Industry experts discuss the regulatory initiatives that are having the biggest impact on their business and lessons to be learnt from regulatory data integrity and control processes
Valérie Nicaise, global leader of regulatory reporting, BNP Paribas Securities Services
Prenisha Pillay, head of GTM strategy, data management solutions, FIS
Chris Probert, partner and UK data practice lead, Capco
Christine Strandberg, regulatory manager, Investor Services, Large Corporates & Financial Institutions, SEB
Tania Narciso, chief compliance officer, CIBC Mellon
Which regulatory initiatives are having the most impact on your business during 2021?
Prenisha Pillay: The past year was an especially challenging time for the financial services industry; not only did firms have had to adopt a new operating model but they also had to do more with less.
There is no respite from the onslaught of compliance requirements as regulators continue to revise existing regulations or introduce new ones.
One thing is certain — regulations remain vital tools for reducing risk, keeping markets in order and above all, protecting investors, businesses and economies.
Globally, the pandemic has disrupted operations and stopped many firms preparing for new or changing regulations.
Years of uncertainty surrounding Brexit have also interrupted compliance plans. As firms based in (or trading with) the UK face a new combination of domestic and foreign obligations, the ‘principle of mutual equivalence’ will be key to determining future requirements.
2021 sees the onshoring of Securities Financing Transactions Regulation (SFTR), the European Market Infrastructure Regulation (EMIR) and the second Markets in Financial Instruments Directive (MiFID II) and UK entities need to comply by the end of the year. Given the scale, complexity and extent of the changes of the regulatory changes, a forward-thinking and strategic approach to data management is needed to avoid problems further down the line.
Christine Strandberg: For SEB as a Nordic custodian, providing Nordic sub custody to international financial institutions and global custody to Nordic financial institutions, the regulatory initiative with the most impact during 2021 is the Central Securities Depositories Regulation (CSDR) settlement discipline regime.
In the Nordic markets, the central securities depositories (CSDs) have generally implemented most of the CSDR changes, and so has SEB – but that does not mean that our clients already use functionality such as partial settlement and hold and release, and hence we expect a test-intensive second half of 2021.
The remaining changes to be implemented are those related to penalties and buy-in. The CSDs have performed the bulk of the development, and CSDs and CSD participants are getting ready for the penalties reporting dry-run starting in September.
SEB will support the dry-run from the start, and we hope our clients will use the opportunity to perform the best possible end to end testing — in production, with real-life transaction scenarios of every kind. That said, the number of outstanding questions related to penalties and, even more, buy-in, will make autumn a very interesting time – for everyone from CSDs, central counterparties (CCPs), trading participants and custodians. Finally, the question of whether re-papering is required remains.
In addition to CSDR, the Shareholder Rights Directive (SRD II) is not yet finalised. One of our home markets, Norway, is an EEA market and SRD II is accordingly not yet implemented/transposed in Norway. Draft acts were submitted to parliament in April, but no entry into force date has been set and the responsible Ministry will also issue more detailed provisions supplementing the legislative changes. Implementation is not expected before 2022.
ISO 20022 messages will be used for general meetings and shareholder identification disclosure, but specifications for the communication flow are dependent on government guidance on whether the nominee or account operator is considered as the intermediary for nominee-registered securities. With the implementation in Norway, and changes in the EU markets to improve the general meeting messaging, we expect to be working with SRD II-related development for another year at least.
Tania Narciso: Canada’s regulatory structure is relatively complex, consisting of provincial regulators, federal regulators and industry self-regulatory organisations.
Jurisdictions participating in the Cooperative Capital Markets Regulatory (CCMR) System continue to work together towards implementation of the CCMR, with the overall goal of modernising Canada’s capital markets, making them more competitive and better protecting investors. Participating jurisdictions of this long-term initiative are reviewing timelines for the launch of the Cooperative System to support a smooth and secure transition for market participants.
As part of global financial institutions’ phasing-out of the London Interbank Offered Rate (LIBOR), and other unsecured interest rates, various regulatory authorities have announced support in favour of rates based on actual underlying transaction rates. As of 15 June 2020, the Bank of Canada (BoC) has taken on the role of publishing the latest data for the Canadian Overnight Repo Rate Average (CORRA), Canada’s replacement rate. According to the BoC, CORRA measures the cost of overnight general collateral funding in Canadian dollars using Government of Canada treasury bills and bonds as collateral for repurchase transactions. We continue to be very active both with changes to our own systems and processes and in supporting clients through the transition.
