KPMG: improved regulatory reporting – Giles Williams, Nick Urry, Marius Floca
Regulatory reporting is increasingly complex and many see it as an additional burden on top of reviewing strategy, profitability, global footprint and rebuilding trust. New legislation is ongoing and different jurisdictions have different requirements, such as the reports required by regulators in the US and Europe. This all adds to the complexity of the process.
There is policymaker consensus that regulatory reporting is key in ensuring market effectiveness and flushing out market abuse. Regulatory reporting requirements that have evolved in recent years are designed to provide regulators with the visibility they need about the level of credit and market risk exposures, and the liquidity position of many market participants - particularly large investment banks.
"There are two angles to financial reporting: to market through financial statements and presentations to analysts; and formal reporting to exchanges and regulators," says Giles Williams, partner in KPMG's Regulatory Practice. "This type of reporting is all about creating good market discipline, providing the information to allow stakeholders to take a view on transactional flows and a firms' risk position."
The biggest practical challenge is that the systems producing the data have often evolved piecemeal over the years, rather than designed to meet current requirements, according to Nick Urry, partner in KPMG's IT Advisory Practice.
"The data landscape often contains redundant or duplicated functionality and a variety of data silos, created to support previous reporting requirements," he says.
During high-stress, high-stake activities in a corporate reorganisation, the focus is on providing mandatory regulatory reports rather than stepping back and reviewing the end-to-end reporting solution. Invariably, there has never been a good time to look at the full regulatory reporting process and assess whether this is optimal, operationally efficient or even appropriate to meet evolving regulatory reporting requirements.
'Legacy' operating models, processes and systems can involve numerous, duplicative and expensive resources for regulatory reporting, such as data extraction, manipulation and point-to-point reconciliations. Entire departments can exist with responsibility for reconciling different data sources, or dedicated teams undertaking 'ad hoc analysis' when it is not possible to drill down into standard reports to investigate anomalies or because there are differences between reports. This contrasts starkly with expectations of regulators and the business that all reports should be based on the same underlying data.
As the regulatory environment changes, it is vital that banks are in control of their authoritative 'golden data stores', the flow of information and effective consumption of data. Historically, there has been insufficient end-to-end control over data and reporting processes, with predictable results being ongoing (and often unrecognised) increases in reporting costs and complexity, combined with reduced quality control. In many organisations, it is now critical to understand if the quality of golden data is suitable for current regulatory reporting requirements.
Enhancing regulatory reporting
The acid test is whether reported risk, capital positions or transaction reports stand up to detailed scrutiny, or even if they report the right data to support specific requirements. Given the ever-increasing regulatory burden faced by financial institutions, governance, risk and compliance is becoming a business priority.
CROs, CFOs and CIOs have been working hard to develop solutions that enhance regulatory reporting, particularly in response to banking supervision law like the US Dodd-Frank Act and EU equivalents, such as the European Market Infrastructure Regulation (EMIR).
"This may be tricky - regulators have strong views on the need to be timely and accurate," says Williams. "There are examples of reports completed incorrectly for a variety of reasons, often because data compiled for a specific purpose was reused for another report, with different underlying requirements and constraints. Strong governance over this process is likely to be an increasing focus for regulators. It is not clear how well prepared banks will be to demonstrate appropriate control over their reports."
One criticism made of existing reports is that they can seem overly focused on end-of-period snapshots or statistical trend analysis, without enabling in-depth, detailed analysis into the health of the underlying business and its ability to cope with emerging market forces, or short to medium-term shocks.
Regulators also have the ongoing challenge of justifying their reporting requirements as realistic and meaningful, having been given criticism about lack of insight into the real issues of the firms involved in the crisis. Ongoing regulatory-driven reporting requirements will require greater insight, with an increasing focus on deep-dive individual business reviews.
COREP: the whole package
The task facing firms is to achieve the completeness, accuracy, timeliness and consistency expected by regulators, while addressing the challenges of a fast-changing regulatory landscape. Projects are underway in many banks to establish more effective control over predominant data types, as well as recognise that this data will need to be appropriately granular to meet regulatory reporting requirements. Common Reporting (COREP) promises a supervisory reporting framework based on common formats. This has obvious benefits, but may require considerable systems and operational change. It could therefore create a major compliance burden on market participants.
According to Marius Floca, principal adviser in KPMG's Management Consulting Practice, regulators are still working on COREP and new common reporting standards are being developed in Europe.
"This should save money in the long run, as data requirements can be harmonised," he says. "There should be the opportunity for standardised reporting solutions and processes, as well as significantly reducing the duplications and redundancies evident in many current reporting environments. Unfortunately, while global consistency of requirements, standards and interpretation is desirable, this is not likely to be reality in the near future.
It's also about changing needs and perceptions, adds Williams.
"The industry needs standards, but standards change," he says. "People are not wilfully getting regulatory reporting wrong. They need a clear framework and standards to adhere to; they need to understand the direction set by regulators; and they must have future requirements and mechanisms to validate the accuracy and consistency of returns. Banks need to understand what they have to do, and have the time and support to deliver.
"Unrealistic time frames are unhelpful; banks assume they will not have time to respond and deadlines will slip. When the mechanisms used to validate returns and measure accuracy are not clear, the importance of addressing underlying issues around quality of data will not be recognised."
Unavoidable regulatory reporting costs
There are many avoidable costs in the regulatory reporting process, according to Floca.
"There are significant unrecognised costs associated with errors, duplication of data and inefficient reporting processes in current operating models," he explains. "There is the opportunity to leverage common reporting and enhanced validation procedures to increase automation and validation, and shared service centres to streamline global operational reporting processes.
"While the US and Europe have different standards, some economies of scale can be achieved. It should still be possible to manage the collection and control of much of the underlying data just once, such as satisfying risk reporting requirements."
Accountability is important and the need for accuracy is getting through to C-level executives.
"With regulatory reporting, the information is not presented in a way that senior executives would be familiar with on a daily basis," says Williams. "Regulators want it to be a strategic issue, which is not how CEOs, COOs or CFOs would see it."
Regulatory reporting needs to be tied to other types of market disclosure. That means senior executives becoming more involved so they have the same confidence in the way their systems collate and report data to regulators as they do for other management and external reporting.
A helping hand
Getting regulatory reporting right in financial institutions that have often evolved into large, complex businesses is not straightforward. It helps to have a fresh pair of eyes on the problem. An external adviser who understands the required outputs can help fix the inputs.
"If you built a bank from scratch, it would be easier to manage regulatory reporting multiple formats," explains Williams. "But firms have competing priorities - there is no one-size-fits-all. A single European rulebook could leave us in a good place, but a lot of money will need to be spent at a time when banks don't have a lot to spend."
It can be managed in the short term by building common repositories for reporting data, according to Floca.
"That provides synergies - some big investment banks are doing this already," he says. "Cloud computing can draw on gathered and formatted data. The real solution needs to be common reporting, but there is still no clarity about what final report forms are necessary."
KPMG: covering all areas
KPMG is positioned to address issues from regulatory analysis and interpretation to advising on operations, people, systems and data, and understanding the rules, functional and technical requirements of the change process.
"The key differentiator is our ability to provide cross-functional client support," says Williams. "Our network of firms helps clients understand the implications of new rules for operating models; for example, spanning market participants and sectors, and advising on regulatory reporting requirements under COREP, EMIR and Dodd-Frank.
"For regulatory reporting to work, you need people with a line of sight over what needs to be achieved and an understanding of the full regulatory environment. They also have to understand the technology and join that to understanding what regulators need. Our people understand these challenges at all stages, from technology to governance."