So, let's create something that is so incredibly large, that the common approach will not work. Of course, that is not what the regulators had in mind, but one is tempted to think they did. On top of this, the Dodd-Frank act is not showing a clear list of requirements yet, it is merely showing clear intentions of what eventually will be a clear list of requirements in the years to come.
So, there you have it. Too big to fail turned into too large to comply with. There is only one way out, and that is to once and for all turn it around: organize yourself properly and take a process-based approach.
Make sure all your relevant processes run according your own business objectives. These business objectives will include performance related measures, as well as risk related measures. You understand the risk more than anybody else, even better than the regulator. And here comes the interesting part: in the end of the day, the regulator simply has a number of principles they want everybody to adhere too. And much of that has to do with transparency. Transparency to them, the general public (investors, clients) and internally: know your risks and act accordingly. Design your business in a way that it is inherently well-designed, not by simply storing all data one can think of, but risk-based. Of course, these principles are formalized in precise requirements (they'd better not, but that is probably a bridge too far for now), but in essence they are based on normal principles.
Then, when the regulation becomes more concrete and prescriptions become precise, you tie them to the appropriate business process (and not the other way around!). If you do this the other way around, you will find yourself (with a very sizable team) digging through thousands of pages of legislation, and tens of thousands of interpretation pages. To be honest, you will have to do this anyway, but be sure you tie it back to what you already have. Don't look for requirements in the law, which you will implement in that case. This will quite simply and expensively lead to 100,000 extra controls, and that's a very conservative estimate.
The Dodd-Frank is actually a blessing in disguise. Of course, for us and companies like us, as a vendor in this area, we will benefit from the need in the market to get this straight. Like Sarbanes-Oxley boosted point-solutions, Dodd-Frank will really start off the market of true GRC solutions. The true benefit will be for the companies adopting a mature process-based approach. They will be freed from the live-long burden of continuously jumping from regulation to regulation.
The BWise process-based Convergence Cookbook was written a few years ago, it seems with the Dodd-Frank act in mind.