Regulatory Reporting: 10 suggestions to keep you in control
Accurate and timely reporting to the appropriate regulators is a growing requirement for almost every organisation. If you’re in the financial sector, you’re facing a particular level of demand from the regulators that is unprecedented, but you’re not alone.
From those with real and recent experience of delivering what is needed, here is their summary of the challenges and their top 10 recommendations to help deal with them in the right way.
REGULATORY REPORTING—THE CHALLENGE
We’ve never seen such a pace of change
Seeing many regulators requesting lots of reports?
Of course, and for lots of very good reasons the degree of regulatory reporting expected of institutions across Europe is unprecedented.
And the requirements are complex, with a level of detail not seen before. Think about regulations such as FINREP, COREP, Asset Encumbrance, FDSF and Bank of England, and there are many more.
For the foreseeable future you’re going to be busier than ever satisfying many demands on your data.
If you think you see a light at the end of the tunnel, you’re probably seeing another train coming your way.
We’ve got much of the data but the quality isn’t what it needs to be
It’s clear that regulatory reports are only as reliable as the data used to source them.
It’s not just reliable data the regulators are wanting—it’s often data that has never been sourced before.
So the struggle is sourcing the data, manipulating it, believing it and reconciling it. None of this is easy.
Having confidence in the integrity of the data is important, but it’s not easily gained and it’s quickly lost if things go wrong.
Sorry, what is it you want?
Interpreting the guidelines and requirements set out by the regulators is not always straightforward.
Annex’s such as those released by the European Banking Authority (EBA) in particular are highly detailed and lengthy.
Understanding statements made in these documents require subject-matter expertise and even they can struggle with the lack of clarity and apparent contradictions.
To compound the challenge, interpretation differs between regulators, so getting it right for one regulatory report doesn’t mean you can relax.
We need experts—where are they?
Dealing with the complexity of regulatory reporting demands specific subject-matter expertise that is in very short supply.
Organisations need to pull in skills and knowledge from their own team and acquire the additional skills they need. Problem is—everyone is trying to do the same thing.
“We’re seeing requirements that are complex, unclear and sometimes contradictory”
Are there tools out there that can help?
Yes there are. It’s great that there are many specialist applications on the market that support the delivery of regulatory reporting requirements.
What’s not so great is the reality. It’s early days and the lack of regulatory clarity applies to the designers of these applications as well.
It’s risky to assume they are a panacea until their benefits and limitations are really understood.
In addition, these applications still require accurate, reconciled, tested and aggregated data to be provided by you.
They also need significant configuration, which has proven to be a far more complex, lengthy and costly process than some anticipated.
Remember also that these solutions introduce a ‘black box’ element into the end to end delivery and the rules used by these tools are likely to be covered by IPR and not easily visible.
These reporting tools will mature over time but they will still be in a state of flux, even after the first submission of a regulatory report is required by the regulator.
This is blowing my budget
The complexity, scale and pace of today’s regulatory reporting requirements means budgets in the tens of millions are not uncommon to support the necessary build, test and implementation activities.
Absorbing the new regulatory reporting regime into existing financial control operations without increasing headcount and budgets is an unlikely aspiration. This is not a zero sum game.
At least the regulators know what they’re doing
Perhaps, but they’re not infallible.
Mistakes have been made and will continue to be made. So last minute changes to both regulation and interpretation will happen.
Some degree of flexibility will be needed by all organisations (and the reporting tools they use) to ensure last minute changes can be handled.
We’re doing fine, we just need to test the reports
End to end testing is a massive challenge.
From the extraction of base data from source systems through to presenting it in a regulatory report, there are many points where errors can be introduced.
Throughout the journey, the data is being manipulated, aggregated, appended, transferred, sorted, filtered, mapped, translated and re-formatted.
At any of these points errors can (and will) be made.
- If testing only focuses on the content of the final report and errors are discovered, at what point were the errors introduced into the data?
- What do you test your final reports against?
- How do you construct expected results with complete confidence?
There is a lot to think about—better sooner rather than later.
We’re not sure which data to use
Regulators now cross-validate data contained across multiple reports and they test for reasonableness and completeness of information.
It’s imperative that regulatory reports are sourced from the same data repositories and data is extracted at the same time to help limit cross validation issues.
OUR EXPERIENCE SUGGESTS 10 ACTIONS TO HELP KEEP YOU IN CONTROL
1. Make regulatory reporting the centre of financial and risk control
To date, regulatory reporting has sat on the side-line of financial and risk control in many organisations.
