Volcker Rule Includes Big Reporting, Documentation Demands

After intense debate and a massive lobbying effort from the financial services industry, the Volcker Rule is finally here. Along with it, come a slew of reporting and compliance requirements.

While banks worried that the rule could cut into profitability by curbing proprietary trading, the big concern, at least from a compliance perspective, may be the mountain of documentation and reporting that the final version of the rule requires. The final rule requires heaps of new written policies, controls, and documentation of trading activities, as well as new testing and training for programs to ensure compliance.

Last week, five regulatory agencies, including the Securities and Exchange Commission and the Commodity Futures Trading Commission, approved a final version of the Volcker Rule, which weighs in at a hefty 900 pages. The rule prohibits a banking entity from engaging in proprietary trading, defined as the purchase or sale of any security, derivative, option, or commodity contract for near- or short-term price movements. The final rule clarifies the definition of covered funds and clarifies the prohibition on banks' from trading high-risk securities, such as collateralized debt obligations and structured investment vehicles, for themselves.

Some advisers say the massive compliance demands of the Volcker Rule will force financial firms to add staff and other resources, and at the highest levels. “I wouldn't be surprised to see some of the banks, given the importance of this law, appoint a sort of Chief Volcker Officer, just like they have a chief privacy officer,” says Bjorn Pettersen, a managing director at Accenture who specializes in risk management consulting for financial firms.

New demands from the Volcker Rule are likely to force banks to appoint someone to take on the role of gatekeeper internally. Indeed, compliance responsibilities for the rule go all the way to the top, with CEOs required to attest that systems are compliant to the intent of the law.

Among the major reporting demands, banks will need to draw a line between proprietary trading, placing high-risk bets on their own account, and traditional hedging and market-making on behalf of customers. Drawing those distinctions will be accomplished by developing new metrics and compliance programs to ensure they are adhered to.

As a concession to banks, a variety of exemptions were included in the final rule, including a green-light for government debt and hedging activity designed to reduce specific, identifiable risks. Taking advantage of those exceptions, however, will add additional reporting. Hedging strategies and positions, for example, will be subject to a required “correlation analysis,” and ongoing recalibration to ensure they are not prohibited activities.

New Compliance Requirements

Banks with assets greater than $10 billion, but less than $50 billion, are required to maintain a compliance program that includes: written policies and procedures that are reasonably designed to ensure compliance with limits on underwriting and market making; a system of internal controls; a management framework with clear accountability for compliance and the review of hedging limits and incentive compensation; independent testing and audits; training for trading personnel and management; and maintaining records that demonstrate compliance for at least five years.

The final rule requires enhanced compliance programs for banks with more than $50 billion in assets that include detailed policies on investment limits, management accountability, and internal audits. Independent testing and analysis of an institution's compliance program will also be required. Banks that do not engage in covered trading activities will not need to establish a compliance program.

Bob Maxant, a partner at Deloitte, says that although banks caught a break with several exemptions, the rule still presents a “high bar for compliance.”

“The largest institutions have to start reporting their metrics in six months, which is not a lot of time,” he says. “You are talking about enhancements and changes to systems, even ensuring that data is consistent and high quality. That is a short period of time, indeed.”

“I wouldn't be surprised to see some of the banks, given the importance of this law, appoint a sort of Chief Volcker Officer, just like they have a chief privacy officer.”

—Bjorn Pettersen,

Managing Director,

Accenture

One difficulty Maxant foresees is that trade assessments and verifications must be made rapidly. “Some institutions were hoping they could affect that on a monthly cycle,” he says. “But if you look at the final wording, it says institutions will need ongoing, timely monitoring of metrics and undertake immediate review and compliance investigations. The wording also talks about things like ‘when quantitative thresholds are exceeded.' All of that collectively confirms it really is a daily review cycle they want, not a weekly or monthly one.”

There are other “belt and suspenders” elements required of compliance programs, Maxant says. These include independent testing of control design and effectiveness, and assessing how inconsistent trades are investigated and resolved.

