RegTech Insight Knowledge Hub
In a nutshell: Regulatory reporting comprises the submission of raw or formatted data as required by regulators to evaluate and track the financial and operational status of financial institutions and their compliance with required regulatory provisions.
Read on in our Knowledge Hub ‘Everything you need to know’ section to understand the full details of what regulatory reporting is all about, the key requirements, the different requirements for reporting by regulation, and the technological challenges it represents.
You can also take a look at all the latest content we have related to the topic regulatory reporting. And you can see a listing of key vendors delivering regulatory reporting solutions.
Specialist RegTech provider Shield Financial Compliance has launched the cloud-enablement of its compliance platform, which offers regulation compliance monitoring across a range of eComms channels covering the data lifecycle from capture and record keeping to analysis and investigation, utilising AI, NLP and Visualization capabilities. The new cloud deployment platform is designed to offer financial institutions…
By Burt Esrig, Managing Director and Michael Lehman, Partner, ACA Compliance The RegTech industry has exploded, with over 250 RegTech businesses worldwide and $1bn invested last year, as firms look to beat the regulators and the competition. But firms still aren’t doing enough. There have been $26 billion in fines for non-compliance with AML, KYC and sanctions regulations over the past decade….
The Brexit deal may still be up in the air but even as the Government scrambles to resolve a seemingly insoluble impasse, regulators are paddling hard under water to attempt a (relatively) seamless transition should the UK depart on March 29 with no deal. The UK Treasury has drafted legislation giving the FCA temporary power…
From September 1, 2018, firms within the scope of MiFID II that breach volume thresholds set by ESMA on August 1, 2018 for internal matching of client orders will be required to register as systematic internalisers (SIs) and operate within the SI regime detailed in the regulation. Sounds pretty straightforward, but that is far from…
The fund management industry’s shift to passive funds and embrace of smart-beta funds over the past decade or so has shaved margins to the extreme. In this environment, operational efficiency becomes an existential issue. Across a broad swathe of asset classes, front-office technologies have kept pace with massive changes in market structure driven by regulation…
Many firms within the scope of Markets in Financial Instruments Directive II (MiFID II) struggled to meet the regulation’s deadline of January 3, 2018 and are now waking up to the fact that many of the processes put in place for implementation day are not sustainable. To achieve and maintain MiFID II compliance over time…
You can listen to the recording of this webinar by registering on this page. Over the past few years, about 90% of data management has been dedicated to the operational requirements of data governance and regulatory compliance, but this is changing rapidly as financial institutions look to exploit and drive business value from data. At…
You can listen to the recording of this webinar by registering on this page. The January 1, 2022 compliance deadline for Fundamental Review of the Trading Book (FRTB) regulation may be three years out, but if your organisation is within scope of the rules, the time to address their data management challenges is now. Will…
We’ve asked over many years how financial institutions can find common ground for data management processes to meet the requirements of multiple regulations, such as MiFID II, MiFIR, EMIR, MAR and BCBS 239. While this is a goal most firms have aspired to, the reality of pressing deadlines for regulation after regulation meant firms had…
Data lineage has become a critical concern for data managers in capital markets as it is key to both regulatory compliance and business opportunity. The regulatory requirement for data lineage kicked in with BCBS 239 in 2016 and has since been extended to many other regulations that oblige firms to provide transparency and a data…
In a testament to the enduring popularity of the A-Team Regulatory Data Handbook, we are delighted to publish a sixth edition for 2018-19 of our comprehensive guide to all the regulations and rules that might impact data and data management at your institution. As in previous editions of the Regulatory Data Handbook, we have updated…
Six months after Markets in Financial Instruments Directive II (MiFID II) went live, how compliant is your organisation? If you took a tactical approach to cross the compliance line on January 3, 2018, how are you reviewing and renewing systems to take a more strategic approach and what are the business benefits of doing so?…
Everything you need to know about: Regulatory Reporting
What is Regulatory Reporting?
Regulatory reporting comprises the submission of raw or formatted data as required by regulators to evaluate and track the financial and operational status of financial institutions and their compliance with required regulatory provisions. Due to the complex regulatory environment that has emerged since the 2008 financial crisis and the multiple, evolving regulations applicable to financial institutions, most organisations have implemented automated processes to generate required reports in a timely fashion.
