FDIC Part 370: Planning for Future Rule Changes

Posted September 30, 2019

In my previous post, “FDIC Part 370 Rule Extension," I touched on the impact of extending your deadline for compliance. This post examines another aspect of resource management, cost, and project planning associated with compliance.

The FDIC’s July 2019 Part 370 amendment addressed the types of allowances that would be made for any future rule changes. Given that it is expected that this rule will evolve over time (especially post-audit) and similar rules have lasted for over a decade, I wanted to share my thoughts on how you should be planning for upcoming rule changes. Please see the links at the bottom for our previous Part 370 articles.

Overview

Covered Institution Request: Banks requested that the FDIC should provide a minimum fixed period of 12-18 months to update data records and make system changes following any changes to the regulation. The FDIC should use its discretion to determine whether this minimum period would be sufficient, or if more time would be necessary.

FDIC Response: The FDIC did not believe it was appropriate to set a minimum time period to resolve deficiencies because the amount of time needed would depend on the scope of the change. The FDIC will have the freedom to determine the appropriate time frame to re-establish compliance and will publish notice of the specified time period in the Federal Register.

Impact: Covered institutions should be able to quickly re-assemble their core Part 370 team or find external resources in a tight timeframe to address required rule changes and remain compliant.

Retaining Part 370 Expertise Post-Audit

As many of our clients are experiencing, it takes years for your internal staff and vendors to build the expertise necessary to thoroughly analyze and clean up depositor data and fulfill the IT system requirements.

Data Cleanup expertise may include the following:

Knowledge of the landscape of your deposit systems and scope and purpose of each of those systems
An understanding of the data elements that exist across all of your deposit platforms
Expertise about how each of those data elements relate to the required FDIC output files
Using ETL processes to synthesize new data elements as required by the rule

IT System expertise may include the following:

Knowledge gained from analyzing the requirements of the FDIC IT Functional Guide
Expertise from obtaining answers to aspects of the ITFG that are open for interpretation
Experience translating the requirements of the ITFG into a comprehensive IT project plan
Identification of the internal and external points of contact across various departments to obtain the necessary information to execute the project

As you can see, the expertise your team has developed during the three-year implementation period is comprehensive. The ability for the FDIC to independently decide how long a covered institution has to comply with future rule changes further emphasizes the importance of a formal response strategy.

Comprehensive Documentation

It is very tempting to skimp on documentation as your team works to meet deadlines and solve tough problems. However, this may lead to knowledge retention issues in the future as your core Part 370 team shifts projects or leaves the company. It is critical that you assign resources to ensure proper documentation of all data cleanup and IT system findings as your project evolves.

Budget and Plan for an Additional Year after Audit

After leading the development and optimization of the FDIC’s internal insurance determination and closing over 200 banks, I can say from experience that this regulation will require trial and error before compliance is fully achieved. This is a complex regulation from a data cleanup and technology perspective. Some examples of challenges that you might encounter post-audit may include:

Improper identification of all required platforms
Deficiencies in fields aggregated from these platforms and how they tie into your Part 370 IT System
Deficiencies in the data quality required for your IT system to properly calculate insurance
Inadequate logic in your IT system to properly calculate insurance for all 16 ORCs

Given that it is impossible to know which defects or resources will be necessary post-audit, it is important to budget for and retain an experienced bench to correct deficiencies at least one year after the expected audit date.

Additionally, relying on an external vendor to clean your data and custom build a compliant IT system means that after the initial implementation period, it is possible that these resources will move on to other projects and will not be available to help your bank implement modifications for future rule changes; this results in costly ramp-up of new resources.

That is why documenting everything for knowledge transfer, budgeting for an additional year of resources post-audit, and working side-by-side with the vendor is critical to mitigate this risk.

Your Feedback

Before you go, I’m curious…how are you thinking about future rule changes? Hit “Reply” and tell me about it. We can share our findings and hopefully learn from each other.

Stay in touch,

Loc Nguyen, Managing Partner at Fintria

Loc.Nguyen@Fintria.com | (800) 913-9730

About Fintria

Fintria is a RegTech solutions provider based out of the Washington D.C. area. With our combined 50+ years of FDIC DRR experience, our team has closed hundreds of banks and helped build the original FDIC insurance engine; there isn't a Part 370 question that we can't answer. We leveraged this experience to help our clients overcome Part 370 challenges and build our proven Part 370 product, RCS 370, which is currently live at the nation's largest institutions.

RCS 370 is an end-to-end solution that identifies data deficiencies and produces a complete dataset, contains an Insurance Engine that incorporates hundreds of rules for thousands of insurance scenarios and complies with the ITFG, and produces all required deliverables for the FDIC.

Fintria's Part 370 experts and proven product can supplement your project in the following ways:

Project Plan Creation: Advice or assistance in forming your Part 370 team or developing a comprehensive project plan. This ensures you are executing steps in the proper order to mitigate risk of project delays from common insurance determination pitfalls
SME and Data Resources: You have already developed your project plan, but have detailed questions or need support with data mapping, data cleanup, building a compliant IT system, or any of the steps outlined in our webinar
Internal Audit Support: You have completed your Part 370 project and want your efforts internally audited before the FDIC audit
Outsourcing ITFG Requirements: Integrate RCS 370 with your existing systems, allowing your team to focus on data cleanup

How Fintria Can Help for Future Rule Changes

Fintria's Part 370 experts are available to help supplement your existing data or IT team, as necessary.

Our clients that use RCS 370 will never have to worry about remaining in compliance due to future rules changes since we update the product as the rule evolves at no additional cost.

Since we can update one system for all of our clients, using our software dramatically reduces the risk of non-compliance, cost, and effort of resource ramp-up and ramp-down required to make future changes.

Previous Part 370 Articles

FDIC Part 370 Webinar - "A 10-Step Roadmap to Compliance": Based on the incredible feedback we've received from affected institutions, the FDIC, and trade organizations, we highly recommend spending 30 minutes to watch the replay.

"Part 370 Rule Extension": This article details how we are advising our clients to maximize the benefits of the one-year extension.

"Fintria’s ABA Conference Podcast": Fintria's live podcast at the ABA Regulatory Compliance Conference

"Fintria Launches FDIC Rule 370 Product that Guarantees Compliance and Reduces Cost": Fintria's RCS 370 product launch announcement

Part 370 Insights