Let’s talk about data governance in banking and financial services, one area I have loved working in and in various areas of it … where data isn’t just data, numbers aren’t just numbers … They’re sacred artifacts that need to be protected, documented, and, of course, regulated within an inch of their lives. It’s not exactly the most glamorous part of financial services, but without solid data governance, banks would be floating in a sea of disorganized, chaotic, and potentially disastrous data mismanagement. And when we’re talking about billions of dollars in transactions, we’re not playing around.
As Bob Seiner, a renowned data governance expert, puts it, “Data governance is like oxygen. You don’t notice it until it’s missing, and by then, it’s probably too late.” If that doesn’t send a chill down your spine, nothing will.
Why is Data Governance Such a Big Deal?
In the banking sector, data governance is more than just a compliance checkbox. It’s essential for survival. Banks process an astronomical amount of sensitive information daily—think trillions of transactions annually—and they need to manage that data efficiently and securely. According to the World Bank, the global financial industry processes over $5 trillion in transactions every day. That’s not the kind of volume you want slipping through the cracks.
Even a small data breach can cost banks upwards of $4.35 million on average, according to a 2022 IBM report. No one wants to be the bank that has to call its shareholders after that kind of financial disaster.
Data governance helps mitigate these risks by ensuring data is accurate, consistent, and compliant with regulations like GDPR, CCPA, and Basel III. These rules are about as fun as reading tax code, but they’re crucial in ensuring customer data is protected, privacy is maintained, and banks don’t end up with regulators breathing down their necks.
Tools of the Data Governance Trade
Let’s talk about the cavalry—the tools that keep all this data governance stuff from turning into a full-blown nightmare. Thankfully, in 2024, we’re spoiled with a variety of platforms designed specifically to handle this madness.
-
Collibra and Informatica
- Collibra and Informatica are heavyweights in the data governance world, offering comprehensive suites for data cataloging, stewardship, and governance. Financial services companies like AXA and ABN AMRO rely on these tools to handle everything from compliance workflows to data lineage mapping.
-
Alation and Talend
- Alation is known for its AI-powered data cataloging and governance capabilities, while Talend excels in data integration and governance. Companies like American Express have adopted Alation’s tools to streamline their data governance operations.
The Future of Data Governance in Banking
Looking forward, the financial sector’s reliance on robust data governance is only going to increase. With the rise of AI, machine learning, and real-time data analytics, banks will need to be even more diligent in how they manage and govern their data. A recent study from IDC suggests that by 2026, 70% of financial institutions will have formalized data governance frameworks in place. That’s up from around 50% today, meaning that the laggards are starting to realize that flying by the seat of their pants just won’t cut it anymore.
Jamie Dimon, CEO of JPMorgan Chase, emphasized the importance of data governance in a recent shareholder letter, stating, “Data is the lifeblood of our organization. Our ability to harness, protect, and leverage it effectively will determine our success in the coming decades.”
Climate risk models are the newest elephant in the room. As banks face pressure to account for environmental factors in their risk assessments, data governance plays a critical role in ensuring the accuracy and transparency of these models. According to S&P Global, nearly 60% of global banks will be embedding climate risk into their core business models by 2025.
In a world where data is king, and compliance is the watchful queen, banks are stuck playing by the rules whether they like it or not. Data governance tools are not just for keeping regulators happy, but they also give financial institutions the confidence to innovate, knowing that they’ve got their data house in order.
A recent survey by Deloitte found that 67% of banking executives believe that improving data governance is critical to their digital transformation efforts. This statistic underscores the growing recognition that effective data governance is not just about compliance, but also about enabling innovation and competitive advantage.
So, yeah… data governance might not be the flashiest part of banking, but it’s the foundation that holds everything together. And if there’s one thing we can agree on, it’s that nobody wants to be the bank that ends up on the evening news because they forgot to lock the vault—whether it’s the physical one or the digital one.
]]>Our colleagues at Perficient are incredibly talented, compassionate, and committed to accelerating innovation and making meaningful connections around the world. We recently sat down with Bilahari (Hari) Appukuttan Nair, HCM manager, to discover how he utilizes his Human Resources expertise to drive growth for Perficient and our global teams.
Located in Bangalore, India, Hari is a key contributor for the coordination of office-wide activities and events, as well as a project leader for Perficient’s Global Compliance Training Program. Every colleague has a responsibility to protect our business, safeguard the integrity of client data, and foster a support work environment for all people.
Through annual compliance training, we’re ensuring Perficient remains a supportive and safe workplace. Continue reading to learn about the incredible insight Hari brings to our India team, the difference his contributions are making, and how he exemplifies Perficient’s vision and mission.
What is your role? Describe a typical day in the life.
Hari celebrating Holi with colleagues in Perficient’s Bangalore office.
I joined Perficient in May 2022, and have been here for two years. In my role, I am responsible for the Bangalore business unit’s Human Resources functions, ensuring seamless operations and addressing employee needs effectively. I generate comprehensive Management Information System (MIS) reports to support informed decision-making. I plan and execute engagement activities and corporate events to cultivate a positive work environment.
