Regulatory and Management Reporting Best Practices

One of the lessons learned from the last five years is that risk drivers are strongly interrelated. The crisis, which started with credit events in the US, triggered systemic funding issues and finally propagated to other continents and industries. In the aftermath, regulatory supervisors adapted financial regulations and aimed to create rules that better captured the risks embedded within the balance sheets of institutions, as well as to implement sound management practices.

The latest Basel III guidelines, as well as the stress testing and Comprehensive Capital Analysis and Review (CCAR) initiatives taken by the Federal Reserve, illustrate the trend of asking banks to review their risk assessment processes and to disclose much more information. As a result, regulatory reports have become more abundant, granular, and integrated.

Aside from Basel III regulations – which ask banks to hold more capital and to demonstrate safe liquidity management practices – supervisory agencies are now defining stricter guidelines for the capital planning and regulatory templates that need to be completed by leading financial institutions. CCAR requires financial institutions to adapt their processes and systems to deliver expected results on time. Large US banks have to consider the following:

• An increasing number of reports need to be submitted to supervisors – CCAR by itself represents more than 90 FR Y-14 reports
• Reports mix information that is managed across distinct business lines (e.g., finance, accounting, risk, etc.) and systems (e.g., accounting, front office, risk, planning, etc.)
• Reports have to be submitted at a higher frequency – and more detailed information has to be submitted on a monthly basis (e.g., the ability to provide liquidity details daily)
• The same information needs to be sliced and diced according to various dimensions (information should be consistent across all dimensions) and displayed in a distinct technical format (text, CSV, Excel, XML, ASCII, xBRL, etc.)

Moreover, institutions are enhancing their processes in order to better spread risk culture across business lines. Banks are implementing the appropriate management reports to fulfill this requirement, which should both reflect risk and inform a business of that risk, enabling them to better appreciate their return compared to a global risk overview. For example, banks could implement more effective and transparent fund transfer pricing mechanisms and display more detailed grids for pricing.

With their stress testing initiative, the regulatory supervisors will collect much more information from banks. They will be able to adapt their supervisory requirements and better measure systemic risks. At the same time, regulators are investing in dedicated new systems and processes to collect detailed information, which can help them quickly adapt new supervisory requirements. Existing templates can be amended more frequently and new templates released with short notice.

Reports like the FR Y-14 suite or those linked to the Basel regulations, as well as the latest financial templates released in many jurisdictions, require data sourced from risk (capital indicators), finance (provisions, costs, revenues, forecasts), and from other businesses. As data is often interlinked in a common calculation process (the FR Y 14 report suite addresses global stress testing processes and capital planning for the entire balance sheet), it is impossible to produce the required data for the report without a robust data foundation. This data repository should also accommodate the need to automate the creation of more reports at a higher frequency – supervisors are asking institutions to demonstrate that they can produce their Basel III liquidity returns daily.

In addition to data and technical issues, financial institutions struggle to show they have fully mastered the entire reporting process within their organizations. They need to more frequently provide reports for any solo and consolidated entity, and to more supervisors. This challenge is exacerbated in recent reports, like CCAR/FR Y 14 and DFAST, that require banks to access, validate, and reconcile data across their enterprise and to slice and dice it at any consolidated level and according to any of the standard accounting practices.

The current reporting process at many financial institutions is fragmented into reporting silos – each area with its own database and tools to produce its own regulatory reports. Regulatory reports for credit risk, own funds disclosure, liquidity risk, and stress testing are managed by each corresponding department with its own distinct tools. Even though this approach may work with many adjustments and reconciliation patches, it is ultimately limited. After implementing numerous tactical solutions, financial institutions subject to increasing reporting pressures should now invest in a centralized and comprehensive data repository that can gather all the necessary data.

A consolidated dataset is only as good as the quality of its data. It is essential that all data is validated as it is imported into the central repository, which ensures there are no errors, missing data, and inconsistencies, and that the quality of the data, such as its age, meets a bank’s overall reporting requirements. A central repository can, as part of the data management process, ensure data quality via centralized editing or updating capabilities. This repository also has centralized business rules that will enrich data to meet reporting criteria.

Even though the industry is moving toward harmonized regulatory rules and templates (e.g., European banks have to comply with a common EBA FINREP and COREP), financial institutions with subsidiaries in many countries face the additional challenge of producing an increasing number of reporting templates. Most of the time, however, the underlying data used to produce the reports is the same. Therefore, financial institutions should implement aggregation techniques to facilitate an optimal reporting process and to reuse intermediary results as much as possible.

Infrastructure should incorporate the appropriate data points (aggregation rules) shared among several templates. When building the aggregation rules, firms should consider a global view (capital planning, liquidity, risk, etc.) so that the data points easily match the detailed reporting requirements. Well-defined data points ensure consistency and that all validity checks will be passed.

Once the data is aggregated it should be “pushed” to the reporting templates, which requires a solution that can embed and maintain the full set of templates. The results of the aggregated data will then directly populate the corresponding templates, necessitating that banks map the related data points and cells (or sections of reports). The gap between the “aggregation” and “report publication” phases provides flexibility and can allow firms to check the figures once they are generated and before they are published. New templates can then quickly be adopted as each step is well identified, and can be tailored or reused for new requirements.

