Developing the processes and technology required to comply with the Dodd-Frank Wall Street Reform and Consumer Protection Act is a daunting prospect — even by the standards of the banking and financial services industries, accustomed to adapting their back-end systems on the fly to meet ever-changing government mandates.
The 800-plus page legislative package, signed into law in July 2010, aims “to restore responsibility and accountability to the U.S. financial system.”
Considered the most significant regulatory reform measure since the Great Depression, it touches nearly every aspect of financial services, as well as other industries.
The Unfinished Business of Dodd-Frank
Highly complex, Dodd-Frank mandates are also unfinished. Numerous federal agencies have yet to craft and finalize most of an estimated 400 new regulatory rules.
According to Davis Polk’s latest progress report, only 127 rules – or 31.7 percent of the total – have been finalized as of October 2012. Another 136 rules have yet even to be proposed.
“What constitutes proper action and compliance remains really unclear,” states Douglas McKibben, research vice president, banking group, with Gartner’s Industry Advisory Services team.
Impacted companies should not take this temporary era of uncertainty as a license to give in to paralysis.
Approached proactively, the quest to comply with Dodd-Frank can actually help firms achieve better response and business efficiency, improve customer service, and grow organically.
“Rather than stand around and wait for regulators to give you direct guidance,” McKibben advises, “financial services firms have a real opportunity to step up and engage in a more disciplined approach to enterprise architecture, with a focus on improving visibility into governance processes and having access to the right information in the right place at the right time.
It’s a means to perform effective risk assessment and decision-making not solely to satisfy compliance requirements but also to better support customer interactions.”
Technology Pieces of the Compliance Puzzle
Dodd-Frank essentially breaks down to three primary objectives: transparency, financial risk stability analysis, and cross-market surveillance.
These goals are not just compliance issues but also logical business drivers, says Michael Atkin, managing director of the Enterprise Data Management Council, a nonprofit trade association that addresses information management issues faced by the financial services industry.
“Regulators are handing the financial institutions a business case they’ve never had before to achieve those objectives,” he says, noting that the tasks involved can be time-consuming and expensive and require a very deliberate, strategic, cross-organizational approach, rather than a short-term, tactical effort.
Compliance with Dodd-Frank objectives is, first and foremost, a governance and process challenge rather than a technology one, states McKibben, but moving forward does impact technology in three major ways:
Operational and IT officials must work together to bring order to vast stores of information, developing clear, cross-organizational data and messaging standards that identify all relevant debt and asset instruments, financial contracts and interdependent business and legal entities; describe unambiguously exactly what those inputs are; and classify all of the granular data for effective comprehension and analysis, using a common system – for example, cash flow, instrument type or concentration, liquidity or risk perspective.
Data Management as Governance
Dodd-Frank adds data as a new stabilizing pillar to the traditional tripod of people, process and technology.
Atkin says financial executives must work closely with IT to develop a control environment that incorporates well-defined, consistent, comparable data – and clear provenance over that data and data decisions. Doing so creates a path to achieve and demonstrate: fit-for-purpose quality data; insight into links, relationships and dependencies across its business; definition of what is and is not systemic risk; and conclusions about tolerable risk.
Enterprise Data Management
Firms will need to take existing vertical, siloed systems and enable a horizontal view across the data. Using data and framework standards and process reengineering, this step must integrate and align compliance, performance and risk analysis data to be managed within one consolidated process. It must also provide process visibility and “a single version of the truth that cuts across business lines, relationships, products, and geographies,” says McKibben.
However, he adds that developing horizontal view does not necessarily require a centralized data repository or real-time processing.
“It’s all going to be about how you relate the data components to one another to get the information you need when you need it.”
Gain from the Compliance Pain
Transitions are always painful, and Atkins says the investment in redefining and revamping standards, processes, and infrastructure to meet Dodd-Frank
At the end of the day, though, significant potential benefits exist for businesses that begin laying groundwork for Dodd-Frank compliance. Beyond improved regulatory compliance, there is increased adherence to customer requirements. Better risk management and greater operational efficiency are also probable and valuable outcomes.
Real opportunity also exists for business growth via an enhanced ability to mine for customers, upsell, link activities, find niches and better understand the return on investment of specific categories of customers and products.
“The ramifications of being able to link and integrate and automate and extend are amazing,” says Atkin. “I see it as an application of the political adage that warns against wasting a good crisis. We don’t ever want to have another financial crisis like the one that has resulted in Dodd-Frank, but since we have to do it, let’s make sure we do it properly from a logical business point of view.”