Assessing Dodd-Frank

1
Assessing Dodd-Franks Impact on Security Risk
AnalysisConflicts, Controls Transparency

• John W. Bagby, Professor of IST
• Pennsylvania State University

2
Statement of the Problem

• Risk Assessment is Largely Unregulated
• Exception ISO 31,000 a family of industry
  standards
• Some Significant but Narrow Exceptions
• E.g., Nuclear Power, FDAs Drug/Device Trials
  (NDA), SOX 404 Top Down Risk Assessment (PCAOB
  SEC)
• Several Recent Spectacular Regulatory Failures
• Permitted Significant Societal Hazards
• Financial Engineering Innovation
• Food Drug Safety
• Petroleum Exploration Production
• Complex Computer-Controlled Vehicle Designs
• Regulatory Failure Due to Failed Risk Assessment

3
Government Regulation, Acting Alone, Cannot
Control Systemic Risk

• Traditional Financial Risk Management has only 3
  narrow foci
• Hedging Financial Risks
• Insurance Markets Insurance Industry Practice
• Actuary
• Systemic Financial Risk Largely Left to the FRB
• Fragmentation of Financial Risk Management
  Contributed Significantly to 2008 Financial
  Crisis
• Federal Functional Regulators
• Fed, Comptroller, FDIC, OTS, NCUAB, SEC, CFTC,
  states

4
Composition of Incentives for Risk Analysis a
Layered Institutional Structure

1. Market Disciplines capital, product, factor
2. Social Responsibility Voluntary
3. Industry (Best) Practice
4. Industry Standards
5. Independent Conformity Assessment (e.g., audit,
   credit rating)
6. Self-Regulation
7. State Regulation
8. Federal Regulation  
9. State Tort Liability
10. Federal Tort Liability
11. State Criminal Liability
12. Federal Criminal Liability

5
Impacts of Layered Institutional Structure

• THE Conundrum
• Robust Risk Analysis Attenuates Risk Taking
• Cons
• Redundancies Constrain Liberty
• Stifles Innovation Competitiveness
• Seemingly Duplicative Complex
• Potentially More Costly Compliance for Regulated
  Entities
• Inefficient use of Societal Resources
• Pros
• Checks Balances have Proven Value
• Redundancies are Typical in Complex Systems with
  High Potential Costs of Failure
• Failure of Control Produces Pressure for
  Regulatory Complexity

6
Financial Risk Control Institutions

• Market Forces
• Financial Analysts Reports
• Ratings Agencies
• Internal Control
• External Audit
• Board Oversight
• Fragmented Financial Regs (Fed Functl, state)
• Congressional Watchdog Comms, OIG, GAO

7
The Regulatory Failure Hypothesis

• Largely Undefined of Recent Vintage
• 08 Financial Crisis, Moncando well blowout, FDA,
  NHTSA
• Considerable Related Roots
• W. Wilson, New Freedom (14)
• G. Stigler, Theory Economic Regulation (71)
• S. Breyer, Analyzing Regulatory Failure (79)
• F. Hayek, Fatal Conceit (88)
• Range of Outcomes
• Trivial Bumbling to Catastrophic Failure
• Public (over-)Reliance Trusting in Regulatory
  Perfection then Disaffection

8
Causes of Regulatory Failure

• Regulator Incompetence
• Regulatory Capture
• Regulatory Programs Frequently Suffer Political
  Compromise
• Implemented as
• Compromised Regulatory Program Funding
• Insufficient Statutory Authorization
• Clandestine Deregulation
• Regulation is Decidedly Ex Post
• Liberty Laissez Faire Relegate Regulatory
  Solutions to Remediate Past Misconduct or
  Catastrophic Failure
• Planned Economies Generally Fail to Incite
  Innovation Prosperity
• Regulatory Costs Impose Undue Burden on Growth

9
The Seeds Recent Regulatory Heritage

• GLB
• Universal Banking Frustrates Risk Isolation by
  Compartmentalization
• Strict Prudential Activities Abandon in Favor of
  Promised Returns from Financial Innovation
• SOX
• PCAOB, Auditor Independence, Conflicts,
  Disclosure Responsibility (302) Controls
  Assessment (404)
• OTC (exoitic) Derivatives De/Non Regulation
• Regul.Capture, Conflicts, Risk Disregard

