FDIC final amendments to Part 330.9 and Part 370

FDIC final amendments to Part 330.9 and Part 370 “Recordkeeping for Timely Deposit Insurance Determination”

On July 16, 2019, the Federal Deposit Insurance Corporation ('FDIC'), approved revised amendments to its deposit insurance regulation, 12 C.F.R. § 370 “Recordkeeping for Timely Deposit Insurance Determination” ('Part 370') and 12 C.F.R. § 330.9 “Joint Ownership Accounts” ('Part 330.9'), (collectively, 'Final Rules').
 
The Final Rules follow two FDIC Notices of Proposed Rulemaking ('NPRs') published on Friday, March 29, 2019, that were proposed to resolve workability issues with Part 370 and address the signature card requirement for Joint Ownership Deposit Accounts in Part 330.9.
 
After considering responses received on both NPRs during the 30-day comment period, the FDIC approved the revised amendments to both Part 370 and Part 330.9 on July 16, 2019. The proposed amendments from the NPR for Part 330.9 (12 CFR Part 330) essentially remained intact in the Part 330.9 Final Rule, with the main change related to providing alternative methods to satisfy signature card requirements for joint accounts.
 
The Part 370 Final Rule accepted the majority of the proposed changes in the NPR (12 CFR Part 370), with additional changes made to the recordkeeping requirements. While the transactional features definition remains as proposed, the time granted for acquiring institutions resulting from a merger transaction to comply with Part 370 has been extended to two years and now includes deposit assumption transactions. Most notably, the Part 370 Final Rule significantly reduces the proposed expectation of covered institutions (“CIs”) 3 in executing contracts with third-party pass-through account holders, while providing minor relief for applicable trust accounts as CIs no longer will be required to report the “right and capacity” code if the CI makes a reasonable effort to identify the relevant information. The Final Rules will be effective as of October 1, 2019.
 
On March 21, of 2019, the FDIC also released the Part 370 Compliance Review Manual (the 'CRM'), which describes the FDIC’s methodology for developing the scope, approach, planning, timing, and breakdown of responsibilities and relevant activities for the periodic FDIC review of each CI’s Part 370 capabilities. The CRM adds further details on what CIs can expect during the compliance process such as supporting documentation for their processes, playbooks, reports, and systems.
 
Learn more about the final amendments, including the areas of potential relief and increased efforts for covered institutions, by downloading our report.

Back to top

Gearing up for FDIC Part 370 compliance: Data steady, system ready for the recordkeeping rule

The Federal Deposit Insurance Corporation (FDIC), which provides the standard maximum deposit insurance amount (SMDIA) of $250,000 to depositors, recently issued new requirements for Insured Depository Institutions (IDIs). In the event of a failure, these requirements will provide the failed institution in the least costly manner possible. The rule, called 12 CFR (Center for Financial Research) Part 370 or "Recordkeeping for Timely Deposit Insurance Determination" Rule (final rule), issued on April 1, 2017, requires all Covered Institutions with two million or more depository accounts to start complying with the final rule by April 1, 2020.

The expectation is that, in the event of a failure, the FDIC will rely on the CIs to provide complete and accurate account and depositor information needed to determine the insurance coverage available to each depositor. To be compliant with the final rule, a CI must configure and implement IT systems to calculate insured and uninsured deposit amounts for each depositor by insurable category. If an institution fails and the FDIC takes over, a CI must be capable of:

• Calculating insured and uninsured amounts for each depositor
• Generating four output files: customer file, account file, account participant file, and pending file (collectively called the 'output files')
• Putting a hold on uninsured amounts within 24 hours
• Verifying that for all deposit accounts, signed signature cards exist for each owner, and that signature cards exist for each co-owner for joint accounts

In addition, the final rule requires that a CI must annually certify that its IT systems are capable of providing the required information within 24 hours of its failure. This includes deposit information not held by the CI for accounts with transactional features.