Additionally, I conduct and analyze employee surveys to gain valuable insights and drive continuous improvement. Conducting performance review discussions is an important part of my responsibilities, and I also play a key role in the monthly payroll process.
Relating to the Global Compliance Training Program, I am responsible for tracking colleague completion status, providing biweekly updates to senior leadership, coordinating efforts with global points of contact, and assisting with any issues related to the compliance training platform, Percipio.
How do you explain your job to family, friends, or children?
I help the people who work at my company. I plan events to boost employee morale by solving problems, motivating colleagues, planning and executing reward programs, and providing essential training to new team members.
Also, I track progress and continuously improve initiatives, processes, and policies. Ultimately, my role involves organization, support, and creating a positive environment for everyone to thrive.
Whether big or small, how do you make a difference for our clients, colleagues, communities, or teams?
Hari participating in an event supporting Wish Tree.
The goal of my job is to motivate skilled, engaged consultants and technologists to complete great work for our clients. As a compliance training lead, I ensure everyone is equipped with the necessary knowledge of our data security and workplace integrity policies. I help create a positive work environment through engagement activities, prompt issue resolution, and being there for our colleagues. I also organize corporate social responsibility initiatives that contribute to societal well-being.
What are your proudest accomplishments, personally and professionally? Any milestone moments at Perficient?
I created an HR dashboard for our Bangalore office, which has earned appreciation from Perficient leadership. Following the guidance of our vice president, I expanded this initiative to our Chennai and Hyderabad locations. I am responsible for leading a team that successfully launched Perficient’s 2024 Compliance Training globally. Through a series of engagement initiatives, I have contributed to improving the employee engagement score for our Bangalore location.
Colleagues at Perficient celebrating Hari’s birthday.
What advice would you give to colleagues who are starting their career with Perficient?
Embrace learning, build trust, and take ownership. Seek feedback, stay flexible, and always strive for growth.
How do you shatter boundaries?
I consistently strive to step out of my comfort zone and exceed expectations in my HR role. I’m proud to have successfully completed the Learning to Lead program, and I must extend my gratitude to the Talent Development team for forging this invaluable opportunity. Additionally, I am familiarizing myself with a few tools that will enhance my contributions further.
Continuous learning remains a top priority for me, as I firmly believe that challenging the status quo is essential for achieving excellence. I believe this way I can contribute to Perficient’s ongoing success and growth.
READ MORE: Learn How Perficient is Enabling Colleague Career Development
Why do you think we obsess over client outcomes?
I believe the success of our customers is a direct reflection of our own success. We understand client needs and exceed their expectations, which showcases our commitment to excellence.
This client-centric approach not only enhances our reputation and helps us build lasting relationships, but also fosters a culture of continuous improvement and innovation within our organization. This is supported by our thousands of skilled strategists and technologists, ensuring we stay ahead in a competitive market.
LEARN MORE: Perficient and Our Colleagues Are Enabling Client Success
How do you forge our future?
I am proud to be a part of this beautiful team dedicated to fostering an environment where every voice is heard and valued. We actively seek input from our colleagues through gathering quarterly surveys, scheduling meetings to ensure open communication, and organizing engaging events to keep spirits high.
Celebrating the successes and achievements of our colleagues is a priority. I support leadership with insightful reports and dashboards, and I had the opportunity to take the lead in compliance training to ensure everyone is equipped with the necessary knowledge. Thus, I contribute to creating a more resilient and forward-thinking Perficient with engaged and motivated employees who are well-prepared to navigate future opportunities and challenges.
It’s no secret our success is because of our people. No matter the technology or time zone, our colleagues are committed to delivering innovative, end-to-end digital solutions for the world’s biggest brands, and we bring a collaborative spirit to every interaction. We’re always seeking the best and brightest to work with us. Join our team and experience a culture that challenges, champions, and celebrates our people.
Visit our Careers page to see career opportunities and more!
Go inside Life at Perficient and connect with us on LinkedIn, YouTube, Twitter, Facebook, TikTok, and Instagram.
]]>If you’ve been paying close attention to the automotive market lately, specifically the electric vehicle market, you will have noticed that OEMs are beginning to invest in battery production as a critical component of their overall electric vehicle transition. Most notably, they are doing so within their own borders. This begs the question: Why would OEMs start investing in battery production in the United States?
Taking Hold of a Runaway Supply Chain
Currently, China dominates the global battery chain in minerals, processing, and mining at about 75%-80% of the overall market. At the same time, OPEC controls 40% of oil and yields major influence on the U.S. economy. As you can imagine, our reliance on other countries for battery production and oil supply is a difficult spot to be in as supply chain complexity and disruptions continue to cause problems for automotive companies. Also, one could argue that China controlling over 80% of the supply chain is not exactly helping the environment on a global stage – especially due to China’s need for open coal mines to create the lithium batteries.
Automotive OEMs are trying to build their own batteries here in the United States to gain greater control over the supply chain and reduce the costs of EV production, driving lower costs for their consumers. These efforts will also create jobs in the United States around battery manufacturing and distribution. The ripple effect will be essential as EV penetration continues to rise in the United States, although it also opens a whole new area of regulatory compliance with batteries which was not as big of a factor when EV penetration was much lower.
