In order to comply with FDIC Part 370, covered institutions will have to implement a change program that encompasses the people, processes, and technology necessary to support on-site FDIC inspections.
In addition to the annual certification and report, the FDIC will conduct on-site testing of institutions’ compliance with Part 370. While it has not defined exactly what its requirements for this on-site testing are, it has committed to issuing guidelines before the rule’s compliance date, and the earliest testing would begin at the end of the first quarter following the effective date.
While the exact testing requirements are not yet known, it is possible from the FDIC’s timeline that institutions will only have a quarter between the guidelines being released and the initial on-site test. Given this, institutions should be preparing for these tests before receiving final guidance, as certain things can be assumed:
- FDIC will require access to the firm’s systems
- FDIC will be able to view customer PII
- FDIC will require a dedicated support team from the covered institution for the duration of its test, as well as likely for a period before and after the test
A covered institution would do well to begin designing its response to these tests ahead of time. Exposing systems and client information to external parties can be frustrating to both parties, especially when done on an ad-hoc basis. The covered institution and the FDIC will both benefit from having a thoughtfully designed on-site testing experience.
—
If you are interested in learning more about FDIC Part 370 and how we can help you comply with the rule, please download our comprehensive guide or complete the contact form at the bottom of this page.
