Financial services companies are facing dramatic increases in the reporting burden. Regulatory requirements are becoming much more demanding and the reach of regulation is extending into previously unregulated sectors of the industry. As a result, reporting requirements are increasing rapidly:
- In banking: Basel III; recovery and resolution planning; increases emphasis on stress testing; Dodd-Frank and the Foreign Account Tax Compliance Act (FATCA) in the USA; MiFID 2 and the European Markets Infrastructure Regulation (EMIR).
- In insurance: implementation of the IAIS Insurance Core Principles; Solvency II; local Risk Based Capital (RBC) reform; FATCA again; recovery and resolution planning; agent and sales-force management; the longer-term implications of accounting change.
- In capital markets: Dodd-Frank will force participants to comply with more comprehensive and real-time regulatory reporting requirements for interest rate, currency, equity, credit and other commodity swaps. This includes all cleared and uncleared trades regardless of the method of execution.
- Proposed new regulations for hedge funds, investment management firms and products such as financial derivatives will all be accompanied by requirements to report to relevant regulators.
Meeting the challenge
In the first instance, the reporting challenge is a matter of data acquisition, systems and analysis. As in all such cases, the implications for investment, operational cost and management effort can be profound. There is scope for efficiencies in all these respects. But the biggest source of efficiency lies in identifying the data required, acquiring it in the best way and ensuring its integrity. In turn, this involves a detailed understanding of the business model and how it operates in practice. Developing this can be an immense undertaking. It is surprising how few companies have a complete, coherent and detailed inventory of the processes and operations underlying their own business through the life cycle of their transactions. Creating a data dictionary to reflect that inventory and gather the information necessary for reporting is made more challenging by the existence of competing reporting regimes: statutory, regulatory, compliance and tax.
From business unit to business unit, product to product, the need is to create a baseline documenting the transaction life cycle and –critically – the management accountabilities for each step and process. Data integrity is crucial. Quality assurance processes are necessary to ensure that any reporting built on the baseline inventory and data is accurate and relevant. Legal entity structures can introduce serious complications when they cut across regulatory and/or reporting lines. A significant cross-referencing component needs to be included in the overall data structure and processes. The regulatory reporting function and the control framework need to work together to ensure that errors are identified and followed up and that the appropriate amendments to procedures are made for the future. Bespoke reporting tools can provide valuable structure and control for the process and can reduce the headcount needed to support ongoing reporting. However, there are also common pitfalls that need to be considered:
- The cost of implementation can be significant, particularly where multi-language reporting requirements exist, technology platforms are diverse and substantial numbers of reports are requested.
- Business requirements need to be clearly defined to ensure that the system will pull the right data in the right format as stipulated by the regulation.
- Although tool vendors may provide support in identifying changes to reporting requirements, organizations should be wary of anyone who promises too much, as the ultimate responsibility will always lie with the regulated entity.
Adaptability and change are key factors. The business model inventory and data dictionary need to be able to cope with different regulators in different geographies. And to be robust against change both in external regulation (which will necessarily continue to evolve) and in the firm’s strategy, business model, product line and so on. For example, the proposed over the-counter (OTC) derivative trade and position reporting requirements under Dodd-Frank will generate profound change to a firm’s business practices, operational infrastructure, supervisory system and governance model. These changes will make the demands on the firm’s operational infrastructure even more critical to success and to regulatory compliance. A compliance reporting strategy therefore has to be flexible and anticipatory, using foresight to try to stay ahead of future requirements. The governance process for change management (see panel) is critical to effective change management.
In an ideal world, the different reporting requirements which companies face would be consistent and compatible, drawing on the same single set of data. Moves toward harmonization can be seen. But for the present, it is clear that compliance reporting will remain a complex and costly burden.
Securing the benefit
Is it all bad news? Far from it. The data collection, analysis and quality assurance systems necessary for gathering relevant compliance reporting information are precisely those aspects which management information systems should be embracing. Senior management and the board need exactly this information to monitor performance and ensure the successful implementation of corporate strategies and business models. The adaptive and future-proof character of an excellent reporting regime should provide a valuable foundation for future business development. Identifying accountabilities clearly at each stage of transaction life cycles can be a valuable tool for streamlining management structures and processes.
Investment in an effective compliance reporting regime should therefore also be an investment in developing major competitive advantage.
Regulatory philosophy is moving in a compatible direction, away from a box-ticking model to embrace a more holistic assessment of the business model:
“There needs to be an effective board that ‘sets the right tone’ from the top. An effective board is one which crucially, understands the circumstances under which their firm would fail and constantly asks the ‘what if’ questions. To do this well, a board needs to understand its business model, understand and focus on the material risks, and challenge the executive on the execution of a strategic plan.”1
The UK Financial Services Authority is similarly requiring companies to identify senior executives with a ‘significant influence function’ who are responsible for dealing with particular regulatory or enforcement concerns. The regulators’ concern for clarity over who is responsible for delivering significant actions is fully congruent with the company’s own interest in effective senior management. In the end, then, there is a complementarity between the regulatory perspective and that which is most effective for financial services companies themselves. Regulators are increasingly adopting a risk-based focus on the business model and tailoring reporting requirements to information which illuminates the relevant issues. This is exactly the approach that forward-looking companies should be taking to meet the challenge of compliance reporting – managing the business through a deep understanding of the risk profile and business model performance.
1. Hector Sants, FSA, ‘Delivering effective corporate governance: the financial regulator’s role’, 24 Apr 2012, Speech at Merchant Taylors’ Hall