How Do We Solve the “Dead” Battery Issue?
For those who are hesitant about EVs due to concerns with how they will handle a dead battery, there are solutions to battery recycling that we should consider. Dealers and OEMs can improve EV adoption by educating drivers about how EV batteries work, what they can expect from servicing their vehicle, and what happens to batteries once they no longer work in the car.
As the first generation of EV batteries come to the end of their projected 10-year life cycle, most retain around 70%-80% of their capacity. While manufacturers recommend that these are replaced in vehicles due to the workload that they face in powering passenger vehicles and reducing returns for range, these batteries still offer a wealth of capacity. To avoid the significant environmental impact of dumping batteries, we can recycle them by using them to store solar energy for homes, power streetlights, and as back-up power sources for elevators or data centers. Of course, this recycling creates a need for regulations and compliance to ensure tracking of battery history, transfer of ownership, and regulations for different regions.
What Can OEMs Do to Manage Changing Battery Regulations?
I would recommend a BEV (battery electric vehicles) checklist for regulations ensuring that OEMs are keeping track of the ever-changing requirements.
- Familiarize yourself with all applicable regulations and standards: Various regulations and standards related to electric mobility have been introduced to address environmental impact, product safety, and reliability.
- Perform an internal assessment for battery compliance: One of the best ways to prepare for an upcoming audit is to conduct an internal assessment using either your own team members or an external third-party auditor. A self-assessment enables you to gauge your organization’s compliance readiness and identify any gaps that need to be addressed prior to the actual certification process.
- Develop an action plan for battery compliance: Based on the findings from your internal assessment, develop an action plan for implementing the necessary changes to help your organization reach compliance. When assigning tasks and due dates to impacted teams, consider the date of your formal audit.
- Compile your product record and history: By bringing together the key elements of your product record which includes bills of materials (BOMs), corrective and preventive actions (CAPAs), SOPs (Standard Operating Procedures), requirements, training documentation, and engineering change orders (ECOs) in a centralized system, you will always have the necessary evidence at hand to demonstrate compliance.
- Leverage a digital solution to manage compliance: Managing regulatory information in context with the product record makes it easy for your teams to track key deliverables and quickly address compliance issues that could hinder product launches.
Regulatory battery compliance cannot be an afterthought for OEMs manufacturing EVs and batteries. If they want to win the race in today’s volatile and competitive EV market, there are opportunities to jump out in front and overcome barriers to EV sales. Implementing the right systems and processes early on will help you stay on top of the evolving industry mandates and minimize risks. This proactive approach to compliance will be key to accelerating your product launch and achieving commercialization success.
Perficient can help OEMs with their deep knowledge of the BEV industry and operational readiness. Our automotive expertise and continued success in standing up platforms and systems will support battery production and regulatory compliance so that OEMs can take control of the EV supply chain and reduce costs of the EVs to consumers.
Tap into Perficient’s automotive expertise to accelerate your electric vehicle sales and help you with your regulatory and compliance needs.
]]>Introduction:
In the world of cloud storage, effective data management is crucial to optimize costs and ensure efficient storage utilization. Amazon S3, a popular and highly scalable object storage service provided by Amazon Web Services (AWS), offers a powerful feature called Lifecycle Configuration.
With S3 Lifecycle Configuration, you can automate the process of moving objects between different storage classes or even deleting them based on predefined rules. In this blog post, we will explore the steps involved in setting up S3 Lifecycle Configuration, enabling you to streamline your data management workflow and save costs in the long run.
Step 1:
Access the Amazon S3 Management Console To begin, log in to your AWS account and access the Amazon S3 Management Console. This web-based interface provides an intuitive way to manage your S3 buckets and objects.
Step 2:
Choose the Desired Bucket Select the bucket for which you want to configure the lifecycle rules. If you don’t have a bucket yet, create one by following the on-screen instructions.
I have chosen this bucket.
Step 3:
Navigate to the Lifecycle Configuration Settings Within the selected bucket, locate the “Management” tab and click on “Lifecycle.” This section allows you to define and manage lifecycle rules for the objects in your bucket.
Step 4:
Create a New Lifecycle Rule Click on the “Add lifecycle rule” button to create a new rule. Give your rule a descriptive name to help you identify its purpose later.
Step 5:
Define the Rule Scope Specify the objects to which the rule applies. You can choose to apply the rule to all objects in the bucket or define specific prefixes, tags, or object tags to narrow down the scope.
Step 6:
Set the Transition Actions Define the actions that should occur during the lifecycle of the objects. Amazon S3 offers three primary transition actions:
a. Transition to Another Storage Class: Choose when objects should be transitioned to a different storage class, such as moving from the Standard storage class to the Infrequent Access (IA) or Glacier classes.
b. Define Expiration: Specify when objects should expire and be deleted automatically. This feature is particularly useful for managing temporary files or compliance-related data retention policies.
c. Noncurrent Version Expiration: If versioning is enabled for your bucket, you can configure rules to expire noncurrent object versions after a specific period.
