Inside the Volcker Rule's Process Labyrinth

This is the third article in an eight-part series.

As banks tackle the people challenges involved in complying with the Volcker Rule, they must also begin wandering through the labyrinth of newly required Volcker Rule processes. The rule places incredible demands on senior management and compliance officers to create robust compliance programs. In order for banks to implement these programs, senior management must develop well-thought-out processes and communicate the necessary steps to boards of directors, business line managers, compliance officers, IT professionals and auditors.

The Volcker Rule requires banks above $10 billion in assets to achieve compliance with six basic elements: policies and procedures, controls, governance, independent testing, training and record-keeping. (Banks under $10 billion will be allowed to modify their existing compliance programs.) Banks over $50 billion will also have to comply with enhanced requirements that will take more time to decipher and implement. Based on my observations, it will be very challenging for many banks to set up Volcker Rule processes in a timely manner; for some, it will be impossible.

Banks have never before had to establish policies and procedures at the granular level required under the new regulation. They will need to create trading-desk practices that reflect the securities and derivatives, trading limits and hedging strategies permitted by the Volcker Rule. An accidental or willful breach in a process could cause the bank not only a loss in earnings, but even more importantly, a significant reprimand from regulators.

Additionally, because banks can have hundreds of trading desks, they will have to create many new, detailed processes in order to be in compliance or else simplify their structures. The more desks and processes a bank has, the greater its operational risk exposure. Obtaining high-quality, reliable data will be more difficult and there will be greater room for errors and even for fraud.

The rule also requires banks to establish a system of internal controls to monitor compliance. Given how new the rule is, professionals will need to be trained not only on the Volcker Rule, but also on its interactions with other regulations that are currently being developed and implemented.

Establishing a management and governance framework that outlines clear accountability for compliance presents yet another challenge. Banks' boards of directors, business line managers and auditors will now be accountable for Volcker Rule compliance. Senior executives will have to create processes not only for Volcker Rule governance but also review new Basel governance guidelines to see where there might be overlap.

The Volcker Rule further requires that banks utilize independent personnel within the firm or hire an outside party to periodically test and audit of the effectiveness of Volcker compliance programs. This means that banks will have to write clear processes so that auditors know exactly how to identify any compliance breaches. Banks may also increase their operational risk if they choose an outside party to perform the audit. The Office of the Comptroller of the Currency has released guidelines concerning third-party relationships. Anyone implementing the Volcker Rule must make sure that the firm does not violate those guidelines as it hires outside vendors.

Training personnel about the rule's requirements will impose another demand on banks. Banks will have to write processes detailing who will do the training, what the instructor's qualifications are and how learning outcomes will be measured.

Finally, banks will have to improve greatly their recordkeeping. Documentation demonstrating compliance with the Volcker Rule must be kept for five years and be readily available to regulators upon request.

In addition to writing new processes to comply with these requirements, large banks face several additional hurdles. They will have to implement an annual certification process wherein CEOs attest in writing that their banks have the procedures in place to establish, maintain, enforce, review, test and modify the Volcker compliance program. This will mean that staffers under the CEO must review all processes in the compliance program carefully and educate the CEO about the processes and their relevance.

Large banks will be required to demonstrate that they monitor and review quantitative metrics in a timely manner. The challenge is that many metrics must be calculated by trading desk rather than at a higher level, forcing banks to create new processes as to how and when these calculations will be done.

A final challenge for large banks will be creating a clear process that explains how traders and other professionals can determine what potential or actual breaches in Volcker Rule compliance are sufficiently material to escalate to a compliance officer or chief risk officer. The compliance officers with whom I have spoken say that the five regulators have failed to establish a materiality threshold. This means that some compliance officers and CROs are unnecessarily overwhelmed with incidents that could be resolved at the trading desks.

Many banks will likely spend years trying to achieve compliance with the new rule only to feel that they are fumbling in the dark. To find the exit in this labyrinth, banks need not only empowered human resources, but also major upgrades in technology.

Next in the series: Data and technology demands presented by the Volcker Rule.

Mayra Rodríguez Valladares is managing principal at MRV Associates, a New York-based capital markets and financial regulatory consulting and training firm. She is also a faculty member at Financial Markets World. Follow her on Twitter at @MRVAssociates.