Digital regulatory reporting: keeping the baby and the bath-water

2020/01/23

The UK Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have recently published consultations[1] about operational resilience in banks, building societies and major investment firms. These financial institutions will be required to identify key business areas and judge their impact on operations, including IT and data processing. Coupled with the PRA’s intention to commission Section 166 Skilled Persons Reports on regulatory data[2] – and in the wake of record fines[3] in 2019 for poor data quality and governance – reporting practices and processes are facing greater scrunity than ever.

It is not just financial institutions who are affected. The regulators are emphasising that responsibility lies with regulated firms. However, a secondary effect will be felt by organisations servicing those institutions’ IT and reporting needs. Although not on the front line, software vendors and consultants will be asking themselves how well they would stand up to scrutiny if their clients’ key business operations were to fail. In normal times, banks’ providers remain relatively incognito. However, when things go wrong, providers could well find themselves inadvertently propelled into the public eye on the back of formal regulatory action against their clients. Increased regulatory attention on data and reporting therefore indirectly increases the risk of adverse consequences for providers, similar to those of their clients: unwanted publicity, financial loss and reputational damage.

2020 is the year for enhancing regulatory reporting knowledge, whether from a risk, financial or operational perspective. For many banks, building societies, investment firms and their regulatory reporting support services – whether in-house or external – upskilling and continuing to seek efficiencies in the relentless world of regulatory data and reporting should be top of the agenda.

Initiatives such as Digital Regulatory Reporting (DRR) and automated solutions for regulatory reporting are aimed at creating efficiencies through consistent interpretations and traceability, which are at the heart of data transformation. However, robust knowledge will still be needed – perhaps more than before - when embracing new technologies for regulatory data. This knowledge encompasses business concepts, technical implementation and the overarching policy rationale behind reporting requirements. A common understanding of these components of regulatory reporting, shared between technology, business, financial and risk experts, makes it more likely that future technology will encompass data used in business operations in addition to traditional risk management information. It is this greater connection – aligning commercial and prudential interests – that will enable regulatory technology benefits to be realised by both supervisors and the regulated community, when supported by robust processes and strong data governance.

Collective memory is also important in adopting new reporting technology. If reasons for technology design and interpretation of requirements are unclear or not properly documented, future technological changes would be made without necessarily fully appreciating the original purpose – and therefore the potential uses - of ‘golden source’ data. This risks unintended consequences and inefficiences in future development. Without understanding how data requirements originated, future users cannot be certain what the information really tells them, and therefore how it can be used to inform them better in future. To quote the writer Terry Pratchett: “And if you don’t know where you’re going, you’re probably going wrong.” Establishing a baseline understanding of data - its sources and its application in both financial and risk management - would allow the benefits of DRR and automated data solutions to be maximised.

For the foreseeable future, therefore, financial institutions continue to need a clear foundation knowledge of regulatory reporting, both technical and business-related. This will stand them in good stead for the imminent changes and challenges of 2020 and beyond, such as:

• the Bank of England’s future data strategy[4]
• the phased introduction of CRR II
• the enhanced operational resilience framework envisaged by the PRA and the FCA
• greater regulatory scrutiny of data quality and governance
• the replacement for the shared GABRIEL platform for PRA, FCA and COREP data submissions
• a possible new approach to UK supervisory policy in light of a changing relationship with European Union regulations.

With our training partner IFF, we offer an accredited 100% online distance learning programme: The Mechanics of Regulatory Risk Reporting. More information is available here.