What to Expect from Regulatory Reform

Analysts: Prepare for a Whole New Level of Scrutiny On Wednesday, President Barack Obama is expected to sign into law the Dodd-Frank Wall Street Reform and Consumer Protection Act - the banking reform bill passed by Congress last week.

Weighing in at more than 2,300 pages of text, this bill has been described as the most sweeping set of banking reforms since the Great Depression. But what do "sweeping reforms" mean to banking/security leaders? We asked industry experts for their insights.

Back to the Future

In short, the Dodd-Frank bill seeks to:

  • Create a separate consumer protection agency watchdog;
  • Cut risk-taking by banks;
  • Increase surveillance of new and emerging threats, aiding regulators when they need to step in to avoid collapses of large firms.

But in reality, says Peter Hagan, former CEO and chairman of Merrill Lynch US bank., these reforms represent an attempt to take the banking industry back to the 1970s.

"Banks will be better capitalized, returns on equity will be lower, community banking will be back in vogue - and the mega-banks will have to rethink how they support their stock prices," says Hagan.

That's the good news, observers say. The bad news is: These reforms will bring a whole new level of regulatory scrutiny upon institutions of all sizes.

"Any way you slice it, additional regulatory requirements are never a good thing for business. This monstrosity is no different," says Paul Zubulake, an analyst at Aite Group, the Boston-based financial services consultancy. The legislative language puts most of the responsibility on the existing regulatory structure, minus the Office of Thrift Supervision, which will be rolled into the Office of the Comptroller of the Currency. "The track record of the agencies is spotty at best," Zubulake says.

Real Change is 'Years Away'

Christie Sciacca, former FDIC head of Supervision, sees a burden of compliance for institutions of every size. But the real rules and regulations are years away from hitting the desks of compliance officers. The regulators still have to write the rules and regulations that will drive these reforms. "A lot of people are sitting on the edge of their seats wondering what all these changes will look like once they are made," Sciacca says.

Some critics - including former FDIC Chairman William Isaac, who calls the package "woefully inadequate" - say legislators overlooked many areas ripe for reform. For one, legislators had a chance to streamline the regulatory structure, but instead (aside from merging the OTS and OCC) created a whole new regulatory body, the Bureau of Consumer Financial Protection.

"There's a new sheriff in town for consumers," says Joseph Lynyak, a former FDIC staffer and now a partner at Venable LLC, a Washington, D.C. law firm. "The industry needs to realize that with the creation of this new bureau, a lot of the old way of doing business is going to have to drastically change."

New Compliance Burden

The keys on the information security side of the reforms are how the regulatory agencies will receive information, and how timely that data can be delivered and deciphered. "There needs to be more standards in data management," says Aite's Zubulake. Increased budgets should help. But with a fragmented structure, can the agencies work together to share information and have systems that speak to each other?

An added level of compliance requirement for institutions gives regulatory agencies far more data-gathering ability, potentially exposing institutions to increased requests for data. "If an institution doesn't have the mechanisms in place to respond to additional requests, this means a lot more work and stress on their part," Lynyak observes.

The expected regulatory scrutiny of the larger institutions will eventually "trickle down" to smaller banks, forcing all institutions to develop a whole different level of compliance, says Lynyak. "There will a tremendous amount of regulation that will be written to explain what they want and expect, and this will create a separate compliance burden, figuring out what applies to an institution."

Ramifications for risk management and compliance programs at institutions may be far-reaching, says Sciacca. "I think for smaller banks, they may consider getting out [of banking] altogether," he says. "Some of them may say 'I've been trying to comply with these rules and regulations for so many years,' and it wouldn't surprise me if a lot of them decide it's no longer worth it."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.