This week I was discussing regulatory compliance issues with our Business Process Management (BPM) guru, Kevin Feldhus. We’ve led some really large and complex regulatory initiatives with banks, but never have we witnessed anything so encompassing as Dodd Frank. The scope of most bank regulatory projects typically focuses strictly on compliance. Any thoughts relating to improving processes and reducing costs are usually deferred to “the next project”. However, financial services leaders will find that integrating BPM capabilities into Dodd Frank projects can aid in partially offsetting the cost of compliance and further optimize the efficiencies of bank operations.
Some background on the regulation at hand: Dodd-Frank is a Federal statute enacted into public law following the financial bailout of banks and the Lehman Brothers failure that occurred from the financial crisis in 2008. At a high level, many bank holding companies and non-bank financial institutions were viewed by Federal regulators as not having sufficient risk controls to manage financial exposures resulting from bank operations to include lending and capital markets. Also, they were cited by regulators as having insufficient capital and liquidity to endure another economic recession without looking to the federal government for another round of bailout funding. The opening summary to the Dodd Frank Act legislation summarizes the intent of that act in stating “An act to promote the financial stability of the United States by improving accountability and transparency in the financial system, to end “too big to fail”, to protect the American taxpayer by ending bailouts, to protect consumers from abusive financial services practices, and for other purposes.”
At the End of the Day, It’s about Managing Risk
Financial institutions by their very nature are in the business of managing a multitude of financial risks not limited to lending, financial management and capital markets operations. Even when consumer and commercial loans are collateralized, the risks are not fully mitigated because the asset serving as the collateral instrument could devalue below the loan obligation amount. Just like what we saw with the 2008 mortgage crisis where homeowners were holding negative equity. Ultimately, the goal for either a bank or non-bank financial institution is to manage their overall risk to maximize profits.
Yet this question remains: Given the complexity of their operations and information management systems, what measures can financial institutions undertake to ensure the processes used to mitigate the likelihood of financial loss are effective and measurable?
BPM of course!
It is our view that BPM serves as a very effective tool to enable the extensive project work necessary to manage the compliance with Dodd Frank, and support the management of risk by Corporate Risk Officers. From a process perspective, you can’t improve what you don’t understand, and from a regulatory perspective, how can you ensure regulatory compliance if you don’t understand the impact on business processes? The following sequence of activities is recommended to ensure compliance with the Dodd-Frank regulation and to help completely understand your business processes.
- Understand the Dodd-Frank regulation – ensure you have the correct understanding of the regulation, from internal and external subject matter experts (SMEs).
- Define the high-level banking processes potentially impacted – create a hierarchical activity model of the business processes that are potentially impacted by the Dodd-Frank regulation.
- Document the current state of the processes and determine specific areas of impact – model the activities, information inputs, information outputs, roles, and systems for the potentially impacted process areas. Ensure a strong focus on understanding the information that supports these processes, since financial service processes tend to be information centric.
- Analyze the current state processes in the context of Dodd-Frank regulatory compliance – study the current state process models and determine a) potential Dodd-Frank impacts and b) solutions to ensure regulation compliance.
- Modify the impacted processes – using the current state processes as a baseline, modify the current state processes with the Dodd-Frank solutions to create the future state, Dodd-Frank compliant processes.
- Define the metrics to ensure continual regulatory compliance and if not identified, define the metrics to provide process feedback.
- Implement organization change impacts that will result from complying with the regulation.
If you haven’t yet completed the necessary end-to-end gap analysis of your existing business processes and information management systems to the future state in compliance with Dodd Frank, you don’t understand the full implications of Dodd-Frank. By incorporating BPM into your compliance projects, your team can ensure the necessary compliance with all aspects of the Dodd-Frank while introducing efficiencies that can offset the additional costs of complying with provisions of the regulation.