In my scenario I have log files are storing the bucket hence for I want to remove the logs for 30 days.
proc 1: first 30 days the files will be moved to Glacier.
proc 2: After 7 days the file s will be deleted (expire)
note :
Step 7:
Set the Transition Conditions To fine-tune your rule, you can define transition conditions. For example, you might want to transition objects to a different storage class only if they have been untouched for a specific number of days or meet certain criteria based on object tags.
Step 8:
Review and Save the Lifecycle Rule Carefully review the settings of your lifecycle rule to ensure they align with your data management requirements. Once you are satisfied, save the rule to activate it.
Step 9:
Monitor and Modify Lifecycle Rules After saving the lifecycle rule, you can monitor its performance and make modifications as needed. The Amazon S3 Management Console provides various metrics and logs to track the rule’s execution and evaluate its effectiveness.
Conclusion:
Amazon S3 Lifecycle Configuration empowers you to automate data management tasks and optimize storage costs effortlessly. By following the steps outlined in this blog post, you can easily set up lifecycle rules to transition objects between storage classes or define expiration policies. Embracing the power of S3 Lifecycle Configuration allows you to achieve better data organization, and improved performance.
Promethium Ember Capital, (“PEC”), a wholly owned subsidiary of Promethium, has become the first digital asset custody provider to come under federal regulation. PEC was approved as a special purpose broker-dealer (“SPBD”) for digital asset securities. The approval allows Promethium to custody digital asset securities on behalf of both retail and institutional clients.
The significance of this is two-fold. First, as digital asset securities, should the SEC classify digital assets such as cryptocurrencies and NFT as securities rather than derivatives, Promethium will be well positioned to offer the related custody services.
Secondly, as a qualified custodian, which is what the SPBD classification offers, subjects Promethium to provisions of the landmark United States Exchange Act of 1934. As noted by Promethium Co-CEO Aaron Kaplan, “Digital asset investors in the IS are currently custodying cryptocurrencies that are securities on platforms that don’t offer the same SEA 15c3-3 customer protections required by the federal securities laws.”
15c3-3 offers retail clients superior collateral protections against losses in the event of a custodian bankruptcy and require more frequent and stringent collateral protections for both retail and institutional clients.
While there are many other digital asset custodians in the marketplace currently, they are operating under state licenses, many of which do not offer the same protections to retail or institutional clients.
]]>Regulations and Policies
In November of 2022, the EPA released new regulations to combat the release of air pollutants such as methane, VOCs, and benzene by both existing and new oil and gas operations. Another decisive move in 2023 by EPA enacted new policies to crack down on water pollution from coal plants. In these cases, oil and gas companies and coal plants would need to closely track pollutants and report numbers under the threshold to stay in operation. Some experts are expecting many coal plants to either switch to burning natural gas – the policy’s proposed alternative – or completely shut down to avoid the increased expense of compliance.
Compliance is growing more complicated for energy companies as the spotlight shines brighter and hotter on climate change and environmental governance. In this case, cracking down on tracking the types and amounts of pollutants in the wastewater would add even more to energy companies’ plates, both in labor and expense. For companies who have not yet streamlined processes, educated and trained employees on environmental, social, and governance (ESG), or implemented advanced tracking and reporting with the latest technology, the goals of compliance regarding new environmental laws feel increasingly further out of reach.
Environmental Policies and Commitments
Detailed environmental policies and commitments can feel like an added burden to energy companies, as they not only require extensive capabilities for tracking KPIs but also for reporting results to the public, agencies, and investors. Despite the heavy load of ESG, meaningful and comprehensive ESG programs are an essential part of attracting and retaining investors, expanding and claiming new markets, and more. These programs are a pledge to monitor and reduce environmental impact, assuring discerning consumers who are becoming wiser about their energy usage.
As the focus on ESG and the expense of compliance grow, partnering with a strong digital transformation company with experience in oil, gas, and utilities would provide the support needed to comply with global ESG reporting requirements. This digital partner, with a commitment to the environment, like Perficient, would modernize processes and systems to enable advanced data tracking and reporting, resulting in greater transparency and improved compliance.
Improvements and Benefits
With streamlined and improved internal processes and solutions, energy companies can easily create and assess reports built on data regarding water usage, waste management, and contributions to carbon emissions. By capturing data in real-time and building comprehensive reports, energy companies can predict and plan new courses of action according to trends. With complete control over granularity and allocation, making improvements and scaling becomes effortless. Tax reporting, audits, and reconciliations become efficient if not completely automated.
Other benefits include replacing outdated and siloed systems and manual work with seamless and convenient tracking and reporting that saves money in the long run. Buyer and investor confidence will also grow as your reputation and pricing are protected. Ultimately, these initiatives will help energy and utility companies stay relevant and in step with a changing world that increasingly prioritizes best practices for environmental impact.
Learn more about our extensive energy and utilities experience and how Perficient was recently recognized for capabilities in the oil and gas industry.
]]>For as long as I can remember, Humpty Dumpty had a great fall that put him in a tragic state. This rhyme has always been one of my favorites. The story first appeared in 1870, in James William Elliott‘s National Nursery Rhymes and Nursery Songs. Humpty Dumpty is a memorable and versatile teaching lesson, even for adults.
