Integrated Regulatory Reporting: From Driving Reports to Data-Centric Approaches

As an answer to the financial crisis, new regulations were introduced to make sure financial institutions hold sufficient capital and properly manage their funding needs in case another crisis occurs.

This impetus led to the international Basel III reform, which was complemented by country-specific initiatives, such as the Dodd-Frank Act Stress Test (DFAST) in the US and the Capital Requirement Directive (CRD) IV or European Market Infrastructure Regulation (EMIR) regulations in Europe.

These regulatory reforms are associated with an avalanche of new regulatory reporting requirements that confront many financial institutions, which face many challenges in responding to the constant new reporting requests in a timely manner. This article outlines these ten challenges and then discusses how institutions need to rethink their reporting infrastructures.

1. The number of reports to be produced is increasing. As an example of the scale and scope of the increasing number of reports banks need to produce, the CRD IV COREP and FINREP reporting frameworks in Europe require more than 115 reports, corresponding to more than 35,000 data points. Moreover, financial groups need to produce these reports not only at a consolidated level, but also at solo levels.

2. The reports are becoming significantly more granular. An additional complexity is that, on top of the increase in regulatory reporting, the regulators are also asking for much more detailed reports.

For instance:

• More than 35,000 data points for CRD IV COREP and FINREP, as was previously mentioned
• In Europe, trade-level reporting is required for derivatives transactions, as part of EMIR
• In the US, some loan-level reports are required, as part of CCAR (FRY-14) reports
• In the UK, the Firm Data Submission Framework (FDSF) requires information to be reported per granular portfolios, defined as a combination of legal entity, business unit, product type, asset class, and currency – with more detailed information to be reported for the top 20 counterparties in each portfolio

3. There is a greater focus on the consistency and reconciliation of reports. Accurate and consistent data management is at the core of integrated regulatory reporting. For many banks, the greatest challenge in developing a regulatory reporting infrastructure is with understanding how to integrate a broad array of datasets into a single coherent dataset, in a central repository. The dataset must include fully harmonized transaction-level risk and finance data so it can deliver fully reconciled reports.

Table 1. Number of reports required and data points for CRD IV COREP and FINREP

For instance:

• In Europe, more than 75,000 validation rules are specified by the European Banking Authority (EBA) on COREP reports to check for consistencies
• In the UK, detailed reconciliation checks are performed between FDSF, COREP, FINREP, and Pillar 3 reports, and then have to be reported to the Financial Conduct Authority (FCA)
• More than 9,000 validation rules are defined by the Office of the Superintendent of Financial Institutions (OSFI) in Canada for local Basel Capital Adequacy Reports (BCAR)
• Reconciliation points are defined by US regulators between various reporting stacks, such as between call reports (e.g., FRY 9C) and CCAR or DFAST reports (e.g., FRY-14, FRY-16)

4. The frequency of reporting is rising. The scale and scope of many regulatory reports mean that manual or even semi-automated calculations that banks might have used in the past are no longer feasible. Highly automated processes that leverage built-in calculation formulas should be used as widely as possible to meet the demands of accurate, consistent, auditable, and timely results.

For instance:

• Monthly, weekly, or even daily reports to be produced for Basel III liquidity risk indicators (e.g., Liquidity Coverage Ratio, or LCR)
• In the US, some CCAR reports (FRY 14-M) are required on a monthly basis
• The Financial Stability Board (FSB) Phase 2 reports will be required on a monthly basis (with a weekly frequency as an ultimate goal)

5. The format, data points, and metrics of reports need to be standardized. Various regulatory efforts are underway to standardize reporting across institutions and across different regulatory jurisdictions.

For instance:

• FSB initiative to standardize a counterparty Legal Entity Identifier (LEI)
• The Basel Committee on Banking Supervision’s (BCBS) new standardized approach for measuring derivatives exposure in Counterparty Credit Risk (SACCR)
• Various worldwide standardization initiatives around trade repository
• In the US, standardization initiatives from the Office of Financial Research (OFR)

6. Additional reporting requirements are imposed on systemic institutions. Institutions designated as systemic face additional reporting requirements.

For instance:

• Additional FSB reports (Phase 1, 2, and 3) required for global systemically important banks (G-SIBs)
• Additional CCAR reporting requirements for US banks with more than $50 billion in total assets
• Additional FDSF reporting requirements for the eight UK local systemically important financial institutions (SIFIs)

7. Enhanced transparency and public disclosure requirements are required. The importance of the increase in reporting will be magnified, as information will be publicly disclosed. There will be an increase in Pillar 3 disclosure requirements on:

• Basel III Risk-Weighted Assets (RWA) and eligible capital
• Liquidity risk (LCR)
• Leverage ratio
• Top employee bonuses and compensation plans

8. New technology standards are being introduced. In addition to the content of reports, institutions will need to upgrade their technology to meet new requirements.

