Dealing with Dodd-Frank: an operational response for non-US banks

Managing the current frequency and volume of regulatory change within complex systems is a big challenge for companies – from large, international banks and national banks, to funds and other non-bank financial services or quasi-bank entities in the so-called shadow-banking sector.

Regulators at various levels around the globe are prodding them towards operating within a new infrastructure in which previously private activities shift onto public exchanges, clearing systems and data warehouses. Enhanced trading and operations transparency, and greater frequency and scope of reporting, are intended to allow the regulators and market participants to see the whole picture.

Financial markets companies that address these changes effectively will have a clear advantage. This new world order creates opportunities for organisations that are able to create integrated governance, risk and compliance (GRC) and operations technology platforms that will make doing business more efficient, more transparent and less risky.

One area of the re-regulation of the financial world that is making companies rise to this challenge is the US Dodd-Frank Act. Dodd-Frank is having an unexpectedly broad impact on financial markets infrastructure. This legislation affects not only US financial institutions, but also companies outside the financial sector and non-US financial institutions and financial services companies – whether they have operations in the US or not.

Tracking and analysing the implementation of this piece of legislation is a formidable task in its own right. Thinking of Dodd-Frank as a single law is misguided; this omnibus law encompasses a wide-ranging series of regulations. Its implementation requires the promulgation of up to 350 rules through an array of different regulators and according to different timelines.
Many non-US financial services entities are only now appreciating the affect Dodd-Frank will have on their activities in and – importantly – outside the US. While some might consider this extraterritorial reach of the legislation inappropriate, it is not surprising. As a response to the credit crisis, the Act was born out of a perceived central failing of the existing regulatory structure: there was no effective way of joining the dots. The Dodd-Frank approach to bank and financial services supervision is to reconfigure the entire regulatory structure to reduce moral hazard, increase the level of regulation in perceived problem areas, and impose limitations on high-risk activities and businesses. Importantly, though, this is all designed with a view to creating a scheme of dynamic systemic regulation through developing tools to regulate connections in the global financial markets.

Regulators on both sides of the Atlantic aim to dynamically and systemically regulate financial markets that do not recognise geographic borders, and to co-ordinate internationally in doing so

Under the reforms, broadly speaking, the same regulatory bodies remain responsible for financial supervision using many of the same legal and supervisory tools. However, the Dodd-Frank regime enhances the supervisory and prudential standards, implements more intrusive reporting requirements, and introduces more standards and limitations (or even prohibitions) on more activities. It also focuses and consolidates the consumer regulatory regime. One of the most significant regulatory changes under the Act – and one that has direct extraterritorial impact outside the US – is that non-bank systemically important entities and trading, clearance and settlement facilities are to become regulated.

It is not surprising that the Dodd-Frank systemically important financial institutions (Sifi) regulatory scheme is directed at an identified group of important financial services firms. However, the new Sifi regulations could also apply to a large group of diverse financial services firms with very different business lines and risk postures. The mere size of a company’s US operations will not be the sole factor considered by US regulators assessing systemic significance. Therefore, Sifi designation and regulatory issues for these firms might be harder to predict, but will be more dependent on US views on the possible global ramifications of a non-US organisation’s distress or failure.

Dodd-Frank also affects the activities of non-US banks and other companies extraterritorially through measures that regulate specific products and US-originated or US-targeted financial instruments.

The ability of the US to regulate operations of non-US firms, however, might be practically limited to regulation of US operations and co-ordination with regulators in other jurisdictions with regard to any extraterritorial reach. There remain significant issues for US (and non-US) regulators co-ordinating internationally to deal with disclosure and underwriting standards, and capital, liquidity and cross-border recovery and resolution regimes. Even when the regulatory framework begins to take shape, it is likely to be a highly dynamic framework that will be subject to continued change.

As a further indicator of the focus on connectivity in this new age of the regulator, Dodd-Frank creates new ‘systemic’ regulatory authorities. This is consistent with developments in other jurisdictions, such as the newly formed European Securities and Markets Authority (Esma) mandated to safeguard the stability of the European Union’s financial system by ensuring the integrity, transparency, efficiency and orderly functioning of securities markets, as well as enhancing investor protection. Regulators on both sides of the Atlantic aim to dynamically and systemically regulate financial markets that do not recognise geographic borders, and to co-ordinate internationally in doing so.

So what should non-US (and US) companies expect in the new regulatory environment?
The Dodd-Frank Act, in parallel with reforms in Europe, will unfold as a programme of more consolidated horizontal and vertical regulation and supervision. There will be a greater insistence on comprehensive and transparent risk management and mitigation activities. A strong emphasis on corporate governance and accountability, as well as on capital and liquidity resources and buffers, will accompany the new risk management regime. Supervisory attention will focus on credit and counterparty exposures and concentrations. Under Dodd-Frank and parallel European regulations, we will witness a gradual and incremental application of new regulatory standards, limitations and supervisory activities to a broad range of regulated banking and other (currently non-regulated and non-bank) firms.

Nevertheless, it is helpful that, while the regulators will have to learn how to supervise in the new environment, they will rely on established regulatory and supervisory practices and policies. For companies aiming to comply with the new rules, this all translates into a need for early assessment and planning, plus attentive, incremental adjustment of existing operational systems and procedures through regulatory reform risk assessment, regulatory tracking and analysis, and project management.

So, what is a company supposed to do? And how can it not just survive, but thrive, in the new environment?

The new regulations require an organised response. Companies must first assess and understand the main qualitative features of the new environment:
●    more intensive enterprise-level regulation and supervision with emphasis on adequate capital/liquidity, adequate management information systems (MIS) and risk management systems, policies and procedures, adequate corporate governance and oversight, and credit and counterparty exposures and concentrations;
●    collection, synthesis and production of new and potentially large amounts of data;
●    possible limitations on activities, especially those viewed as presenting higher levels of institution-specific or systemic risk; and
●    new and powerful early-action regulatory and supervisory authority.