Back to top

Understanding the core rule requirements

The final rule contains specific guidance to insure that, in the scenario of a failure, the FDIC can provide prompt payment of deposit insurance and resolve a CI in a manner that is least costly to the Deposit Insurance Fund (DIF). Large parts of its requirements anchor around the need for systematic data governance, enhanced data quality of deposit accounts, IT capabilities, and technology infrastructure. To meet the final rule requirements, CIs will need to demonstrate continuous progress and readiness, primarily in the following areas:

IT systems compliance testing and certification

The final rule requires CIs to certify annually that their systems are capable of calculating insurance coverage and uninsured amounts on deposit accounts. CIs are also required to certify that they can submit all information, required on deposit accounts with transactional features held in the name of a third party, to FDIC for deposit insurance coverage calculation upon the CI's failure. The chief executive officer (CEO) or chief operating officer (COO) must duly sign the certification before submitting to the FDIC. CIs will be required to ensure the data integration processes, customer and deposit information, insurance calculations, and output files generated are in continuous alignment with the requisitions of the final rule.

In situations where a CI is experiencing rapid or significant changes to its deposit account volumes, operational processes, and deposit systems, the expectation for certification is more frequent. In addition to these periodic certifications, CIs can also expect to be tested for compliance by the FDIC once in a three-year cycle, or sooner if they have undergone consequential material, technology, or financial changes.

Comprehensive data management capabilities for domestic deposit accounts

The final rule, in conjunction with the IT Functional Guide issued by the FDIC for Rule 370, gives paramount importance to data-centric activities—spanning across the life cycle of data sourcing, aggregation, standardization, accountability, data quality, data controls, and reporting—to make certain that CIs have complete and accurate information on domestic deposit accounts readily available. Under this mandate, it's essential for banks to have a single, consolidated view of not only the depositor but also the beneficiaries across the range of account types, deposit systems, and customer identifiers. An adept governance framework should be in place with clearly defined and documented standards, policies, ownership, and monitoring protocols shared between and agreed upon by various data producers and consumers.

The stress that the final rule places on robust data management is also evident from the estimated implementation costs provided by the FDIC, where 77.67 percent of the cost is attributable to data-focused tasks, including legacy data cleanup, data aggregation, data standardization, data extraction, quality control, and compliance. This amounts to greater than $370 million expected collective spend by CIs on improving the data management capabilities for insurance coverage calculations for accounts with more than $10 trillion in deposits at banks in the US.

Robust system architecture for sourcing, aggregation, calculation, and reporting

Providing deposit insurance coverage promptly is a key element of the final rule, for which the FDIC requires CIs to develop, configure, and maintain IT systems, enabling them to:

• Standardize and aggregate deposit account details across multiple deposit systems
• Calculate insured and uninsured amounts in each deposit account by ownership rights and capacity within 24 hours, with the ability to restrict access to some or all deposits while the FDIC determines the insurance coverage
  
• Process and generate required data output files and metrics
  

Back to top

Key challenges

Taking into account the massive deposit account volumes, disparate customer onboarding procedures, and relatively tight timelines imposed by the FDIC to conform to the final rule requirements, it will be important for CIs to ensure that senior management understands the project complexity and allocates adequate time and resources to achieve successful completion. This will require coordinated efforts to overcome evident data quality issues, strategic planning to prevail over current technology limitations, and tactical decision making to circumvent operational challenges, some of which are summarized below:

• Missing single and complete view of a customer
• Integrating multiple deposit systems and sources
  
• Calculating complex insurance scenarios expeditiously
  
• Lack of or insufficient data management capabilities
  
• Addressing pass-through deposit insurance requirements
  

Back to top

Getting a head start on FDIC 370 compliance

In order to lead in the industry, executives must begin developing the strategy that will help them navigate the final rule requirements and timelines and identify opportunities to disrupt through innovation.

This is the right time to start the evaluation of current system capabilities, data availability, and quality of the deposit accounts, which can enable CIs to identify pronounced gaps and shortcomings against the final rule requirements. Such an analysis can help to prioritize and remediate issues and roadblocks to the final rule readiness and implementation program.

To plan for next steps, CIs should ask themselves the following questions:

• Have we established a program governance process for ongoing management of project scope, activities, deliverables, timelines, and communications?
• Have we identified stakeholders, customer accounts, deposit systems, and business processes that fall within the scope of the final rule?
  
• Does our current data management framework meet the data requirements of the final rule, such as validating the completeness and accuracy of data with business rules and monitoring data quality on an ongoing basis?
  
• What are some of the high-impact deposit accounts for FDIC reporting and with potentially incomplete account data?
  

To view the full list of questions and learn more about steps your organization should begin taking now to comply with the recordkeeping rule, download the full report, Gearing up for FDIC 370 compliance.

Back to top