Reflections on the Fourth Anniversary of the Dodd-Frank Act

Reflections on the Fourth Anniversary of the Dodd-Frank Act

July 21, 2014 will mark the passage of another year in the life of the Dodd-Frank Act (DFA). As we approach this fourth anniversary of the law’s enactment, the percentage of rules finalized remains essentially unchanged from last year at this time. True, there were some notable developments over the past 12 months, such as the finalization of the Volcker Rule and a number of new and updated rules issued by the Consumer Financial Protection Bureau. Yet nearly half of the required rules still are not final. Debate continues about the impact of the law on community banks, the opportunities for regulatory arbitrage, the extraterritorial application of the regulations, which nonbanks should be deemed to be systemically important, and whether “too big to fail” has been resolved, among other issues.

Maybe it just doesn’t matter anymore whether all the rules are ever finalized. Maybe it never mattered. Maybe all we ever needed were eight pages, not 2,000-plus pages, to shore up the financial services industry. Maybe Section 165 alone would have been enough.

The Federal Reserve’s Enhanced Prudential Supervision

FS Insights Bank Graphic
In February 2014, the Federal Reserve approved a final rule implementing the enhanced prudential supervision standards of the DFA. These standards apply to bank holding companies (BHCs) and foreign banking organizations (FBOs) doing business in the United States. These standards were set forth in the DFA in eight pages; the preamble and final Federal Reserve rule account for more than 400 pages. The enhanced prudential supervision standards address risk management, capital and liquidity, all foundational considerations for a safe and sound financial system. The requirements will generally take effect for U.S. BHCs on January 1, 2015 and for FBOs on July 1, 2016.

For U.S. BHCs, the final rule requires all publicly traded BHCs with at least $10 billion in total assets to have a board-level risk committee and U.S. BHCs with more than $10 billion in total assets to perform an annual company-run stress test.

U.S. BHCs with $50 billion or more in total assets must have a board-level risk committee, whether or not they are publicly traded, and must also designate a chief risk officer with relevant experience who will be responsible for overseeing the establishment and monitoring of risk limits across the enterprise, the implementation and adherence to risk policies and procedures, and the management and testing of risk controls. These larger U.S. BHCs will also be subject to a series of liquidity-related requirements, including:

  • Producing comprehensive cash flow projections
  • Maintaining and updating a contingency funding plan on at least an annual basis
  • Establishing a set of appropriate liquidity risk limits
  • Implementing procedures for monitoring liquidity risk
  • Performing liquidity stress testing
  • Maintaining a liquidity buffer

The board of directors and/or the board’s risk committee, at intervals established by the final regulation, must review the BHC’s liquidity risk tolerances and adherence to these tolerances. Additionally, the board and/or the board’s risk committee must approve liquidity risk management strategies, policies and procedures and the company’s contingency funding plan and ensure that liquidity risk management practices are subject to independent review. The final rule also subjects these larger U.S. BHCs to any applicable capital planning and supervisory and company-run capital stress-testing requirements adopted by the Federal Reserve.

The application of enhanced prudential supervision standards for FBOs is also based on total assets, but considers both global and U.S. assets. FBOs with more than $10 billion and less than $50 billion in global assets, regardless of total U.S. assets, must meet home country annual capital stress-testing requirements, comply with a 105 percent asset maintenance test for U.S. branches and agencies, conduct an annual stress test of its U.S. subsidiaries, and, if publicly traded, have a risk committee of its global board. FBOs with greater than $50 billion in total global assets and less than $50 billion in U.S. assets must also meet home country capital standards that are consistent with Basel III and perform an annual company-run liquidity stress test for either the consolidated FBO or its combined U.S. operations. FBOs with more than $50 billion in global assets and more than $50 billion in U.S. assets must have a U.S. chief risk officer, must comply with liquidity risk management obligations similar to U.S. BHCs, and must report to the Federal Reserve on the results of home country capital stress testing. FBOs in this last category that have non-branch U.S. assets greater than $50 billion must also establish a U.S. intermediate holding company (IHC) subject to U.S. BHC capital requirements, capital planning, and capital and liquidity stress testing, and must have a risk committee at the IHC level.

