About BWise

Blog

Dodd-Frank

August 18, 2011 by
Filed under: Governance, Risk and Compliance, Risk Management

One gets the impression the regulators were thinking to send a clear message to everybody reading the Dodd-Frank act: get your act together. Even the summaries feel like they are the unedited notes from a brainstorm session. It is simply overwhelming. It is so big that it actually feels like the regulators wanted to prevent companies from taking the 'regulation by regulation' approach that for so long has been the common way of dealing with compliance. The previous large piece of legislation in this area, the Sarbanes-Oxley act was overwhelming at the time, and billions were spend to reach compliance. This time, when companies apply the same approach, they will have to triple the spending (conservative estimate).



So, let's create something that is so incredibly large, that the common approach will not work. Of course, that is not what the regulators had in mind, but one is tempted to think they did. On top of this, the Dodd-Frank act is not showing a clear list of requirements yet, it is merely showing clear intentions of what eventually will be a clear list of requirements in the years to come.

So, there you have it. Too big to fail turned into too large to comply with. There is only one way out, and that is to once and for all turn it around: organize yourself properly and take a process-based approach.

Make sure all your relevant processes run according your own business objectives. These business objectives will include performance related measures, as well as risk related measures. You understand the risk more than anybody else, even better than the regulator. And here comes the interesting part: in the end of the day, the regulator simply has a number of principles they want everybody to adhere too. And much of that has to do with transparency. Transparency to them, the general public (investors, clients) and internally: know your risks and act accordingly. Design your business in a way that it is inherently well-designed, not by simply storing all data one can think of, but risk-based. Of course, these principles are formalized in precise requirements (they'd better not, but that is probably a bridge too far for now), but in essence they are based on normal principles.

Then, when the regulation becomes more concrete and prescriptions become precise, you tie them to the appropriate business process (and not the other way around!). If you do this the other way around, you will find yourself (with a very sizable team) digging through thousands of pages of legislation, and tens of thousands of interpretation pages. To be honest, you will have to do this anyway, but be sure you tie it back to what you already have. Don't look for requirements in the law, which you will implement in that case. This will quite simply and expensively lead to 100,000 extra controls, and that's a very conservative estimate.

The Dodd-Frank is actually a blessing in disguise. Of course, for us and companies like us, as a vendor in this area, we will benefit from the need in the market to get this straight. Like Sarbanes-Oxley boosted point-solutions, Dodd-Frank will really start off the market of true GRC solutions. The true benefit will be for the companies adopting a mature process-based approach. They will be freed from the live-long burden of continuously jumping from regulation to regulation.

The BWise process-based Convergence Cookbook was written a few years ago, it seems with the Dodd-Frank act in mind.

Tags: BWise, Risk, GRC, Compliance

More Information

What is GRC?

Read the definition of Governance, Risk and Compliance


Gartner ORM report

Nasdaq's BWise has been positioned as a Leader in Gartner's Magic Quadrant for Operational Risk Management Report, 2015. 


Forrester report

Forrester positioned Nasdaq BWise as a Leader in New Report, The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2016.


Why BWise

Download the brochure: Three Key Reasons why Hundreds of Customers Rely on Nasdaq BWise.

Scroll up