A Unified Control Framework for Indian Fintech Organizations, ET CIO

Scrut Automation, APAC’s GRC platform, has announced the launch of ReguSense, a new product designed to help Indian fintech organizations of all sizes navigate the complexities of rapidly evolving regulations and manage their audits seamlessly.

Indian Fintech and BFSI companies are under strict regulatory pressure to demonstrate strong IT and Infosec maturity models, with the RBI requiring compliance with System Audit Reports (SAR), SEBI rolling out its cyber security framework, and traditional financial institutions such as banks carrying out their own security audits. These regulations are a welcome change and help strengthen cyber security to protect consumers. However, fintech security teams are struggling with audit overload, and most of their efforts are spent on demonstrating evidence of compliance rather than strengthening their security posture.

Akshay Ahuja, Principal – Information Security at M2P fintech, says, “Each line of business in a fintech organization, such as payment gateways, payment aggregators, prepayment instruments, lending, mutual funds, insurance, etc. falls under the supervision of various government regulators. Despite these differences, the evidentiary requirements for each compliance audit remain the same. The need for a unified approach to compliance audits for businesses operating in different economic domains has never been more urgent.”

ReguSense solves this problem by developing a common language across controls of 25+ relevant standards, helping security teams at Fintech companies eliminate duplication of effort, gain greater visibility into their control effectiveness, and manage their audits seamlessly. ReguSense does this by offering structured content across standards, frameworks and regulations for simplified control mapping. The pre-mapped common controls save hundreds of hours of effort to implement recommended controls across multiple frameworks. Scut Automation takes care of the continuous regulatory updates, ensuring that customers are always up to date with the regulatory changes. Customers can also review and tailor mappings to fit their organization’s unique circumstances.

“The Indian financial services ecosystem has witnessed a remarkable transformation, with both legacy traditional companies and newer fintech companies embracing digitization as a mode of distribution. In response, the government has also invested in regulatory infrastructure to democratize secure access to technology,” said Aayush Ghosh Choudhury, CEO of Scrut Automation. “With ReguSense, we hope to reduce the information asymmetry around compliance standards in the Fintech sector, enabling them to stay ahead of the rapidly evolving regulatory landscape,” he further adds.

By leveraging ReguSense and its native smartGRC platform, Scrut Automation streamlines the creation, mapping and updating of internal and external controls, enabling IT, security and compliance managers to observe risks and gather evidence against restrictive controls once and mapping across several regulations.

Shashank Karincheti, Senior Manager – Regulatory and Technology Compliance at RazorPay comments, “Regulators have issued several stringent circulars over the past six months, covering technical failures, cloud security frameworks and cybersecurity guidelines. To meet these requirements, businesses must adapt quickly. Automation is critical to identifying gaps and mitigating risks in real-time. It can also help organizations generate compliance reports and audit trails automatically, reducing the burden on compliance teams.”

ReguSense is designed to meet the unique needs of Indian fintech organizations and developed in collaboration with key Chief Information Security Officers (CISOs) of leading fintech organizations, and CERT-IN staff auditors responsible for enforcing these regulations.