2020: the year to reset your regulatory reporting foundations? How about some focus on data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting?
Before Basel III finalisation (a.k.a. Basel 3.1 or Basel IV)…
A few weeks ago, I’d been planning to focus this article on what firms could do to make use of the gap between now and the next wave of Basel-influenced changes (SA-CCR, FRTB etc). Originally January 2022, there is now more time, till 2023. Banks could use the (relative!) downtime in frequency and pace of change to seek out strategic improvements in their regulatory reporting processes, by forensically flushing out all the issues and making corrective operational improvements to data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting.
Nudged: Section 166 Skilled Person Reviews
Additionally, the UK Skilled Persons Section 166 inspections have added spice. These have built a head of steam since the October 2019 “Dear CEO” letter on the reliability of regulatory returns. Whilst seemingly only impacting some larger firms, the slipstream from these reviews has changed attitudes and must be expected to lead to an increase in focus on regulatory inspections on all firms, not just those subject to having the drains pulled up in the short term. VERMEG can help with getting a firm’s regulatory reporting operations sorted out, again by getting to grips with data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting...
The Vexations Virus
Now of course, with the arrival of the Coronavirus and Covid-19 there is a whole new frame of reference, at least for the moment. Regulatory emphasis is now laser-focussed on securing the safety and soundness of the financial system, on protecting consumers, and on ensuring ongoing delivery of critical functions to the economy. Banks, in this maelstrom, have to maintain business as usual. Firms are having to achieve this under business continuity operating conditions, whilst systems are stretched and staffing subject to illness and other diversions - not least implementing government financial support packages. But in amongst this all, I would argue that it’s still the case that firms should give some priority to… data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting as in this disrupted state wallpapered cracks, or weakest links in controls and sign off might be revealed.
VERMEG monitor regulatory change, of course. In the context of the current pandemic, we note that in various jurisdictions there is reduced demand on stress testing, significant rescheduling of new regimes, and extended reporting deadlines. There is formal postponement of Consultations which are not critical to protecting customers or financial stability. The timetable for e.g. new IRB models for PD and LGD estimations go back a year, and so too now is Basel III finalisation implementation itself, also back a year to January 2023, meaning preparation in 2021/22 must be the main event. Whilst the virus is in town there will also be less on-site supervision, indeed a pause on the S166 work. There is increasing need for vigilance on new operational risks as normal working practices are disrupted. There is an almost blank canvas on the rethinking of credit risks (and expected credit losses under IFRS9) where the current unprecedented circumstances add uncertainty to a firm’s regulatory treatments. Surely all this - and the inevitable demand for ad-hoc data as the economic system starts to creak, places all the more emphasis on your approach to data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting?
For some, working from home may cause reconsideration of how regulatory data is sourced, attested to for quality, and computed to be ready. Workflows and approvals may become very challenging. New ways of working may reveal weaknesses (perhaps in data controls) or opportunities (maybe to move regulatory reporting processing to the cloud?).
Can you, as the Dear CEO letter stated “demonstrate how the design and operation of the governance, controls and other processes deliver regulatory reporting of appropriate quality? Can you provide details of the key interpretations and judgements made relating to regulatory returns, and the governance processes used to validate these? Can you provide the regulator with details of any material regulatory reporting errors identified, together with an explanation of the actions taken to remediate them?”
Is there clear ownership of each stage of data gathering, computation and sign-off, with a clear policy for data exception handling?
Do you have a structured, audited workflow for each step?
Could you specify and implement improved use of reconciliation and other ‘sanity’ tests that inspect the quality of your regulatory reporting automatically?
How about rethinking unnecessary reliance on spreadsheets and macros which may be under-documented, or operated in such a way that exposes your firm to avoidable key person risks?
Could you eliminate data silos or process silos which may have baked-in unwitting repeated errors, embedded and never questioned?
To what extent you can move to a “clean-once, use-for-many purposes” data strategy?
How would your current processes look under SM&CR? Is whoever’s in the hot seat genuinely aware of the quality of your firm’s regulatory reporting? Where are the weaknesses?
Consider a new approach to data gathering, data quality, operating processes and mitigating key person risks for regulatory reporting
Getting any issues which the Vexatious Virus has highlighted in your regulatory reporting process sorted out now can only improve your firm’s capability for S166-style inspections, and for a re-acceleration of regulatory policy development, and for the work needed to prepare for Basel III finalisation implementation. These will all come on stream again soon. VERMEG’s experiences in hundreds and hundreds of installations globally, or our ability to move your processing to an as-a-service solution, or for you to run regulatory reporting on the cloud may be worth factoring into the remainder of 2020’s work plan.