As the Dodd-Frank Act turns two on Saturday, it's a natural time to ask whether its primary goal of stabilizing the financial system has been accomplished.

Despite the recent string of missteps by major firms — all caused by embarrassing management lapses — our financial system remains remarkably steady.

But steady is not the same thing as secure.

Barbara A. Rehm

The feeling that a disaster of system-disrupting proportions is lurking around the next corner is undeniable.

Why is this? Part of the problem is a lack of confidence in financial firms. The public doesn't trust executives to act with integrity. A related factor is the sheer complexity of the financial system.

It's less that the largest firms are Too Big to Fail than they are too complex to manage and oversee, and too interconnected to dismantle without causing destructive ripple effects.

No one believes the regulators really understand what's going on inside the banking giants and some of us aren't even sure the executives have a firm grip on their far-flung businesses. This problem takes on an added twist when you consider how quickly firms lose confidence in each other, freezing out competitors when a whiff of vulnerability surfaces.

Some critics think we can just turn back the clock and revert to a simpler financial system free of large institutions or much risk. I don't think that's realistic. To me, the solution has to lie in transparency and governance.

Notice I didn't say GREATER transparency or BETTER governance. That's because we don't have even the basics right yet.

Let's start with transparency and let's link back to Dodd-Frank.

Realizing that good information is fundamental to good supervision, the authors of the reform law created the Office of Financial Research.

The office was supposed to spot the next financial crisis before it was too late to prevent it. It was supposed to identify data blind spots, go get that information, aggregate it across all the big firms and analyze it. All that was supposed to help regulators stay ahead of the curve of financial crises. And in the end all this added information, this added transparency, was supposed to improve market discipline. Why? Because investors would have more, trusted information about the risks these firms are taking.

Done right, the office also would lighten the load on banks by standardizing and streamlining the data they must report to the government.

But two years later, the office remains an afterthought. It doesn't have a Senate-confirmed director or even much of a permanent staff. It's taken a baby step forward with its legal-entity identifier project but it's nowhere near fulfilling its potential.

If Congress ever does open up Dodd-Frank for reforms, the top of its list should be pulling OFR out of the Treasury Department and making it an independent agency. Then, perhaps, it will be able to take its mission seriously and deliver the sort of transparency that the financial system will need to avert another meltdown.

Without a strong OFR, all the large-bank units of the federal banking agencies are inundating banks with requests for data, each seeking different information in differing formats.

That's inefficient at best. At worst, it's inviting serious problems to fall through the cracks. We need centralized, comprehensive data collection and analysis and the OFR is our best bet. Without the transparency the office could deliver, we are setting ourselves up for another financial implosion.

The other key change we need involves governance and it starts with the boards of directors at these mega institutions.

I don't doubt that most of the people sitting on the boards of the world's largest banks are hardworking, well-intentioned people. But it's pretty clear they are not asking enough of the right questions of senior management and are not demanding accountability when things go wrong.

How else do you explain Barclays' Libor scandal, JPMorgan's trading fiasco, HSBC's money-laundering lapses, Wells Fargo's fair-lending run-in with the Justice Department?

"It isn't a failure of internal controls. It's not because the banks don't have 72 systems with 422 auditors and tons of books on the shelf. It's because nobody gave a damn, and that is a board-level problem," said Karen Shaw Petrou, one of the brightest minds analyzing the industry today.

"Many boards are not well-informed enough about risks" their companies are taking, she said. "It's not that the banks are too complicated. It's that there is a lack of actionable information on which knowledgeable decisions can be made."

Petrou, co-founder and managing partner of Federal Financial Analytics, said every board must set risk tolerances, draw a line on how many mistakes is too many and then be prepared to mete out harsh discipline.

"They don't need to be complicated, fancy formulas," she said. "They need to be clear: you get out when the [risk-tolerance] thresholds are breached…. And there must be consequences for lapses."

Troy Paredes, on the board of the Securities and Exchange Commission, capped off a speech last week about the future of financial services with his views on the role directors should play.

"What matters most is not how a board is composed or structured. What matters most is how directors act," Paredes said.

"Directors should be willing to dissent, and disagreement from others should not be discouraged or suppressed. When it leads people to engage rigorously, disagreement helps ensure that the unknown is identified; that potential conflicts are spotted; that information is uncovered; that overconfidence and other biases are managed; that 'outside the box' thinking is sparked; and that challenges and opportunities are assessed in a more balanced way."

Paredes warned against directors becoming "complacent or too deferential to management just because the CEO has been making the right calls and the company has been on a good run. Whether the company is successful or struggling, the tough questions need to be asked to help ensure that the best decisions are made going forward."

It's common sense, but it's not common practice on too many boards today.

Kevin Blakely, a former regulator and banker who is now a senior advisor at Deloitte & Touche, tied the two pieces together.

Transparency and governance, he said, go hand in hand. A bank has to be able to put its figurative hands on data to have a fighting chance of managing its risks.

Too many firms haven't comprehensively integrated information systems, especially after acquisitions. They don't have common definitions for products or standardized ways of reporting data.

"Clearly, data that is pulled from a consistent source, has a high degree of integrity, and is readily available, benefits [banks] on a number of fronts," Blakely said. "There is increased transparency within the firm as to business performance, a higher degree of confidence in decisions made, management and board reports with greater accuracy and over time a greater degree of trust by the investment community in the company's numbers."

If boards and the executives who report to them don't get serious about getting governance and risk management right, headline-grabbing problems will continue to plague the industry.

A tipping point will be reached, and then the industry will be out of options. If bankers think Dodd-Frank was bad, wait till Round Two, which is sure to include some blend of activity restrictions, taxes or fees, tighter size limits and tougher capital requirements.

At some point, the red tape will strangle the industry, and that won't be good for anyone.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.