Using GRC Tools for Dodd-Frank Act Compliance
If you ask anyone who works in financial services what will have the biggest impact on their industry in 2013, one thing will likely come to mind: The Dodd-Frank Act. Although the Dodd–Frank Wall Street Reform and Consumer Protection Act was signed into law in 2010, companies will feel its mark most this year with more than 400 rules taking effect. This law creates significant challenges for the regulatory agencies and almost every part of the nation's financial services industry. However, governance, risk and compliance (GRC) practitioners will feel the biggest strain as they already are dealing with an increased workload due to the many layoffs that occurred during the economic downturn. Now, they now have the added responsibility of ensuring their organizations comply with all rules of the Dodd-Frank Act. And unlike with some regulations, there are no extensions expected with the Dodd-Frank Act, so regulators will be expecting compliance immediately. If found non-compliant, companies can face hefty fines and other sanctions.
So, what can GRC practitioners do to ensure their organizations comply with the Dodd-Frank Act? The most obvious thing they can do is understand how the 400+ rules and supporting processes may conflict and duplicate already existing controls within the organization. However, comprehensive GRC tools can help make a GRC practitioner’s job more efficient as they try to implement Dodd-Frank regulations. The key features of these tools are:
- An out-of-the-box library which can include a substantial body of authoritative sources that are mapped to control suites and control frameworks, which helps reduce redundancy and repetitiveness in the suite of controls;
- Suites of several hundred controls that were written by subject matter experts;
- Pre-designed questionnaires for risk assessments and control self assessments;
- Functionality that promotes automation of GRC processes allowing practitioners to focus more on analysis and less on integration; and,
- Metrics that measure the quality of the implementation.