Perspectives

Gearing up for FDIC Part 370 compliance

Data steady, system ready for the recordkeeping rule

​The Federal Deposit Insurance Corporation's new recordkeeping rule presents many challenges for Covered Institutions (CIs). And although the FDIC is giving CIs three years to comply, final rule implementation is expected to be extremely complex. Learn what you can do now to get ahead of the new data, technology, and compliance requirements under FDIC Part 370.

In order to lead in the industry, executives must begin developing the strategy that will help them navigate the final rule requirements and timelines and identify opportunities to disrupt through innovation.

New recordkeeping requirements

The Federal Deposit Insurance Corporation (FDIC), which provides the standard maximum deposit insurance amount (SMDIA) of $250,000 to depositors, recently issued new requirements for Insured Depository Institutions (IDIs). In the event of a failure, these requirements will provide the failed institution in the least costly manner possible. The rule, called 12 CFR (Center for Financial Research) Part 370 or "Recordkeeping for Timely Deposit Insurance Determination" Rule (final rule), issued on April 1, 2017, requires all Covered Institutions with two million or more depository accounts to start complying with the final rule by April 1, 2020.

The expectation is that, in the event of a failure, the FDIC will rely on the CIs to provide complete and accurate account and depositor information needed to determine the insurance coverage available to each depositor. To be compliant with the final rule, a CI must configure and implement IT systems to calculate insured and uninsured deposit amounts for each depositor by insurable category. If an institution fails and the FDIC takes over, a CI must be capable of:

  • Calculating insured and uninsured amounts for each depositor
  • Generating four output files: customer file, account file, account participant file, and pending file (collectively called the "output files")
  • Putting a hold on uninsured amounts within 24 hours
  • Verifying that for all deposit accounts, signed signature cards exist for each owner, and that signature cards exist for each co-owner for joint accounts

In addition, the final rule requires that a CI must annually certify that its IT systems are capable of providing the required information within 24 hours of its failure. This includes deposit information not held by the CI for accounts with transactional features.

Understanding the core rule requirements

The final rule contains specific guidance to insure that, in the scenario of a failure, the FDIC can provide prompt payment of deposit insurance and resolve a CI in a manner that is least costly to the Deposit Insurance Fund (DIF). Large parts of its requirements anchor around the need for systematic data governance, enhanced data quality of deposit accounts, IT capabilities, and technology infrastructure. To meet the final rule requirements, CIs will need to demonstrate continuous progress and readiness, primarily in the following areas:

IT systems compliance testing and certification

The final rule requires CIs to certify annually that their systems are capable of calculating insurance coverage and uninsured amounts on deposit accounts. CIs are also required to certify that they can submit all information, required on deposit accounts with transactional features held in the name of a third party, to FDIC for deposit insurance coverage calculation upon the CI's failure. The chief executive officer (CEO) or chief operating officer (COO) must duly sign the certification before submitting to the FDIC. CIs will be required to ensure the data integration processes, customer and deposit information, insurance calculations, and output files generated are in continuous alignment with the requisitions of the final rule.

In situations where a CI is experiencing rapid or significant changes to its deposit account volumes, operational processes, and deposit systems, the expectation for certification is more frequent. In addition to these periodic certifications, CIs can also expect to be tested for compliance by the FDIC once in a three-year cycle, or sooner if they have undergone consequential material, technology, or financial changes.

Comprehensive data management capabilities for domestic deposit accounts

The final rule, in conjunction with the IT Functional Guide issued by the FDIC for Rule 370, gives paramount importance to data-centric activities—spanning across the life cycle of data sourcing, aggregation, standardization, accountability, data quality, data controls, and reporting—to make certain that CIs have complete and accurate information on domestic deposit accounts readily available. Under this mandate, it's essential for banks to have a single, consolidated view of not only the depositor but also the beneficiaries across the range of account types, deposit systems, and customer identifiers. An adept governance framework should be in place with clearly defined and documented standards, policies, ownership, and monitoring protocols shared between and agreed upon by various data producers and consumers.

The stress that the final rule places on robust data management is also evident from the estimated implementation costs provided by the FDIC, where 77.67 percent of the cost is attributable to data-focused tasks, including legacy data cleanup, data aggregation, data standardization, data extraction, quality control, and compliance. This amounts to greater than $370 million expected collective spend by CIs on improving the data management capabilities for insurance coverage calculations for accounts with more than $10 trillion in deposits at banks in the US.

Robust system architecture for sourcing, aggregation, calculation, and reporting

Providing deposit insurance coverage promptly is a key element of the final rule, for which the FDIC requires CIs to develop, configure, and maintain IT systems, enabling them to:

  • Standardize and aggregate deposit account details across multiple deposit systems
  • Calculate insured and uninsured amounts in each deposit account by ownership rights and capacity within 24 hours, with the ability to restrict access to some or all deposits while the FDIC determines the insurance coverage
  • Process and generate required data output files and metrics
open book icon

Key challenges

Taking into account the massive deposit account volumes, disparate customer onboarding procedures, and relatively tight timelines imposed by the FDIC to conform to the final rule requirements, it will be important for CIs to ensure that senior management understands the project complexity and allocates adequate time and resources to achieve successful completion. This will require coordinated efforts to overcome evident data quality issues, strategic planning to prevail over current technology limitations, and tactical decision making to circumvent operational challenges, some of which are summarized below:

  • Missing single and complete view of a customer
  • Integrating multiple deposit systems and sources
  • Calculating complex insurance scenarios expeditiously
  • Lack of or insufficient data management capabilities
  • Addressing pass-through deposit insurance requirements
Blue chess queen piece

Getting a head start on FDIC 370 compliance

In order to lead in the industry, executives must begin developing the strategy that will help them navigate the final rule requirements and timelines and identify opportunities to disrupt through innovation.

This is the right time to start the evaluation of current system capabilities, data availability, and quality of the deposit accounts, which can enable CIs to identify pronounced gaps and shortcomings against the final rule requirements. Such an analysis can help to prioritize and remediate issues and roadblocks to the final rule readiness and implementation program.

To plan for next steps, CIs should ask themselves the following questions:

  • Have we established a program governance process for ongoing management of project scope, activities, deliverables, timelines, and communications?
  • Have we identified stakeholders, customer accounts, deposit systems, and business processes that fall within the scope of the final rule?
  • Does our current data management framework meet the data requirements of the final rule, such as validating the completeness and accuracy of data with business rules and monitoring data quality on an ongoing basis?
  • What are some of the high-impact deposit accounts for FDIC reporting and with potentially incomplete account data?

To view the full list of questions and learn more about steps your organization should begin taking now to comply with the recordkeeping rule, download the full report, Gearing up for FDIC 370 compliance.

Play button
Did you find this useful?