Financial institutions better get ready for new regulatory compliance mandates stemming from the Dodd-Frank Wall Street Reform and Consumer Protection Act, or they may soon find themselves dealing with costly data management problems, according to experts.
The new compliance rules, which are being created to help government regulators identify "systemic risk" and avoid another economic meltdown, have yet to be clearly defined. But there are some key steps that banks and financial services firms can take to start preparing now. They include embracing standards, setting up a comprehensive data governance or master data management (MDM) program, and conducting a thorough audit and remediation of data stores.
"This law is happening," said Fred Cohen, group vice president and global head of capital markets and investment banking at Patni, a Cambridge, Mass.-based IT services and infrastructure management firm. "It's not well defined but there is momentum under way, and the financial institutions need to figure out what they're going to do to respond."
Patni, which runs a data management round table with representatives from 15 financial institutions, recently published a white paper with several recommendations as to what banks and financial services firms can do to prepare for the ramifications of the Dodd-Frank Act.
"This is just a huge undertaking," Cohen said. "Y2K is going to be a walk in the park compared to this."
The Dodd-Frank Act will demand data transparency
The Dodd-Frank Act, which was signed into law by President Barack Obama last July, aims to give the government greater regulatory control over the financial services industry and fix the systemic problems that led to the economic crisis of 2007-10. The act touches on just about every aspect of the financial services industry and has been frequently criticized by Republicans as going too far. In March, Republicans introduced five new bills designed to change and repeal parts of the financial overhaul law.
The act creates new regulatory reporting agencies, such as the Office of Financial Research and the Financial Stability Oversight Council, that have been working with the financial services industry to come up with mutually agreeable data reporting and analysis standards. Many of the mandates related to data management are expected to be finalized this summer, according to Michael Atkin, managing director of the Enterprise Data Management Council, a nonprofit trade association that addresses information management issues faced by the financial services industry.
What's clear today is that the Dodd-Frank Act is focused on ensuring the transparency of information in a handful of key areas, Atkin said. That includes instrument reference data or contractual information related to financial "instruments" like equities, bonds and derivatives; entity reference data, which is used for counterparty risk assessment and defines who is doing business with whom; pricing data; and information about portfolio holdings.
"Those four areas make up the core of the financial transactions process information base, and we all have to get those things standardized and comparable," Atkin said. "All of this really boils down to the relationships between the instruments we create and trade, the companies we do business with and the obligations that we hold as a result of our role in the transaction process."
Getting ready for the Dodd-Frank Act
The first thing an organization can do to get ready for the forthcoming mandates is conduct a thorough audit and remediation of data stores, Atkin said.
"They've got to clean up the mess," he explained. "Then you'd better start embracing standards -- standards for identification of things, standards for the descriptions of things. In our industry we have to identify instruments and entities and we've got to classify the transactions so that we can do some analysis."
Experts say the next step is to establish -- or re-establish -- a strong commitment to data governance and data quality. For some organizations, that could mean finally getting serious about implementing an MDM program.
"All of this [regulatory] activity is managed by governance," Atkin said. "[Organizations need to have] their internal global governance and coordination processes in place to get alignment and manage all of these things."
Richard Ordowich, a senior partner with STS Associates Inc., a Princeton, N.J.-based data quality and data governance consulting firm, agreed that auditing data is a good first step on the road to compliance.
"My suggestion is that organizations begin to analyze their data, such as customer data. Do an inventory, reverse engineer the semantics of the data and the rules governing its usage," Ordowich said in an email interview. "Knowing about the data is the first step in looking for solutions to regulatory compliance and determining what solutions are possible."