Dodd-Frank Calls for Improved Transparency into Risk Exposure
John Kelly 270004J7VQ email@example.com | | 0 commentaires | 163 visites
The Financial Stability Oversight Council is a new regulatory body created by the law that is tasked with monitoring and regulating companies that are deemed by the Council to be “systemically important.” The Council has the authority to instruct the Federal Reserve to impose new requirements on systemically important companies such as increased capital and liquidity levels as well as disclosing risk practices, regulatory gaps and resolution plans or “living wills.” In its role as systemic risk monitor, the Council will collect risk data from various sources including Federal and State financial regulatory agencies and the newly created Office of Financial Research (OFR) – which will among other things be responsible for collecting data from financial services companies.
The Dodd-Frank law also calls for a Risk Committee to be established by all public, non-bank financial companies, as well as all public, bank holding companies with over $10B in assets under management. Supervised by the Board of Governors of the Federal Reserve, the Risk Committee will be held responsible for enterprise-wide risk management oversight and practices, and be required to include “at least 1 risk management expert having experience in identifying, assessing, and managing risk exposures of large, complex firms.”
To meet these requirements for risk exposure data, financial services institutions need an information architecture that provides full transparency and reporting for the Board, Risk Committee and potentially the OFR. If you’re looking to develop an information architecture that will meet the requirements of Dodd-Frank and new regulations to come, here are a few things to consider:
1. Create a central platform to pull all of the different data elements together and maintain the relationships between elements (RCSA, Loss Events, KRIs, Issue Management, Policy Management, etc.)
2. Establish a common taxonomy and library for policies, processes, risks, controls, regulatory requirements and other key data elements
3. Integrate multiple areas of risk (operational, compliance, strategic, etc.) to provide aggregated analysis and full reporting of all risks across the enterprise