The Most Important Compliance Best Practices You Need to Know

According to the Internet Crime Complaint Center (IC3) (partnership between the Federal Bureau of Investigation and the National White Collar Crime Center), the most common victim complaints in 2010 in USA were non-delivery of payment/merchandise, scams impersonating the FBI and identity theft.

The Federal Deposit Insurance Corporation has issued guidance on safeguarding customers against E-mail and Internet-Related Fraudulent Schemes. This article describes the best practices that can be followed in order to comply with the FDIC guidance.

Under US federal regulations, financial privacy is guaranteed to customers of financial institutions. But what are the best practices that banks can follow in order to protect the sensitive customer data and ensure compliance with regulatory requirements?

Read this article to find out.

Any effort to fall in-line with compliance is a costly affair. But the consolation is that the cost of non-complaince is even more higher. PCI compliance is also seen as weighing high on cost and resource utilization. Companies falling under the PCI standards are categorised based on the number of transactions they muster annually. The PCI requirements focus on basic computer security including secure infrastructure, password protection, unique ID to name a few. Best practices to PCI compliance lists steps which ensures a smooth run.

GRC is fast becoming key to any enterprise strategy. However, organizations are overlooking the difference between GRC as applied to business and as applied to IT. IT GRC focuses on security & general computer controls and privileged user access.

GRC as applied to business focuses on elements like business processes which include business level controls, application level controls and policies and audit reporting needed for internal and external auditor compliance report filing. It also applies to risk management and executive guidance assistance to provide directional analysis and recommendations.

Understanding these differences helps eliminate common GRC mistakes.

Information technology has become a core enabler of business processes within the organizations today. As a result, companies are required to audit and validate their relevant IT systems to ensure that their business processes and underlying records comply with regulations such as the Sarbanes-Oxley Act of 2002 or Healthcare Insurance Portability and Accountability Act (HIPAA) or 21 CFR Part 11(FDA). This paper defines an “easy-to-implement” framework for auditing and validating IT systems for regulatory compliance. It also identifies a best practice which calls for IT organizations and software vendors to proactively audit their software development and implementation processes on an ongoing basis to identify and correct any systemic issues to lower the cost of compliance.