The OCC’s Heightened Governance Standards

OCC Heightened Governance Graphic
In January 2014, the Office of the Comptroller of the Currency (OCC) issued proposed guidelines for heightened governance standards for banks with assets greater than $50 billion, though it indicated the standards could be applied to smaller banks if circumstances warranted. The OCC did not rely on the DFA’s authority to issue these standards; it referred simply in the preamble to the proposed regulation to “a Federal statute that authorizes the OCC to prescribe operational and managerial standards for national banks and Federal savings associations.” (Hmm ... is it possible we didn’t need the DFA at all?)

The guidelines set forth the OCC’s expectations of the separate responsibilities for a bank’s board of directors (board), chief executive officer (CEO), so-called “front-line” units, and independent risk management and internal audit functions. They also emphasize the importance of risk management and internal audit functions having access to a bank’s board or appropriate board committee to be able to curb excessive risk-taking by management and front-line business units. 

Admittedly, the proposed OCC guidelines apply only to large national banks, federally chartered thrifts and insured federal branches of foreign banking organizations, and deal only with matters of governance and not explicit capital and liquidity requirements. However, as was clear with the final Section 165 rule, a new rule was not required to impose capital requirements on the banking industry, and federal regulators likely could conclude they have the authority to impose liquidity standards without the DFA.

The Missing Piece of the Puzzle


Missing Piece of the Puzzle
Enhanced prudential standards for nonbank systemically important financial institutions (SIFIs) were not included in the Federal Reserve’s final rule and, with the experience of the last financial crisis, few would argue about the importance of the safety and soundness of these institutions to the overall health of the financial services industry. The Federal Reserve has indicated that it will issue a separate rule for these organizations once it has given further consideration to the business models, capital structures and risk profiles of the nonbank SIFIs.

Was the DFA Unnecessary?


DFA Graphic

To be fair, the DFA had multiple goals as outlined by then Secretary of the Treasury, Timothy Geithner, in his March 2009 testimony to the House Financial Services Committee:

  • Reduce systemic risk in the financial system
  • Protect customers and investors
  • Eliminate gaps in regulatory oversight
  • Foster international coordination


Maybe we did need the DFA to address the alleged consumer abuses that stemmed from the mortgage crisis and the investor abuses. However, while the earliest spark for the crisis may have been predatory mortgage loans, the ultimate powder keg explosion resulted from excessive leverage, poorly understood counterparty exposures, and lack of liquidity – all matters of safety and soundness, not consumer protection. Maybe we did need the DFA to eliminate some of the gaps in regulatory oversight, although the DFA arguably increased the regulatory overlap and further confused the roles and responsibilities of the regulatory agencies, making the regulatory burden on the industry worse. Whether the DFA was a catalyst for fostering international coordination, or had the opposite effect, is certainly subject to debate. And whether existing regulatory authority, or maybe the eight pages in the DFA that address enhanced prudential standards, would have been enough to address systemic risk remains a question. It’s difficult, though, to think of a financial institution with strong risk management, capital and liquidity that failed.

For More Information…

Protiviti ( is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit. 

Protiviti’s dedicated Financial Services practice includes professionals with deep industry experience in banking, insurance, brokerage and investment companies. These financial services professionals can work with you to find approaches to help improve and establish strategies for your business as changes in the industry and regulatory environment impact your organization. Their guidance on regulatory reform can be found at

For additional information about the issues reviewed in FS Insights or about Protiviti’s services, please contact:

Carol M. Beaumier
Managing Director
[email protected]
Cory Gunderson
Managing Director
[email protected]
Andrew Clinton
Managing Director
[email protected]
Giacomo Galli
Managing Director
[email protected]


Click here to access all series

Ready to work with us?