January 19, 2011

The Dodd-Frank Wall Street Reform and Consumer Protection Act is the most comprehensive regulatory change the financial services industry has experienced since the 1930s. While few areas of the industry are left untouched by its reach, the Dodd-Frank Act poses never-before-seen challenges for the banking community as a whole, as well as unprecedented demand on banking processes and IT infrastructures. Banks have dealt with regulatory changes over the past half century by making incremental adjustments to their enterprise-wide regulatory reporting and risk management processes. However, when approaching a regulatory behemoth such as the Dodd-Frank Act, banks will need to take a comprehensive and holistic approach.

New Approaches to Regulatory Reporting A major change under Dodd-Frank will be how banks report the state of their enterprises to regulators. Traditionally, banks have used two separate sets of processes (which might coincide in part) for gathering and reporting material enterprise data -- one process used by management to run the bank and the other used to gather data in order to satisfy regulators' demands. Historically, the information regulators required from banks was, for the most part, post-facto and forensic in nature. However, this is likely to evolve under the new regulatory framework.

Regulators will now require information from banks that is risk-based, calculated and predictive, going beyond simple analytics of ledgers, loans, and deposit systems. As this information becomes more closely aligned with management interests, banking CIOs will need to look for ways to integrate, or even converge, regulatory and management reporting processes. Regulatory reporting does not have to be viewed as a necessary evil. Instead, value and efficiencies can be had by amalgamating management and regulatory data gathering processes. Moreover, convergence of regulatory and management reporting will allow banks to restructure data to feed predictive analytical systems (i.e., stress testing) and, in turn, improve risk-based decision-making processes.

While major banking institutions have already experienced the time and capital-intensive process of stress testing throughout the past two years, this will become a regular and ongoing requirement for most banks under Dodd-Frank and will be a major driver of enterprise-wide risk architecture renewal. Indeed, while there are certain aspects of Dodd-Frank that remain uncertain, including the timeframes for implementation, stress testing will most assuredly make the final cut and is already taking shape. Having the capability to meet these ongoing and evolving regulatory demands will require significant investment in data and analytics. Banks should not wait for this inevitable development, but rather should begin making the necessary business architectural adjustments and IT investments now.

Complying While Innovating Just as banks' regulatory responsibilities are changing, banking institutions are constantly evolving. Complying with new regulatory requirements and creating innovative products, services, and processes should therefore not be mutually exclusive practices. Banks should view compliance as a potentially more fruitful process than just meeting regulators' demands. Regulatory compliance can also provide better overall visibility into the enterprise-wide operational structure than most institutions currently attain, highlighting key relationships between the front, middle, and back office, as well as allowing for the integration of these functions across the organization. The end result should be a framework that integrates regulatory requirements and business innovation concurrently. It is reasonably clear that regulatory compliance will require significant capital investments across the IT infrastructure, but if managed correctly, together with finance and risk, it can afford significant and continued operational benefit. In the end, these regulatory requirements, while daunting from an IT perspective, should be viewed as an opportunity for banks to have more complete information about the functionality, profitability, and overall health of their institution.

Successful compliance with the Dodd-Frank Wall Street Reform and Consumer Protection Act will require banking institutions to undertake simultaneous, enterprise-wide adjustments to their business and technology infrastructures -- a task the industry has never encountered on such a scale. While banks have traditionally approached regulatory changes in a piecemeal fashion or in silos across the organization, this approach is neither sustainable nor an appropriate response to the challenge Dodd-Frank poses. In order to optimize capital outlays, banking institutions should take the opportunity to improve overall operational efficiency, positioning themselves competitively alongside their peers by focusing on the business value that can be realized, while complying with what Dodd-Frank requires.