The Dodd-Frank Wall Street Reform and Consumer Protection Act was signed into law in 2010 but still has businesses concerned due to its sprawling complexity. The act, which spells out its demands over thousands of pages, aims to prevent “too big to fail” and reduce the risk of another financial crisis like the 2008 recession.
And even though it’s a remarkably complex regulation—the largest regulatory reform since the Great Depression—businesses can and should be doing the necessary legwork to ensure their governance, risk management, and compliance (GRC) program offers the right visibility into areas where Dodd-Frank might hit them hardest.
If a financial business has remained compliant with Dodd-Frank reforms thus far, but are looking to expand their business, perhaps, reinforcing a few processes can make GRC programs top-notch.
Dealing with regulatory change
The Dodd-Frank Act might have already been set into law, but it’s certainly not the end to financial regulation in the U.S.—in fact politicians are already looking to create legislation that overrides and alters some of the rules, meaning that change is likely on the way. Businesses need to be able to pivot immediately when such a rule comes into action, but there’s no way to make that happen unless they know the change has actually occurred. They need regulatory change management.
Keeping people on staff to follow these regulations and know every detail about every rule just might not be possible due to financial or time constraints. Instead, businesses should think seriously about outsourcing the difficult work of navigating thousands of pages of paperwork to other firms that develop GRC software specifically created to help generate positive GRC processes. This software acts as an always-up-to-date repository of regulatory information that can be imported and tracked internally. When regulatory changes occur, the business receives a notification so that they can immediately begin to put key stakeholders together to figure out a strategy for dealing with it.
Disseminating new and improved policies
Regardless of where a business stands in building out its processes to fully comply with Dodd-Frank rules, there will always be future change—once the aforementioned change management process is set into place, a business needs some process for ensuring that changes are recognized across the enterprise as quickly as possible, and with the most visibility. With good GRC software, businesses can import existing policies into a single repository, and then convert those into pre-built templates, or use their own custom workflows, depending on their needs. With that single repository, more key players can collaborate on the same policies, which increases accuracy and comprehensiveness. Once the policies are ready to be distributed, the GRC software can target certain business processes or even certain employees to ensure they’re made aware of the policy changes.
Dodd-Frank rules require certain risk management processes, such as stress testing on an annual basis, so businesses have to be proactive about updating and maintaining these systems. GRC software will help businesses first identify potential risks associated with the whole spectrum of business activities, from marketing to sales, and allow businesses to have oversight of the entire risk situation. Automated assessment should help define which risks are of utmost concern to a business based on impact and likelihood. From there, it will help stakeholders build action plans that can respond to any of these risks, and keep the business within the margins of compliance. It’s best to not underestimate the importance of having visibility into this data—be sure a GRC software solution allows analysts to deliver real-time analytics in a variety of methods, including visualizations.
Investigating cases, internally and externally
Businesses need to be ready to respond to investigations, whether they’re internal or from an external body, whether that’s a third party, the FTC, the FTIC, Bureau of Consumer Financial Protection, or any of the other agencies created by Dodd-Frank. Good GRC software will enable businesses to organize all of their potential investigations in a single repository for easy management, and then create workflows for cases from all of these disparate sources. It should also help key players associate important data about a given case—for example, statements or interviews—together, which allows for easy tracking and maintenance.
There is far more than these four categories, but the bottom line is that the need to create processes mandated by Dodd-Frank requires businesses to integrate GRC software into their overall workflow—homegrown processes just don’t cut it anymore. By offloading the difficult work of tracking regulatory changes to a third party and GRC software provider, businesses can ensure that they’re spending their time on what matters—coming up with reliable systems for dealing with not only issues that might arise today, but also what could be coming in the future.