The regulatory reporting framework for banks has evolved rapidly in the years since the onset of the global financial crisis. Rule-makers and supervisory authorities around the world are creating an increasingly onerous edifice of overlapping but often data-driven requirements.
Quite simply, most banks do not have proper controls over the huge portfolio of non-financial regulatory reports (NFRRs) they must produce: the risk reports, liquidity reports, stress tests, trading reports and almost countless others. In fact, says Che Sidanius, Director, Capital Markets at KPMG, “Many banks simply don’t have a good handle on the inventory of reporting requirements with which they have to comply.”
Regulators are now very aware of banks’ reporting shortcomings. They have, for example, noticed significant inconsistencies between firms’ NFRRs and their published quarterly, half-yearly and annual financial statements.
“Those regulators are now starting to take enforcement action,” says Sidanius. “That can seriously affect the risk assessment assigned to banks. It can have significant implications in terms of fines and reputational damage and, of course, for senior bank management personally.”
Right at the heart of these reporting problems is a still-unresolved issue with the quality and accuracy of the data held by banks. Many are today spending many millions of dollars addressing this area, driven not only by the need to improve their regulatory reporting but also to comply with regulations aimed specifically at the problem of data.
For example, the Bank for International Settlements regulation BCBS 239 (Principles for effective risk data aggregation and risk reporting, or PERDARR), was a direct response to regulators’ concerns that the risk reports being generated by globally and domestically systemically-important banks (G-SIBs and D-SIBs) were based on poor quality data.
The collapse of Lehman Brothers revealed another underlying data flaw. “There was no common standard for agreeing who your counterparties were from a legal entity perspective,” says Sidanius. “When Lehmans failed, no one actually knew which legal entity they were exposed to.” Now, banks are scrambling to meet MiFID 2’s January 2018 deadline to ensure that all their counterparties and clients have legal entity identifiers (LEIs).
Banks are also struggling under the weight of legacy systems that are not geared up for real-time transmission of trade data: they may use batch-processing or spreadsheets and not be up to the job of satisfying the MifID 2 requirements to report all transactions at a trade level. “The quality of the reporting is very poor and the industry knows that,” says Sidanius.
Across the banking sector, there is a common fundamental flaw that explains all of these reporting weaknesses. “The issue that regularly comes up is that there isn’t a clear governance framework at the Group level of a holistic inventory of the reporting requirements. Nor is there a clear delineation as to who is responsible for what,” Sidanius says. A framework is required that identifies what is needed by each authority and with a real understanding of the data specifications.
The lack of such a framework is highlighted by the way that banks typically operate in silos: for example, derivatives trading group risk reports generated in a bank’s London office may be very different from those produced in the Paris office. There also has to be a quality assurance and remediation process overlaid with accountability. “That has to be embedded as part of the banks’ business-as-usual process,” says Sidanius.
The root of that challenge is that there are many people within the bank whose full time job revolves around manual reconciliation and regulatory reporting – and yet it’s only one more part of the working day for those people who are actually responsible for it. “A lot more onus is being placed on senior management to be accountable for managing the firm,” says Sidanius.
“Senior managers are ultimately responsible for having a view as to where the risks are and what they are doing about them. It’s about having the transparency, the understanding and, above all, a culture of seamless reporting, execution and accountability.”