In my previous post, we looked at what the Three Little Pigs taught me about risk management. Humpty Dumpty also taught me something quite important to pharmacovigilance (PV) and regulatory compliance. (Truly, I’m not stuck in childhood rhymes, but I am amazed at how applicable they are to any stage of life.)
The first question that stands out for me is, “Why is he sitting on a wall?” His proportion wasn’t correct for sitting on the wall and fell into the category of “horrible parent-based outcomes.” In today’s regulatory environment, governing pharmacovigilance and drug safety, it’s easy to see how we can become our own Humpty Dumpty.
Choosing a PV or regulatory workflow isn’t stable and allocating our resources disproportionally can be a disaster. What happens when the system fails or becomes overrun? We take Humpty’s fall.
As the rhyme goes, sometimes all the kings’ soldiers and all the kings’ men can’t put your PV/Regulatory system back together again.
So, how do we stabilize in pharmacovigilance and regulatory practices in this world of constant movement and change?
First and foremost, what is your regulatory environment and your geographical footprint? While there are commonalities; not all are a fit. The United States Food and Drug Administration has different centers for different drug categories; EMA and local country affiliates operate differently. Just because one authority has a particular guideline does not mean it will have an iteration from each authority. If you work across regulatory areas, these categories include:
- Human drugs
- Tobacco
- Animal drugs
- Animal vaccines
- Medical devices
- Biologics
- Animal parasiticides
Regulatory affairs is infinitely more complicated. Recently, all the 2013 GxP documents – which was the first move from Volume 9A in EMA in 2013 – were updated. The Middle East, South America and APAC are all evolving at record speed. This should give us the message that the wall isn’t stable.
We have moved from a PV system that was based on retrospective analysis to one that expects proactive pharmacovigilance.
This requires faster, more efficient, and more intimate knowledge of our products and the risk benefit paradigm. That also means understanding and complying with the regulations for the full life cycle of our products.
How do you do that without falling off the wall?
None of us at three years of age, while hearing of Humpty’s woes, brilliantly announce to our parents that we are going to be “regulatory affairs or pharmacovigilance” subject matter experts. With the complexity of the new animal health regulations and the updates to the EMA human regulations, regulatory affairs has become more of a specialized regulatory science. That means understanding more, keeping abreast of country based specific regulations, making sure that our PV systems and organizations are compliant, and using the regulations in an efficient manner to develop a regulatory strategy.
We can either ask for an army-sized budget or embrace technology solutions to help. What is available? What is a good fit? What are the end-goals of introducing technology into regulatory affairs and PV?
- Faster and more accurate collection of regulatory information
- Separating relevant vs. non-relevant information
- Approval and distribution of PV regulatory information
- Distribution of information needed for regulatory strategy and design of submission planning
- Ready access to our PV data to rapidly identify potential signals, opportunities for expansion and risk mitigation
The reality for most is that they don’t have enough resources to manage ever-changing regulatory documents – to find, digest, and distribute relevant regulatory information. Each organization wants and needs optimal compliance within the regulatory environment in which they operate. We know that the strategy (both before and after marketing) is unique to the product, indication, geography, and license. The technology should augment and accelerate marketing and compliance. Use technology to automate regulatory documents from global agencies to maximize the use of data, comparative analytics, and automate parts of regulatory submissions.
At Perficient, those technology solutions are our sweet spot. We get it; keeping up with regulations to protect currently marketed assets is difficult and putting together a regulatory strategy to get a drug or device to market is even more complicated. There is also the PV data and analytics.
Technology solutions don’t have to be painful or overly expensive; we believe in fit for purpose.
Check out the diagrams below, contact us for more information (you can also just give us a holler – we all work remotely, so we’ll hear you). Let us show you how to simplify regulatory affairs into a science and survey your PV data based on real time data that is relevant to your unique area. Whether it be animal or human health, we can make it simpler, more accurate, and help you get more with less using technology solutions.
Moreover, your regulatory and PV group will love you for it.
Technology Automation for Surveying Global Regulations and PV Impact:
Kari Blaho-Owens, EMT, Ph.D. is the Director of PV and RA for Healthcare at Perficient. She lives and works in Montana. Kari is a firm believer that finding workable solutions to tough Regulatory, MI, and PV solutions can be found at the end of her fly line. She loves fly fishing, donating her spare time to serve others as a volunteer EMT, and exploring the vast beauty of the state… with the goal of not being eaten by a Grizzly bear.
For PV, MI, call center, and RA conundrums, contact us for workable solutions.
]]>Life sciences organizations aim to bring life-enhancing innovations to market. More and more, the agility to do so and to remain competitive is driven by digital investments, which require resources and expertise. Perficient is a partner that makes you stronger by enabling your teams to optimize performance and accelerate customer-centered outcomes and business-driving value. Our life sciences experts can partner with you to extend and amplify your teams’ performance through managed services, project management, Agile leadership, validation and compliance, and compliant cloud hosting.
Let’s explore each of these five areas in a bit more detail.
