The 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act is one of the largest pieces of legislation in history, and it has complicated the regulatory environment by increasing the government’s oversight, supervision and resolution authority over financial institutions.

“As a result of Dodd-Frank, there are more agencies with oversight over more and different types of institutions, so compliance can be difficult,” says Michael K. O’Connell, managing director and Financial Institutions Practice leader of Aon Risk Solutions. “There are a lot of new agencies and those with redefined roles. There is new regulation of over-the-counter derivatives, a new agency for enforcing compliance with consumer finance rules, reformed credit rating agency regulation, changes to corporate governance and executive compensation, the Volker Rule, new registration requirements for advisers to certain private funds and significant changes in the securitization market.”

Smart Business spoke with O’Connell and John George, account executive at Aon Risk Solutions, about safely navigating this new, stricter regulatory environment.

What are some of the risks for noncompliance that businesses face with Dodd-Frank?

You might immediately think of the obvious financial risks — fines, penalties and injunctions — of not complying with any regulation, including Dodd-Frank. But before you get to that point, your business can incur significant costs responding to a regulatory investigation. On the back end, there also can be reputational harm, which is hard to pre-quantify but can be quite impactful.

These risks are interconnected, increasing the need for financial institutions to maximize the value of their risk transfer spend. Expert help can aid with this process by using robust data and analytic tools that help financial institutions understand their exposure, develop their modeling capabilities and ultimately derive the most value from their investment in insurance and risk mitigation.

How has executive liability changed with Dodd-Frank, and how can companies protect themselves?

There definitely is increased pressure on corporate boards of directors. The provisions of Dodd-Frank create new obligations that will drive shareholder expectations and potentially lead to heightened executive liability exposure. Directors and officers (D&O) liability insurance is designed to protect individual directors and officers, as well as the corporate entity from governmental or shareholder investigations and/or legal proceedings.

It is important to understand the Dodd-Frank provisions of clawback compensation, where boards can force executives to pay back some of their compensation for wrongdoing, corporate governance and whistleblower activity within the context of your company’s D&O liability program. Pay close attention to policies’ definitions and exclusions to understand the extent of coverage available.

In these areas, it’s critical to discuss what you really want to cover and how to achieve that within the context of the policy in the current insurance market. Understanding the scope of coverage is especially important in Side A D&O policies, which can provide dedicated personal asset protection to individual directors and officers when the company is either prohibited from indemnifying or not able to indemnify.

What are the best ways for financial institutions to cover privacy and security liability?

Privacy and security continues to be an area of focus for financial institutions. At the same time that the volume of personally identifiable information is increasing, so is regulatory focus on and awareness of privacy and security risk. With this, it is important for financial institutions and others to really understand and tailor their privacy and security coverage to their exposure.

Base policy forms vary greatly and must be customized to ensure maximum possible coverage. Take a diagnostic approach to privacy and security liability. Review the scope of coverage for first- and third-party exposures in conjunction with your existing insurance program and discuss coverage priorities with experts to fully define what you’re seeking.

The breadth of coverage available has evolved, as have the service offerings that can be bundled with a risk transfer program. An example is with breach management, where insurers offer turnkey solutions that can help financial institutions quickly and effectively recover from a breach. This approach is popular among mid-tier financial institutions that may not have pre-established relationships and resources to quickly handle a breach.

What are some other risks financial institutions are facing with operations and compensation?

Some financial institutions continue to struggle to meet regulatory requirements while maintaining sound compensation strategies. As regulation shifts from being guidance-based to rules-based, for smaller banks the question is when they will have to comply. Regardless of size, all financial institutions are being tasked with balancing risks and results, creating controls to reinforce that balance and ensuring effective management of incentive compensation.  The first step in managing compensation compliance is identifying covered employees. The process, and ultimately the covered population, may vary by firm and is primarily determined by business mix. Often the most effective and well-received approach is to include risk adjustments at the time of award or deferral, with potential future forfeiture, for incentive compensation plans.

With the evolving issues related to compensation, executive liability, privacy and security, and other risks, it’s important for institutions to take an enterprise-wide approach to risk identification, quantification and mitigation. Using experts, many financial institutions accomplish this with the goal of keeping their risk perspectives current in the changing regulatory environment. Risk management professionals can help implement risk frameworks, analyze key risk scenarios and model risk, and then align an institution’s insurance and risk transfer program to their underlying risk profile.

Michael K. O’Connell is a managing director and Financial Institutions Practice leader of Aon Risk Solutions. Reach him at (212) 441-2311 or

John George is an account executive at Aon Risk Solutions. Reach him at (248) 936-5264.