Valérie Nicaise: As a leading securities services provider, our role is to help our clients, including asset managers, asset owners and alternative investors, adapt to regulations. We provide them with powerful reporting solutions that reduce their administrative burden and are compliant with the latest regulatory requirements.
In 2021, as far as reporting is concerned, our areas of focus regionally and globally include:
Assessing the impact of ESG-related regulation — notably the Sustainable Finance Disclosure Regulation and the EU taxonomy — on existing reporting for institutional investors, as well as the impact on clients’ data needs. We have been actively participating in the associated European working groups such as FinDatEx in order to define a standardised way of exchanging ESG data between market participants and to improve existing data templates for other regulations.
Investing globally in our data solutions in order to improve the consistency and coherence of reporting for different regulatory regimes. For example, EMIR in the European Union (EU), Monetary Authority of Singapore (MAS) and Australian Securities and Investments Commission (ASIC) all require forms of over-the-counter (OTC) transaction reporting and we have invested in developing consistent, high quality reporting across these regions, which is particularly valuable for clients with operations across multiple jurisdictions.
Rolling out a new solution in Europe to provide PRIPS KID reporting for UCITS funds, which is due to replace the existing UCITS KIID reporting in 2022.
Often firms have to undertake reporting across multiple regimes and jurisdictions, how can or should this process be streamlined?
Chris Probert: Firms have historically approached reporting in a siloed manner, with operating models tailored to individual reporting jurisdictions and often underpinned by a legacy architecture. As the reporting landscape has become increasingly complex, firms should migrate to a more holistic operating model for the purposes of ongoing compliance. Ideally, this will consist of a centralised horizon scanning and impact assessment function, with the subsequent federated implementation of new regulations or changes to regulations.
In addition, given that reporting offers only minimal competitive differentiation and multiple synergies exist across different regulatory jurisdictions, firms should look to leverage regtech across the reporting stack — from horizon scanning, reporting eligibility, report generation, submission through to QA — to significantly improve their ability to evidence and demonstrate their compliance. As well as increasing automation, this will reduce costs and enable the focus for reporting to shift from purely an administrative burden to a value-add process within the firm while decreasing the risks associated with incomplete and inaccurate reporting.
Pillay: The risk of non-compliance can overshadow a strategic approach to data management. Firms often end up creating multiple data silos and fragmented processes cobbled together using legacy technology, spreadsheets and other workarounds that are complex to maintain and defeat the original purpose of control and transparency. Rather than ending up with multiple solutions to manage the data integrity demands of different regulations.
A unified data management strategy must always be the starting point for meeting regulatory requirements across different regulations and jurisdictions — and provide all the visibility and control that each new regulation requires of a firm. As regulations continue to multiply for financial institutions, so do the challenges for data management. Despite the growing complexity of reporting demands, the answer is surprisingly simple — a centralised, standardised control framework for managing regulatory data.
At the foundation of your control framework should be the ability to collect, transform and validate data across the trade life cycle. That way, you’ll be better placed to solve not just a single regulation but many, with proof that you’re reporting accurate information and are accountable for the process of preparing your reports.
Strandberg: Some market-related differences will likely always exist, but where the business need and content is the same or similar, regulators should strive to use standardised messages in a consistent manner.
Perhaps a regulatory reporting market practice group could be an idea. Not necessarily for firms providing the reports to regulators, but for the regulators to agree between themselves on how to perform a specific type of regulatory reporting, across markets — and not just in the EU. In the short to medium-term, we believe that it would be beneficial for the entire securities market if the UK after Brexit would continue to mirror EU Regulations.
One such example can be found in the SFTR territory where repository reporting currently is identical but where the situation quickly could change after ESMA’s upcoming requirements.
Nicaise: Regulatory reporting across jurisdictions and asset classes can be challenging, firstly due to the multiplicity of requirements which may at first appear similar but differ on closer examination. Secondly, the diversity of instruments and asset classes in our clients’ portfolios often necessitates separate treatment from a regulatory perspective, such as OTC derivatives or private equity instruments.
In this complex environment, regulators are paying increasing attention to the coherence and consistency of reporting across reporting regimes. Therefore, we see it as a real priority to develop an ecosystem across geographies and asset classes, through greater mutualisation of data, tools and teams.
