Financial Firms Grapple With Dodd-Frank System Demands

Compliance and risk executives in the finance sector are working at a fever pitch to meet the compliance and reporting obligations that accompany the Dodd-Frank Act, and they are pushing their IT systems to keep up.

Yet building the necessary IT infrastructure for Dodd-Frank compliance amid so much regulatory uncertainty is not making the job any easier.

THE PANELISTS

More than 20 executives participated in the February 2, 2012, roundtable on compliance technology to meet financial regulatory reform. The following executives are quoted in this exclusive recap.

Frederick Mishkin,

Professor,

Columbia Law School

Yusuf Azizullah,

Business Professor,

University of Maryland

Santhosh Nair,

Head of Domain Services,

Wipro

For More Information on Compliance Week Roundtables

Such was the sentiment expressed by more than 20 executives in the financial industry during a recent executive roundtable hosted by Compliance Week and Wipro to discuss the latest thinking on how financial firms are complying with Dodd Frank and other regulations.

Guest speaker Frederick Mishkin, a professor at Columbia Law School and former member of the Board of Governors of the Federal Reserve System, opened the forum speaking about the “tremendous shift in the way we now think about regulation.”

Prior to the financial crisis, he said, the focus of regulation was on the safety and soundness of individual institutions, and whether they'd be able to withstand shocks in the market. The problem with that sort of “micro-prudential” way of thinking: it makes things worse during times of systemic shock, because it induces vicious circles of each firm in the system acting in its own self-interest, but against the collective good of the whole system.

Dodd-Frank still maintains this micro-prudential way of thinking, “and, in fact, has this attitude that we're never going to have bailouts again,” Mishkin continued. Going forward, he said, the focus should be on a “macro-prudential” way of thinking, where financial firms are required to have more capital than what is necessary to simply stay afloat, and which targets the overall health of the financial system instead of the soundness of individual firms

“A well-functioning system is one where, when you get a shock to the system and one bank gets into trouble, other banks are going to do better, because they will then have the capital to purchase the bank that is in trouble,” Mishkin explained.

Compliance executives at the forum expressed many more concerns about Dodd-Frank. One of the most common frustrations voiced by attendees is the inability to implement long-term, structural improvements to compliance and reporting, because the Securities and Exchange Commission and the Commodity Futures Trading Commission so far haven't specified precisely how they want data to be reported.

The general consensus among attendees was that regulators are asking for several sets of data that, in the end, won't be the type of information market regulators will need. As one executive said, “Sometimes regulators ask ridiculous questions in which there is no way anybody can answer them, because they're not looking for the right information to begin with.”

“Internally, we're working as hard as we can to get in front of [Dodd-Frank], but when you don't have funding to back up IT systems, we might have a bigger problem.”

—Anonymous Executive

Investing in a sophisticated, flexible reporting system, however, can be a risky procedure since Dodd-Frank regulations are still so immature—assuming they've been adopted at all, and many have not. “That is the first problem we need to address,” said one attendee, Yusuf Azizullah, a business professor at the University of Maryland who also works with multiple Wall Street firms on compliance issues. “The regulators need to give us a list of items they want us to report on.”

Banks are turning to IT outsourcing firms (Wipro among them) for help building systems to come up to speed on Dodd-Frank compliance. According to a survey of compliance executives in the financial sector by Compliance Week and Wipro, 30 percent of respondents said they're looking to outsource compliance and reporting functions or joining external industry-based utilities. Risk-and-compliance-as-a-service, as it were, allows firms to outsource much of the effort needed to keep track of dynamic regulatory environments as well as sharing the costs associated with keeping pace. “We are seeing increased enquiries on utility for compliance” says Santhosh Nair, head of domain services for banking at Wipro.

That being said, financial firms are also quite hesitant to outsource all of their compliance function. Nearly two-thirds of respondents in the Compliance Week survey said they want creating in-house compliance and reporting utilities as well. In most cases, financial firms will strike a balance between in-house and outsourced solutions, Wipro believes. Making the decision on how much to outsource and how much to complete in-house is further clouded by the uncertainty that remains in just what types of data sets will be required by the final regulations.

The group also heard from Mark Tabs, head of legal compliance, IT, at UBS.

Many questions remain unanswered, Azizullah said. “The evidence data that financial firms will provide to regulators, will it be relevant to the regulators in meeting compliance, and will it pass external regulatory scrutiny from investors, creditors, and shareholders?” said. “The board and audit committee also need to get relevant metrics and regular updates in meeting fiduciary responsibilities.”

That task can be all the more daunting because as it stands now, the Dodd-Frank Act will require banks to report data they don't currently collect. For example, the data required to comply with the proposed Volcker Rule (to regulate banks' trading in derivatives), “those are not metrics we produce today,” said one executive. “It's definitely going to be a lot of work to generate them.”

Continued Uncertainty

A group of panelists listens as Columbia Law School professor Frederick Mishkin discusses the shift in how executives contemplate regulation.

Many roundtable attendees worried that the delays in proposing many Dodd-Frank rules, as well as the perceived “vague language” in rules proposed or adopted so far, compound the challenge of securing money and manpower to build the right IT compliance infrastructure. And who could blame senior executives for hesitating? Why green-light a project when the ultimate costs and objectives are still unclear?

 “That's a big struggle for us,” explained one executive. “Internally, we're working as hard as we can to get in front of [Dodd-Frank], but when you don't have funding to back up IT systems, we might have a bigger problem.”

As a result, many firms are stuck with implementing interim solutions, using tools such as Microsoft Office applications, instead of figuring out what vendor software they could adopt for long-term improvements.

Because the banks themselves don't have a lot of clarity from regulators, vendors face similar obstacles when it comes to managing the data. “Our level of clarity on what we've done on the IT side is based on the level of clarity we get from the banks,” said Wipro's Nair.

Joining the discussion: Charles Constantin, director of regulatory compliance for Societe Generale Global Solution.

What is known, despite all the confusion: That the data to be required is not going to come from one system. “Due to years of multiple mergers and acquisitions in the industry, it is going to painfully be gathered at a huge cost to the firms from large complex multiple diverse systems and applications,” Azizullah said.

Even if a software tool did exist that could automatically gather all the data from the thousands of applications that will be required, Azizullah said, “one would need to double check the list of systems twice and be confident that they are not forgetting some system that will provide regulatory evidence.”

Executives at the forum concluded that they are hopeful that the rules will evolve enough where financial firms are able to go to their third-party vendors and say, as one executive put it, “‘This is how things need to be.'”