For instance:

• Extensible Business Reporting Language (XBRL)
• Financial Products Markup Language (FPML)

9. New reports have aggressive timelines. The aggressive timelines demanded by regulators also add urgency for companies to automate their processes. For instance, there was less than six months in the EU to comply with the latest CRD IV reporting requirement updates.

10. There has been an increase of ad hoc one-time reporting requests. The increase in supervisory interaction also increases the need for financial institutions to respond to ad hoc requests by regulators.

Figure 1. EBA timeline – publication of reporting requirements

Source: Moody's Analytics

For instance:

• Additional information required as part of the Asset Quality Review (AQR) initiative in Europe
• Information reported to the Basel Committee for its Quantitative Impact study, such as Basel III monitoring exercises to help regulators properly assess the impact of the proposed rules and calibrate their models

To cope with these challenges, institutions need to rethink their reporting infrastructures. This current environment has created an opportunity to move to an integrated approach, breaking the internal silos between risk and finance. It will change the role of the regulatory reporting function from an “after-the-fact” compliance mandate to the strategic mission of providing the real-time detailed risk analytics required by business departments to make accurate decisions and properly price risk.

The paradigm is also changing. It is not sufficient anymore to aggregate current portfolio data and to compare these metrics with historical time-series. The information reported must be much more forward looking and include forecast metrics according to various stress testing scenarios. Similar to the way the scenarios that simulate a future financial crisis cannot necessarily be derived from past observations, the metrics and dimensions that are combined to produce meaningful reports may change over time and are scenario-dependent.

To comply with both regulators and internal stakeholders, as well as keep up with evolving reporting demands, a bank’s reporting infrastructure will need to be flexible and rely on granular data sources. It is certainly not possible anymore to create a new silo project and build a new database to cope with any new reporting requirements. An organization cannot produce timely and accurate reports if, at each reporting date, they spend all their effort and time reconciling multiple reports from various siloed systems. The system would rapidly become obsolete as it could not handle the latest data points or the level of granularity required.

The primary regulatory reporting project objective should be on data, and not be driven by reports. The focus should be on building a centralized risk data warehouse with granular transaction-level and counterparty information. The transaction-level records that capture all the detailed characteristics of banks’ asset, liabilities, and off-balance sheet exposures will automatically be reconciled with financial accounting statements. Workflow processes will be implemented to easily perform, validate, and monitor the required adjustments. The risk metrics computed by the various risk engines will then, as much as possible, be back-allocated at a transaction-level, creating a “golden source” of information for all types of reports and allowing banks to better allocate regulatory capital and funding costs per business lines down to trading desks. At origination, pre-deal checking should enable banks to assess additional risk profiles and regulatory costs generated by new trades in real-time, allowing them to match the metrics with their internal limits and accurately price for it.

When producing a forecast on the dynamic views of the balance sheet, it should be possible to easily increase the granularity of the results and to explore the reported data points to cope with different reporting needs. Producing a new regulatory report with more granular or updated dimensions is then just a matter of properly querying and aggregating already available data. Of course, the volume of information required in a centralized risk data warehouse may be significant, but banks can leverage new in- memory technologies to process and aggregate millions of records in real-time. Such advanced technologies also allow firms to easily drill down into aggregated reports or management monitoring dashboards and breakdown the reported figures per counterparty – by general ledger account level or transactions. This information allows banks to fully understand the origins of the risks taken and to easily monitor changes from one reporting date to another.

Regulators have evolved from asking for pre-formatted aggregated reports to granular transactions or counterparty data (e.g., US CCAR transaction level reports or UK FDSF quarterly reports). They want to be able to re-process such data points with their own models to challenge and benchmark the internal models of banks. Standardization efforts are underway to normalize such data points (e.g., LEI, trade repository, XBRL). Trends in “Big Data” technologies and practices will certainly facilitate the change toward accessible and granular data that regulators and internal stakeholders of financial institutions need to easily “query on demand” so they may perform near real-time analysis. A country data consortium may be created to capture and centralize these datasets for regulators and other type of analysts. This would lead to an increase in the transparency of the financial system and much better tools to detect systemic risk and new financial bubbles.

With integrated regulatory reporting, financial institutions will progressively move from report-centric silos to a data-driven and holistic infrastructure, from pre-formatted reports to “Big Data” technology standards that allow ad hoc and individualized risk analysis. The easier it is for analysts to perform their own ad hoc assessment of financial risk instead of relying on the same “one-size-fits-all” aggregated reports, the safer the financial system will certainly be.