The pace and scale of regulatory activity now means regulatory reporting has to be put at the heart of what you do.
Regulatory requirements are now driving statutory processes rather than the other way around and you should consider firming up the discipline around some internal processes to enable regulatory reporting to be done properly.
It’s worth challenging the regulator (see point 10) if the requirements seem at odds with what you have done to date. If you can’t give them what they are asking for—challenge the need.
2. Deliver through a project … but not for too long
Historically, regulatory reporting was regularly managed as part of business-as-usual operations.
This is no longer possible and the disciplines and governance of a project are necessary to respond to many of the needs of the regulators in a timely manner.
Do not make the mistake however of delivering regulatory reports through a project for too long.
Transition the reporting into operations at the earliest opportunity to ensure ownership of the reporting is firmly established in the right place.
Business ownership, engagement and sponsorship remain key throughout—the project team can’t do this on their own.
3. Deliver initial submissions quickly by enabling the business owners
Try to enable the experts in the organisation—the ones that own and understand the data—to deliver what they need quickly and iteratively.
Giving them access to the data and the technical resources that they need to manipulate it, will be necessary.
Done this way, as long as everything they do is documented properly, you will get what you need. It may be a little messy, but they’re paving the way for more robust, strategic, enterprise-wide solutions to follow.
This approach also helps to build the skills, experience and insights that will be essential when such strategic solutions come along.
It also has the advantage of making any initial queries far easier to deal with because of the intimate knowledge your team have developed.
4. Focus on the data
The integrity of data underpins the successful delivery of all regulatory reporting projects.
Establish a single source of trusted data early and then build end—end governance and control right through to the output.
What you will find is that there are quality issues that need addressing. These need to be understood and appropriately acted upon.
One sensible piece of advice here is “don’t make a decision on data you don’t trust”.
Fairly obvious, but it’s tough when the clock is ticking.
5. Secure Skills and Knowledge Quickly
Secure SME knowledge quickly. Be ahead of the game, looking at least 18-24 months ahead in the regulatory reporting timetable, planning to bridge any skills shortfall as soon as possible.
If you leave it too late your competitors will have secured all available SMEs.
We can’t stress this enough. You cannot magic these people up.
6. Document requirements thoroughly
Document your businesses interpretations of the regulatory guidelines and associated business rules as thoroughly as you can.
Engage with SMEs in the business early and secure signoff of the interpretations and requirements from appropriate business representatives.
Requirements need to extend to data requirements.
Ensure signoff that particular data items from your data repositories will fulfil the interpretations agreed by the business.
An experienced business analyst running this work-stream is crucial to its success.
7. Make the deadline work for you
In the worst case you can have a fixed deadline from the regulator, an unclear requirement and the probability of things changing.
To give you the edge, fill the plan between now and the deadline with smaller milestones and establish pace and urgency in the team around these.
A plan with lots of white space is dangerously deceptive and you need the milestones to help you focus on making all the progress that you can, whilst you can.
8. Approach specialist regulatory reporting applications with care
Think very carefully about what sort of strategic application you need.
Do you have a robust and comprehensive data model? If so, you need an application that helps in “simply” populating the regulatory templates and supporting submission.
Or do you need an end—end solution, including a ready—built data model and everything from there, through to submission management?
Whatever your specific need, remember that it’s quite early for some of the reporting applications available and each is likely to demonstrate significant shortcomings and risks.
It’s vital that you understand what you need and then approach possible solutions with caution.
Think carefully about the degree of configuration that will be needed, the amount of work remaining for your team outside of the application and the availability of skilled data and technical personnel to support you.
9. Budget appropriately
Responding to the needs of the regulators will cost money.
Ensure there is adequate budget to cover the full end to end lifecycle of a major regulatory programme.
Ensure there is budget for contingency, the ability to run reports under project governance for a fixed period of time and the ability to secure sometimes costly SMEs.
Also, budget to fix any shortfall in the data estate of your organisation.
10. Maintain good relationships with the regulators
Finally, but most importantly, maintain a good relationship with the regulator.
Maintaining an honest and open dialogue with the regulator is crucial, even if sometimes the message is a difficult one.
Experience shows the more open and honest the relationship, the more pragmatic and reasonable the regulator will be.
“Don’t be afraid to challenge the regulators—they’re not the enemy and they are certainly not unreasonable”
11 May 2016