RegTech & Regulatory Reporting: Part 1: The Reporting Challenge
Regulatory reporting is simply the submission of raw or summary data required by regulators to evaluate a bank's operations and its overall health which thus determines the degree of compliance with required regulatory provisions. The salience of this issue increased dramatically after the 2008 financial crisis as both the volume and complexity of regulation increased in order to prevent a repeat of the subprime mortgage meltdown. In response to the ever-evolving regulatory landscape, many financial institutions have implemented automated processes to generate required reports more efficiently.
While automation provides an easy solution in theory, its practical application is far more challenging. This manifests from the problem of trying to fit a one-size-fits-all solution to a diverse and multi-faceted regulatory reporting challenge. Regulatory reporting requirements differ around the globe. In some nations, the entire banking spectrum is controlled by the government. In others, the government, rather than having complete control, establishes restrictions requiring institutions to disclose accurate and timely information on a regular basis. However, no matter where the nation lies on the approach 'spectrum', regulatory reporting remains an essential part of a financial institution's obligations.
Regulatory reporting is crucial in reducing the smoke and mirrors between the regulator and the regulated. The data gathered ensures the regulator understands a banks, inter alia, liquidity management, asset liability management, foreign exchange exposure and risk management in order to give an overall impression of its financial health. Once the data is gathered and analysed, if the regulator recognizes an 'unhealthy bank' - one that is overly exposed to risk - then mitigating measures can be implemented before disaster potentially strikes.
Banks must collect data for several required reports governed by the statutory requirements in the counties in which they operate. Such statutes include: MiFID II and MiFIR, which significantly expand the scope of reporting, European Market Infrastructure Regulation (EMIR), a reporting regime for derivative transactions, and Dodd-Frank, introduced in the US in 2010 in response to the financial crisis requiring the aggregation, analysis and reporting of large volumes of disparate data in order to provide improved oversight of systemic risk.
The requirements stipulated in these acts are increasingly driven by data, with regulators requiring data of a greater granularity and at a greater frequency. Risk data is that which is required to asses compliance with regulation and needs to be of 'high quality' i.e. structured, well defined, accurate and complete. This sounds relatively straightforward, but beneath the surface, complexities arise. For example, The Basel Committee's 'Principles for effective risk data aggregation and risk reporting' set very specific requirements regarding the aggregation of risk data. This includes a dictionary of concepts to define concepts so as to ensure consistency across the group and consistent data taxonomies and architectures. Hence a simple concept like regulatory reporting, when broken down into its constituent parts such as data aggregation, management and then reporting, becomes much more complex.
While the practices outlined by the Basel Committee require data aggregation to be mostly automated and centralised, in reality legacy IT systems and legal impediments make the process of regulatory reporting far more manual and labour intensive. Legacy IT systems inhibit the aggregation of data from across a financial institution as the legacy systems consist of older technology often built from incompatible systems (due to mergers and acquisitions) in different jurisdictions. This issue is often aggravated by legal requirements such as recovery and resolution planning which requires systems in different subsidiaries to function independently leading to the siloing of systems,
Regulations regarding data localisation, protection, security and privacy can further complicate data aggregation. For example, it may be required that data from a subsidiary in a certain geography be exclusively stored, processed and analysed in that jurisdiction meaning data must be managed in decentralised warehouses. Furthermore the cross-jurisdictional nature of financial institutions also impedes the aggregation of gathered data. This is often due to differing definitions of central concepts between jurisdictions. For example, if the definition of 'short-term debt' in one jurisdiction includes repos, but in another jurisdiction it does not, then the data cannot be aggregated meaningfully unless the definitions are harmonised. Therefore, legacy IT systems, data regulations and inter-jurisdictional differences impedes the efficient and prompt gathering and aggregation of data across a financial institution resulting in the increased difficulty of compliance with evermore complex regulation.
The issues discussed are all prior to submitting data to regulators, but further difficulties manifest even with the filing of reports. Regulators are at least using online portals for the submission of data but they often require forms to be filled out manually, have file size limitations and encourage the submission of 'paper-like' documents such as PDF files. This is often labour intensive and, as a result, can introduce human error.
In summary therefore the key reporting challenges faced by financial institutions are:
Multiple sources of information: there is no single source of information that banks can utilise to form the necessary reports. Banks must aggregate data from across the group and across jurisdictions which increases complexity.
Inaccuracy of data: due to the multiple sources of information used to gather information including financial statements, risk reports and submissions for capital adequacy, financial institutions need reconciliatory systems to cross-check and verify data.
Multiple report formats: different jurisdictions often require different formats of report and within these different jurisdictions, different report formats are required for different reporting aspects. The flexibility thus required by banks is frequently beyond the organisational systems inherent to the bank itself.
Talent shortage: banks now require capabilities that are diverse and typically beyond the traditional role of financial service employees. The complexity of the reporting process is now beyond the ability of human cognizance which now requires machines to do much of the 'heavy-lifting' thus now requiring data scientists and software engineers.
In part 2, we will be discussing how RegTech can help financial institutions overcome these regulatory reporting challenges looking at solutions including cryptographic technologies, machine learning, blockchain and robotics. Stay tuned!