As banks face new, stricter scrutiny and standards with the ongoing implementation of the Dodd-Frank Wall Street Reform and Consumer Protection Act, one of the best things they can do to prepare is document their processes.

That conclusion came from a panel of financial services lawyers and experts in New York on Wednesday, nine months after the Dodd-Frank legislation was signed in July.

Since then, a total of 159 rules have been promulgated, which amounts to an average of four proposals a week, said Scott Cammarn, special counsel at Cadwalader, Wickersham & Taft. And with a reported 382 total rules expected to be issued under that legislation, that leaves 62% of the rules still unwritten. For banks, that means having to keep up with dramatically changing standards.

“What you think of risk is not what it used to be,” Cammarn said. “The agencies are finding all sorts of concepts as a risk that none of us ever thought of.”

That includes, for example, evaluating models themselves for risk, Cammarn said, an unprecedented move that was included in a recent regulatory proposal. That proposal would require banks to manage existing models for compliance, which would go beyond existing supervision rules.

The overall theme of the changing regulation comes with more attention paid to processes, not results, said Molly Curl, bank regulatory national advisory partner at Grant Thornton LLP. That means that even if a bank has no issues or violations with affiliate transactions, it will come under scrutiny if there is not a service agreement in place. Regulators are also still paying close attention to commercial credit, Curl said. If banks cannot provide documentation as to why a property is performing, it could become the subject of regulatory attention, Curl said.

Clearly documenting plans is especially necessary if a bank needs regulatory approval to consummate mergers and acquisitions, according to Curl.

“[If] you don’t have really defined assumptions, they’re just going to say no,” Curl said of potential M&A deals. “You’re not going to be playing the game.”

Curl said she advises bank clients to get an enterprise risk management process in place. That means lining up a risk management committee including senior executives, identifying risk throughout the organization and working with their information technology team to implement new standards.

In addition to internal changes, banks can also work with regulators to create new standards for issues like incentive compensation that work for both parties, said Barak J. Sanford, managing director of Promontory Financial Group, a financial services consulting firm.

“They’re very much open to looking at different structures,” Sanford said of regulators’ approach to incentive compensation programs. “I think over time as industry practices start to gel, there’ll be less of an opportunity to be an outlier.”

The banking industry update panel was hosted by Grant Thornton Wednesday at the Grand Hyatt Hotel in New York.