Using GRC Tools for Dodd-Frank Act Compliance

By Keith White ·

If you ask anyone who works in financial services what will have the biggest impact on their industry in 2013, one thing will likely come to mind: The Dodd-Frank Act. Although the Dodd–Frank Wall Street Reform and Consumer Protection Act was signed into law in 2010, companies will feel its mark most this year with more than 400 rules taking effect. This law creates significant challenges for the regulatory agencies and almost every part of the nation's financial services industry. However, governance, risk and compliance (GRC) practitioners will feel the biggest strain as they already are dealing with an increased workload due to the many layoffs that occurred during the economic downturn. Now, they now have the added responsibility of ensuring their organizations comply with all rules of the Dodd-Frank Act. And unlike with some regulations, there are no extensions expected with the Dodd-Frank Act, so regulators will be expecting compliance immediately. If found non-compliant, companies can face hefty fines and other sanctions.

So, what can GRC practitioners do to ensure their organizations comply with the Dodd-Frank Act? The most obvious thing they can do is understand how the 400+ rules and supporting processes may conflict and duplicate already existing controls within the organization. However, comprehensive GRC tools can help make a GRC practitioner’s job more efficient as they try to implement Dodd-Frank regulations. The key features of these tools are:

  • An out-of-the-box library which can include a substantial body of authoritative sources that are mapped to control suites and control frameworks, which helps reduce redundancy and repetitiveness in the suite of controls;
  • Suites of several hundred controls that were written by subject matter experts;
  • Pre-designed questionnaires for risk assessments and control self assessments;
  • Functionality that promotes automation of GRC processes allowing practitioners to focus more on analysis and less on integration; and,
  • Metrics that measure the quality of the implementation.
Although many GRC tools come with several features that help an organization comply with the Dodd-Frank Act, some companies may find it difficult to overcome the sticker shock from the implementation costs. However, the investment in GRC tools is offset almost immediately by a reduction in administrative overhead costs associated with supporting a GRC framework. By implementing a centralized platform, GRC practitioners can reduce their time spent managing spreadsheets and administrating GRC compliance and risk assessments. GRC tools help automate these tasks, allowing practitioners to focus on more strategic elements of risk analysis and compliance assessments. These tools also help improve accuracy and reduce repetition of GRC elements and can help enable organizations to respond to compliance regulators’ questions more quickly and efficiently. So, while the costs of implementing GRC tools can seem overwhelming, the benefits are well worth the investment.