However, differing regulatory requirements across jurisdictions, multiple and occasionally conflicting reporting formats, multiple sources of information, inaccurate and poor quality data, frequently modified reporting templates, and continuously evolving regulations can create significant challenges for financial institutions. These challenges can be addressed through the implementation of effective, efficient and appropriate technology solutions.
Who are the regulators?
In the UK, financial institutions including banks, building societies, investment firms, credit unions and insurers must provide regulatory returns to the Prudential Regulation Authority (PRA).
The Financial Conduct Authority (FCA) regulates the conduct of the retail and wholesale financial markets and the infrastructure that supports those markets. It covers around 58,000 firms, including the proactive regulation of fixed and flexible portfolio firms and the prudential supervision of over 18,000 firms, including asset managers, financial advisers, and mortgage and insurance brokers.
Where firms are dual-regulated, the PRA and FCA work together to ensure regulatory reporting processes are efficient, and share data to ensure that firms are only asked to submit data once. The regulators also share data on firms that are not dual-regulated where necessary, in order to ensure a complete overview of the market.
In addition, some regulatory data for PRA firms is still collected by the FCA. This includes reporting via the FCA’s GABRIEL system (an online system for collecting and storing regulatory data from firms), the submission of firms’ controllers and close links reports, and the reporting of changes to firms’ standing data.
FCA Regulatory Reporting Requirements
In Europe, regulatory reporting is supervised and managed by the European Banking Authority (EBA). The EBA has mandated two frameworks to achieve harmonised supervisory reporting standards for regulated institutions across the EU: the Common Reporting Framework (COREP) and the Financial Reporting Framework (FINREP), which were both introduced as part of Capital Requirements Directive IV (CRD IV).
As a general rule, COREP covers credit risk, market risk, operational risk, own funds and capital adequacy ratios. Firms including banks, building societies and investment firms are required to report under COREP, while credit institutions applying International Financial Reporting Standards (IFRS) for accounting report under FINREP.
In the US, all financial and regulatory reporting is submitted to the Federal Reserve, with regulatory reporting requirements supervised and managed by the Federal Reserve Board (FRB).
Who needs to know?
All regulated financial institutions including banks, financial advisors, insurance firms, investment firms, mortgage and home finance firms, intermediaries and brokers need to report.
Key job titles include: regulatory reporting manager, head of regulatory reporting, head of compliance, head of regulation, head of regulatory affairs, regulatory change liaison, regulatory response lead, regulatory analyst.
What are the key regulations requiring reporting?
The key regulations creating today’s complex reporting regime are those issued after the 2008 financial crisis and aimed at avoiding further disruption on the scale of the crisis. Additional incoming regulations follow similar objectives of ensuring market transparency and investor protection, and could put more pressure on compliance departments. Some of these regulations include:
- Markets in Financial Instruments Directive II (MiFID II) and Markets in Financial Instruments Regulation (MiFIR),which took effect on January 3, 2018 and significantly expand the scope of reporting.
- European Market Infrastructure Regulation (EMIR), a reporting regime for derivative transactions that took effect in April 2014
- Securities Financing Transactions Regulation (SFTR), which is expected to go live in Q1 2020 and coversthree key requirements including transaction reporting, disclosure obligations and collateral reuse obligations.
- Dodd-Frank, introduced in the US in 2010 in response to the financial crisis, and requiring the aggregation, analysis and reporting of large volumes of disparate data in order to provide improved oversight of systemic risk.
- The US Consolidated Audit Trail (CAT), which is in development and requires broker-dealers and national security exchanges to provide detailed trade information to a central CAT repository.
- AnaCredit,a project implemented in September 2018 to create a dataset containing detailed information on individual bank loans and deposits in the Euro area.
MiFID II is intended to improve transparency for regulators of financial markets. Requirements therefore include pre-trade and post-trade disclosure of order details, as well as transaction reporting that includes identifying reference and post-trade data, and the identification of waivers for large orders, illiquid instruments, short selling and commodity derivatives. The Legal Entity Identifier (LEI) replaces BIC or internal codes in reporting.