Managed Services
Managed services optimizes your business processes to meet your strategic goals, overcome operational obstacles, and optimize day-to-day work. Partnering with a highly skilled third party to gain additional resources takes the busy work off your shoulders, so that you can focus on your core-critical business needs to fully optimize your operations. Leading consulting and support services will implement best business practices specific to each client’s needs, with a sound understanding in technical consulting, strategic thinking, and industry expertise.
Managed services can add value to your organization in the following ways:
- Reduces Business Risk: Life sciences leaders must navigate a highly regulated industry. Managed services reduces your risk by equipping you with the knowledge you need to stay compliant and secure.
- Provides Proactive Support & Monitoring: Offers proactive monitoring, system performance improvements, and minimized downtime/glitches
- Unlocks Technology Enhancements: Introduces new technology/functionality to keep up with evolving demands from customers and relevant to the industry
- Allows for Third-Party Vendor Management: Using a third-party vendor allows you to partner with a single vendor to address all of your needs.
- Lowers Costs to the Business: Managed services allows for continuous service without additional costs from maintaining internal/sub-contractor personnel. It also helps minimizes the disruption of services.
- Improves IT Efficiencies: MSO provides access to specialized resources with defined SLAs. Support is available in multiple time zones.
- Enables Scalability & Availability: Life sciences organizations grow rapidly, and their needs are constantly evolving. Managed services makes it easy to scale depending on demand, adding skilled resources for SOC, validation, GDPR, and more.
- Optimizes the Business: Let us handle the complex IT situations so that your staff can focus on critical and core business needs, functions, and strategic initiatives.
Project Management
Our project managers have worked in the life sciences industry for 20+ years to drive successful project delivery with the optimal blend of resources, planning, and forecasting. They strive to help you thrive in the delicate balance between planning, tactical exaction and collaboration/buy-in.
The success of a project depends on the project manager’s agility and focus on your organization, your portfolio, and your project. Especially in the life sciences industry, the external environment must also be accounted for. We recommend solutions-driven governance that blends plan, process, and people to keep your initiatives on track. This approach will hold the customer’s perspective and needs at the heart of consideration and continuously improve managed services workstreams that evolve your program’s impact with project management experts that deeply understand your business.
EXPLORE NOW: Lean Transformation: Learn to Evolve Quickly
Agile Leadership
Life sciences organizations navigate a fast-changing landscape and need to fulfill accelerated drug approval with efficient data collection and reporting.
In this industry, It’s vital to remain agile without leaving your organization’s vision behind.
Our Scrum certified project managers know life sciences strategy, and our servant leadership approach supports your organizational culture. We help leading life sciences enterprises embrace change and optimize outcomes.
Organizational transformation impacts every aspect of your business. It’s critical for your organization to navigate and embrace change successfully for fully optimized outcomes and greater business value. Perficient has prioritized Agile from the beginning, and we continue to embrace it today. Contact us to learn more about our Agile Accelerator Jumpstart.
LEARN MORE: An Agile Approach to M&A
Validation & Compliance
While it’s costly and complicated to remain compliant, life sciences organizations must adhere to FDA regulations and standards.
Expert guidance on validation & compliance helps life sciences organizations by:
- Minimizing risk
- Acing audits
- Maximizing data accuracy and integrity
In addition to being SOC 2 Certified, our team has decades of experience with validation, quality, and compliance, as well as a 100% audit success rate. Our validation specialists are tuned to rapidly changing regulations and industry standards. We provide solutions to resolve FDA enforcement actions and support clients when implementing, upgrading, or migrating new systems.
We power your productivity with timely, cost-effective, compliant computer systems and a qualified infrastructure supported by knowledgeable consultants who can help you navigate regulatory hurdles with confidence at every stage of development.
SEE ALSO: Helping Pharma Meet International and Regulatory Standards
Compliant Managed Hosting
Maintaining clinical, safety, and business IT systems can be complex and expensive, especially for organizations that lack the right resources and infrastructure.
Hosting applications that need to be regulatory-compliant require sophisticated technology and specific knowledge of regulations and systems.
We support multiple cloud-hosting solutions. Perficient’s Compliant Cloud Hosting Service for Life Sciences uses the most advanced hardware and software on the market to ensure optimal performance, reliability, and security.
Our compliant cloud hosting services deliver reliable uptime and system tuning so you can keep your team focused on core business objectives that deliver value. Our state-of-the-art data center provides the right balance of security and usability to organizations.
RELATED CONTENT: Addressing the Complexities of Conducting Global Clinical Programs
Partner with Perficient for True Digital Transformation in Life Sciences
Life sciences organizations’ ability to accelerate transformation is crucial to succeeding in a highly competitive, highly regulated, and quickly-evolving landscape. Life Sciences leaders rely on us for strategic, industry, and technical expertise to achieve their missions in a technologically advancing industry. Our thought leaders are here to support you in achieving business goals and solving your most complex challenges.
Our Life Sciences practice has a global footprint, with locations across the globe to meet your skill and budget needs at the right time and in the right place. We work seamlessly with our domain experts across Perficient to best execute for our clients’ outcomes. Our comprehensive end-to-end support keeps your organization efficiently moving forward. Extend your capacity with our expert solutions and add day-to-day value where you need it most.