Moreover, having a dedicated logical link between aggregation rules and publication rules eases the disclosure of desired (sub)sets of reports, which can then be published under the expected technical format.

The ability to audit the final publication, as well as intermediate results, became more important due to the increasing scrutiny by regulators of financial institutions’ data.

Whether a single cell is altered or a comprehensive data patch is applied, auditors, security staff, and regulators must be able to identify and manage the changes so that the data maintains its integrity.

The optimal solution must allow managers to quickly and easily drill down into the results to gain insight into the reports and their business, such as risk and finance details, so they can better recommend strategic options for their business. This capability also helps banks respond quickly to inquiries from regulators about their results, reducing the resources needed for compliance.

Alongside the automated data consolidation and the calculation of the results, the reporting solution should also seamlessly integrate regulatory reporting to create a comprehensive, automated, and consistent end-to-end process. Automatically populating the reports, by leveraging built-in reporting templates, overcomes the significant challenges of reporting CCAR results, as well as some Basel returns. This approach also allows the straightforward updating of reports as the regulatory requirements develop.

These templates should cover all the reports needed by regulators, including both core and non-core reports, on a group and solo basis. The solution must also manage all other regulatory reports to ensure consistent results. This encompasses Basel III Pillar 1 and 3 reports, stress testing reports, national regulator reports, and potentially internal business reports. Leveraging templates across all reports can enable banks to effectively provide an accurate and consistent picture to all their regulators.

This approach can also have significant benefits for the business. It can provide a bank’s management with a single, integrated, and reconciled perspective of its risk and financial positions so managers can make fully informed strategic business decisions.

Consolidating data, calculating results, and submitting reports have become highly complex. Large institutions are handling several consolidation levels, accounting practices (US GAAP, IFRS GAAP, etc.), regulations, and increasingly more templates. Smaller institutions are facing more complex reporting demands that can strain small reporting teams. Meeting this complexity without increasing resources is a challenge that requires an automated management of the full process.

The process also considers the concrete steps currently handled manually, such as changes and amendments in raw data, aggregated data, and in final reports. The amendment processes need to be carefully controlled and audited, so that a bank’s management can be assured that what they formally submit is a true reflection of its financial and risk position.

Central to this is an automated change approval process that both controls and records who can make and approve changes. Automation ensures speed and accuracy, and can be leveraged to provide management control and audit capabilities to highlight what changes were made and on whose approval. This audit capability has now become a requirement for many regulators.

One of the most important aspects of the regulatory reporting frameworks evolution is the integration of redundant data from different sources and different areas. Reconciliations within the same area, risk management for example, can be performed without major challenges, as in most cases the data sources are consolidated in the same data repository.

On the other hand, when it comes to reconciliation across different areas – regulatory reporting (e.g., FR Y-9C) and financial reporting (e.g., 10-Ks, 10-Qs) for example – firms may encounter a situation where the reports are produced by different departments using different tools. This is not necessarily a problem for the individual production of the reports, but it becomes cumbersome when banks need to reconcile the data between them.

Globally, regulators are increasingly scrutinizing the low-level data of the regulatory reports. This involves also ensuring that the same data from two reports is identical, such as provision amounts between risk and finance reports.

To cope with these reconciliation challenges, banks have been investing in teams that work exclusively on the process of reconciling risk, finance, and ledger data. Efficiently reducing the workload of reconciliation teams requires banks to centralize all the reporting data on the same platform, enabling the automation of the reconciliation process. The process becomes more optimized not only when the data repository is unique, but also when all the reports are produced by the same reporting tool or system.

The decision to invest in a centralized regulatory reporting platform with a consolidated data repository, even though it reduces the amount of manual work, is often difficult to make for financial institutions.

Management reporting changes parallel the increased requirements of regulatory reports. The financial crisis has required management to be able to quickly obtain information about exposures and other measures. Typically, one of the most important questions that management or internal reporting should answer pertains to the total exposure of the group to one client, group of clients, country, industry sector, and so on.

Other important features in management reporting are:

• Processing of high volumes of data
• Having drill-down capability
• Requiring multi-user capability

The same techniques that foster optimal regulatory reporting also enable improvements in management reporting, especially the creation of a centralized data repository. The coherent combination of data from different sources is the cornerstone of any good management reporting.

Moreover, for consistency purposes, it is critical that the management and regulatory reporting platforms share the same data; otherwise, yet another reconciliation process would need to be implemented.

Increasing regulatory reporting requirements and the reduced timelines for the financial institutions to adopt those requirements can lead to the main pitfall – managing the reporting processes in silos. Working in silos may give responsibility and independence to the individual areas affected by the reporting requirements, and even gives the impression that it is a better and faster way to respond to the regulations. In the long run, however, reporting silos offer a poor response to the often rapid evolution of the requirements, such as:

• New reporting templates that require changes in different systems, handled by different areas
• Regulatory-imposed reconciliation and validation checks that become more complicated

In a world of more numerous and more complex reporting requirements, it is critical that this subject is handled by an independent department, across all functional areas of the financial institution, and with the decision power to build its own data infrastructure and reporting tools.