Leveraging automation to deliver streamlined compliance for Dodd-Frank

Compliance with the Dodd-Frank Act is well established. The one variable? The annual DFAST stress tests used to ensure a bank’s balance sheet is robust enough to survive a significant shock.

The changing scenarios under DFAST mean that the data, models, and calculations, from multiple sources, used by a bank must be accurate and consistent. Leveraging automation can streamline your stress-testing processes to enhance compliance and reduce costs.

Effective Dodd-Frank compliance in a dynamic environment

The DFAST stress tests, alongside the Comprehensive Capital Analysis and Review (CCAR) stress test framework – known as CCAR/DFAST – are core components of the Dodd-Frank Act and the wider US banking regulatory framework.

Applied to larger institutions, these tests feature a range of scenarios that go from a baseline model to increasingly extreme scenarios featuring a significant drop in house prices, a fall in GDP, or a large counterparty failure.

Spreadsheets used by individual employees’ own systems and applications feature heavily in consolidating, managing, manipulating the data used in the stress tests, alongside corporate systems. Changes in business and changing annual scenarios mean that spreadsheets are often the most convenient way to frame a response to the regulators.

While spreadsheets are powerful and flexible, they lack the controls and transparency that feature in corporate IT applications. However they’re used in the stress testing process, this lack exposes a bank to errors and omissions in data and calculations that increase the workload of reviewing results manually. Worse, they generate results that can expose a bank to regulatory, commercial, and reputational risk.

Automated spreadsheet risk management can reduce the risks and overhead of working with spreadsheets in CCAR/DFAST stress testing. Because identifying and eliminating spreadsheet risk is core to efficient and effective stress testing.

Three steps in eliminating spreadsheet risk

Find the spreadsheets

Scan the entire enterprise, or a subset of systems to identify those spreadsheets that are part of the CCAR/DFAST process.

Deep scan capabilities allow teams to identify specific terms that form part of the stress testing framework. This allows firms to sift a small number of spreadsheets from the thousands of others used in the business that aren’t directly relevant in the stress testing process.

Create an inventory of CCAR/DFAST spreadsheets

Once the key CCAR/DFAST spreadsheets, have been identified, they can be allocated a place in a centralized inventory, that provides transparency in the files that a key to the process, flagging their owner, their location in the business and their significance in the stress testing process. This approach allows people to make use of their spreadsheets as they would normally, while still providing visibility of the documents.

Proactively monitor and review your CCAR/DFAST spreadsheets

With the core CCAR/DFAST spreadsheet estate established and managed, monitoring them for changes, throughout the stress testing review process. These changes may be additional cells, new worksheets, additional data sources or links, or calculations. Errors can also be quickly identified, with the process of changes open to full review, transparency and suitability.

This approach brings the same level of control as found in enterprise systems, while continuing to allow users to use their favorite, most flexible desktop applications, including Excel.


The complexities of staying compliant with Dodd-Frank and other financial and business regulations are daunting.  To cost-effectively meet those requirements, companies are leveraging state-of-the-art compliance solutions.

EUC/Shadow IT Management

An automated tool like ClusterSeven lets you proactively discover, monitor, review, and audit changes made to End User Application spreadsheets and other “Shadow IT” data assets hidden across your enterprise.  Gain a centralized view of enterprise-wide critical spreadsheet use, assess and prioritize critical spreadsheets, and provide transparency for management and auditors about your most important files.

Compliance & Obligations Management

A compliance and obligations management solution, like Mitratech’s CMO offering, uses a simple, intuitive interface to let employees and auditors be proactive in incident and audit management, including Volcker Rule obligations, controls, investigations, and non-conformance reporting. Easily report incidents, understand your obligations, and continuously improve your compliance performance.

Financial regulation compliance blog posts
Read how Dodd-Frank and other FinServ regulations can impact your business, and how to mitigate the risks.

See more at The Mitratech Blog

eBooks, white papers & more
Expert resources for building a culture of compliance and tackling the challenges of compliance.

See more compliance resources