Have questions? Contact us to discuss your organization’s specific needs.
]]>So far in our 6-part blog series explaining the intricacies of TRACE, we have defined TRACE reporting and detailed the prep work to be done in order to effectively report TRACE transactions. Now, we will review considerations for alternative trading systems, before delving into the details of when and by whom transactions are to be reported in Part 4 of the series.
Larger TRACE participants often operate an alternative trading system (ATS). If so, the participant must obtain a single, separate Market Participant Identifier (MPID) for each ATS designated for the exclusive use of reporting each ATS transaction. The participant must use separate MPIDs to report all transactions executed within the ATS to TRACE, however, transactions not executed within the ATS must be excluded.
Participants with a single ATS are permitted to use two separate MPIDs but only if one is used exclusively for reporting transactions to TRACE and the other exclusively for reporting transactions to the equity trade reporting facilities such as OTC or the New York Stock Exchange. Remember, TRACE reporting is for TRACE-eligible fixed income securities, not equities.
***
Our financial services team can help your company understand and comply with TRACE. Our colleagues are well-versed not just in the requirements but also the technology and processes required to ensure financial institutions remain compliant with one of the most fluid, time-dependent, and onerous processes required by federal banking regulators.
Interested in learning more? I’ve created a guide, The What, Why, and How of TRACE Reporting Compliance, that outlines the intricacies, rules, and regulations surrounding TRACE. You can download it here.
]]>The Office of the Comptroller of the Currency (“OCC”) issued a letter (1179) that national banks and federal savings associations must demonstrate that they have adequate controls in place before they can engage in cryptocurrency, distributed ledger, and stablecoin activities.
The OCC had issued multiple Interpretive Letters in 2020 and earlier this year related to this matter. The letters may be accessed directly here:
Always committed to the safety and soundness of financial institutions, in the letter, the OCC clarified that cryptocurrency, distributed ledger, and stablecoin activities addressed may be conducted after a bank notifies its supervisory office of its intent to engage in the activities.
Once a non-objection letter has been obtained from its supervisory office, the bank may begin the activities. The OCC will review new activities and risks as part of its normal bank examination processes and procedures.
Particularly relevant to banks with personal and corporate trust departments, Letter 1179 reiterated that OCC Interpretive Letter 1176 on the OCC’s chartering authority did not expand on or change a bank’s existing obligations under the OCC’s fiduciary activities regulations. The OCC retained discretion in determining whether an activity is conducted in a fiduciary capacity for purposes of federal law.
—
If your organization is interested in building capabilities and solutions to support cryptocurrencies, don’t hesitate to reach out to learn how we can help.
]]>The Office of the Comptroller of the Currency (OCC) has released 15 Community Reinvestment Act (CRA) performance evaluations. These evaluations are based on on-site examinations by OCC-trained staff. On-site examinations are done every other year. Reviews, which can take weeks, assess an institution’s performance in helping to meet the credit needs of communities, including those of low or moderate-income within its assessment area. A compliance rating of either “Outstanding,” “Satisfactory,” “Needs to Improve,” and “Substantial Noncompliance” is awarded at the end of the on-site review.
Of the 15 evaluations on the list made public by the OCC:
- six received an Outstanding rating
- eight were rated Satisfactory
- one was rated as Needs to Improve
No institution was rated as in Substantial Noncompliance.
The full list is included below, in date order. It can also be accessed on the OCC website.
| Bank Name | City | State | Evaluation Date | Rating | Examination Type |
| Security National Bank | Witt | IL | 12/14/2020 | Satisfactory | Small Bank |
| First Texoma National Bank | Durant | OK | 12/14/2020 | Satisfactory | Small Bank |
| First National Bank of Decatur County | Bainbridge | GA | 11/23/2020 | Satisfactory | Small Bank |
| First National Bank of Kemp | Kemp | TX | 11/16/2020 | Satisfactory | Small Bank |
| United Fidelity Bank, F.S.B. | Evansville | IN | 11/13/2020 | Satisfactory | Intermediate Small Bank |
| First National Bank of Michigan | Kalamazoo | MI | 11/9/2020 | Satisfactory | Intermediate Small Bank |
| Pyramax Bank, FSB | Greenfield | WI | 11/9/2020 | Outstanding | Intermediate Small Bank |
| Wilmington Savings Fund Society, FSB | Wilmington | DE | 10/26/2020 | Outstanding | Large Bank |
| The Conway National Bank | Conway | SC | 10/26/2020 | Outstanding | Large Bank |
| Santander Bank, National Association | Wilmington | DE | 10/13/2020 | Outstanding | Large Bank |
| Community National Bank & Trust | Chanute | KS | 10/5/2020 | Outstanding | Intermediate Small Bank |
| Fidelity Bank, National Association | Wichita | KS | 10/5/2020 | Satisfactory | Large Bank |
| The First National Bank of Long Island | Glen Head | NY | 9/21/2020 | Satisfactory | Large Bank |
| Metropolitan Bank and Trust Company | New York | NY | 8/31/2020 | Needs to Improve | Small Bank |
| BOKF, National Association | Tulsa | OK | 6/8/2020 | Outstanding | Large Bank |
This is the first part of a series about the OpenShift Compliance Operator, focusing on installing the operator and running a scan.
