Get your Compliance and Ethics Program on Track with Dodd-Frank

Published in the Project Post-Gazette, January 2014

by Cheryl A. Wilson, PMP, PMI-RMP, CCEP

January 2014 PPG


If you thought the Dodd-Frank Act was just another set of compliance regulations your organization will need to embedded in your Compliance and Ethics (C&E) program, read on.  The Dodd-Frank (Wall Street Reform and Consumer Protection) Act, referred to as Dodd-Frank is peppered with compliance requirements that actually tell you how to manage your business.  Before Dodd-Frank, organizations viewed C&E programs as administrative overhead costs and a check-off box nuisance that needed to be reviewed only as often as the C&E manager deemed appropriate.

Gone are the days where C&E is thought of as the last item on the agenda at the end of the day to ensure some form of compliance.  Not only has Dodd-Frank changed that concept, in order for organizations to see the benefit of the additional expenditures required to structure C&E programs under Dodd-Frank, organizations need to see that measuring, monitoring and reporting can have a cost reduction impact to their organization’s bottom line.

One goal of Dodd-Frank is for regulators to be able to gain better transparency into market activities to try and avoid another financial crisis meltdown like the Mortgage Financial Crisis of 2008. The Dodd-Frank Act was signed into law July 21, 2010 by President Obama. It is named after the former U.S. Senator Christopher J. Dodd and the former U.S. Representative Barney Frank due to their involvement in the act’s creation.  The bill contains some 16 major areas of reform and contains hundreds of pages of potential federal regulations and literally hundreds of mandates for the future creation of government agency rule making and requirements development. The implementation of Dodd-Frank fall under the scrutiny of the US Securities Exchange Commission (SEC), the US Federal Reserve System (FRS), and US Department of the Treasury’s Office of the Comptroller of the Currency (OCC).  The Act contains more than 398 provisions that require SEC, FRS, and OCC rulemaking.   The Act creates a newly minted Financial Stability Oversight Council (FSOC) that is chaired by the Secretary of Treasure.  Voting members consist of:  heads of Treasury, Federal Reserve, OCC, SEC, FDIC, FHFA, SCUA and the newly created Consumer Financial Protection Bureau (CFPB).

At this point, January 2014, only about 40% of the Dodd-Frank’s provisions have been finalized. As the regulations of Dodd-Frank are challenging and touch all areas of your organization, you will need to take a more Enterprise view on your risk management environment from the isolated approach most take today.

One of the areas of great concern is with the IT structure under Dodd-Frank.   If organizations have tried to update their C&E environment to the new mandates with a bandage approach they might find that this rework due to the speed of implementation and rapid pace of change will be extremely costly. As Dodd-Frank is still a moving target and there is still a lot of regulatory unknowns, organizations are doing a lot of rework to comply with the new regulations.

One thing that is well known is the requirements to Dodd-Frank will require some new IT systems capabilities.  Organizations need to be proactive in their preparation for the additional regulations of the Dodd-Frank Act within their IT and data management systems. The requirement for real time reporting required by Dodd-Frank will require new IT capabilities such as the ability for organization’s IT departments to consolidate and aggregate data for reporting.  This puts the need for data stored on different IT systems to be removed from different silos into a single repository to support this more real-time reporting.  The possibility of significant fines for misreporting looms large on the horizon for those organizations that cannot meet the Dodd-Frank reporting mandates.

Although there is growing concern that this reform will impact the future economic growth by over-constraining the financial systems, the main purpose of Dodd-Frank seems to be to:

  • Monitor systemic risks to prevent excessive risk taking
  • Limit bank propriety trading (the Volcker Rule – approved December 2013)
  • Place new regulations on the trading of exotic financial derivative instruments
  • Protect consumers (i.e. help prevent another financial crisis)

So how can organizations use Dodd-Frank to proactivity manage their C&E programs and see a cost benefit to the additional requirements?

First, any increase in organizational C&E programs will force an organization to consider how compliance activities functions across legal boundaries. The benefit of organizations taking an enterprise ‘compliance view’ by program and by risk type will reveal areas of concern BEFORE they happen as opposed to the current reactive model that most organizations work under.

The ability to consolidate your data to do real time reporting and activity based costing analysis will allow companies to use this data to defend against any whistleblower allegations (see the January 2014, Line in the Sand, Whistleblower).

Others see more focus on reducing operational complexity as a benefit. Currently, many organizations structure their C&E program by business line, and each business has full accountability for managing their risks. Financial organizations will need to consider how they structure their compliance functions to respond to the new Dodd-Frank regulations.  The benefit of consolidated reporting will allow business leaders to understand areas of concern by looking at trends supporting a more proactively-based approach.  The January 2014 Risk Line column provides an overview of a regulatory roadmap required by the Dodd-Frank that will help in changing your C&E program into an Enterprise-wide solution.

Every area of the financial-services arena will be affected by the Dodd-Frank Act. This not only means huge changes to the way banks, brokers, and insurers do business; it also means changes to their C&E programs, their internal systems controls, and programs to address new regulatory risks and compliance. All of that is happening at a blinding pace, as regulators are driven to establish new oversight bodies and write new rules under a congressionally mandated timetable.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s