Dodd-Frank Wall Street Reform & Consumer Protection Act
The Dodd-Frank Wall Street Reform Act presents an emerging and complex set of challenges for financial services organizations – as well as other institutions whose operations may create "potential risks" to the health of the financial system. The law requires that various regulatory agencies, such as FINRA and the Securities and Exchange Commission, implement rules that companies subject to their regulation must live by. The number of new and pending rules requires a spreadsheet simply to monitor. Complying with the new rules opens entirely new dimensions to regulatory compliance processes.
What is Dodd-Frank Wall Street Reform Act?
The Dodd-Frank Wall Street Reform Act was passed into law in July 2010 in response to the financial crises of the late 2000's as the most sweeping reforms introduced to the U.S. financial system since the Great Depression. The Act created the Financial Services Oversight Counsel, with objective to investigate the "the nature, scope, size, scale, concentration, and interconnectedness, or mix" of company activities to determine if it poses "a threat to financial stability or to the economy." Since its passage, over 170 new rules have been implemented, with over 200 new rules in review as of September 2011.
How does Dodd-Frank Change Regulatory Compliance within Financial Services?
The most immediate and noticeable change created by the implementation of new rules under Dodd-Frank will be the complex challenge to keep up with all the rules that may impact an organization. A cottage industry has already arisen that simply keeps organizations apprised of Dodd-Frank rule status. In aggregate, other key implications of rules implemented within Dodd-Frank include the following:
- Prevention vs. Deterrence. Unlike the ways that regulatory compliance is typically undertaken, Dodd-Frank mandates that regulators prevent potentially harmful activity from taking place. Preventing potentially harmful activity implies that regulators take a proactive role in spotting issues before they happen, in a way that is much more obtrusive to the ongoing operations of a business.
- Regulators Move Behind the Firewall. Under Dodd-Frank, regulators must have rapid access to information near real-time so they can see what’s happening in a timely fashion. This will almost certainly imply that regulators must operate from the inside, without the luxury enterprises have always had in the ability to filter information before regulators see it.
- Ocean Boiling. In less time. With Dodd-Frank, enterprises will be forced to comb through oceans of content led by regulators who may not even know what they are looking, all of which is supposed to happen in a matter of days, not weeks or months. This is simply a practical impossibility for most enterprises today, especially with the rudimentary tools many still use.
How Does Dodd-Frank Impact Information Archiving and Governance Strategies?
Clearly, uncertainty remains regarding the nature of specific rules that will be implemented as well as the appetite for investments required for providing meaningful enforcement. But the breadth and brute force of Dodd-Frank would have a tremendous impact on regulators and regulated alike. Organizations should consider the following in their planning efforts:
- Proactive regulatory focus causes explosion in data volume to be searched and analyzed upon short notice: Fast and efficient access must become a pre-requisite for any information system. Proofpoint Enterprise Archive provides the ability to deliver fast, sustainable access to information, with search results backed by a Service Level Agreement that guarantees search response of 20 seconds or less for 90% of all searches. Proofpoint’s unique grid-based storage environment ensures that this performance is sustainable regardless of the size of the archive, the number of concurrent users, or the complexity of the search query. Regulatory requests can be fulfilled easily, efficiently, and with minimal involvement from IT resources.
- Flexibility and agility of response are critical: Given the high likelihood of new rules, the flexibility of any information repository to respond to those changes should be mandatory. Proofpoint Enterprise Archive provides a flexible, yet robust policy engine that allows organizations to modify message retention policies as industry, geographic, or internal requirements evolve. This includes a full audit trail and tracking of policies in effect during specific time periods, such that an organization is able to produce a record of its actions to comply with regulatory requirements.
- Greater compliance team self-sufficiency will be a must: Reliance on IT to search, assess, collect and review large volumes of data prior to turning it over to regulators will no longer work. Proofpoint Enterprise Archive provides an intuitive, easy-to-use interface that provides compliance officers with the ability to quickly search and retrieve information without relying upon IT to process information. This self-service allows compliance teams to minimize the additional disruption caused by a larger and broader set of regulatory inquiries imposed as a result of Dodd-Frank.
