The Dodd-Frank Act is also known as the Wall Street Reform and Consumer Protection Act of 2010. It was signed into law by President Obama on July 21, 2010. Dodd-Frank was enacted in direct response to the financial crisis of 2007-2010.
Key provisions of the act include the establishment of a Financial Stability Oversight Council, enhanced supervision of nonbank financial companies, the establishment of a bureau for consumer financial protection, more robust risk management standards and registration requirements for hedge funds, enhanced disclosures in the area of executive compensation, as well as increased oversight over nationally recognized credit rating agencies.
In the words of SEC Chairman Mary L. Schapiro, “this law creates a new, more effective regulatory structure, fills a host of regulatory gaps, brings greater public transparency and market accountability to the financial system and gives investors important protections and greater input into corporate governance.”
While the Dodd-Frank Act is wide in scope, it does not go into specifics in many areas; they are yet to be translated into more detailed guidance over the coming years by the standard setters. However, a few stand out from the point of view of Governance Risk & Compliance:
1. Establishment of a Risk Committee for Nonbank Financial Companies
In Section 165, the act postulates the legal requirement for so-called Nonbank Financial Companies (as defined per section 102 of the act) to establish a risk committee. Such risk committees would be responsible for the oversight of enterprise-wide risk management practices; monitoring the effectiveness of the same is task of the Board of Governors (of the Federal Reserve System). A specific methodology for such enterprise-wide risk management is not prescribed, so it can be assumed that standard risk management approaches (e.g. COSO ERM) are applicable.
2. Internal Controls over processes for determining credit ratings
In Section 932, the act calls for ‘each nationally recognized statistical rating organization to establish, maintain, and document an effective internal control structure, governing the implementation of and adherence to policies, procedures, and methodologies for determining credit ratings’. This is accompanied by an attestation requirement, in that an annual internal controls report ‘shall be submitted with an assessment of the effectiveness of the internal control structure of the nationally recognized statistical rating organization’, a requirement very similar to the Internal Control System à la Sarbanes-Oxley, with the main difference being that control is not exerted over financial reporting but instead over the credit ratings process.
Amazing is that the act makes ample reference to ‘methodologies’, without going into detail on which exact methodology to use, or how such methodology should look like, as long as there is a methodology. This is good news for business software, as new and existing business software is usually built around methodology requirements to make application of the same more efficient.
This is very valid for the software at the center of this community.
References:
Dodd-Frank Act Legal Text: http://www.sec.gov/about/laws/wallstreetreform-cpa.pdf
Board of Governors of the Federal Reserve System: http://www.federalreserve.gov/
Financial_Crisis_of_2007-2010: http://en.wikipedia.org/wiki/Financial_crisis_of_2007%E2%80%932010
SEC on Dodd-Frank: http://www.sec.gov/spotlight/dodd-frank.shtml
Additional links:
- all articles of the #LoungeTalk series
- www.grc-lounge.com
- GRC discussion group at ARIS Community
- Governance, Risk, and Compliance category