Regulatory Reform Heralds Changes
Ex-Regulator Offers Clues to What to Expect NextThere's a whole lotta shaking going on and still to come after the most sweeping set of changes to the financial regulatory framework was passed this summer.
The Frank-Dodd regulatory reform bill may have held the headlines in June and July, but the real work by regulatory and institutions is coming next.
I recently got the chance to discuss regulatory reform with William Henley, a former Office of Thrift Supervision executive, now at BITS, about these changes that loom over bankers' heads. Here are some of the takeaways he shared with me.
The reality is change is coming, folks, with 200 more potential regulations to add to our stack of compliance headaches. Some of these are going to be big. Like the possible change in how Title 8 is approached by the agencies. Oversight used to be done on an interagency basis. Henley wonders if the Federal Reserve will take that function on now, or just settle for a leadership role in the interagency oversight.
Even without any changes being made yet by the newly-chartered Consumer Financial Protection Bureau and its new head, Elizabeth Warren, the other financial regulatory agencies are taking an expanded approach to the topic. Rather than leaving consumer protection up to the new bureau, agencies are expanding their resources and attention to this area. Both Henley and I agree: This is a good thing.
There are other issues out there on the regulatory front that will cause Maalox moments. The debit card interchange issue could have a pretty big impact on banks, especially community institutions. The issue here: the loss of revenue from debit card activity because of the Federal Reserve's expanded oversight over the setting of interchange fees.
Expect New Guidance
Other upcoming guidance that institutions should be on the watch for: Update to the 2005 Online Banking Authentication guidance. It's no secret that the agencies are working on a refresh, possibly to address mobile banking in particular. As the threats and technology change, the agencies will continue to review this area. So expect new guidance to be issued in the "near future." (In regulatory time, the term "near future" could be three months or a year.)Henley says not to be surprised to see guidance on cloud computing. One guess what the topic at the agencies' annual technology symposium will be this year - managed security services, an area that is chock-full of cloud-computing vendors offering services.
More than likely the existing vendor management guidance will be the touchstone of any guidance on cloud computing. Regulators will encourage institutions not to be fooled by services offered under a particular name, but rather to focus on the principles that are in the guidance. With the proliferation of all the cloud-computing services and the hype surrounding it, institutions need to stick to sound vendor management practices and adhere to the principles that are already out there.