At BNP Paribas Securities Services we have invested in a global operating model that combines local expertise, aimed at monitoring local regulation and building relationships with local authorities, with centralised centres of expertise responsible for providing solutions globally.
Our centres of excellence in Europe and Asia Pacific play a vital role in streamlining our reporting processes. We have started to build a dedicated platform, which leverages the latest tools and technologies from partners. Using this platform, we can implement key functions such as calculation, report filing and dissemination, from a single, integrated system.
Narciso: Canada is home to a wide array of institutional investors at varying places along a continuum of complexity and sophistication. Institutional investors large and small face common challenges around capturing, measuring and reporting investment information sourced from and delivered to a multitude of systems and people.
Many managers are reaching the limits of complexity their current operations can absorb. They are identifying opportunities to replace an interconnected web of augmented, adapted and customised legacy components with a more systematic solution to managing investment information.
Asset owners and asset managers alike face complex risk pressures such as complying with new regulations, managing transparency concerns and mitigating investment risks across diverse asset classes. They need the support of robust analytical tools on the front lines of risk management.
The stakes continue to grow and the data challenges are gaining focus for many firms given the increasing number of internal and external stakeholders depending on data — boards, investment management teams, compliance teams, regulators and more — clients are looking to their providers to create a data management process that simply gathers the loose data spread across locations, systems, and teams, and makes it readily available for when they need it.
We are seeing clients working with specialist consultants as well as looking to our global enterprise for skill sets that they don’t intend to hire or grow in-house.
As clients come forward, they want the ability to enlist our help to use software more efficiently, answer their questions around data, develop queries and perhaps most of all to allow them to focus on achieving their target state for information and the datasets as quickly as possible.
Are firms equipped with the right approach and tools needed to manage high volumes, data quality issues and complex reporting relationships required to evidence their control framework?
Strandberg: This is a challenging area and further improvements are certainly possible. Seeing the resource use across the board, and how much firms struggle, might indicate that the answer is the opposite..
Narciso: Along with experiencing fundamental changes in the industry, we continue to see clients investing to drive data management and data intelligence as a key competitive advantage. Clients are striving to address their data needs despite significant margin pressure. The external challenges presented provide us with real opportunities to manage the quality of data and make it accessible to a broadened set of stakeholders. As data needs continue to change, our clients are talking to us about addressing three main themes: the simplification of data processes, accessing advanced skillsets on-demand, and managing growth.
Advances by those leveraging technology and data to streamline and enhance their operations are often matched by the gaps that remain for others, whose middle-office infrastructure and data management capabilities remain inadequate for today’s investment landscape.
Those who have gaps between data and operations are working to understand how to catch up, and how to incorporate the lessons learned by those who have initiated this transformation.
Institutional investors are also under tremendous and rising pressure to exercise good governance — from regulators, boards, trustees, governments and individual members. Governance audits or reviews should be regularly undertaken to review compliance, best practices and areas for potential improvement.
With managers coming under increased scrutiny, the fact that an in-house team can potentially enhance governance may become even more crucial. Complexity rises further for multi-employer plans operating on behalf of a larger set of underlying organisational public and private sector stakeholders.
According to CIBC Mellon’s pension research, half of the respondents see stronger governance as a key benefit of operating with an in-house team. However, on the other hand, 84 per cent of pension funds say they will outsource at least some of their regulatory reporting work over the next 12 months.
Nicaise: When outsourcing, our institutional investor clients are still responsible for reporting to their own clients and their regulators. The key issue is this: how can they control the quality of reports provided by their providers without controlling every single data point?
The best approach is to put in place a robust, automated data quality control at the very beginning of the value chain, data quality checkpoints at sensitive steps of the process, and finally, relevant data quality indicators at the end of the value chain.
As a securities services provider, our role is to provide information that enables clients to control the quality of regulatory reporting that we perform on their behalf.
Of course, it isn’t possible to perform data quality checks for every single data point, given the high volume of data. Therefore, we provide synthetic indicators enabling clients to detect errors. If a client suspects an error, our online tool enables them to drill down and control the data at the most detailed level of granularity. It requires investment in the control framework in addition to the reporting production itself, and for this control framework to be incorporated from the beginning as part of the project plan rather than added on afterwards. This is where a strong partnership between the outsourced services provider and institutional investor is key, as the service provider can help to integrate and manage the control framework from the very beginning.