10

• Inspiration for
• the SECs
• Pre-Emptive
• Attempt to
• Expand
• Boards
• Risk Duties

11
SECs Response pre-DoddFrank

• 33-9089 Proxy Disclosure Enhancements 12.09
• FY ending after 2009 proxy solicitations after
  2.28.10
• Firms must now Disclose Boards Role as
• Risk Oversight
• Must Discuss Analyze
• Links how risk management addresses risks from
  compensation policies practices
• Threshold if reasonably likely to have material
  adverse effect
• Prediction Will Expand Enterprise Risk
  Management (ERM)

12
Dodd-Frank HR.4173 S.3217

• 848 page long, complex taxonomy challenged
• Systemic Risk
• Capital Markets
• Hedge Funds Private Equity
• Swap Dealers Major Swap Participants
• Derivatives Securitization
• Financial Institutions
• Insurance Industry
• Nonbank Financial Company
• Minimum Capital, Margin, Recordkeeping and
  Disclosure
• Proprietary Trading
• Consumer Protection Mortgage Markets (retail,
  wholesale)
• Corporate Governance Executive Compensation
• Misc. Congo Conflict Minerals (gold, tin,
  tungsten)
• Alt Conflicts, Controls Transparency

13
DoddFrank Conflicts

• Skin in the Game credit risk retention
• Whistleblower Bounties enhanced (SEC)
• Compensation Consultants Committee Independence
  
• Volcker Rule (Insured Institution Proprietary
  Trading
• Credit Rating Agencies

14
DoddFrank Controls

• New Regulators Regulatory Powers
• Financial Stability Oversight Council (FSOC)
• Bureau of Consumer Financial Protection (BCFP)
• All Federal Functional Regulators
• Compensation
• Comp. Committees Consulting Contracts
• Exec Golden Para Say-on-Pay (non-binding)
• Clawback
• Risk Committees for Non-Banks
• Orderly Insolvency Resolution 2 big 2 fail
• Derivatives Markets Mechanisms (Swap Dealers
  Participants, Clearance, Market Mechanisms)

15
DoddFrank Transparency

• Disclosure of Golden Parachutes (merger
  compensation)
• Acquisition Disclosure Timetables Shortened
• Executive (Trader) Compensation Disclosures
• Asset Backed Security (asset loan levels)
• Derivatives Markets Transparency

16
Will Political Forces Move To Produce Yet Another
Regulatory Failure?

• Political Losses
• Societys Laser Focus on the Perverse Incentives
  of over-Compensation
• Lobbying Must now Shift to Soften Regulations
• Political Wins
• Only Gentle Constraints on Ratings Agencies?
• Tough Regulators Still too Fragmented Dispersed
  
• What Lies Ahead? Weakening DoddFrank
• Est 800 new SEC Staff needed to Enforce
  DoddFrank
• De-Fund CFTC SEC Budget Woes Argued to Justify
• Slow Funding of Comprehensive Studies Restrains
  Rule Changes (see Davis Polk )

17
Tentative Findings

• Expand Reinforce Effective Risk Awareness
  Mechanisms
• DoddFrank Expands Risk Assessment Conflicts,
  Controls, Transparency
• VCSB Standards AICPA Risk Assessment Standards
  for Financials
• SAS 104, (amends SAS 1) SAS 106, Audit Evidence
• SAS 107, Audit Risk and Materiality in Conducting
  an Audit
• SAS 108, Planning and Supervision
• SAS 109, Understanding the Entity and Its
  Environment and Assessing the Risks of Material
  Misstatement
• SAS 110, Performing Audit Procedures in Response
  to Assessed Risks and Evaluating the Audit
  Evidence Obtained
• SAS 111, Amendment to SAS 39 , Audit Sampling
• FDAs NDA Model Shift Some of the Burden of
  Proof from
• Risk Averse to Prove Risk Magnitude Ex Post
  Calamity to
• Risk Takers Ex Ante Show Reasonability of New
  Approaches