Designed to avert a repeat of the 2007-2008 meltdown in the financial markets, the Dodd-Frank Wall Street Reform and Consumer Protection Act is by far the most sweeping piece of regulatory reform legislation passed by Congress since the Great Depression. Think of it as Sarbanes-Oxley on steroids.
The 2,300-page bill dramatically modifies the roles and responsibilities of companies, boards of directors and shareholders, and requires companies to reexamine and refine their corporate governance practices. While Sarbanes-Oxley called for the government to pass 16 regulations, Dodd-Frank involves nearly 400 new regulations.
Just like Sarbanes-Oxley, the Dodd-Frank Act was not specifically written to address IT infrastructure issues but will nonetheless have far-reaching implications for the IT divisions of any organization in the financial industry. In particular, the Act’s reporting and recordkeeping requirements will force firms to overhaul the way they identify, extract and analyze data.
To facilitate analytics and support systemic oversight, firms will need to implement data standards such as financial instrument and business entity identifiers, along with associated reference data and hierarchies to support the Act’s reporting requirements. In addition, system safeguard requirements mandate that firms have disaster recovery, business continuity and data protection, security and archiving systems in place. Under Dodd-Frank, firms must maintain records for no less than five years.
These new requirements and compliance rules will no doubt create a strain on financial services firms that were already struggling to manage their IT infrastructure in a way that satisfies existing privacy and regulatory requirements. Unlike some previous legislation, however, Dodd-Frank’s mandate for systemic reforms means that change initiatives won’t be limited in scope to isolated departments, processes or applications. All will require organization-wide coordination, planning and communication.
It is a daunting task, and one that seems certain to far surpass Sarbanes-Oxley in how it affects the IT operations in financial firms of every size. Complicating matters is the fact that Dodd-Frank compliance is likely to remain a moving target for years to come. According to a June 3, 2011 report by the independent, non-profit journalism group ProPublica, regulators have completed just 24 of the 387 rules the Act requires be drafted and implemented by at least 20 separate government agencies.
While it will be a year or more before the regulations required by Dodd-Frank will all be issued, the legislation’s impact on the IT systems and processes of financial institutions is already being felt. Those who take a “wait and see” approach on the final requirements could find themselves too far behind to catch up.
With decades of experience, Emtec has a broad and deep understanding of what is required to meet government mandates and keep up with ever-changing regulatory compliance requirements. Our Auditing and Assessment services help clients understand their current IT environment with an objective, quantitative, third-party viewpoint.
Policy development is the cornerstone of any compliance effort, and Emtec’s Policy Improvement experts can help you be prepared to make the necessary IT improvements and policy changes to keep up with the new Dodd-Frank requirements. The feature story in this edition highlights our agility and ability to bring the right resources to bear to help structure and improve IT policies to keep abreast of emerging technologies and changing legal and regulatory mandates.
Emtec can provide the guidance and support you need to address these challenges with confidence and efficiency, while also creating a value-based framework that allows you to seize business opportunities far into the future.