Pillay: A recent data integrity survey that FIS carried with financial services executives revealed that there is a growing divide between data integrity leaders and firms that are finding their way. Data processing and reconciliation to ensure the accuracy of reporting data continues to be an arduous, time-consuming and risk-laden process. The challenges don’t come as a surprise — processing of ever-increasing trade data, the complexity of new instruments, coupled with compliance requirements and audit demands, especially when using legacy technology. Apart from these challenges, legacy technology creates more widespread challenges, including system performance issues, and ultimately delays in the regulatory reporting process.
The emergence of next-generation technologies such as APIs, advanced workflow and Artificial Intelligence (AI) — specifically machine learning — has dramatically improved efficiency in the data management lifecycle. Volume-intensive processes which consume data from a very complex data landscape not only benefit from smarter data integration, but quicker and more accurate analysis and evaluation. This will ensure that you have total integrity in your data. Regulators not only want assurance that the numbers are correct, but that you know where trades have come from and what has been done to them along the trade life-cycle.
Probert: A large majority of firms have typically built regulatory reporting solutions in-house, leveraging legacy data architecture, technology platforms and workflow tooling. As the complexity of regulatory requirements, scope of reporting, volume of fields and number of required reports increases, these solutions are often not scalable. Defining and implementing an effective end-to-end control framework on existing reporting infrastructure, therefore, remains a key challenge for most firms.
The challenge is often exacerbated by a poorly defined data strategy, lack of an enterprise-wide golden source of data, and an absence of clear ownership for sourcing and aggregation, which ultimately result in poor overall quality of data. This can severely limit the effectiveness of existing controls, as ongoing data issues may often mask true reporting exceptions, resulting in further delays in issue investigation and resolution.
Ultimately, firms will need to adopt a strategic approach to regulatory reporting and move away from retrospective, sample-based controls towards a real-time front-to-back control framework, which will not only prevent reporting breaches from occurring but also enhance transparency on any open exceptions, accelerate issue resolution, and mitigate overall regulatory reporting risk.
Firms can benefit from an enterprise data repository. However, the nirvana of a golden record source for use across the enterprise has its challenges. How are firms tackling this challenge?
Narciso: As the demands of data have changed, we also see that clients are requesting an evolving hybrid model as institutional and wealth investors evolve their operations over a long-term plan.
They want to be able to integrate a wider range of data sets, focus resources on complex analysis but also be prepared to allocate operations functions to their asset service provider. This has provided many clients with the best of both worlds, minimising in-house operational activities but continuing to leverage technology to better meet their information delivery strategic objectives.
A standardised, scalable platform or data repository can serve as a powerful tool for institutional investors, their stakeholders and their service providers: a scalable platform means that the rising cost of innovations, new necessary capabilities and further enhancements to the user experience can be amortised across many players rather than shouldered by one firm. Moving to a standard provider platform simplifies the support model, and in turn, helps free firms to focus more of their time and resources on their core responsibilities as institutional investors.
A transition to a standardised industry platform certainly simplifies most implementations, given that the target state will have commonalities with prior conversions and enable the incorporation of lessons learned.
The transition from a customised model can nonetheless be an intricate process. As always any change will mean potential risks to productivity and process, and no matter how smooth the new user experience or new capabilities that open up on a target platform, change will still require users to take on their daily tasks in a novel way. Almost every smooth system conversion requires thoughtful planning, regular communication and a clear and well-documented set of requirements and success criteria, all the while recognising the need to address new demands and opportunities encountered during the transition.
Probert: There has been a shift in how firms approach this problem over the years. Building one single golden record is not easy, especially in the financial services sector where standards are poor and reference models are either high in coverage or detail, but never both. This has led to changes in the way firms are approaching the problem.
Older data architecture patterns are slowly being replaced by more ‘modern’ methods which are centred around a semantic layer.
This is a key architectural feature of a data mesh, but has high relevance in financial services for a range of on-premises and/or cloud deployments.
The key difference here is instead of building a rigid hard single version of ‘truth’ (which may not be everyone’s version of the truth) they create a model on which views can be spun up as needed from a standard catalogue of terms.
Pillay: The utopia of data management is the golden source. And as the true, definitive, fully accurate and verified version of your internal data, it should form the basis of reporting and other analytical processes.
There are knock-on benefits, too. With a golden copy of data, you’re better placed to optimise not only regulatory reporting but also business processes and analytics. However, while the golden copy is much prized, it is also hard-won as it requires a well thought-through design and extensive maintenance.