Pre-trade transparency: MiFID II extends pre-trade transparency obligations to organised trading facilities (OTFs), regulated markets and multilateral trading facilities (MTFs). They permit ‘carve outs’ to allow for deferral of pre-trade data. Authorities may waive obligations to publicise pre-trade information for block trades, actionable indications of interest large enough?to expose liquidity providers to undue risk, derivatives not subject to trading obligations, and other instruments without a liquid market.
Post-trade transparency obligations are also extended to make price, volume and time of transactions available to all trading venues, although block trade information disclosure may be deferred by authorities.
MiFID II requires qualifying firms to report order data to Approved Publication Arrangements (APAs), which publish consolidated order data on a commercial basis.Firms are also required to report trade information – price, volume and time of execution – for all transactions they conduct to their chosen APAs in near real time. Finally, firms are required to file more detailed post-trade transaction reports to Approved Reporting Mechanisms, such as those operated by Euroclear, TRAX, London Stock Exchange/Unavista, Getco Europe, Abide Financial and Bloomberg.
Transaction and trade reporting: MiFID II expands on the EU-wide harmonised transaction reporting regime introduced by MiFID adding requirements including identification of waivers for large orders, illiquid instruments, short selling and commodity derivatives. While MiFID reporting applied to trading?on regulated markets, MiFID II reporting includes any instruments traded on any venue throughout the EU,?as well as underlying instruments that are traded. This includes over-the-counter (OTC) transactions of these instruments, as well as any index or basket of instruments that contains any single instrument traded on any EU venue. An exemption is introduced for investment managers transmitting orders to brokers for execution, under the condition that the transmission includes details of the trade, clients involved and designation of any short sales. Firms will have to report either directly to regulators or through ARMs.
The fields and information required as part of MiFID II reporting also increase significantly, reaching at least 81 in number, up from 23 under MiFID. Additional fields include algorithm identification codes, natural person identifiers and trader identification codes. Foreign exchange, interest rates and commodity derivatives are also added to the instruments covered by the directive.
While MiFID II focuses on market infrastructure, MiFIR builds out transaction reporting requirements by setting out a number of new reporting obligations, and complements the directive’s commitment to trading data transparency. Under MiFIR, instruments that must be reported include all derivatives admitted to regulated markets, including currently exempt commodity, foreign exchange and interest rate derivatives, all instruments on multilateral trading facilities (MTFs) and organised trading facilities (OTFs), and all instruments that could change the value of instruments trading on any of these venues.
The regulation adds a number of fields to transaction reports, including fields designed to help spot short-selling traders, and trader and algorithm fields designed to identify the individual or program executing a transaction.
A decision on a standard reporting format for MiFIR has been made, with a publication from the European Securities and Markets Authority (ESMA) stipulating that transactions must be reported using the ISO 20022 formatting standard. Firms will need to accommodate this standard, which will be used to submit data from all stages of order execution to relevant regulatory authorities.
From a trader’s perspective, MiFIR has extensive implications for disclosure practices. Relevant data to include in a report might involve the bid and offer prices and the extent to which the parties invested in the trade, the volume and time of the trade execution, and any noted systemic issues.
Like MiFID II, MiFIR mandates data transparency. Most of its transparency requirements are around post-trade data processes, but it does cover some pre-trade transparency requirements, such as equal access to trading opportunities data. The regulation’s post-trade transparency requirements call for alterations to the trading environment as data such as prices, quotes, execution times and volumes must be published publically. The extension of transaction reporting to additional asset classes means firms must submit more information to regulatory authorities.
European Market Infrastructure Regulation (EMIR) is an EU regulation aimed at improving the transparency of over-the- counter (OTC) derivatives markets and reducing the risks associated with these markets. EMIR came into effect on August 16, 2012, with a reporting deadline of February 12, 2014. In August 2014, the regulation introduced a requirement for financial counterparties and non- financial counterparties to provide daily reports on mark-to- market valuations of positions and on collateral value.
Under EMIR, both counterparties to a trade must ensure that data related to a concluded trade, as well as counterparty data related to the entities involved in the trade, is reported to a trade repository. Both OTC and exchange-traded derivatives must be reported, as well as lifecycle events such as give-ups and terminations. Firms have until the working day following the trade to meet reporting requirements, which presents challenges in ensuring the quality and accuracy of counterparty data, and its timely delivery.
