Regulatory Compliance

Cloud computing is now ubiquitous throughout the software development industry.  There are many cloud service providers offering everything from ‘bare-metal’ virtual servers to complete server-less computing platforms.  The speed by which computing resources can be reserved and instantiated is a major contributing factor to the success of DevOps, where repeatability and automation is central.  However, […]

This week in Orlando, FL, #HIMSS19 brings together more than 45,000 health information and technology professionals, clinicians, executives and vendors from around the world. Agency over your own healthcare data was a running theme in the HIMSS 2019 panel session  titled “Personalized Patient Relationships and Connect Care Journeys.” Ashwini Zenooz, Senior Vice President and General […]

Compliance with the CCPA requires robust processes for identifying, governing, distributing, and securing consumer personal information. The first steps are to document the current usage of this information: Data inventory: Generate lists of personal data related to clients, investors, employees, counter parties, prospects and other entities. Data recipients: Compile a list of entities, such as […]

The first step any financial institution must take in its response to the new CCPA law is to evaluate its exposure and current state of readiness. We can help firms identify gaps, including areas that need immediate action and longer-term changes to support the program. Areas that may require immediate action include any of the […]

Compliance with the CCPA will be challenging because it represents major changes in how financial institutions conduct their business. DATA DISPERSION Consumer personal data is often scattered across multiple internal platforms and shared with many third parties. Firms may not have a full picture of where this information is stored and how it is controlled. […]

As stated in our previous blog, complying with the CCPA requires a strategic approach that covers all stages of planning, analysis, implementation, and quality assurance. A comprehensive compliance program includes all of the following: PLANNING Impact analysis, as well as business case and roadmap development Identify the project work streams Establish the program governance model […]

The state of California has passed a digital privacy law that requires businesses to make disclosures about their collection, use, and dissemination of consumer personal information. The California Consumer Privacy Act (CCPA) will have far-reaching effects on how financial institutions manage their customer data. Compliance will be difficult for firms with disparate silos of customer […]

Understanding the new current expected credit loss (CECL) regulation, how it impacts an organization, and how to go about implementing and managing a response program will be critical for firms carrying financial assets covered by the accounting standard update. Companies will need to understand the history and lifecycle of their data and processes, and engage […]

Organizations will need to modify or redesign their loss reserve processes and systems based on the new CECL standard in light of the substantive changes in methodology. As CECL requires a forecast of loan losses over the life of the instrument, both at the time of origination as well as the revaluation on an ongoing […]

Entities must first include the new CECL disclosures in their financial statements and regulatory reports (e.g., the quarterly call report), commencing with the aforementioned effective dates. There is no separate filing requirement for CECL. The structure and granularity of an entity’s income statement and balance sheet does not to change, as the details of the […]

Editor’s Note: This guest blog post comes courtesy of Gail Cole with Avalara. The U.S. Supreme Court’s decision in South Dakota v. Wayfair, Inc. is a game changer for online sellers and other businesses that sell across state lines. A state can only tax a business that has nexus, a significant connection to the state. For decades, nexus […]

CECL requires loss estimates to include relevant information about past events, current condition and reasonable and supportable forecasts using both internal and external information, including a range of qualitative and quantitative factors. Estimates of expected credit losses must consider information related to the borrower’s creditworthiness, the issuer’s underwriting practices, and the current and forecasted direction […]

CECL, or current expected credit loss, is a new accounting standard that will change how financial institutions account for expected credit losses. Complying with the new CECL standard will have a major impact on an institutions’ operations, accounting/finance, IT, credit, and risk processes and systems. Under current US GAAP (generally accepted accounting principles), an “incurred […]

This is the final post in our series on maintaining regulatory-compliant IT systems in the cloud. In this post, we’ll go over the key takeaways from the series and then we’ll send you on your way! Regardless of how much control you have over your IT systems, if you are using them for regulatory purposes, […]

As we’ve learned in the previous posts in this series, having a thoughtful, thorough cloud vendor qualification process and intelligent SLAs in your cloud vendor contracts will help you maximize the value of the cloud while maintaining regulatory compliance. In addition, here are some tips and best practices to help you knock it out of […]

In my previous post in this series, we discussed how to qualify cloud vendors. Once that process is complete, the second step to maintaining compliance is to document your specific regulatory requirements in a contract with the cloud vendor, usually in the form of service-level agreements (SLAs). In this blog post, I include a range […]

Perficient’s Life Sciences practice regularly monitors the software release notes for several Oracle Health Sciences applications, including: Argus Safety Oracle Clinical/Remote Data Capture (OC/RDC) Thesaurus Management System (TMS) Generally speaking, we review release notes at the beginning of each month for the previous month. On occasion, there are no new releases and, therefore, nothing to […]

We recently completed a 21 CFR Part 11 gap analysis engagement for a client that was largely using SaaS applications, but had no cloud vendor qualification process in place. They had just been allowing each business unit to select the applications that met its user requirements, accept whatever validation documentation the cloud vendor supplied (if […]

Any time you take advantage of a cloud service – infrastructure, platform, or software – for a regulated purpose, you are ultimately responsible for its regulatory compliance, not the cloud vendor. This is critical for you to remember. So, how can you ensure regulatory compliance of a software system you did not build, you do […]

We often hear the phrase “Seek first to understand and then to be understood” or are told to actively listen. While these are important, often time it’s simply not tactical enough. Too often what we hear is skewed by the filters that we (and our audiences) apply. So how do we ensure what we say […]