The focus should not solely be on building a golden record source of data. The same principle of data lineage, data quality and accuracy should be applied across organisations. wherever control and transparency are required to drive decision-making.
This approach should naturally extend across your data integrity platform and reporting toolkit which will ensure that your regulatory data is complete and accurate and reporting is generated by a well-controlled process.
Nicaise: Many legacy operational platforms are not designed to import external data, and rely on data being created directly within the platform. Different platforms need different levels of granularity of data and updates at different times. As a result, many firms still use manual and bespoke processes which prevent an enterprise approach to data management and make it difficult to maintain a golden record source.
Some investment firms are tackling this by redesigning their architectures to introduce data warehouses, data lakes or data hubs, all of which have different roles, in order to control the storage, maintenance and distribution of reference data and their subsequent golden records more effectively.
Another important element is data governance. Firms can improve their data governance by assigning ownership of key processes such as the creation and maintenance of data to data stewards. These individuals have ultimate responsibility for the firm’s data quality, defining rules for the creation and maintenance of the golden record, and recommending upgrades to legacy platforms where necessary.
Strandberg: Perhaps the question should be whether an enterprise data repository is always feasible from a business case perspective.
Complex operational structures, possibly involving multiple legal entities, with several different platforms and business needs, would likely find a centralised repository more difficult to achieve than smaller firms.
SEB recommends a centralised approach. However, in some scenarios one source/repository catering for all needs may be more costly than, say, two sources which focus on different parts of the business and therefore have different requirements with regards to timing, detail and reach.
Are there any lessons to be learnt from regulatory data integrity and control processes that can be applied to other complex data processes?
Tania Narciso: Investment in reporting, digital and data capabilities can enable growth, efficiency, oversight and risk reduction, and strategic support is available for legacy system replacement.
Many plan sponsors still rely on legacy systems, and manually manipulate Excel files to manage their data. This is one of the main challenges, and one of the leading factors when they consider migrating their technology and data solutions to cloud-based systems.
In the past, investments in data management were usually premised on streamlining operations to create new efficiencies and lower costs.
Today though, many different investment institutions all recognise a material competitive advantage for those able to manage and leverage their data more effectively.
Emerging technologies, from AI to machine learning, create powerful new capabilities that allow asset owners to recognise and act on trends in the data that wouldn’t otherwise be evident.
Data science and proficiency in managing big data also allow asset managers to create a systematic and continuous approach to audits, through discerning emerging risks in real time and establishing independent automated controls.
The difference between technology’s slower adopters and those on the cutting edge will become more pronounced as investment strategies gravitate toward ever more complex and as new innovations widen the gap between those who can bring these capabilities to bear and those who can’t.
Strandberg: To a great extent, regulatory data is business and client data. The same processes and requirements apply to regulatory reporting as the underlying business processes subject to such reporting.
Probert: There are two key lessons that firms can take from the regulatory data integrity and control process.
Firstly, clear standards are important — with clear definitions and standards of data quality comes not only enhanced transparency on issues but also a position from which clear aggregations can be derived.
The second relates to market collaboration. The market has started to work together on defining standards for regulatory data, as many of the types of data (even non-regulatory based) are not unique to them, so collaboration is an important step in jointly solving the challenges relating to those standards.
Pillay: As data continues to increase in volume, variety and velocity, so do the challenges for data management. Despite the growing complexity of data integrity processes, the answer is surprisingly simple — a centralised, standardised control framework.
At the foundation of your control framework should be the ability to collect, transform and validate data across the trade life cycle. For the visibility that auditors and regulators demand, you’ll need to establish a rigorous reconciliation or validation process to ensure the accuracy of cash and trade flows.
For the control aspect, you must make sure that you enforce accountability through a robust approval process.
Nicaise: Regulatory reporting requires strict, permanent and systematic data integrity and control processes.
Data tracking and auditability are also key characteristics of regulatory reporting data. As a result, regulatory reporting books of records have a high quality of data, accuracy, completeness, consistent with market standard formats and auditability and tracking.
In my experience, the standard and integrity of this data mean it can be used beyond regulatory reporting: for example, for risk management in adhering to Solvency II.
Another example is where this data can be used as an input into a centralised data lake for funds’ online marketing or distribution purposes. In this way, regulatory reporting data can offer a real opportunity to improve an investment firm’s data quality for other purposes, benefitting the investment firm’s value chain and its clients.
