Financial institutions that have established the procedures and infrastructure required to comply with new rules under the Dodd-Frank Act are now shifting their focus to self-assessment to ensure these new procedures do in fact comply with rules as they are finalized. Ricardo Martinez, of Deloitte & Touche explains.
With the rule-making process for the Dodd-Frank Act gathering speed, financial institutions are now concentrating more on compliance readiness. Many sell-side firms, especially the larger institutions, have already undergone a large part of the transformation of internal infrastructure and procedures to support new regulatory rules impacting the execution, clearing and reporting of swaps. So, their focus is now shifting on self-assessment to ensure the new procedures and processes put in place are sufficient to comply with the new rules as they become final.
Self-assessment for regulatory compliance is a process that involves several steps. First, the regulatory rules are prioritized based on the inherent risk of non-compliance with the regulatory requirements and then compared with how the firm’s infrastructure and controls have been adjusted to comply with the specific rules. The purpose of this assessment exercise is to pinpoint any areas that may not be fully compliant so a firm can then put together an implementation plan to fill that gap. This self-assessment process is executed regularly and renewed as progress is made across the organization. Usually, this process is done by the business with oversight by the independent compliance function. Deloitte has assisted in the development and execution of this compliance self-assessment process for many firms for various business lines, including OTC derivatives.
Before a self-assessment can take place, a firm needs to have a compliance framework established. And a key element of this framework is having the right governance established to clearly identify who will be providing the managerial oversight, and thus who has the accountability and authority to govern the compliance self-assessment program. A governance structure is also important for the communication of information to the various stakeholders. For instance, senior management will need to know what current compliance challenges or gaps exist and the compliance team will need data to conduct the compliance checks to measure readiness. From a risk assessment perspective, firms will use an established common language and definitions that form the basis of compliance checks and risk measurement processes.
Once the governance, compliance framework and risk assessment programs are set up, the testing of compliance checks can begin, and these tests are executed and monitored continuously. Deloitte & Touche frequently manages the first of these compliance assessment tests and then hands over to the firm to continue the process. This self-assessment process is ideally automated through the use of process analysis systems to reduce the manual intervention and time required, as this process must be completed regularly.
The fact that a growing number of financial institutions are starting this compliance assessment process is a sign that they are comfortable with their progress made in preparing for the new regulations, and are now starting to think about the next step – compliance readiness.
