The Volcker Rule
The new compliance monitoring program
The final(1) Volcker Rule was approved and released by the US regulators on December 10, 2013, requiring banking entities to demonstrate that prohibited proprietary trading is not taking place at their firms. Medium-sized and larger banks must implement a rigorous compliance program.
- Three types of compliance programs
- Roles and responsibilities
- Technology considerations
- Join the conversation
Compliance program requirements
This paper explores the compliance program requirements for the proprietary trading restriction component of the Volcker Rule, in particular for the medium-sized and larger banks where much work is required with not much time to do it. Download this paper to obtain additional insights into the three types of compliance programs — standard vs. enhanced compliance programs, timing considerations, technology considerations, and roles and responsibilities.
Three types of compliance programs
Banks with greater than $10B in total consolidated assets (nearly 100 U.S. banks and 50 foreign banks) must implement the "standard" compliance program, outlined in Subpart D of the regulation, by July 2015. This program has six required components for banks with covered activities and is sometimes also called the six-point compliance program:
- Policies and procedures
- Independent testing
Roles and responsibilities
The standard compliance program requires a management framework that clearly delineates responsibility and accountability for compliance with the Volcker Rule. The Volcker Rule requirements for monitoring compliance lend themselves to the "three lines of defense" model. In the first line, the business line managers must create a culture of compliance for the desks, including implementing a compensation structure that rewards risk reduction and not risk-taking. The second line of defense focuses on the compliance function, which must monitor any breaches, ensure that false positives are clearly explained and documented, and that any true violations are promptly remediated and senior management is made aware. The third line of defense is the independent testing and audit required by the regulation.
The largest firms that must report quantitative metrics beginning in June 2014 are understandably focusing their technology resources on these efforts. Regardless of size, firms should not lose sight of the infrastructure required to support the monitoring of these metrics and other limits that they may implement in policy.
What you don’t know could hurt you
Boost security, vigilance, and resilience