Other reporting issues include the need for firms to conduct an analysis of all their counterparties so that they can fulfil the regulation’s classification requirements. This raises data management concerns as firms should aim to maintain an accurate list of counterparties so that they can check their status and track any organisations that are exempt from regulation.
EMIR mandates the use of the Legal Entity Identifier (LEI) and the Unique Trade Identifier (UTI), which is common to both parties to a trade, for reporting to a trade repository. The combination of these identifiers in a complex reporting system can be difficult to manage.
Overall, EMIR reporting includes more than 80 fields with data divided between two tables, one containing data about the trading entity and the other listing common information, such as contract details. This data must be reported on both sides of the trade.
In January 2017, EMIR 1.5 was adopted by the European Commission. Banks and buy-side firms within the scope of EMIR are required to comply with the 1.5 updates from November 2017. A key change is an extension of the EMIR trade reporting template so that it aligns with Markets in Financial Instruments Directive II (MiFID II) reporting templates. This means EMIR 1.5 will cover OTC derivatives trading across all asset classes. In particular, market participants will be required to report complex derivatives contracts composed of a combination of several other derivatives contracts. EMIR 1.5 also brings OTC derivatives contracts derived from credit instruments into scope.
Securities Financing Transactions Regulation (SFTR) is an EU regulation and part of a drive by the EU to increase transparency of activities that are broadly categorised as shadow banking. The regulation is designed to highlight transactions that could pose a significant level of systemic risk and specifically sets out requirements to improve market transparency of securities financing transactions (SFTs).
To achieve improved transparency, SFTR requires all SFTs and associated collateral to be reported to an EU approved trade repository, making the transactions visible to relevant EU regulators.
From a technical standpoint, similar to EMIR, SFTR includes two-sided reporting. This affects both financial and non-financial institutions engaging in SFTs and requires them to report details of their transactions. This requirement will be phased-in according to the following timeline:
- Phase 1 – Investment firms and credit institutions (Day 1)
- Phase 2 – CCPs and CSDs (After 3 months)
- Phase 3 – Insurance, pension funds, AIFs and UCITS (After 6 months
- Phase 4 – NFCs (After 9 months)
The European Securities and Markets Authority (ESMA) presented the first SFTR reporting technical standard (RTS) to the European Commission on March 31, 2017. However, this was not adopted within the required three months. According to the latest news from the European Commission (as of July 2018), the Level 2 SFTR RTS will be adopted by Q1 2019, making Q1 2020 the go-live date.
Key elements of SFTR from a regulatory reporting perspective include:
Disclosure of information: UCITS must specify the SFTs which funds are permitted to use, including a clear statement of which of those are being used.
Collateral reuse:The counterparties involved in SFTR have the right to reuse financial instruments received as collateral as long as certain conditions are satisfied.
Transaction reporting: The regulation is structurally identical to EMIR on the reporting side. Both regulations require counterparties to report the details of any lifecycle event on a T+1 basis timely fashion. Counterparties to an SFT will be required to keep record of the transactions that have concluded, been modified or terminated for at least five years following the termination of the trade, as is currently required under EMIR. Trade repositories will apply a two-way key (LEI and UTI) regardless of whether or not both counterparties to each SFTR contract have reported to the given trade repository.
Extraterritoriality: SFTR represents the first ever introduction of an extraterritoriality reporting requirement in the EU, meaning that the regulation covers SFTs conducted by any firm established in the EU, regardless of the location of the individual branch.
In the US, the Dodd-Frank regulation that was introduced in 2010 in an attempt to prevent the recurrence of events that triggered the 2008 financial crisis. The regulation primarily covers the swaps market, which was previously unregulated, and is designed to promote the financial stability of the US by improving accountability and transparency in the financial system, monitoring companies deemed ‘too big to fail’, and protecting taxpayers and consumers from abusive financial services practices.
Dodd-Frank includes a large number of rules implemented by the US Securities and Exchange Commission (SEC), along with additional reforms designed to strengthen the nation’s financial infrastructure, improve transparency and reduce risk. The introduction of such widespread reform raised significant data management challenges for many financial institutions. One major challenge is the requirement to aggregate, analyse and report on large volumes of disparate data. The aim of the analysis is to provide better oversight of systemic risk, but with it comes the need to develop data architecture that supports stress testing scenarios designed to promote effective risk management and timely and accurate reporting.
