What is the driver for change?
In recent years, new regulatory regimes have been introduced to monitor and prevent certain risks posed by the financial industry. As a result, organisations have implemented various processes and procedures to meet regulatory demand. As times change and regulations are enhanced, how many firms upgrade their technology and governance processes to support these mandates?
Technological developments have meant the financial services industry has moved towards facilitating more electronic means of capturing and storing data. Introducing more automation into the trade-lifecycle allows for quicker, efficient and more accurate trading, from order to execution to clearing, settlement and reporting. But despite this, it is no surprise that some parts of this workflow remain a manual process for firms.
Regulatory reporting is not new and has been around for many years, but with increased regulation in the industry it can take up a lot of resource, particularly for smaller firms. This non-revenue generating exercise is essential for firms to ensure they comply with regulation but many see automation as a vital tool to reduce workload. But what incentivises firms to make the transition from a manual to automated process?
New Regulation, the Excuse for Change
Many firms these days are using new regulation as an opportunity to revise the operations and governance of all regulatory obligations across their organisations. They see the new requirements as a chance to implement new and better procedures, providing more visibility at higher levels in the firm and addressing issues around risk and compliance. Some firms also take the chance to renegotiate an increase in budget to support these high profile activities, and ensure they can get buy-in at all levels to back any new initiatives that stem from new reporting obligations. This can also be seen as an opportunity to revisit legacy technical architecture and bring it up to date in order to support modern day operational and compliance needs. For example, the move from MiFID to MiFIR reporting (MiFID II) comes with an increase in eligible securities, data fields, and new reporting entities. The drastic change in scope means firms will find it hard to simply extend the existing implementations, and therefore opt to go back to the drawing board and specify a new reporting structure for MiFIR and other regulatory reporting regimes across their group.
But where new regulation is not a driver for change in the regulatory framework of an organisation, what other factors can instigate this? To answer this, we can take a look at SEC’s Schedule 13D where enforcement action has had both direct and indirect consequences.
Does an Increase in Regulatory Scrutiny drive change?
SEC Schedule 13D reports, required under the Securities and Exchange Act of 1934, were a noticeable feature of financial penalties and enforcement action in 2014.
This requires any person or group who has acquired, directly or indirectly, beneficial ownership of more than five percent of an equity security to file a disclosure statement with the SEC no later then 10 business days after acquisition. This legacy regulation caught the attention of the SEC and resulted in millions of dollars in civil monetary penalties being issued to firms for failures in the reporting process. In March 2015, a number of individuals and businesses were issued orders instituting cease-and- desist proceedings, along side $472,500 penalties for violations such as:
– Failure to file initial schedule 13D reports
– Failure to amend schedule 13D and report the later acquisition of shares
– Failure to report material changes to plans or proposals
A lack of sufficient oversight over the reporting process saw firms filing months and sometimes years late. In some instances, complete omission of the disclosure report was identified. When regulators increase the number of enforcement actions they make for breaches in regulation, the industry listens, and this is one of the main reason firms will revisit their regulatory reporting procedures. They don’t necessarily need to be subject to enforcement action themselves, but seeing peers fall to regulatory investigation and penalisation will redirect their path.
Targeted Enforcement Action and Regulatory Investigation
Investigation and enforcement action comes with many consequences, far beyond the fine and reputational damage to the guilty party. Firms will need to implement adequate measures to ensure there are no reporting violations going forward, and this will most likely include a change in technology. If the existing technology platform was unable to identify the issues that led to the reporting failure, then either a re-configuration or replacement is required. With legacy regulations being maintained on legacy platform, the technology can fall victim to neglect. As the regulation advances, the technology may not develop inline with requirements and the process falls out of sync. Where data integrity checks are not in place and there is a lack of documentation defining the process, it is left to the regulators to identify where there are issues and by that time it is too late for the firm to rectify the problem and avoid penalties. The SEC Schedule 13 reports have been updated multiple times in the past 6 years, SEC 13D was last updated in 2010, SEC 13F was last updated in 2012, and 13G in 2011. But, how often do firms review their technology inline with these changes and when there is no change to regulation, does the technology remain untouched? Does a review take place when there is a change to business activity?
The Nature of the Regulation
The nature of the reporting requirements will often dictate the method of managing the reporting process. For example, a non-complex regulation could be one that requires the disclosure of static data fields and minimal to no data aggregation or calculations. This type of reporting is common across the financial services industry, but is not necessarily required on a daily basis and therefore firms manage these types of reports as a manual procedure. These reports mainly fall into the monthly, quarterly or annual monitoring and disclosure category, and as a result assumed to be manageable by a particular individual or set of individuals. Reregistration, Special Financial Reports, Annual Notices etc. are commonly managed as part of a manual filing process.
You then have the opposite end of the spectrum where firms are unequivocally forced into implementing a fully automated process for reporting. The regulations which capture a high number of transactions, positions and trades, require the submission of large complicated data sets, and mandate near-real time deadlines can only be facilitated through automation. EMIR Trade reporting, Dodd-Frank reporting (swaps reporting) and Order Audit Trail System (OATS) reporting all fall into this category.
There are a number of firms who will be captured under these regulations due to execution of one reportable transaction a month, however the vast majority of organisations will have high volumes of data to report; hundreds to tens of millions of transactions per day. There is no option but to automate the reporting of this data and have robust, transparent reporting technology to support this process.
Somewhere in-between you have a somewhat hybrid reporting model, which incorporates an element of manual intervention alongside automation. These regulations have a combination of consistent static data elements and dynamic data fields that change on a monthly or quarterly basis. These regulations, for example EU Transparency Directive, SEC 13D Beneficial Ownership, therefore require human review and authorisation prior to submission after an automated process has made a decision on the fact a disclosure of some sort is required.
Regardless of the type of report, is it not better to implement full automation wherever possible to reduce the risk of introducing non-integral data into the process? Although a manual process could have been deemed adequate at regulatory inception, and if there are no updates to the regulation which would drastically change the operational management of this process, today a firm’s overall governance structure should be more aligned to automated processing inline with modern day trading activities. And if not in the complete generation of the report, it certainly should be used for submission management and auditing, as much of the visibility over the reporting process is lost in manual intervention.
Taking the Initiative
With reporting requirements being a large, onerous, non-revenue driving task, organisations have not always made it a focus of the business. However, with regulators demanding more visibility and transparency across the financial services industry, firms are naturally dedicating more attention, time and money on their regulatory reporting activity. But do they concentrate on refreshing processes and procedures designed to support legacy regimes or do they focus on the more intrusive modern regulations? The answer to this will all depend on the nature of the firm and the nature of the regulations they are subject to.
It is clear that complying with a new regulation is not the end of the story. There is the ongoing monitoring and maintenance when regulation and technology advances. Firms should make a conscious effort to ensure the processes, procedures and technology in place to support legacy regulations remain inline with modern day operational and compliance activities.
Maryse Gordon, Senior Pre-Sales Consultant at UnaVista