Insights Risk Management is brought to you by Aon Risk Solutions

Published in Detroit

When President Barack Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) on July 21, 2010, it was one of the most sweeping changes to financial regulation in the United States since the Great Depression.

Among other things, the act created the Financial Stability Oversight Council, whose role is to identify and respond to emerging risks that may pose a threat to the U.S. financial system. Members of the council will include the secretary of the Treasury, the Federal Reserve Board and SEC administrators.

Dodd-Frank applies to all public, nonbank financial companies, as well as larger public bank holding companies. However, the act’s implications can and should be used as best practices in other types of organizations. For example, private companies can benefit by implementing risk management processes in the same vein as those discussed in the act. Dodd-Frank also affects all federal financial regulatory agencies and almost every aspect of the nation’s financial services industry.

On May 25, 2011, the SEC adopted final rules implementing whistleblower provisions of Dodd-Frank. While politicians and practitioners have touted the Dodd-Frank provisions as an advancement in corporate governance, these provisions may provide less incentive for whistleblowers to come forward in tax-related matters than the existing rules on which they are based, the Internal Revenue Code, says James P. Martin, CMA, CIA, CFE, managing director of Cendrowski Selecky PC.

“More specifically, whistleblowers may elect to report unlawful actions to the IRS as opposed to the SEC due to greater perceived anonymity and monetary rewards, a lower materiality threshold for tax assessments than financial statements and the administrative structure of the IRS and SEC whistleblower programs,” says Martin.

Smart Business spoke with Martin about Dodd-Frank and how it affects whistleblowers.

What types of pressures do whistleblowers face?

Whistleblowers often face significant pressure to remain quiet rather than report unlawful actions. Recent studies indicate that between 82 and 90 percent of whistleblowers are fired, quit under duress, or are demoted. Competitive employers have blacklisted more than 60 percent of whistleblowers.

For individuals working in a geographical area with few employers, or in an industry with little competition, the effects of whistleblowing can be substantial. Whistleblowers may find themselves ostracized by local, regional and national businesses for their actions. They may also face adverse social consequences.

How are these pressures mitigated by legislation?

Many whistleblower laws have anti-retaliation provisions. For example, whistleblower provisions of Dodd-Frank provide for anti-retaliation protection and state that the SEC will protect the identity of the whistleblower to the largest extent possible. However, a whistleblower must satisfy numerous conditions to receive these benefits — arguably more conditions than the Internal Revenue Code on which Dodd-Frank is based.

Many whistleblowers may not come forward because they might assume they will eventually be exposed. Whistleblower laws also incentivize individuals to come forward by offering them a bounty reward in the event that a governmental body successfully recovers monies.

How does Dodd-Frank compare to existing IRS whistleblower laws?

With respect to Dodd-Frank, the SEC must pay an award of between 10 and 30 percent to eligible whistleblowers. Section 7623 of the Internal Revenue Code, however, mandates a whistleblower award of between 15 and 30 percent of the amount recovered by the IRS. Thus, the IRS is required to minimally pay a 50 percent larger award than the SEC for information resulting in successful enforcement of unlawful actions.

Existing IRS whistleblower laws are also more favorable than Dodd-Frank due to the concept of materiality. In enforcing securities laws (including the Sarbanes-Oxley Act of 2002), the SEC is largely concerned with matters that are material to financial statements. The concept of materiality thus constrains the SEC’s actions. If the SEC feels an item is immaterial, it may forego investigation of the issue, and the whistleblower will not receive a monetary reward. The concept of materiality, however, largely does not apply to tax assessments.

As such, a whistleblower with knowledge of tax issues is incentivized to report the issue to the IRS as he or she is unconstrained by the concept of the materiality; the IRS may elect to investigate an issue that the SEC would otherwise not investigate.

How do the SEC and IRS differ in their administration of whistleblower claims?

Currently, the SEC lacks an independent whistleblower office to handle tips, whereas the IRS has a separate, independent whistleblower office, which serves as the central repository for all whistleblower claims. The director of this independent office reports to the IRS commissioner, decreasing the possibility that a claim remains uninvestigated by lower-level IRS managers. The IRS’s organizational structure, with its separate whistleblower office, may incentivize potential whistleblowers to report their concerns to the IRS as opposed to the SEC.

James P. Martin, CMA, CIA, CFE, is managing director for Cendrowski Selecky PC. Reach him at (248) 540-5760 or

Published in Detroit