To support implementation, Dodd-Frank includes guidelines on managing and analysing data from a variety of sources, as well as guidelines on reporting formats. It also introduces a focus on data standardisation across financial markets that is manifested by the inclusion of the Legal Entity Identifier (LEI), a global standard for unique entity identification that is required by Dodd-Frank not only for reporting, but also as the basis for systemic risk oversight and improved transparency.
In May 2018, US Congress implemented the first major rollback of the regulation, voting 258-159 to free thousands of small and medium-sized banks (with less than $250bn in assets) from the strictest reporting requirements and leaving fewer than 10 banks subject to full Federal oversight.
The US consolidated audit trail (CAT) results from the SEC’s July 2012 adoption of Rule 613 of Regulation National Market System (NMS). The rule requires self-regulatory organisations (SROs) to jointly submit a plan – the NMS plan – to create, implement and maintain a CAT. The rule mandates that the NMS plan should require national securities exchanges and the Financial Industry Regulatory Authority (FINRA) to provide detailed information to a central repository – the CAT – covering each quote and order in an NMS security, and each reportable event with respect to each quote and order, such as origination, modification, cancellation, routing and execution.
There are data management implications resulting from creation of the CAT, including the requirements for broker-dealers and national securities exchanges to report data to the repository by 8 am Eastern Time the following trading day for analysis by regulators. SROs and their members must also synchronise clocks used to record the date and time of reportable events, and timestamp the events.
The rule allows the SROs to determine the specifics of how market participants report data to the repository and to select a plan processor to create and operate the CAT. The SEC posted a request for proposal (RFP) for the CAT in February 2013. In January 2017, the SROs selected Thesys Technologies to build the CAT, despite expectations that FINRA, operator of the predecessor to the CAT, the Order Audit Trail System (OATS), would win the bid. Under the SRO CAT Plan, the first phase of reporting to the CAT—covering SROs—was required to begin on November 15, 2017. The second phase of reporting to the CAT—covering industry members (other than small industry members)—was required to begin on November 15, 2018, and the third phase of reporting—covering small industry members—on November 15, 2019. In Q3 2017, the SROs requested that the SEC grant exemptive relief to delay the first phase by a year and other deadlines by a year or more. This relief was not granted, and conversations between the SROs, Thesys and the SEC are ongoing. A new Masterplan was submitted to the SEC in May 2018 that called for the first phase (SRO reporting) to commence on November 15, 2018; the second phase (large broker-dealer reporting) on November 15, 2019; and all phases of small broker-dealer reporting to be complete by November 15, 2022. This plan is currently (as of October 2018) under review.
AnaCredit (analytical credit datasets) is a project to set up a dataset containing detailed information on individual bank loans and deposits in the Euro area, harmonised across all EU Member States. The project was initiated in 2011, early adoption was launched in December 2017 and full data collection and complete reporting started on September 30, 2018.
The scope of the data collection covers data on credits extended or serviced by EU credit institutions that are not branches of other credit institutions; foreign branches of EU credit institutions, including non-euro area branches; and foreign branches that are located in the euro area but are part of a credit institution resident outside the euro area. In the first stage, only credit data related to loans of a minimum EUR25,000 and extended to legal entities that are not natural person have to be reported. Loans to private households are not covered, although further phases of the AnaCredit project could be introduced at a later date.
The regulation requires over 100 data points to be reported for each exposure, including 94 data “attributes” and seven unique identifiers used several times across the various templates requested. The European Central Bank expects the information provided to be “granular, exact and detailed.” The required information includes data related to the counterparty (such as LEI code, address, balance sheet total); data related to the instrument (type, currency, status, interest rate type, payment frequency); data related to the collateral (type of protection, location, value); and accounting data (such as accumulated impaired amount, source of encumbrance, etc.).
What data management challenges does regulatory reporting present?
Regulatory reporting is a significant data management challenge for most financial institutions, although it can be eased by taking a harmonised approach that, where possible, manages data once to meet the reporting requirements of two or more regulations. Some of the immediate challenges of regulatory reporting include:
- Data integrity – reporting must meet required standards of accuracy, timeliness, and completeness over sustained periods, requiring firms to establish data integrity and quality assurance programmes.
