Five Years of Dodd-Frank: An Internal Audit Perspective

Shaheen DilBy Shaheen Dil, Managing Director
Model Risk and Capital Management




Earlier this summer, on July 21, the financial world marked the fifth anniversary of the passage into law of the Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA). After the global financial crisis hit in 2008, politicians and regulators around the world were united in ensuring future banking crises would not require taxpayers’ money to avoid economic contagion.

The DFA was not designed to prevent the next financial crisis, which is arguably inevitable; the goal was to soften the blow. Debate continues over whether it has achieved this aim, with many critics using this fifth anniversary to highlight its perceived shortcomings. The slow progress of regulators in implementing all of the regulations required by the Act has been a common complaint, but critics are also pointing out the many unintended consequences of certain provisions. For example, Republicans have commented that banks have passed the cost of compliance on to consumers in the form of higher fees, while others in the market have argued that the so-called Volcker Rule has increased volatility in the market by reducing liquidity and pushing more investors towards the shadow banking sector.

Some of the more contentious criticisms suggest that Systemically Important Financial Institutions (SIFIs) are now essentially under government control, and that the free market has been placed in the hands of political actors. Conversely, Senators Barney Frank and Chris Dodd said during the DFA anniversary week that the concept of “too big to fail” is dead and that the markets are safer now as the possibility of making mortgage loans that cannot be repaid has been decreased dramatically.

The Act will remain a political football for some years. If nothing else, the anniversary provided an opportunity for old divisions to rise to the surface, the contentions aided by two bills currently under debate by Congress that seek to repeal certain provisions in the Act. Although the White House has stated that it will veto any attempts to roll back any provisions of the DFA, the controversy nevertheless remains.

As the political debates rumble on, firms must continue to stay focused on meeting the increased compliance burden. Although many provisions of the DFA still need to be introduced, a number of regulations have already been implemented. The requirements for stress testing and capital planning, which have been in force for the past five years, are showing signs of maturing, and banks seem to be catching up. Only two foreign banks failed stress tests in 2015, compared to five in 2014.

I had the opportunity to address some of these issues, along with several of my colleagues, during a webinar hosted by the Institute of Internal Auditors (The IIA) on July 9, entitled “How the Dodd-Frank Act Has (Not) Mitigated Risks from the Financial Crisis.” For those who missed the discussion, here are the points I believe are important to keep in mind:

  • Fewer stress test failures does not mean that banks are getting safer; rather, it demonstrates that firms are becoming more accustomed to the tests and that they have a better idea of what the regulators want. In fact, internal auditors have indicated in the latest Protiviti Internal Audit Capabilities & Needs Survey that model risk, including stress testing and capital planning, is one area where they need to improve their technical knowledge.
  • The issues flagged most frequently during the most recent round of stress tests revolve around governance (effective challenge, documentation, and inadequate or ineffective internal controls). This has overtaken data constraints as the number one concern for regulators when assessing stress tests. Specific areas of concerns were: a lack of effective channels; a lack of effective documentation of the thought processes underlying the stress tests undertaken by the bank; and inadequate effective challenge of the process.
  • Finally, there is a misconception that internal auditors need only oversee the models themselves. The role of internal audit for both the Dodd-Frank Act Stress Testing (DFAST) and the Comprehensive Capital Analysis and Review (CCAR) is wide-ranging and goes beyond simply looking at the models. Internal auditors need to ensure that they review the governance that overlays the entire structure.

Carol Beaumier, Steven Altier, Meghan Jankelow and Steven Stachowicz also presented during the IIA webinar, covering other areas of the DFA, including consumer protection and mortgage reform, risk management and culture, and investor protection. To access a recording of the webinar, click here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s