, IT, Security Risk and process for automating the workflows following the same
  • Changing regulation’s compliance
  • Listening to the inputs from Antivirus, SIEM and many other security investments, cognitively automate the assignment
  • Automation of controls lifecycle management with cognitive listening to the regulator’s changing regulations

If you want to stay put with the ever-evolving IT and BPM landscape, driven by the rapid advancement of technology, organizations are considering automation as part of their transformation equation, write to sales@FixNix.co .

The challenges of ensuring execution, compliance with current trends, competitiveness, market share and relevance are paramount. FixNix with it’s predictive analytics capability from ZenAnalytics is looking to help you transform with the cognitive RPA.

Public Company Accounting Oversight Board (PCAOB) Audits

The Public Company Accounting Oversight Board (“PCAOB” or “Board”) plays an important role in capital markets as an independent audit regulator. The PCAOB’s work furthers the public interest, including the protection of investors, through its oversight of the preparation of independent audit reports. On 23 Oct 2017, the Commission approved a PCAOB rule that requires significant enhancements to certain public company audit reports, including the communication of critical audit matters (“CAMs”) and the disclosure of auditor tenure. These changes are intended to make the auditor’s report more informative.


Post-Implementation Review

 Post-implementation review is an important component of high-quality economic analysis of regulatory decision-making. The PCAOB has established a program under which the staff of the Office of Economic and Risk Analysis conducts post-implementation reviews of PCAOB rules and standards.

The objective of the post-implementation review program is to look back at significant rulemakings, after a reasonable period of time has passed, to evaluate the overall effect of the rule or standard. This includes:

  • Evaluating whether a rule or standard is accomplishing its intended purpose, as identified in the rulemaking release;
  • Identifying, wherever possible, costs and benefits; and
  • Identifying unanticipated consequences, either positive or negative.


GDPR May 25, Just 111 days. Are you ready ?

Found this interesting GDPR countdown clock by one of the many riding the Europe Union regulation General Data Protection Regulation

There are hajar (1000 in hindi) guys trying to ride on this bus, including all our SaaS industry friends, leaders.

But for my limited understanding this is just one another compliance. People are so much brouha about it because of the fines in term of revenue if found non-compliance.

Have seen our GRC industry veterans riding the SOX bus and still all the large organizations using them dont have any clue about Segregation of duties because of the lack of user experience and right implementation.

According to KPMG below are the 12 important things to be acomplished in privacy framework.

In FixNix we enable all 12 with our 12 products under FreshGRC.com

Feel free to signup for FreshGRC.com or drop a note to sales@FixNix.co