- Data consistency – firms must ensure data consistency, and standardisation where possible, by establishing policies for the creation and mitigation of standard data and account definitions.
- Data validation – data from many sources in multiple formats must be cleansed and validated to eliminate inconsistencies and create a single repository of contextually correct data.
- Data governance – to ensure data quality and accessibility throughout the data lifecycle, and particularly for regulatory reporting and audit purposes, data governance must be implemented and integrated to support compliance processes and reporting requirements.
- Data reporting – generating timely and accurate reports that are submitted to regulators in the correct formats and within the correct timeframes.
Many firms still rely on ad hoc data sources and Excel spreadsheets to meet the increasingly granular requirements of regulatory reporting. With so much at stake in terms of non-compliance, it is imperative that financial institutions move towards automated solutions that eliminate manual errors, cleanse and validate data, raise exceptions, integrate required data and deliver accurate and timely regulatory reports.
With these basics in place, financial institutions will increasingly consider how to reduce the costs of regulatory reporting, perhaps by outsourcing elements of the process, taking a harmonised approach to multiple regulations, or implementing new technologies such as machine learning.
While firms seek to ease the burden and cost of compliance, regulators are also looking at ways to improve reporting and make it more meaningful from a regulatory perspective. In the UK, by way of example, regulators have tested whether compliance with UKrules could be entirely automated. While there are significant hurdles to overcome before automated regulation becomes a reality – regulations must be machine-readable, a standard interpretation must be agreed by all stakeholders, and the regulator must approve a final version – the FCA is pressing ahead with plans to use technology to make it easier for firms to meet their regulatory reporting requirements. Following a consultation in 2018, the regulator concluded that the use of digital regulatory reporting could have benefits, and plans to publish a technical paper on the topic in early 2019.
Elsewhere, the Financial Stability Board (FSB) and International Organisation of Securities Commissions (IOSCO) are working together to increase standardisation across different jurisdictions and chart a journey towards regulatory consistency on a global basis. This is particularly true in OTC derivatives, where data standards including the Unique Transaction Identifier (UTI) and Unique Product Identifier (UPI) are emerging and will ultimately be implemented in the US as Dodd Frank 2.0. Developments along these lines demonstrate that the importance of standards and consistent implementation is now recognised as being critical to the transparency and visibility that regulators seek. It also allows them to use technologies such as artificial intelligence (AI) to mine data, improve efficiency and look more broadly at how best to enforce rules.
Wolters Kluwer– OneSumX suite of integrated regulatory compliance solutions including reporting
AutoRek– automated data management and reconciliation processes, financial and operational control frameworks, single repository and workflows
AxiomSL– ControllerView platform delivering data lineage, risk aggregation, workflow automation, validation and audit, and supporting disclosure in multiple formats
BearingPoint– regulatory software and services along the reporting value chain, with a regulatory reporting solution focused on Switzerland, Lichtenstein and the Bahamas
Capco – a technology consultancy offering regulatory reporting processes for equities, options, fixed income and futures
Corvil– end-to-end transaction reporting based on the Corvil Streaming Analytics Platform
CuneSoft – a regulatory software suite based around machine learning powered regulatory automation.
Deloitte– Deloitte Solutionstransaction reporting including data collection, validation, dissemination and review of feedback from trade repositories
DTCC– a global trade repository holding information on OTC derivatives transactions and enabling transparent transaction reporting
FactSet– automated regulatory reporting including enterprise-wide data management and robotic search
Infosys– end-to-end risk and compliance solutions including a regulatory reporting dashboard
Invoke Software– regulatoryreportingincludingdata governance, workflow, disclosure management and XBRL features
Kaizen– ReportShield, a managed quality assurance service comprising accuracy testing, reference data testing, control framework and regulatory reconciliation
Moody’s Analytics– integrated regulatory reporting module supporting reporting to over 50 regulators
Oracle– automated, integrated regulatory reporting solution for financial services
SS&C– SS&C GlobeOp provides data aggregation, expert analysis, reporting and transparency solutions
Trax Markets– centralisedreporting hub designed for high volume users
Vermeg– AgileReporter platform providing automated regulatory reporting and submission in partnership with Lombard Risk (which it acquired in February 2018)
If you want to appear on this page please contact Jo Webb at email@example.com or call us on +44 (0)20 8090 2055.