Scrut Automation, launches of ReguSense, a new product designed to help of all sizes navigate the complexities of rapidly-evolving regulations and manage their audits seamlessly.
Indian Fintech and BFSI companies are under strict regulatory pressure to demonstrate strong IT and Infosec maturity models, with the RBI mandating compliance with System Audit Reports (SAR), SEBI rolling out its cybersecurity framework, and traditional financial institutions like banks conducting their own security audits. These regulations are a welcome change, and are instrumental in strengthening cybersecurity for protecting consumers. The security teams at fintechs, however, struggle with audit overload, with the majority of their effort spent in showcasing proof of compliance rather than strengthening the security posture.
Akshay Ahuja, Principal – Information Security at M2P fintech, says, “Each business arm at a fintech organization, such as payment gateways, payment aggregators, pre-payment instruments, lending, mutual funds, insurance, etc. fall under the oversight of different government regulators. Despite these differences, the evidence requirements for each compliance audit remain similar. The need for a unified approach towards compliance audits for businesses operating in different financial domains, has never been more urgent.”
ReguSense solves this problem by developing a common language across controls of 25+ relevant standards, helping security teams at Fintech companies eliminate duplicity of work, get better visibility into their control effectiveness, and manage their audits seamlessly. ReguSense does so by providing structured content across standards, frameworks, and regulations for simplified control mapping. Its pre-mapped common controls save hundreds of hours of effort in implementing recommended controls across multiple frameworks. Scut Automation takes care of the continuous regulatory updates, ensuring customers are always up-to-date with the regulatory changes. Customers can also review and tailor mappings to fit their organization’s unique circumstances.
By clubbing ReguSense and its native smartGRC platform, Scrut Automation streamlines the creation, mapping, and updating of internal and external controls, thus empowering IT, security, and compliance managers to observe risks and collect evidence against mitigating controls once and map across multiple regulations.
Shashank Karincheti, Senior Manager – Regulatory and Technology Compliance at RazorPay comments, “Regulators have released several stringent circulars in the last six months, covering technical glitches, cloud security frameworks, and cybersecurity guidelines. To meet these requirements, enterprises need to adapt quickly. Automation is crucial in identifying gaps and mitigating risks in real-time. It can also help organizations generate compliance reports and audit trails automatically, reducing the burden on compliance teams.”
ReguSense has been designed to meet the unique needs of Indian fintech organizations and developed in collaboration with key Chief Information Security Officers (CISOs) of leading fintech organizations, and CERT-IN empanelled auditors responsible for enforcing these regulations.
“The Indian financial services ecosystem has witnessed a remarkable transformation, with both legacy traditional companies and newer fintech companies embracing digitization as a mode of distribution. In response, the government has also been investing in regulatory infrastructure to democratize secure access to technology,” said Aayush Ghosh Choudhury, CEO of Scrut Automation. “With ReguSense, we hope to reduce the information asymmetry surrounding compliance standards in the Fintech sector, and enable them to stay ahead of the rapidly evolving regulatory landscape.”
