Full and Detailed Data Oversight
for Regulatory Compliance

The Comprehensive Capital Analysis and Review (CCAR) is a regulatory framework from the Federal Reserve, that seeks to ensure that the largest US banks have stringent capital planning processes and sufficient capital to be able to continue operating throughout times of economic and credit stress. Banks must run a series of simulations of different stressed events and submit a large number of regular reports to demonstrate compliance. These include reports such as FR 2052a, FRY-9C and a series of FRY-14 reports.

Solidatus’ customers include large banks that use Solidatus to support demonstration of their liquidity practices and stress testing. Having a robust and complete view of data flows, dependencies, priorities, issues and controls, helps banks keep on top of their data – and prepare and react better in times of turmoil. They have full visibility into their data and systems – and which business use cases they impact. And if a system fails, understand the priorities for bringing them back to business as usual.

Visibility of Personal Data Use, Controls and Compliance

GDPR requires you to understand the types of data you keep, its sensitivity and where it is stored. Solidatus enables you to see a visual map view across ALL systems in your business, including business-critical information, so you can identify whether controls around personal data are in place. You can easily identify which systems hold sensitive personal information and therefore require controls on top – such as limiting access to certain employees or masking personal information from view of people and AI agents. And you can drill down to the detail for further analysis and compliance.

If you receive a data access request from a customer, this is difficult to do without data mapping. Moreover, if the individual wants to know how their data is used across email, support systems, transaction systems, or mortgage systems—or even asks for some or all of it to be deleted—how can you fulfil the request and ensure regulatory compliance if you can’t see where sensitive data flows and in which systems it is used?

Support for your Testing, Resilience and Recovery Planning for DORA

The Digital Operational Resilience Act (DORA) requires financial businesses to enhance their resilience and reduce the occurrences and impact of disruptions from cyber attacks. According to the legislation, “Financial institutions are now required to follow stringent guidelines for safeguarding against [Information and Communication of Technology] ICT-related incidents. These include measures for protection, detection, containment, recovery, and repair.”

Solidatus supports DORA compliance with an up-to-date view of systems, data flows and dependencies, so you can quickly identify which systems and business use cases may be impacted by an incident. You’ll know priorities and which systems need to be restored first. You’ll also know which sources feed databases and how to rebuild them. This will accelerate your recovery and help you return to business as usual quickly.

Be Transparent about Your Use of AI. Know its Risk. Trust its Source.

Regulations around AI usage will only grow over time. Organizations should be proactive with robust regulatory compliance frameworks that align with both existing and potential future regulations, including the EU AI Act and Californian Generative AI: Training Data Transparency Act. Key current requirements include:

• Be transparent and disclose to users that content has been generated or modified by AI
• Know the level of risk your AI has
• Abide by other regulations such as privacy and personal data use in AI
• Publish summaries of datasets used for AI, including data source, start date of usage, copyright, ownership, data points, personal information and changes made to data

Solidatus helps you know exactly where and when you use AI, understand risk associated with your AI models, trust and disclose dataset details and to address data changes that put your AI models at risk.

A Dynamic View, Analytics and Compliance for ESG Initiatives 

The Environmental, Social and Governance (ESG) landscape now requires a more comprehensive set of principles, ethics, and ESG reporting standards. Solidatus’ lineage-first approach with our partners, brings together ESG principles, company priorities, assessment methodologies, data sources and metrics, to provide a complete end-to-end interactive map. Our sophisticated integration capabilities are used to relate metrics to how data flows through the company, providing assessment bodies with every critical piece of the puzzle.

Solidatus gives you a dynamic map of ESG initiatives that prevent a panicked response to new regulatory demands, ensuring a proactive approach to managing risks. You can quickly assess ESG compliance with Solidatus’ ESG analytics – and design, view, and track ESG initiatives across a broad spectrum of markers. Owners of different parts of the data landscape can contribute collaboratively, with all changes versioned for full change management and comparison.

There are many other regulations in place globally, which require you to understand how and where data is used in your business. Global cross-border data sharing and different personal data regulations, for example. There are over 100 different privacy regulations beyond GDPR, such as the Health Insurance Portability and Accountability Act (HIPAA) which provides standards that protect sensitive health information being disclosed without a patient’s consent.

Each country has their own specifics – and Solidatus supports these, helping you know if you do business in different countries, that you comply with those regulations. For example China won’t let you take personal sensitive data (PII) out of the country. So when running a results report, you’ll want to see on your data lineage map view that the necessary action has been taken to remove PII data before doing any reports and analysis.

Other requirements Solidatus supports are IFRS17, which concerns insurers measuring and reporting liabilities and profits. And anti-money laundering legislations like FFIEC 001, NY DFS 504 and many more.