GovernanceRegulationThe Challenges of Regulatory Reporting

The Challenges of Regulatory Reporting

The phrase ‘challenges of regulatory reporting’ means different things to different organisations. There is no doubt that within the financial services sector the speed of change and increase in complexity remains high on the agenda.

Cost of Compliance

The cost of compliance does still seem to outweigh the prospect of facing a regulatory fine and associated reputational damage. Adherence to regulatory requirements does not necessarily equate to increased revenue and better bottom lines. This may go some way to explaining why there is still perceived resistance when trying to secure budget for regulatory initiatives in comparison to revenue generating projects. It will be interesting to see the impact of the extension on the Senior Managers and Certification Regime (SMCR), and how the prospect of being held personally accountable will help to drive up client protection and regulatory adherence, rather than satisfying shareholders’ expectations.

Regulators

Regulators themselves do not always get things right first time. Only recently, the Financial Conduct Authority (FCA) had to suspend receiving data into their Market Data Processor (MDP) in respect of MiFID II Transaction Reporting. The issue appeared to be in respect of too many files being received at the one time, and the sequential processing of these files not operating correctly.

In addition, the implementation of MiFID II has resulted in some changes in respect of CASS. Organisations may find this a little surprising given that CASS itself went through a major overhaul, as a result of policy statement PS14/9 ‘Review of the Client Assets Regime for Investment Business’. Although there is a tenuous link to regulators not getting things right first time, this highlights the speed of change that organisations are facing.

Organisations therefore need to be able to respond to last minute changes to regulations both from an interpretation perspective as well as ensuring such changes can be implemented. The more flexible and adaptable an organisation’s reporting tools are, the better placed they will be to react to such change.

Governance

A robust governance framework has a large part to play in regulatory reporting and on-going compliance. Key governance components include culture and behaviours, policy and procedures, systems and controls and assurance. The final output is of course regulatory reporting but the journey to get there can be long and winding. Can an organisation link their regulatory rules to their processes, to their controls, to their roles and responsibilities and to their risks? Does an organisation have senior management oversight and controls in place, is there clear lines of sight and delegation, and is compliance embedded in culture and behaviours? These are tough questions which are particularly difficult to address in larger, more siloed organisations. However, the SMCR or accountability regime, as it is commonly referred to, will refocus attention.

Data is ‘King

The reality is that many organisations are typically faced with multiple different systems that do not talk to one another and multiple different data feeds in different formats with spreadsheets and macros thrown in for good measure. This is not necessarily a criticism – it is no mean feat to be able to extract, amalgamate and consolidate data from core systems, whose primary purpose is not to support regulatory reporting.

These systems are designed for operational purposes, albeit the data contained within them is required in some way, shape or form to satisfy regulatory reporting requirements. However, without automated control frameworks and reporting solutions, organisations are typically faced with manual financial control processes, many interfaces both internal and external, more manual intervention, in particular as volumes grow, and the perception that regulation is an increasing burden. None of these attributes support the notion of robust systems and controls, or indeed a good governance framework.

Therefore, there is now not just a real need, but a real desire by firms to automate their reporting regimes, not only fuelled by the complexity and speed of change of regulations, but also by the increased interrogation from external auditors as well as regulators. The FCA, for example, expect better record retention and record keeping to drive up client protection in respect of client money and custody assets. CASS auditors are now looking more closely at systems and controls, in order to see if they are ft for purpose

Conclusion

In AutoRek’s experience, regulatory reporting submissions are only as good as the data they contain. Constant activity which encompasses formal preparation, robust submission, comprehensive sign off and approval, and on-going maintenance and review are some of the key components needed to have confidence in submissions. In summary, it’s the linking of the regulations to processes, to controls, to roles and responsibilities and to risks, all of which are underpinned by robust, automated control regimes, data validation and integrity and comprehensive audit trails. Overall this will give you confidence in your regulatory reporting and ongoing compliance. To end on a slightly brighter and perhaps idyllic note, could we dare dream that one day no new regulatory reporting requirements will be proposed until the economy stabilises, and regulators align. Perhaps this is a step too far, but one thing we know for sure is that regulatory reporting and the challenges that go with it are here to stay.

Related Articles

OFAC: Taking their foot off the gas?

Regulation OFAC: Taking their foot off the gas?

3w Colin Camp
PSD2 and MiFID II: Meeting the challenges and cost of compliance

Regulation PSD2 and MiFID II: Meeting the challenges and cost of compliance

1y Melaine Campbell
10 weeks to PSD2 implementation: What you need to know

Banking 10 weeks to PSD2 implementation: What you need to know

1y Alex Hammond
A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

Bank Relationships A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

2y Patrick Lastennet
Brexit confusion over MiFID II compliance: Let the preparations begin…

Compliance Brexit confusion over MiFID II compliance: Let the preparations begin…

2y Matthew Bryars
Payment security and PCI compliance: five questions, five myths

Compliance Payment security and PCI compliance: five questions, five myths

2y Kristen Gramigna
US green light for bitcoin options exchange

Financial Services US green light for bitcoin options exchange

2y Graham Buck
Financial firms ignore the GDPR at their peril

EEA Financial firms ignore the GDPR at their peril

2y Robert Rutherford