With market making and hedging definitions, it is clear that regulators did not want to draw a pass or fail bright line test, Maxant says. “At first blush, folks may cheer that,” he explains. “But the ability to exercise judgment can be a double-edged sword. It allows the potential for inconsistent judgments among even well-intended compliance professionals looking to apply the rule. There is a higher probability that someone else can come in, possibly on an examination, and second guess the judgment that was made.”

On any sort of ex-post review, it is "low-hanging fruit” to go after internal inconsistencies, he adds. Large, complex organizations, have so many people involved in trying to comply, “there will inevitably be differences in understanding and interpretation.”

Beyond the Compliance Department

Compliance with the Volcker Rule will also likely seep into other functions, too. Banks will need to update their risk registers and remodel risk profiles, for example. They will also need to quickly respond to audit requests to provide board level assurance and to examiners. “Banks, in general, already have good governance systems,” says Sam Abadir, director of product management for LockPath, a GRC software provider and consultant. “But their biggest compliance issue is going to be putting in place the processes to establish, maintain, enforce, test, and modify what's coming out of Volcker.”

RED LINE/BLUE LINE

Below is an excerpt from the edited versions of the Volcker Rule provided by Skadden Arps.

A primary reason behind dissenting Volcker Rule votes by Securities and Exchange Commission Commissioners Michael Piwowar, Daniel Gallagher, and Commodity Futures Trading Commission Commissioner Scott O'Malia, was that the final rule was altered so significantly that a re-proposal was warranted. In an analysis of key changes, the law firm

Skadden Arps took on the task of showing the many additions and subtractions that permeate the rule's 900 pages. See just some of the many edits in this sample page.

Source: Skadden Arps.

In accordance with the rule, banks will also need to change their compensation rules to ensure that bonuses and pay increases are not tied to what could be perceived as proprietary trading gains, Abadir says. Another challenge is making sure their accommodations to the rule are flexible enough to weather changes to it.

“Keeping in compliance and having a policy in place and the right controls is important, and so is actually modifying them as the rule changes over the next couple of years,” he says. “This is going to be one of those rules that changes quite a bit and it will be a challenge making sure everybody is up to speed.”

Still, despite the large compliance and disclosure requirements, some say the final version of the rule could have been worse for banks. David Sahr, a partner in the law firm Mayer Brown's financial services practice, says the final rule is a step in the right direction “for rightsizing the regulation to the realities of the industry.” “With all the press and statements about how tough it would be, I was starting to think it would be worse than the proposed regulation,” he says. “That doesn't seem to be the case.”

Pettersen agrees that the final rule may be less burdensome than banks feared and that many are better equipped for compliance demands than they expected.

“Banks saw the writing on the wall and a lot of the heavy lifting has already been done,” he says. “Most of their proprietary trading businesses are gone and they have plans in place for what they need to do in order to comply with the law. That said, there is still a fair amount of work that still needs to be done.”

That work will require better clarity into the many gray areas created by the effort to distinguish proprietary trading from market-making. “How do you still be profitable and serve clients in the best way? That is definitely a challenge,” Pettersen says. Another challenge will be adding new technology, or adapting existing systems, to “track something you didn't necessarily track before.”

Just how difficult compliance with the rule will be may not be known until regulators start cracking down on companies for violating it. “It really does remain to be seen how aggressively the rule will be implemented and enforced,” says Kevin Petrasic, a partner in the global banking and payments systems practice of law firm Paul Hastings. He expects that agencies will look less at questionable, singular trades than the overall, internal compliance structure put in place.

“Things are always going to slip through the cracks,” he says. “Sometimes there are folks that go rogue, and even the best compliance systems have flaws in them.”

It may not be easy for banks to satisfy approaches that, already complex, may differ regulator by regulator. “The biggest concern is how the rule going to be implemented,” Petrasic says. “The challenge at this point is how we walk through the cornfield, figure out where we are going, and hopefully come out at the right spot. There are many issues we now have some answers to, but some of those answers raise a whole new set of questions.”