Operators are a strong piece of Red Hat’s OpenShift platform, easing the operational complexity of what might otherwise be difficult pieces of the platform. Red Hat’s Compliance Operator provides some relief to the operational complexity of managing the security compliance of a containerization platform. In this blog, I’ll briefly go over installing the Compliance Operator and some of its components. I’ll then show you how to initiate compliance scans, see the results at a high level, and apply the ever-growing number of automated remediations.
The Compliance Operator can be found in the OperatorHub section of the OpenShift console (along with other operators); it installs easily with the default settings by a user with cluster-admin privileges.
The operator install creates an openshift-compliance namespace by default, and once the install completes, you’ll see these tabs on the operator.
The operator provides a nice description of each section, so I won’t go over that here but rather dive right into setting up a scan.
In the ScanSetting section, the operator provides two default configurations.
I’ll discuss those more a little later, but for now, I’ll work with the default configuration ScanSetting, which includes a cron type schedule for running the scans daily, and points to the roles that will be scanned (workers and masters by default). Here’s a partial view of what the YAML file for the default ScanSetting looks like:
For my example here, I don’t need to make any changes to the default ScanSetting.
To initiate a scan, we need to create a ScanSettingBinding. In the ScanSettingBinding tab, simply click on “Create ScanSettingBinding,” and the operator creates a YAML file that defaults to using the rhcos-moderate profile, which will run against the masters and workers. A quick look at the Profiles tab shows all of the different security profiles included with the operator.
I think you’ll find that the Compliance Operator is well documented. For example, if we look into the YAML file of the ocp4-cis profile, we’ll see a good explanation of what this profile includes.
Further down the yaml, it lists all of the rules that it uses:
In the Rules tab, all the included rules are listed, and each of them provides a good explanation of what the rule covers. For my ScanSettingBinding, I’ve added the “ocp4-cis” profile to scan the OpenShift platform as well. Mine (ScanSettingBinding YAML) now looks like this:
As soon as you create and save this binding, the system will initiate a scan. If you look on the ComplianceScan tab. You’ll see the status of each scan normally as either running, aggregating, or done.
Now that the scan is done, an easy way to view my results at a high level is to run the following command using the OpenShift CLI. First, make sure you’re in the openshift-compliance project:
$ oc project openshift-compliance
Then run:
$ oc get compliancecheckresult
It will list all the checks and their status (pass, fail, etc.…).
**Note, this is just a sampling. The full list of findings is much longer.
You can get a quick summary by piping this command through a few greps and line counts, as shown below
$ oc get compliancecheckresult | wc -l
582
$ oc get compliancecheckresult | grep PASS | wc -l
148
$ oc get compliancecheckresult | grep FAIL | wc -l
395
$ oc get compliancecheckresult | grep INFO | wc -l
2
$ oc get compliancecheckresult | grep MANUAL | wc -l
34
$ oc get compliancecheckresult | grep NOT-APPLICABLE | wc -l
2
**The first line of the compliancecheckresult output is a header line, so there are 581 checks.
Next, I’ll apply all of the provided automated remediations. First, I have to tell the scan setting binding to apply the automated remediations it has. You can pick specific ones to apply, but in my case, I’m going to have the operator apply everything that it can. As I mentioned earlier, the operator installed two ScanSettings: a default and a default-auto-apply.
My ScanSettingBinding is set to use the default, which only scans. I’m going to edit it and have it use the default-auto-apply option. I do this by editing the “NIST-moderate” ScanSettingBinding I created earlier.
In the YAML file, I simply change the default ScanSetting to “default-auto-apply”:
Now I can re-run my scans, and the operator will apply all the automated remediations. If you remember from our earlier look at the scans, there are actually three separate scans—one for master nodes, one for worker nodes, and one for the OpenShift platform itself.
Probably the easiest way to restart these scans is from the CLI, using these three commands:
- $ oc annotate compliancescans/ocp4-cis compliance.openshift.io/rescan=
- $ oc annotate compliancescans/rhcos4-moderate-master compliance.openshift.io/rescan=
- $ oc annotate compliancescans/rhcos4-moderate-worker compliance.openshift.io/rescan=
Once these scans complete, I can compare the results with my first scan using the “oc get compliancecheckresult” commands I ran earlier. I’ve summarized the results of the before and after scans in the table below:
| 1st Scan | Result | 2nd Scan | Result | |
| PASS | 148 | PASS | 454 | |
| FAIL | 395 | FAIL | 89 | |
| MANUAL | 34 | MANUAL | 34 | |
| INFO | 2 | INFO | 2 | |
| NOT-APPLICABLE | 2 | NOT-APPLICABLE | 2 |
You can see that the operator fixed a large number of the findings, and the number of automated fixes is growing quickly as the community writes remediations, and they are vetted by Red Hat.
In future blogs, I’ll show you how to generate some nice, formatted OpenSCAP reports and a way to pull the remaining items into a convenient task list, which will help you create a plan for getting to compliance. I’ll also show you how to use machine configs to customize and automate remediations for your clusters.