color and camera split image


Regulation W and affiliate transactions

Implications and approaches for banks to consider

Regulation W resurfaces once again as a priority, and there is a renewed focus as it continues to be included in internal self-identified issues, internal audit reviews, compliance testing, and regulatory reviews. In fact, in discussions about prudential standards, it is often the first topic mentioned in the area of compliance.

A renewed focus on Regulation W

For some banks, enterprise-wide compliance with Regulation W has been a particular challenge—and remains so—due to the significant growth in capital market activities, pressure to rationalize compliance and operations, changes to service models and build out of centralized services centers, service companies for resolvability purposes, and an "overhang" of previous mergers and acquisitions. However, it’s time to streamline, optimize, and automate controls for affiliate transactions, where possible, to provide a foundation for future operating model changes. Plus, many banks’ current compliance programs may have been unable to keep pace with the complexity and volume of affiliate activities and pace of automation to report transactions, among other factors. In addition, enterprise-wide compliance requires a top-down program that can identify and mitigate risks across the enterprise, an area in which some organizations continue to struggle with ownership, governance, and policy design.

The changing regulatory landscape, including an increased focus by organizations on efficiency, effectiveness, and transparency, may provide an opening for banking organizations to rapidly evolve their infrastructure and governance surrounding Regulation W. For example, executives may be able to enhance operations processes that are focused on legal entities to build a consistent, enterprise-wide view of affiliate transactions, as well as the compliance infrastructure, policies, procedures, and controls required to deliver such a view.

In this paper, we’ll describe how banks might consider implementing a centralized, end-to-end Regulation W compliance program by focusing on six components: governance, risk assessment, monitoring and testing, reporting and communication, training, and technology enablement. We will also highlight some specific obstacles banks may be likely to face on the path to compliance, based on our industry insights.

Back to top

Key challenges that continue to be an issue for implementation of Regulation W requirements

  • De-centralized or lack of an end-to-end awareness of regulatory requirements across business and support/control units—particularly technical provisions, such as exemptions, attribution rule, and market terms
  • Inaccurate and incomplete affiliate lists and inadequate processes to identify affiliate transactions (according to Regulation W’s definition) within risk, financial, and underlying transaction systems; along with gaps in legal entity reporting and looking across compliance requirements that overlap
  • Outdated or incomplete policies, and limited procedures that do not provide end-to-end transactional guidance or control expectations specific to Regulation W, across all businesses and functions including the investment bank and front office
  • Lack of appropriate documentation and evidence to substantiate 23A exemption usage and 23B market terms requirements
  • Control infrastructure that is highly manual and detective in nature and does not implement T or T+1 reporting and preventative controls in regards to Regulation W
  • Lack of corporate compliance programs and defined compliance monitoring and testing programs that are also not aligned to appropriate controls
  • Limited capture of Regulation W risks in the corporate risk and control self-assessment (RCSA) analysis and/or documentation
  • Inadequate monitoring of intraday credit and derivatives for affiliates
  • Limited processes that support derivative transactions, including collateral requirements
  • Outdated/nonexistent service-level agreements and insufficient pricing methodologies to support charges
  • Ineffective training programs across business/ support functions
  • Overreliance on business certifications that do not have the appropriate substantiation to show compliance with Regulation W
  • Inadequate internal audits and testing to determine the level of inherent risk of Regulation W and its technical aspects

To learn more, download the report Regulation W and affiliate transactions.

Back to top


Contact us

Monica Lalani
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 973 602 4493
Peter Reynolds
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 973 602 4111
Irena Gecas-McCarthy
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 212 436 5316
David Smith
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 312 486 0448
David Wright
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 415 783 4123
Matt Lee
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 703 251 3482
  Chris Spoth
Executive Director, Center for Regulatory Strategy, Americas
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 202 378 5016

Back to top

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?